Free SY0-601 Practice Exam Questions

Which of the following scenarios BEST describes a risk reduction technique?

A.

A security control objective cannot be met through a technical change, so the company
purchases insurance and is no longer concerned about losses from data breaches.

B.

A security control objective cannot be met through a technical change, so the company
implements a policy to train users on a more secure method of operation

C.

A security control objective cannot be met through a technical change, so the company
changes as method of operation

D.

A security control objective cannot be met through a technical change, so the Chief
Information Officer (CIO) decides to sign off on the risk.

B.

A security control objective cannot be met through a technical change, so the company
implements a policy to train users on a more secure method of operation

An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or data theft. Which of the following would be the MOST acceptable?

A.

SED

B.

HSM

C.

DLP

D.

TPM

A.

SED

A vulnerability assessment report will include the CVSS score of the discovered
vulnerabilities because the score allows the organization to better.

A.

validate the vulnerability exists in the organization's network through penetration testing

B.

research the appropriate mitigation techniques in a vulnerability database

C.

find the software patches that are required to mitigate a vulnerability

D.

prioritize remediation of vulnerabilities based on the possible impact.

D.

prioritize remediation of vulnerabilities based on the possible impact.

The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, incident during a pandemic or crisis, However, the CEO is concerned that some staff members may take advantage of the of the flexibility and work from high-risk countries while on holidays work to a third-party organization in another country. The Chief information Officer (CIO) believes the company can implement some basic to mitigate the majority of the risk. Which of the following would be BEST to mitigate CEO’s concern? (Select TWO).

A.

Geolocation

B.

Time-of-day restrictions

C.

Certificates

D.

Tokens

E.

Geotagging

F.

Role-based access controls

A.

Geolocation

E.

Geotagging

A security analyst reviews the datacenter access logs for a fingerprint scanner and notices
an abundance of errors that correlate with users' reports of issues accessing the facility.
Which of the following MOST likely the cause of the cause of the access issues?

A.

False rejection

B.

Cross-over error rate

C.

Efficacy rale

D.

Attestation

B.

Cross-over error rate

SY0-601 Practice Test