- (Exam Topic 1)
Which of the following function as preventive, detective, and deterrent controls to reduce the risk of physical theft? (Select TWO).

1. A. Mantraps
2. B. Security guards
3. C. Video surveillance
4. D. Fences
5. E. Bollards
6. F. Antivirus

Correct Answer: AB
A - a mantrap can trap those personnal with bad intension(preventive), and kind of same as detecting, since you will know if someone is trapped there(detective), and it can deter those personnal from approaching as well(deterrent) B - security guards can sure do the same thing as above, preventing malicious personnal from entering(preventive+deterrent), and notice those personnal as well(detective)

- (Exam Topic 4)
A privileged user at a company stole several proprietary documents from a server. The user also went into the log files and deleted all records of the incident The systems administrator has just informed investigators that other log files are available for review Which of the following did the administrator most likely configure that will assist the investigators?

1. A. Memory dumps
2. B. The syslog server
3. C. The application logs
4. D. The log retention policy

Correct Answer: B
A syslog server is a centralized log management system that collects, stores, and manages syslog messages generated by various network devices, servers, applications, and other sources. A syslog server can assist the investigators in this case because it can provide an alternative source of log files that may contain evidence of the incident. The privileged user may have deleted the local log files on the server, but not the remote log files on the syslog server. Therefore, the investigators can access the syslog server and analyze the log messages related to the user’s activities and actions

- (Exam Topic 1)
Which of the technologies is used to actively monitor for specific file types being transmitted on the network?

1. A. File integrity monitoring
2. B. Honeynets
3. C. Tcpreplay
4. D. Data loss prevention

Correct Answer: D
Data loss prevention (DLP) is a technology used to actively monitor for specific file types being transmitted on the network. DLP solutions can prevent the unauthorized transfer of sensitive information, such as credit card numbers and social security numbers, by monitoring data in motion.
References: CompTIA Security+ Study Guide, Exam SY0-601, 4th Edition, Chapter 2: Technologies and Tools, pp. 99-102.

- (Exam Topic 2)
A police department is using the cloud to share information city officials Which of the cloud models describes this scenario?

1. A. Hybrid
2. B. private
3. C. pubic
4. D. Community

Correct Answer: D
A community cloud model describes a scenario where a cloud service is shared among multiple organizations that have common goals, interests, or requirements. A community cloud can be hosted by one of the organizations, a third-party provider, or a combination of both. A community cloud can offer benefits such as cost savings, security, compliance, and collaboration. A police department using the cloud to share information with city officials is an example of a community cloud model.
References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.ibm.com/cloud/learn/community-cloud

- (Exam Topic 2)
A network security manager wants to implement periodic events that will test the security team's preparedness for incidents in a controlled and scripted manner, Which of the following concepts describes this scenario?

1. A. Red-team exercise
2. B. Business continuity plan testing
3. C. Tabletop exercise
4. D. Functional exercise

Correct Answer: C
A tabletop exercise is a type of security exercise that involves a simulated scenario of a security incident and a discussion of how the security team would respond to it1. A tabletop exercise is a low-impact and
cost-effective way to test the security team’s preparedness, identify gaps and areas for improvement, and
enhance communication and coordination among team members2. A tabletop exercise is different from a red-team exercise, which is a simulated attack by an authorized group of ethical hackers to test the security defenses and response capabilities of an organization3. A business continuity plan testing is a process of verifying that an organization can continue its essential functions and operations in the event of a disaster or disruption4. A functional exercise is a type of security exercise that involves a realistic simulation of a security incident and requires the security team to perform their roles and responsibilities as if it were a real event.
References: 1:
https://www.isaca.org/resources/isaca-journal/issues/2022/volume-1/cybersecurity-incident-response-exercise-g
2: https://www.linuxjournal.com/content/security-exercises 3:
https://www.imperva.com/learn/application-security/red-team-blue-team/ 4: https://www.ready.gov/business-continuity-plan : https://www.ready.gov/exercises