CompTIA SY0-601 Practice Test

Prepare smarter and boost your chances of success with our CompTIA SY0-601 Practice test. This test helps you assess your knowledge, pinpoint strengths, and target areas for improvement. Surveys and user data from multiple platforms show that individuals who use SY0-601 practice exam are 40–50% more likely to pass on their first attempt.

Start practicing today and take the fast track to becoming CompTIA SY0-601 certified.

18860 already prepared
Updated On : 13-Aug-2025
886 Questions
4.8/5.0

Page 29 out of 89 Pages

Topic 3: Exam Pool C

An organization has various applications that contain sensitive data hosted in the cloud.
The company’s leaders are concerned about lateral movement across applications of
different trust levels. Which of the following solutions should the organization implement to
address the concern?

A.

ISFW

B.

UTM

C.

SWG

D.

CASB

D.   

CASB



Once the full extent of cloud usage is revealed, the CASB then determines
the risk level associated with each by determining what the application is, what sort of data
is within the app, and how it is being shared. https://www.mcafee.com/enterprise/enau/
security-awareness/cloud/what-is-a-casb.html
A cloud access security broker (CASB) (sometimes pronounced cas-bee) is on-premises or
cloud based software that sits between cloud service users and cloud applications, and
monitors all activity and enforces security policies.[1] A CASB can offer a variety of
services such as monitoring user activity, warning administrators about potentially
hazardous actions, enforcing security policy compliance, and automatically preventing
malware. https://en.wikipedia.org/wiki/Cloud_access_security_broker

Which of the following uses six initial steps that provide basic control over system security
by including hardware and software inventory, vulnerability management, and continuous
monitoring to minimize risk in all network environments?

A.

ISO 27701

B.

The Center for Internet Security

C.

SSAE SOC 2

D.

NIST Risk Management Framework

B.   

The Center for Internet Security

When planning to build a virtual environment, an administrator need to achieve the
following,
•Establish polices in Limit who can create new VMs
•Allocate resources according to actual utilization‘
•Require justication for requests outside of the standard requirements.
•Create standardized categories based on size and resource requirements
Which of the following is the administrator MOST likely trying to do?

A.

Implement IaaS replication

B.

Product against VM escape

C.

Deploy a PaaS

D.

Avoid VM sprawl

D.   

Avoid VM sprawl

A cyberthreat intelligence analyst is gathering data about a specific adversary using OSINT techniques. Which of the following should the analyst use?

A.

Internal log files

B.

Government press releases

C.

Confidential reports

D.

Proprietary databases

A.   

Internal log files

Which of the following distributes data among nodes, making it more difficult to manipulate
the data while also minimizing downtime?

A.

MSSP

B.

Public cloud

C.

Hybrid cloud

D.

Fog computing

C.   

Hybrid cloud

A security engineer needs to create a network segment that can be used for servers that require connections from untrusted networks When of the following should the engineer implement?

A.

An air gap

B.

A hot site

C.

A VLAN

D.

A screened subnet

D.   

A screened subnet

Which of the following is the MOST secure but LEAST expensive data destruction method
for data that is stored on hard drives?

A.

Pulverizing

B.

Shredding

C.

Incinerating

D.

Degaussing

D.   

Degaussing

Which of the following should a data owner require all personnel to sign to legally protect
intellectual property?

A.

An NDA

B.

An AUP

C.

An ISA

D.

An MOU

D.   

An MOU

A security analyst b concerned about traffic initiated to the dark web from the corporate LAN. Which of the following networks should he analyst monitor?

A.

SFTP

B.

AS

C.

Tor

D.

IoC

C.   

Tor

An attacker is attempting, to harvest user credentials on a client's website. A security
analyst notices multiple attempts of random usernames and passwords. When the analyst
types in a random username and password. the logon screen displays the following
message:
Which of the following should the analyst recommend be enabled?

A.

Input validation

B.

Obfuscation

C.

Error handling

D.

Username lockout

B.   

Obfuscation
Page 29 out of 89 Pages
SY0-601 Practice Test Previous