Test SY0-601
Question 1:Which of the following prevents an employee from seeing a colleague who is visiting an inappropriate website?
A.
Job rotation policy
B.
NDA
C.
AUP
D.
Separation of duties policy
Question 2:
Which of the following is the BEST action to foster a consistent and auditable incident response process?
A.
Incent new hires to constantly update the document with external knowledge.
B.
Publish the document in a central repository that is easily accessible to the organization.
C.
Restrict eligibility to comment on the process to subject matter experts of each IT silo.
D.
Rotate CIRT members to foster a shared responsibility model in the organization.
Question 3:
The new Chief Information Security Officer at a company has asked the security team to implement stronger user account policies. The new policies require:
* Users to choose a password unique to their last ten passwords
* Users to not log in from certain high-risk countries
Which of the following should the security team implement? (Choose two.)
A.
Password complexity
B.
Password history
C.
Geolocation
D.
Geofencing
E.
Geotagging
F.
Password reuse
Question 4:
A small business uses kiosks on the sales floor to display product information for customers. A security team discovers the kiosks use end-of-life operating systems. Which of the following is the security team most likely to document as a security implication of the current architecture?
A.
Patch availability
B.
Product software compatibility
C.
Ease of recovery
D.
Cost of replacement
Question 5:
A network manager wants to protect the company's VPN by multifactor authentication that uses:
• Something you know
• Something you have
• Somewhere you are
Which of the following would accomplish the manager's goal?
A.
Domain name. PKI, GeoIP lookup
B.
VPN IP address, company ID. partner site
C.
Password, authentication token, thumbprint
D.
Company URL, TLS certificate, home address
Question 6:
An organization is building a single virtual environment that will host customer applications and data that require availability at all times. The data center that is hosting the environment will provide generator power and ISP services. Which of the following is the best solution to support the organization's requirement?
A.
NIC teaming
B.
Cloud backups
C.
A load balancer appliance
D.
UPS
Question 7:
A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?
A.
Private
B.
Critical
C.
Sensitive
D.
Public
Question 8:
Which of the following roles, according to the shared responsibility model, is responsible for securing the company's database in an IaaS model for a cloud environment?
A.
Client
B.
Third-party vendor
C.
Cloud provider
D.
OBA
Question 9:
Which of the follow ng disaster recovery sites is the most cost effective to operate?
A.
Warm site
B.
Cold site
C.
Hot site
D.
Hybrid site
Question 10:
The Chief Security Officer (CSO) at a major hospital wants to implement SSO to help improve security in the environment and protect patient data, particularly at shared terminals. The Chief Risk Officer (CRO) is concerned that training and guidance have not been provided to frontline staff, and a risk analysis has not been performed. Which of the following is the MOST likely cause of the CRO's concerns?
A.
SSO would simplify username and password management, making it easier for hackers to guess accounts.
B.
SSO would reduce password fatigue, but staff would still need to remember more complex passwords.
C.
SSO would reduce the password complexity for frontline staff.
D.
SSO would reduce the resilience and availability of systems if the identity provider goes offline.
Question 11:
An employee recently resigned from a company. The employee was responsible for managing and supporting weekly batch jobs over the past five years. A few weeks after the employee resigned, one of the batch jobs failed and caused a major disruption. Which of the following would work best to prevent this type of incident from reoccurring?
A.
Job rotation
B.
Retention
C.
Outsourcing
D.
Separation of duties
Question 12:
A cybersecurity analyst reviews the log files from a web server and sees a series of files that indicate a directory traversal attack has occurred. Which of the following is the analyst MOST likely seeing?
A.
http://sample.url.com/Please-Visit-Our-Phishing-Site
B.
http://sample.url.com/someotherpageonsite/../../../etc/shadow
C.
http://sample.url.com/select-from-database-where-password-null
D.
http://redirect.sameple.url.sampleurl.com/malicious-dns-redirect
Question 13:
Which of the following best describes a use case for a DNS sinkhole?
A.
Attackers can see a DNS sinkhole as a highly valuable resource to identify a company's domain structure.
B.
A DNS sinkhole can be used to draw employees away from known-good websites to malicious ones owned by the attacker.
C.
A DNS sinkhole can be used to capture traffic to known-malicious domains used by attackers.
D.
A DNS sinkhole can be set up to attract potential attackers away from a company's network resources.
Question 14:
Which of the following tools is effective in preventing a user from accessing unauthorized removable media?
A.
USB data blocker
B.
Faraday cage
C.
Proximity reader
D.
Cable lock
Question 15:
An organization suffered numerous multiday power outages at its current location. The Chief Executive Officer wants to create a disaster recovery strategy to resolve this issue. Which of the following options offer low-cost solutions? (Choose two.)
A.
Warm site
B.
Generator
C.
Hot site
D.
Cold site
E.
Cloud backups
F.
UPS
Question 16:
Adding a value to the end of a password to create a different password hash is called:
A.
salting.
B.
key stretching.
C.
steganography.
D.
MD5 checksum.
Question 17:
An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?
A.
Smishing
B.
Phishing
C.
Impersonating
D.
Vishing
Question 18:
A security engineer is hardening existing solutions to reduce application vulnerabilities. Which of the following solutions should the engineer implement FIRST? (Choose two.)
A.
Auto-update
B.
HTTP headers
C.
Secure cookies
D.
Third-party updates
E.
Full disk encryption
F.
Sandboxing
G.
Hardware encryption
Question 19:
A company is expanding its threat surface program and allowing individuals to security test the company's internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?
A.
Open-source intelligence
B.
Bug bounty
C.
Red team
D.
Penetration testing
Question 20:
A company's Chief Information Security Officer (CISO) recently warned the security manager that the company's Chief Executive Officer (CEO) is planning to publish a controversial opinion article in a national newspaper, which may result in new cyberattacks. Which of the following would be best for the security manager to use in a threat model?
A.
Hacktivists
B.
White-hat hackers
C.
Script kiddies
D.
Insider threats
Question 21:
An administrator identifies some locations on the third floor of the building that have a poor wireless signal Multiple users confirm the incident and report it is not an isolated event. Which of the following should the administrator use to find the areas with a poor or non-existent wireless signal?
A.
Heat map
B.
Input validation
C.
Site survey
D.
Embedded systems
Question 22:
Which of the following is a policy that provides a greater depth and breadth of knowledge across an organization?
A.
Asset management policy
B.
Separation of duties policy
C.
Acceptable use policy
D.
Job rotation policy
Question 23:
A web application for a bank displays the following output when showing details about a customer's bank account:
Which of the following techniques is most likely implemented in this web application?
A.
Data minimization
B.
Data scrambling
C.
Data masking
D.
Anonymization
Question 24:
A recent audit cited a risk involving numerous low-criticality vulnerabilities created by a web application using a third-party library. The development staff state there are still customers using the application even though it is end of life and it would be a substantial burden to update the application for compatibility with more secure libraries. Which of the following would be the MOST prudent course of action?
A.
Accept the risk if there is a clear road map for timely decommission.
B.
Deny the risk due to the end-of-life status of the application.
C.
Use containerization to segment the application from other applications to eliminate the risk.
D.
Outsource the application to a third-party developer group.
Question 25:
A company is looking to migrate some servers to the cloud to minimize its technology footprint. The company has 100 databases that are on premises. Which of the following solutions will require the LEAST management and support from the company?
A.
SaaS
B.
IaaS
C.
PaaS
D.
SDN
Question 26:
Which of the following measures the average time that equipment will operate before it breaks?
A.
SLE
B.
MTBF
C.
RTO
D.
ARO
Question 27:
An organization maintains several environments in which patches are developed and tested before being deployed to an operational status. Which of the following is the environment in which patches will be deployed just prior to being put into an operational status?
A.
Development
B.
Test
C.
Production
D.
Staging
Question 28:
A research company discovered that an unauthorized piece of software has been detected on a small number of machines in its lab. The researchers collaborate with other machines using port 445 and on the Internet using port 443. The unauthorized software is starting to be seen on additional machines outside of the lab and is making outbound communications using HTTPS and SMB. The security team has been instructed to resolve the problem as quickly as possible while causing minimal disruption to the researchers. Which of the following contains the BEST course of action in this scenario?
A.
Update the host firewalls to block outbound SMB.
B.
Place the machines with the unapproved software in containment.
C.
Place the unauthorized application in a blocklist.
D.
Implement a content filter to block the unauthorized software communication.
Question 29:
A security manager is implementing MFA and patch management. Which of the following would best describe the control type and category? (Choose two.)
A.
Physical
B.
Managerial
C.
Detective
D.
Administrative
E.
Preventative
F.
Technical
Question 30:
A company is moving to new location. The systems administrator has provided the following server room requirements to the facilities staff:
• Consistent power levels in case of brownouts or voltage spikes
• A minimum of 30 minutes runtime following a power outage
• Ability to trigger graceful shutdowns of critical systems
Which of the following would BEST meet the requirements?
A.
Maintaining a standby, gas-powered generator
B.
Using large surge suppressors on computer equipment
C.
Configuring managed PDUs to monitor power levels
D.
Deploying an appropriately sized, network-connected UPS device
Question 31:
A company labeled some documents with the public sensitivity classification. This means the documents can be accessed by:
A.
employees of other companies and the press.
B.
all members of the department that created the documents.
C.
only the company's employees and those listed in the document.
D.
only the individuals listed in the documents.
Question 32:
A security analyst is reviewing the latest vulnerability scan report for a web server following an incident. The vulnerability report showed no concerning findings. The vulnerability that was used to exploit the server is present in historical vulnerability scan reports, and a patch is available for the vulnerability. Which of the following is the MOST likely cause?
A.
Security patches failed to install due to a version incompatibility.
B.
An adversary altered the vulnerability scan reports.
C.
A zero-day vulnerability was used to exploit the web server.
D.
The scan reported a false negative for the vulnerability.
Question 33:
Which of the following is an algorithm performed to verify that data has not been modified?
A.
Hash
B.
Code check
C.
Encryption
D.
Checksum
Question 34:
A DBA reports that several production server hard drives were wiped over the weekend. The DBA also reports that several Linux servers were unavailable due to system files being deleted unexpectedly. A security analyst verified that software was configured to delete data deliberately from those servers. No backdoors to any servers were found. Which of the following attacks was MOST likely used to cause the data loss?
A.
Logic bomb
B.
Ransomware
C.
Fileless virus
D.
Remote access Trojans
E.
Rootkit
Question 35:
During a Chief Information Security Officer (CISO) convention to discuss security awareness, the attendees are provided with a network connection to use as a resource. As the convention progresses, one of the attendees starts to notice delays in the connection, and the HTTPS site requests are reverting to HTTP. Which of the following BEST describes what is happening?
A.
Birthday collision on the certificate key
B.
DNS hijacking to reroute traffic
C.
Brute force to the access point
D.
A SSL/TLS downgrade
Question 36:
Which of the following would best enable a systems administrator to easily determine which devices are located at a remote facility and allow policy to be pushed to only those devices?
A.
Baseline configurations
B.
Network diagrams
C.
Standard naming conventions
D.
Hot sites
Question 37:
A social media company based in North America is looking to expand into new global markets and needs to maintain compliance with international standards.
With which of the following is the company's data protection officer MOST likely concerned?
A.
NIST Framework
B.
ISO 27001
C.
GDPR
D.
PCI-DSS
Question 38:
A grocery store is expressing security and reliability concerns regarding the on-site backup strategy currently being performed by locally attached disks. The main concerns are the physical security of the backup media and the durability of the data stored on these devices. Which of the following is a cost-effective approach to address these concerns?
A.
Enhance resiliency by adding a hardware RAID.
B.
Move data to a tape library and store the tapes off-site.
C.
Install a local network-attached storage.
D.
Migrate to a cloud backup solution.
Question 39:
A security analyst is responding to a malware incident at a company. The malware connects to a command-and-control server on the internet in order to function. Which of the following should the security analyst implement first?
A.
Network segmentation
B.
IP-based firewall rules
C.
Mobile device management
D.
Content filler
Question 40:
A user is attempting to navigate to a website from inside the company network using a desktop. When the user types in the URL, https://www.site.com, the user is presented with a certificate mismatch warning from the browser. The user does not receive a warning when visiting http://www.anothersite.com. Which of the following describes this attack?
A.
On-path
B.
Domain hijacking
C.
DNS poisoning
D.
Evil twin
Question 41:
Which of the following can work as an authentication method and as an alerting mechanism for unauthorized access attempts?
A.
Smart card
B.
Push notifications
C.
Attestation service
D.
HMAC-based
E.
one-time password
Question 42:
A security analyst needs to implement an MDM solution for BYOD users that will allow the company to retain control over company emails residing on the devices and limit data exfiltration that might occur if the devices are lost or stolen. Which of the following would BEST meet these requirements? (Choose two.)
A.
Full device encryption
B.
Network usage rules
C.
Geofencing
D.
Containerization
E.
Application approve list
F.
Remote control
Question 43:
A security engineer is deploying a new wireless network for a company. The company shares office space with multiple tenants. Which of the following should the engineer configure on the wireless network to ensure that confidential data is not exposed to unauthorized users?
A.
EAP
B.
TLS
C.
HTTPS
D.
AES
Question 44:
Which of the following is the BEST example of a cost-effective physical control to enforce a USB removable media restriction policy?
A.
Putting security/antitamper tape over USB ports, logging the port numbers, and regularly inspecting the ports
B.
Implementing a GPO that will restrict access to authorized USB removable media and regularly verifying that it is enforced
C.
Placing systems into locked, key-controlled containers with no access to the USB ports
D.
Installing an endpoint agent to detect connectivity of USB and removable media
Question 45:
A security analyst has been tasked with finding the maximum amount of data loss that can occur before ongoing business operations would be impacted. Which of the following terms BEST defines this metric?
A.
MTTR
B.
RTO
C.
RPO
D.
MTBF
Question 46:
A new plug-and-play storage device was installed on a PC in the corporate environment. Which of the following safeguards will BEST help to protect the PC from malicious files on the storage device?
A.
Change the default settings on the PC.
B.
Define the PC firewall rules to limit access.
C.
Encrypt the disk on the storage device.
D.
Plug the storage device in to the UPS.
Question 47:
A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and the IT administrator wants to ensure it does not happen again. Which of the following should the IT administrator do FIRST after recovery?
A.
Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis.
B.
Restrict administrative privileges and patch all systems and applications.
C.
Rebuild all workstations and install new antivirus software.
D.
Implement application whitelisting and perform user application hardening.
Question 48:
A technician enables full disk encryption on a laptop that will be taken on a business trip. Which of the following does this process BEST protect?
A.
Data in transit
B.
Data in processing
C.
Data at rest
D.
Data tokenization
Question 49:
Which of the following best describes a penetration test that resembles an actual external attack?
A.
Known environment
B.
Partially known environment
C.
Bug bounty
D.
Unknown environment
Question 50:
Law enforcement officials sent a company a notification that states electronically stored information and paper documents cannot be destroyed. Which of the following explains this process?
A.
Data breach notification
B.
Accountability
C.
Legal hold
D.
Chain of custody
Disclaimer:
The content on this webpage is collected from various internet sources. While we strive for accuracy, we cannot guarantee its completeness or correctness. Please use it with caution and conduct further research if needed. We do not claim ownership or copyright over any content. If you find any copyrighted material or content that violates laws, please contact us for removal. By accessing this webpage, you agree to these terms. Thank you for your understanding.
The content on this webpage is collected from various internet sources. While we strive for accuracy, we cannot guarantee its completeness or correctness. Please use it with caution and conduct further research if needed. We do not claim ownership or copyright over any content. If you find any copyrighted material or content that violates laws, please contact us for removal. By accessing this webpage, you agree to these terms. Thank you for your understanding.