A security manager is implementing MFA and patch management. Which of the following would best describe the control type and category? (Choose two.)
A. Physical
B. Managerial
C. Detective
D. Administrative
E. Preventative
F. Technical
A security analyst is creating baselines for the server team to follow when hardening new devices for deployment. Which of the following best describes what the analyst is creating?
A. Change management procedure
B. Information security policy
C. Cybersecurity framework
D. Secure configuration guide
Which of the following environments utilizes a subset of customer data and is most likely to be used to assess the impacts of major system upgrades and demonstrate system features?
A. Development
B. Test
C. Production
D. Staging
An external vendor recently visited a company's headquarters for a presentation. Following the visit, a member of the hosting team found a file that the external vendor left behind on a server. The file contained detailed architecture information and code snippets. Which of the following data types best describes this file?
A. Government
B. Public
C. Proprietary
D. Critical
An organization has too many variations of a single operating system and needs to standardize the arrangement prior to pushing the system image to users. Which of the following should the organization implement first?
A. Standard naming convention
B. Hashing
C. Network diagrams
D. Baseline configuration
The Chief Information Security Officer (CISO) asks a security analyst to install an OS update to a production VM that has a 99% uptime SLA. The CISO tells the analyst the installation must be done as quickly as possible. Which of the following courses of action should the security analyst take first?
A. Log in to the server and perform a health check on the VM.
B. Install the patch immediately.
C. Confirm that the backup service is running.
D. Take a snapshot of the VM.
The application development teams have been asked to answer the followingQuestions:
? Does this application receive patches from an external source?
? Does this application contain open-source code?
? Is this application accessible by external users?
? Does this application meet the corporate password standard?
Which of the following are theseQuestions part of?
A. Risk control self-assessment
B. Risk management strategy
C. Risk acceptance
D. Risk matrix
A website user is locked out of an account after clicking an email link and visiting a different website. Web server logs show the user's password was changed, even though the user did not change the password. Which of the following is the most likely cause?
A. Cross-site request forgery
B. Directory traversal
C. ARP poisoning
D. SQL injection
Two companies are in the process of merging. The companies need to decide how to standardize their information security programs. Which of the following would best align the security programs?
A. Shared deployment of CIS baselines
B. Joint cybersecurity best practices
C. Both companies following the same CSF
D. Assessment of controls in a vulnerability report
A company recently decided to allow employees to work remotely. The company wants to protect its data without using a VPN. Which of the following technologies should the company implement?
A. Secure web gateway
B. Virtual private cloud endpoint
C. Deep packet inspection
D. Next-generation firewall
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-601 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.