SY0-601 Online Practice Questions and Answers

A security analyst notices several attacks are being blocked by the NIPS but does not see anything on the boundary firewall logs. The attack seems to have been thwarted Which of the following resiliency techniques was applied to the network to prevent this attack?

A. NIC Teaming

B. Port mirroring

C. Defense in depth

D. High availability

E. Geographic dispersal

A security researcher has alerted an organization that its sensitive user data was found for sale on a website. Which of the following should the organization use to inform the affected parties?

A. An incident response plan

B. A communications plan

C. A business continuity plan

D. A disaster recovery plan

A security engineer needs to Implement the following requirements:

1.

All Layer 2 switches should leverage Active Directory tor authentication.

2.

All Layer 2 switches should use local fallback authentication If Active Directory Is offline.

3.

All Layer 2 switches are not the same and are manufactured by several vendors.

Which of the following actions should the engineer take to meet these requirements? (Select TWO).

A. Implement RADIUS.

B. Configure AAA on the switch with local login as secondary

C. Configure port security on the switch with the secondary login method.

D. Implement TACACS+

E. Enable the local firewall on the Active Directory server.

F. Implement a DHCP server

As part of annual audit requirements, the security team performed a review of exceptions to the company policy that allows specific users the ability to use USB storage devices on their laptops. The review yielded the following results. The exception process and policy have been correctly followed by the majority of users A small number of users did not create tickets for the requests but were granted access All access had been approved by supervisors. Valid requests for the access sporadically occurred across multiple departments. Access, in most cases, had not been removed when it was no longer needed

Which of the following should the company do to ensure that appropriate access is not disrupted but unneeded access is removed in a reasonable time frame?

A. Create an automated, monthly attestation process that removes access if an employee's supervisor denies the approval

B. Remove access for all employees and only allow new access to be granted if the employee's supervisor approves the request

C. Perform a quarterly audit of all user accounts that have been granted access and verify the exceptions with the management team

D. Implement a ticketing system that tracks each request and generates reports listing which employees actively use USB storage devices

A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering. Which of the following teams will conduct this assessment activity?

A. White

B. Purple

C. Blue

D. Red

Which of the following secure application development concepts aims to block verbose error messages from being shown in a user's interface?

A. OWASP

B. Obfuscation/camouflage

C. Test environment

D. Prevent of information exposure

The local administrator account for a company's VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have prevented this from happening?

A. Using least privilege

B. Changing the default password

C. Assigning individual user IDs

D. Implementing multifactor authentication

A security engineer is concerned about using an agent on devices that relies completely on defined known-bad signatures. The security engineer wants to implement a tool with multiple components including the ability to track, analyze, and monitor devices without reliance on definitions alone. Which of the following solutions BEST fits this use case?

A. EDR

B. DLP

C. NGFW

D. HIPS

An engineer recently deployed a group of 100 web servers in a cloud environment. Per the security policy, all web-server ports except 443 should be disabled. Which of the following can be used to accomplish this task?

A. Application allow list

B. SWG

C. Host-based firewall

D. VPN

A company has determined that if its computer-based manufacturing is not functioning for 12 consecutive hours, it will lose more money that it costs to maintain the equipment. Which of the following must be less than 12 hours to maintain a positive total cost of ownership?

A. MTBF

B. RPO

C. RTO

D. MTTR

A company is designing the layout of a new datacenter so it will have an optimal environmental temperature Which of the following must be included? (Select TWO)

A. An air gap

B. A cold aisle

C. Removable doors

D. A hot aisle

E. An loT thermostat

F. A humidity monitor

After installing a Windows server, a cybersecurity administrator needs to harden it, following security best practices. Which of the following will achieve the administrator's goal? (Select TWO).

A. Disabling guest accounts

B. Disabling service accounts

C. Enabling network sharing

D. Disabling NetBIOS over TCP/IP

E. Storing LAN manager hash values

F. Enabling NTLM

A external forensics investigator has been hired to investigate a data breach at a large enterprise with numerous assets. It is known that the breach started in the DMZ and moved to the sensitive information, generating multiple logs as the attacker traversed through the network. Which of the following will BEST assist with this investigation?

A. Perform a vulnerability scan to identify the weak spots.

B. Use a packet analyzer to investigate the NetFlow traffic

C. Check the SIEM to review the correlated logs.

D. Require access to the routers to view current sessions,

Which of the following control sets should a well-written BCP include? (Select THREE)

A. Preventive

B. Detective

C. Deterrent

D. Corrective

E. Compensating

F. Physical

G. Recovery

A pharmaceutical sales representative logs on to a laptop and connects to the public WiFi to check emails and update reports. Which of the following would be BEST to prevent other devices on the network from directly accessing the laptop? (Choose two.)

A. Trusted Platform Module

B. A host-based firewall

C. A DLP solution

D. Full disk encryption

E. A VPN

F. Antivirus software