CompTIA SY0-601 Practice Test

A nuclear plant was the victim of a recent attack, and all the networks were air gapped. A
subsequent investigation revealed a worm as the source of the issue. Which of the
following BEST explains what happened?

A.

A malicious USB was introduced by an unsuspecting employee.

B.

The ICS firmware was outdated

C.

A local machine has a RAT installed.

D.

The HVAC was connected to the maintenance vendor

An organization's Chief Security Officer (CSO) wants to validate the business's involvement
in the incident response plan to ensure its validity and thoroughness. Which of the following
will the CSO MOST likely use?

A.

An external security assessment

B.

A bug bounty program

C.

A tabletop exercise

D.

A red-team engagement

Which of the following ISO standards is certified for privacy?

A.

ISO 9001

B.

ISO 27002

C.

ISO 27701

D.

ISO 31000

The IT department at a university is concerned about professors placing servers on the university network in an attempt to bypass security controls. Which of the following BEST represents this type of threat?

A.

A script kiddie

B.

Shadow IT

C.

Hacktivism

D.

White-hat

On which of the following is the live acquisition of data for forensic analysis MOST
dependent? (Choose two.)

A.

Data accessibility

B.

Legal hold

C.

Cryptographic or hash algorithm

D.

Data retention legislation

E.

Value and volatility of data

F.

Right-to-audit clauses

A symmetric encryption algorithm Is BEST suited for:

A.

key-exchange scalability.

B.

protecting large amounts of data.

C.

providing hashing capabilities,

D.

implementing non-repudiation.

A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and identifies successful logon attempts to access the departed executive's accounts. Which of the following security practices would have addressed the issue?

A.

A non-disclosure agreement

B.

Least privilege

C.

An acceptable use policy

D.

Ofboarding

A company recently transitioned to a strictly BYOD culture due to the cost of replacing lost or damaged corporate-owned mobile devices. Which of the following technologies would be BEST to balance the BYOD culture while also protecting the company’s data?

A.

Containerization

B.

Geofencing

C.

Full-disk encryption

D.

Remote wipe

A consultant is configuring a vulnerability scanner for a large, global organization in multiple countries. The consultant will be using a service account to scan systems with administrative privileges on a weekly basis, but there is a concern that hackers could gain access to account to the account and pivot through the global network. Which of the following would be BEST to help mitigate this concern?

A.

Create consultant accounts for each region, each configured with push MFA
notifications.

B.

Create one global administrator account and enforce Kerberos authentication

C.

Create different accounts for each region. limit their logon times, and alert on risky logins

D.

Create a guest account for each region. remember the last ten passwords, and block
password reuse

A user recently attended an exposition and received some digital promotional materials
The user later noticed blue boxes popping up and disappearing on the computer, and
reported receiving several spam emails, which the user did not open Which of the following
is MOST likely the cause of the reported issue?

A.

There was a drive-by download of malware

B.

The user installed a cryptominer

C.

The OS was corrupted

D.

There was malicious code on the USB drive