A company would like to provide flexibility for employees on device preference. However, the company is concerned about supporting too many different types of hardware.
Which of the following deployment models will provide the needed flexibility with the GREATEST amount of control and security over company data and infrastructure?
A. BYOD
B. VDI
C. COPE
D. CYOD
Correct Answer: D
CYOD allows employees to choose their preferred devices from a pre-approved list of options provided by the company. While it offers flexibility, it also enables the organization to maintain control and ensure security by limiting the device choices to a predetermined set of hardware that meets the company's standards and security requirements.
By providing a defined set of approved devices, the company can streamline support, manageability, and security measures for those specific devices. The IT department can focus on thoroughly testing and supporting a smaller range of hardware configurations, which reduces complexity and allows for tighter control over the devices accessing the company's data and infrastructure.
Question 1182:
A Chief Information Officer receives an email stating a database will be encrypted within 24 hours unless a payment of $20,000 is credited to the account mentioned In the email. This BEST describes a scenario related to:
A. whaling.
B. smishing.
C. spear phishing
D. vishing
Correct Answer: C
Question 1183:
Ann, a customer, received a notification from her mortgage company stating her PII may be shared with partners, affiliates, and associates to maintain day-to-day business operations. Which of the following documents did Ann receive?
A. An annual privacy notice
B. A non-disclosure agreement
C. A privileged-user agreement
D. A memorandum of understanding
Correct Answer: A
From comptia official textbook:
"A privacy notice is typically an externally-facing document informing customers, users, or stakeholders about what the organization does with PII. It's also called a privacy statement."
Question 1184:
A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?
A. Default system configuration
B. Unsecure protocols
C. Lack of vendor support
D. Weak encryption
Correct Answer: C
Lack of vendor support implies no security patches. Unsecure protocols are not necessarily always the case.
Going with the most correct answer here would be C as I searche dthe definition of Legacy online and saw that it literall means "out of date" systems and I am reminded of the recent updates such as how phone companies say they wont
support old phones made only 5 years ago (im shocked to think that so many resources go into making a device so short lived - what happened to long life products lol)
Question 1185:
A security analyst is running a vulnerability scan to check for missing patches during a suspected security incident.
During which of the following phases of the response process is this activity MOST likely occurring?
A. Containment
B. Identification
C. Recovery
D. Preparation
Correct Answer: B
Question 1186:
Developers are writing code and merging it into shared repositories several times a day, where it is tested automatically. Which of the following concepts does this BEST represent?
A. Functional testing
B. Stored procedures
C. Elasticity
D. Continuous integration
Correct Answer: D
Continuous Integration is a software development practice where code changes are integrated into a shared code repository frequently, typically several times a day. Each integration triggers an automated build and testing process to detect integration issues and identify bugs or conflicts early in the development cycle.
Continuous Integration aims to improve software quality, increase the speed of development, and reduce the risk of integration problems by automating the process of code integration and testing. It helps teams to catch and fix issues quickly, maintain a reliable codebase, and ensure that new code is continuously integrated into the existing codebase.
Continuous Integration is a crucial aspect of modern software development methodologies, such as Agile and DevOps, which focus on iterative development and frequent releases of software updates. It enables teams to work collaboratively, deliver code changes more efficiently, and achieve faster and more reliable development cycles
Question 1187:
The spread of misinformation surrounding the outbreak of a novel virus on election day led to eligible voters choosing not to take the risk of going the polls. This is an example of:
A. prepending
B. An influence campaign
C. A watering-hole attack.
D. Intimidation.
E. Information elicitation.
Correct Answer: B
From Chapter 1 Social Engineering Techniques Influence campaigns involve the use of collected information and selective publication of material to key individuals in an attempt to alter perceptions and change people's minds on a topic. One can engage in an influence campaign against a single person, but the effect is limited. Influence campaigns are even more powerful when used in conjunction with social media to spread influence through influencer propagation. Influencers are people who have large followings of people who read what they post, and in many cases act in accordance or agreement. This results in an amplifying mechanism, where single pieces of disinformation can be rapidly spread and build a following across the Internet.
Which of the following is a risk that is specifically associated with hosting applications in the public cloud?
A. Unsecured root accounts
B. Zero day
C. Shared tenancy
D. Insider threat
Correct Answer: C
A risk that is specifically associated with hosting applications in the public cloud is shared tenancy. Shared tenancy refers to the practice of multiple customers sharing the same physical infrastructure in a cloud environment. This can create security risks, as the actions of one customer can potentially impact the security and performance of other customers on the same infrastructure. Options A, B, and D are not specifically associated with hosting applications in the public cloud, although they can be potential risks in any computing environment.
Question 1189:
A company reduced the area utilized in its datacenter by creating virtual networking through automation and by creating provisioning routes and rules through scripting. Which of the following does this example describe?
A. laC
B. MSSP
C. Containers
D. SaaS
Correct Answer: A
Infrastructure as code is the process of managing and provisioning computer data centers through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools.
Question 1190:
A security incident has been resolved
Which of the following BEST describes the importance of the final phase of the incident response plan?
A. It examines and documents how well the team responded discovers what caused the incident, and determines how the incident can be avoided in the future
B. It returns the affected systems back into production once systems have been fully patched, data restored and vulnerabilities addressed
C. It identifies the incident and the scope of the breach how it affects the production environment, and the ingress point
D. It contains the affected systems and disconnects them from the network, preventing further spread of the attack or breach
Correct Answer: A
It examines and documents how well the team responded, discovers what caused the incident, and determines how the incident can be avoided in the future.
The final phase of the incident response is also called the lessons learned or remediation step.
=======================
Phases of the Incident Response Plan:
1.
Preparation - Preparing for an attack and how to respond
2.
Identification - Identifying the threat
3.
Containment - Containing the threat
4.
Eradication - Removing the threat
5.
Recovery - Recovering affected systems
6.
Lessons Learned - Evaluating the incident response, see where there can be improvements for a future incident.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-601 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.