SY0-601 Free Practice Test

- (Exam Topic 4)
In which of the following scenarios is tokenization the best privacy technique to use?

1. A. Providing pseudo-anonymization for social media user accounts
2. B. Serving as a second factor for authentication requests
3. C. Enabling established customers to safely store credit card information
4. D. Masking personal information inside databases by segmenting data

Correct Answer: C
Tokenization is a privacy technique that replaces sensitive data elements, such as credit card numbers, with non-sensitive equivalents, called tokens, that have no intrinsic or exploitable value. Tokenization can be used to enable established customers to safely store credit card information without exposing their actual card numbers to potential theft or misuse. The tokens can be used to process payments without revealing the original data456 References: CompTIA Security+ SY0-601 Certification Study Guide, Chapter 8: Implementing Secure Protocols, page 362; What is tokenization? | McKinsey; What is Tokenization? Definition and Examples | OpenText - Micro Focus; Tokenization (data security) - Wikipedia

- (Exam Topic 4)
A security analyst needs to implement security features across smartphones, laptops, and tablets. Which of the following would be the MOST effective across heterogeneous platforms?

1. A. Enforcing encryption
2. B. Deploying GPOs
3. C. Removing administrative permissions
4. D. Applying MDM software

Correct Answer: D
MDM stands for Mobile Device Management, is software that assists in the implementation of the process of managing, monitoring, and securing several mobile devices such as tablets, smartphones, and laptops used in the organization to access the corporate information.

- (Exam Topic 2)
Which of the following documents provides guidance regarding the recommended deployment of network security systems from the manufacturer?

1. A. Cloud control matrix
2. B. Reference architecture
3. C. NIST RMF
4. D. CIS Top 20

Correct Answer: C

- (Exam Topic 3)
Which of the following allows for functional test data to be used in new systems for testing and training purposes to protect the real data?

1. A. Data encryption
2. B. Data masking
3. C. Data deduplication
4. D. Data minimization

Correct Answer: B
https://ktechproducts.com/Data-mask#:~:text=Data Masking is a method of creating The main reason for applying masking to a data field is to protect data that is classified as personally
identifiable information, sensitive personal data, or commercially sensitive data. However, the data must remain usable for the purposes of undertaking valid test cycles. It must also look real and appear consistent. It is more common to have masking applied to data that is represented outside of a corporate production system. In other words, where data is needed for the purpose of application development, building program extensions and conducting various test cycles https://en.wikipedia.org/wiki/Data_masking

- (Exam Topic 1)
An administrator needs to protect user passwords and has been advised to hash the passwords. Which of the following BEST describes what the administrator is being advised to do?

1. A. Perform a mathematical operation on the passwords that will convert them into umgue stnngs
2. B. Add extra data to the passwords so their length is increased, making them harder to brute force
3. C. Store all passwords in the system in a rainbow table that has a centralized location
4. D. Enforce the use of one-time passwords that are changed for every login session.

Correct Answer: D