SY0-601 Free Practice Test

- (Exam Topic 2)
A company policy requires third-party suppliers to self-report data breaches within a specific time frame. Which of the following third-party risk management policies is the company complying with?

1. A. MOU
2. B. SLA
3. C. EOL
4. D. NDA

Correct Answer: B
An SLA or service level agreement is a type of third-party risk management policy that defines the expectations and obligations between a service provider and a customer. An SLA typically includes metrics and standards for measuring the quality and performance of the service, as well as penalties or remedies for non-compliance. An SLA can also specify the reporting requirements for data breaches or other incidents that may affect the customer’s security or privacy.

- (Exam Topic 1)
A Chief information Officer is concerned about employees using company-issued laptops to steal data when accessing network shares Which of the following should the company implement?

1. A. DLP
2. B. CASB
3. C. HIDS
4. D. EDR
5. E. UEFI

Correct Answer: A
Detailed explanation
Data Loss Prevention (DLP) can help prevent employees from stealing data by monitoring and controlling access to sensitive data. DLP can also detect and block attempts to transfer sensitive data outside of the organization, such as via email, file transfer, or cloud storage.
References: CompTIA Security+ Study Guide: Exam SY0-601, Chapter 10: Managing Identity and Access, p. 465

- (Exam Topic 3)
A malicious actor recently penetrated a company's network and moved laterally to the data center Upon investigation a forensics firm wants to know what was in the memory on the compromised server Which of the following files should be given to the forensics firm?

1. A. Security
2. B. Application
3. C. Dump
4. D. Syslog

Correct Answer: C
A dump file is a file that contains the contents of memory at a specific point in time. It can be used for debugging or forensic analysis of a system or an application. It can reveal what was in the memory on the compromised server, such as processes, variables, passwords, encryption keys, etc.

- (Exam Topic 1)
Which of the following involves the inclusion of code in the main codebase as soon as it is written?

1. A. Continuous monitoring
2. B. Continuous deployment
3. C. Continuous Validation
4. D. Continuous integration

Correct Answer: D
Detailed explanation
Continuous Integration (CI) is a practice where developers integrate code into a shared repository frequently, preferably several times a day. Each integration is verified by an automated build and automated tests. CI allows for the detection of errors early in the development cycle, thereby reducing overall development costs.

- (Exam Topic 4)
A wet-known organization has been experiencing attacks from APTs. The organization is concerned that custom malware is being created and emailed into the company or installed on USB stocks that are dropped in parking lots. Which of the following is the best defense against this scenario?

1. A. Configuring signature-based antivirus to update every 30 minutes
2. B. Enforcing S/MIME for email and automatically encrypting USB drives upon assertion
3. C. Implementing application execution in a sandbox for unknown software
4. D. Fuzzing new files for vulnerabilities if they are not digitally signed

Correct Answer: C
Implementing application execution in a sandbox for unknown software is the best defense against this scenario. A sandbox is a isolated environment that can run applications or code without affecting or being affected by other processes or systems. A sandbox can prevent malicious software from accessing or modifying sensitive data or resources, as well as limit its network communication and system privileges. A sandbox can also monitor and analyze the behavior and output of unknown software to determine if it is benign or malicious.