CompTIA SY0-601 Practice Test

An organization is developing a plan in the event of a complete loss of critical systems and data. Which of the following plans is the organization MOST likely developing?

A.

Incident response

B.

Communications

C.

Disaster recovery

D.

Data retention

A company is launching a new internet platform for its clients. The company does not want
to implement its own authorization solution but instead wants to rely on the authorization
provided by another platform. Which of the following is the BEST approach to implement
the desired solution?

A.

OAuth

B.

TACACS+

C.

SAML

D.

RADIUS

The IT department’s on-site developer has been with the team for many years. Each time an application is released, the security team is able to identify multiple vulnerabilities. Which of the following would BEST help the team ensure the application is ready to be released to production?

A.

Limit the use of third-party libraries.

B.

Prevent data exposure queries.

C.

Obfuscate the source code.

D.

Submit the application to QA before releasing it.

To secure an application after a large data breach, an e-commerce site will be resetting all users’ credentials. Which of the following will BEST ensure the site’s users are not compromised after the reset?

A.

A password reuse policy

B.

Account lockout after three failed attempts

C.

Encrypted credentials in transit

D.

A geofencing policy based on login history

A security analyst is using a recently released security advisory to review historical logs, looking for the specific activity that was outlined in the advisory. Which of the following is the analyst doing?

A.

A packet capture

B.

A user behavior analysis

C.

Threat hunting

D.

Credentialed vulnerability scanning

A database administrator needs to ensure all passwords are stored in a secure manner, so the administrate adds randomly generated data to each password before string. Which of the following techniques BEST explains this action?

A.

Predictability

B.

Key stretching

C.

Salting

D.

Hashing

An organization hired a consultant to assist with an active attack, and the consultant was
able to identify the compromised accounts and computers. Which of the following is the
consultant MOST likely to recommend to prepare for eradication?

A.

Quarantining the compromised accounts and computers, only providing them with
network access

B.

Segmenting the compromised accounts and computers into a honeynet so as to not
alert the attackers.

C.

Isolating the compromised accounts and computers, cutting off all network and internet
access.

D.

Logging off and deleting the compromised accounts and computers to eliminate attacker
access.

An attacker is attempting to exploit users by creating a fake website with the URL users.
Which of the following social-engineering attacks does this describe?

A.

Information elicitation

B.

Typo squatting

C.

Impersonation

D.

Watering-hole attack

Which of the following policies would help an organization identify and mitigate potential single points of failure in the company’s IT/security operations?

A.

Least privilege

B.

Awareness training

C.

Separation of duties

D.

Mandatory vacation

Which of the following allows for functional test data to be used in new systems for testing and training purposes to protect the read data?

A.

Data encryption

B.

Data masking

C.

Data deduplication

D.

Data minimization