Test SY0-601
Question 1:An accounting intern receives an invoice via email from the Chief Executive Officer (CEO). In the email, the CEO demands the immediate release of funds to the bank account that is listed. Which of the following principles best describes why this attack might be successful?
A.
Authority
B.
Scarcity
C.
Consensus
D.
Familiarity
Question 2:
A manufacturing organization wants to control and monitor access from the internal business network to the segregated production network, while ensuring minimal exposure of the production network to devices. Which of the following solutions would best accomplish this goal?
A.
Proxy server
B.
NGFW
C.
WAF
D.
Jump server
Question 3:
A security analyst is working with a vendor to get a new SaaS application deployed to an enterprise. The analyst wants to ensure role-based security policies are correctly applied as users access the application. Which of the following is most likely to solve the issue?
A.
CASB
B.
AUP
C.
NG-SWG
D.
VPC endpoint
Question 4:
A company recently experienced a significant data loss when proprietary information was leaked to a competitor. The company took special precautions by using proper labels; however, email filter logs do not have any record of the incident. An investigation confirmed the corporate network was not breached, but documents were downloaded from an employee's COPE tablet and passed to the competitor via cloud storage. Which of the following is the best mitigation strategy to prevent this from happening in the future?
A.
User training
B.
CASB
C.
MDM
D.
EDR
Question 5:
The cost of removable media and the security risks of transporting data have become too great for a laboratory. The laboratory has decided to interconnect with partner laboratories to make data transfers easier and more secure. The Chief Security Officer (CSO) has several concerns about proprietary data being exposed once the interconnections are established. Which of the following security features should the network administrator implement to prevent unwanted data exposure to users in partner laboratories?
A.
VLAN zoning with a file-transfer server in an external-facing zone
B.
DLP running on hosts to prevent file transfers between networks
C.
NAC that permits only data-transfer agents to move data between networks
D.
VPN with full tunneling and NAS authenticating through the Active Directory
Question 6:
A vulnerability assessment report will include the CVSS score of the discovered vulnerabilities because the score allows the organization to better:
A.
validate the vulnerability exists in the organization's network through penetration testing.
B.
research the appropriate mitigation techniques in a vulnerability database.
C.
find the software patches that are required to mitigate a vulnerability.
D.
prioritize remediation of vulnerabilities based on the possible impact.
Question 7:
Which of the following prevents an employee from seeing a colleague who is visiting an inappropriate website?
A.
Job rotation policy
B.
NDA
C.
AUP
D.
Separation of duties policy
Question 8:
Which of the following is the BEST action to foster a consistent and auditable incident response process?
A.
Incent new hires to constantly update the document with external knowledge.
B.
Publish the document in a central repository that is easily accessible to the organization.
C.
Restrict eligibility to comment on the process to subject matter experts of each IT silo.
D.
Rotate CIRT members to foster a shared responsibility model in the organization.
Question 9:
The new Chief Information Security Officer at a company has asked the security team to implement stronger user account policies. The new policies require:
* Users to choose a password unique to their last ten passwords
* Users to not log in from certain high-risk countries
Which of the following should the security team implement? (Choose two.)
A.
Password complexity
B.
Password history
C.
Geolocation
D.
Geofencing
E.
Geotagging
F.
Password reuse
Question 10:
A small business uses kiosks on the sales floor to display product information for customers. A security team discovers the kiosks use end-of-life operating systems. Which of the following is the security team most likely to document as a security implication of the current architecture?
A.
Patch availability
B.
Product software compatibility
C.
Ease of recovery
D.
Cost of replacement
Question 11:
A network manager wants to protect the company's VPN by multifactor authentication that uses:
• Something you know
• Something you have
• Somewhere you are
Which of the following would accomplish the manager's goal?
A.
Domain name. PKI, GeoIP lookup
B.
VPN IP address, company ID. partner site
C.
Password, authentication token, thumbprint
D.
Company URL, TLS certificate, home address
Question 12:
An organization is building a single virtual environment that will host customer applications and data that require availability at all times. The data center that is hosting the environment will provide generator power and ISP services. Which of the following is the best solution to support the organization's requirement?
A.
NIC teaming
B.
Cloud backups
C.
A load balancer appliance
D.
UPS
Question 13:
A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?
A.
Private
B.
Critical
C.
Sensitive
D.
Public
Question 14:
Which of the following roles, according to the shared responsibility model, is responsible for securing the company's database in an IaaS model for a cloud environment?
A.
Client
B.
Third-party vendor
C.
Cloud provider
D.
OBA
Question 15:
Which of the follow ng disaster recovery sites is the most cost effective to operate?
A.
Warm site
B.
Cold site
C.
Hot site
D.
Hybrid site
Question 16:
The Chief Security Officer (CSO) at a major hospital wants to implement SSO to help improve security in the environment and protect patient data, particularly at shared terminals. The Chief Risk Officer (CRO) is concerned that training and guidance have not been provided to frontline staff, and a risk analysis has not been performed. Which of the following is the MOST likely cause of the CRO's concerns?
A.
SSO would simplify username and password management, making it easier for hackers to guess accounts.
B.
SSO would reduce password fatigue, but staff would still need to remember more complex passwords.
C.
SSO would reduce the password complexity for frontline staff.
D.
SSO would reduce the resilience and availability of systems if the identity provider goes offline.
Question 17:
An employee recently resigned from a company. The employee was responsible for managing and supporting weekly batch jobs over the past five years. A few weeks after the employee resigned, one of the batch jobs failed and caused a major disruption. Which of the following would work best to prevent this type of incident from reoccurring?
A.
Job rotation
B.
Retention
C.
Outsourcing
D.
Separation of duties
Question 18:
A cybersecurity analyst reviews the log files from a web server and sees a series of files that indicate a directory traversal attack has occurred. Which of the following is the analyst MOST likely seeing?
A.
http://sample.url.com/Please-Visit-Our-Phishing-Site
B.
http://sample.url.com/someotherpageonsite/../../../etc/shadow
C.
http://sample.url.com/select-from-database-where-password-null
D.
http://redirect.sameple.url.sampleurl.com/malicious-dns-redirect
Question 19:
Which of the following best describes a use case for a DNS sinkhole?
A.
Attackers can see a DNS sinkhole as a highly valuable resource to identify a company's domain structure.
B.
A DNS sinkhole can be used to draw employees away from known-good websites to malicious ones owned by the attacker.
C.
A DNS sinkhole can be used to capture traffic to known-malicious domains used by attackers.
D.
A DNS sinkhole can be set up to attract potential attackers away from a company's network resources.
Question 20:
Which of the following tools is effective in preventing a user from accessing unauthorized removable media?
A.
USB data blocker
B.
Faraday cage
C.
Proximity reader
D.
Cable lock
Question 21:
An organization suffered numerous multiday power outages at its current location. The Chief Executive Officer wants to create a disaster recovery strategy to resolve this issue. Which of the following options offer low-cost solutions? (Choose two.)
A.
Warm site
B.
Generator
C.
Hot site
D.
Cold site
E.
Cloud backups
F.
UPS
Question 22:
Adding a value to the end of a password to create a different password hash is called:
A.
salting.
B.
key stretching.
C.
steganography.
D.
MD5 checksum.
Question 23:
An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?
A.
Smishing
B.
Phishing
C.
Impersonating
D.
Vishing
Question 24:
A security engineer is hardening existing solutions to reduce application vulnerabilities. Which of the following solutions should the engineer implement FIRST? (Choose two.)
A.
Auto-update
B.
HTTP headers
C.
Secure cookies
D.
Third-party updates
E.
Full disk encryption
F.
Sandboxing
G.
Hardware encryption
Question 25:
A company is expanding its threat surface program and allowing individuals to security test the company's internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?
A.
Open-source intelligence
B.
Bug bounty
C.
Red team
D.
Penetration testing
Question 26:
A company's Chief Information Security Officer (CISO) recently warned the security manager that the company's Chief Executive Officer (CEO) is planning to publish a controversial opinion article in a national newspaper, which may result in new cyberattacks. Which of the following would be best for the security manager to use in a threat model?
A.
Hacktivists
B.
White-hat hackers
C.
Script kiddies
D.
Insider threats
Question 27:
An administrator identifies some locations on the third floor of the building that have a poor wireless signal Multiple users confirm the incident and report it is not an isolated event. Which of the following should the administrator use to find the areas with a poor or non-existent wireless signal?
A.
Heat map
B.
Input validation
C.
Site survey
D.
Embedded systems
Question 28:
Which of the following is a policy that provides a greater depth and breadth of knowledge across an organization?
A.
Asset management policy
B.
Separation of duties policy
C.
Acceptable use policy
D.
Job rotation policy
Question 29:
A web application for a bank displays the following output when showing details about a customer's bank account:
Which of the following techniques is most likely implemented in this web application?
A.
Data minimization
B.
Data scrambling
C.
Data masking
D.
Anonymization
Question 30:
A recent audit cited a risk involving numerous low-criticality vulnerabilities created by a web application using a third-party library. The development staff state there are still customers using the application even though it is end of life and it would be a substantial burden to update the application for compatibility with more secure libraries. Which of the following would be the MOST prudent course of action?
A.
Accept the risk if there is a clear road map for timely decommission.
B.
Deny the risk due to the end-of-life status of the application.
C.
Use containerization to segment the application from other applications to eliminate the risk.
D.
Outsource the application to a third-party developer group.
Question 31:
A company is looking to migrate some servers to the cloud to minimize its technology footprint. The company has 100 databases that are on premises. Which of the following solutions will require the LEAST management and support from the company?
A.
SaaS
B.
IaaS
C.
PaaS
D.
SDN
Question 32:
Which of the following measures the average time that equipment will operate before it breaks?
A.
SLE
B.
MTBF
C.
RTO
D.
ARO
Question 33:
An organization maintains several environments in which patches are developed and tested before being deployed to an operational status. Which of the following is the environment in which patches will be deployed just prior to being put into an operational status?
A.
Development
B.
Test
C.
Production
D.
Staging
Question 34:
A research company discovered that an unauthorized piece of software has been detected on a small number of machines in its lab. The researchers collaborate with other machines using port 445 and on the Internet using port 443. The unauthorized software is starting to be seen on additional machines outside of the lab and is making outbound communications using HTTPS and SMB. The security team has been instructed to resolve the problem as quickly as possible while causing minimal disruption to the researchers. Which of the following contains the BEST course of action in this scenario?
A.
Update the host firewalls to block outbound SMB.
B.
Place the machines with the unapproved software in containment.
C.
Place the unauthorized application in a blocklist.
D.
Implement a content filter to block the unauthorized software communication.
Question 35:
A security manager is implementing MFA and patch management. Which of the following would best describe the control type and category? (Choose two.)
A.
Physical
B.
Managerial
C.
Detective
D.
Administrative
E.
Preventative
F.
Technical
Question 36:
A company is moving to new location. The systems administrator has provided the following server room requirements to the facilities staff:
• Consistent power levels in case of brownouts or voltage spikes
• A minimum of 30 minutes runtime following a power outage
• Ability to trigger graceful shutdowns of critical systems
Which of the following would BEST meet the requirements?
A.
Maintaining a standby, gas-powered generator
B.
Using large surge suppressors on computer equipment
C.
Configuring managed PDUs to monitor power levels
D.
Deploying an appropriately sized, network-connected UPS device
Question 37:
A company labeled some documents with the public sensitivity classification. This means the documents can be accessed by:
A.
employees of other companies and the press.
B.
all members of the department that created the documents.
C.
only the company's employees and those listed in the document.
D.
only the individuals listed in the documents.
Question 38:
A security analyst is reviewing the latest vulnerability scan report for a web server following an incident. The vulnerability report showed no concerning findings. The vulnerability that was used to exploit the server is present in historical vulnerability scan reports, and a patch is available for the vulnerability. Which of the following is the MOST likely cause?
A.
Security patches failed to install due to a version incompatibility.
B.
An adversary altered the vulnerability scan reports.
C.
A zero-day vulnerability was used to exploit the web server.
D.
The scan reported a false negative for the vulnerability.
Question 39:
Which of the following is an algorithm performed to verify that data has not been modified?
A.
Hash
B.
Code check
C.
Encryption
D.
Checksum
Question 40:
A DBA reports that several production server hard drives were wiped over the weekend. The DBA also reports that several Linux servers were unavailable due to system files being deleted unexpectedly. A security analyst verified that software was configured to delete data deliberately from those servers. No backdoors to any servers were found. Which of the following attacks was MOST likely used to cause the data loss?
A.
Logic bomb
B.
Ransomware
C.
Fileless virus
D.
Remote access Trojans
E.
Rootkit
Question 41:
During a Chief Information Security Officer (CISO) convention to discuss security awareness, the attendees are provided with a network connection to use as a resource. As the convention progresses, one of the attendees starts to notice delays in the connection, and the HTTPS site requests are reverting to HTTP. Which of the following BEST describes what is happening?
A.
Birthday collision on the certificate key
B.
DNS hijacking to reroute traffic
C.
Brute force to the access point
D.
A SSL/TLS downgrade
Question 42:
Which of the following would best enable a systems administrator to easily determine which devices are located at a remote facility and allow policy to be pushed to only those devices?
A.
Baseline configurations
B.
Network diagrams
C.
Standard naming conventions
D.
Hot sites
Question 43:
A social media company based in North America is looking to expand into new global markets and needs to maintain compliance with international standards.
With which of the following is the company's data protection officer MOST likely concerned?
A.
NIST Framework
B.
ISO 27001
C.
GDPR
D.
PCI-DSS
Question 44:
A grocery store is expressing security and reliability concerns regarding the on-site backup strategy currently being performed by locally attached disks. The main concerns are the physical security of the backup media and the durability of the data stored on these devices. Which of the following is a cost-effective approach to address these concerns?
A.
Enhance resiliency by adding a hardware RAID.
B.
Move data to a tape library and store the tapes off-site.
C.
Install a local network-attached storage.
D.
Migrate to a cloud backup solution.
Question 45:
A security analyst is responding to a malware incident at a company. The malware connects to a command-and-control server on the internet in order to function. Which of the following should the security analyst implement first?
A.
Network segmentation
B.
IP-based firewall rules
C.
Mobile device management
D.
Content filler
Question 46:
A user is attempting to navigate to a website from inside the company network using a desktop. When the user types in the URL, https://www.site.com, the user is presented with a certificate mismatch warning from the browser. The user does not receive a warning when visiting http://www.anothersite.com. Which of the following describes this attack?
A.
On-path
B.
Domain hijacking
C.
DNS poisoning
D.
Evil twin
Question 47:
Which of the following can work as an authentication method and as an alerting mechanism for unauthorized access attempts?
A.
Smart card
B.
Push notifications
C.
Attestation service
D.
HMAC-based
E.
one-time password
Question 48:
A security analyst needs to implement an MDM solution for BYOD users that will allow the company to retain control over company emails residing on the devices and limit data exfiltration that might occur if the devices are lost or stolen. Which of the following would BEST meet these requirements? (Choose two.)
A.
Full device encryption
B.
Network usage rules
C.
Geofencing
D.
Containerization
E.
Application approve list
F.
Remote control
Question 49:
A security engineer is deploying a new wireless network for a company. The company shares office space with multiple tenants. Which of the following should the engineer configure on the wireless network to ensure that confidential data is not exposed to unauthorized users?
A.
EAP
B.
TLS
C.
HTTPS
D.
AES
Question 50:
Which of the following is the BEST example of a cost-effective physical control to enforce a USB removable media restriction policy?
A.
Putting security/antitamper tape over USB ports, logging the port numbers, and regularly inspecting the ports
B.
Implementing a GPO that will restrict access to authorized USB removable media and regularly verifying that it is enforced
C.
Placing systems into locked, key-controlled containers with no access to the USB ports
D.
Installing an endpoint agent to detect connectivity of USB and removable media
Disclaimer:
The content on this webpage is collected from various internet sources. While we strive for accuracy, we cannot guarantee its completeness or correctness. Please use it with caution and conduct further research if needed. We do not claim ownership or copyright over any content. If you find any copyrighted material or content that violates laws, please contact us for removal. By accessing this webpage, you agree to these terms. Thank you for your understanding.
The content on this webpage is collected from various internet sources. While we strive for accuracy, we cannot guarantee its completeness or correctness. Please use it with caution and conduct further research if needed. We do not claim ownership or copyright over any content. If you find any copyrighted material or content that violates laws, please contact us for removal. By accessing this webpage, you agree to these terms. Thank you for your understanding.