How Many Questions Of SY0-601 Questions

NEW QUESTION 1
A company’s bank has reported that multiple corporate credit cards have been stolen over the past several weeks. The bank has provided the names of the affected cardholders to the company’s forensics team to assist in the cyber-incident investigation.
An incident responder learns the following information:
The timeline of stolen card numbers corresponds closely with affected users making Internet-based purchases from diverse websites via enterprise desktop PCs.
All purchase connections were encrypted, and the company uses an SSL inspection proxy for the inspection of encrypted traffic of the hardwired network.
Purchases made with corporate cards over the corporate guest WiFi network, where no SSL inspection occurs, were unaffected.
Which of the following is the MOST likely root cause?

• A. HTTPS sessions are being downgraded to insecure cipher suites
• B. The SSL inspection proxy is feeding events to a compromised SIEM
• C. The payment providers are insecurely processing credit card charges
• D. The adversary has not yet established a presence on the guest WiFi network

Answer: C

NEW QUESTION 2
The manager who is responsible for a data set has asked a security engineer to apply encryption to the data on a hard disk. The security engineer is an example of a:

• A. data controller.
• B. data owner
• C. data custodian.
• D. data processor

Answer: D

NEW QUESTION 3
An organization routes all of its traffic through a VPN Most users are remote and connect into a corporate datacenter that houses confidential information There is a firewall at the Internet border followed by a DIP appliance, the VPN server and the datacenter itself. Which of the following is the WEAKEST design element?

• A. The DLP appliance should be integrated into a NGFW.
• B. Split-tunnel connections can negatively impact the DLP appliance's performance
• C. Encrypted VPN traffic will not be inspected when entering or leaving the network
• D. Adding two hops in the VPN tunnel may slow down remote connections

Answer: C

NEW QUESTION 4
A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and identifies successful logon attempts to access the departed executive's accounts. Which of the following security practices would have addressed the issue?

• A. A non-disclosure agreement
• B. Least privilege
• C. An acceptable use policy
• D. Ofboarding

Answer: D

NEW QUESTION 5
Under GDPR, which of the following is MOST responsible for the protection of privacy and website user rights?

• A. The data protection officer
• B. The data processor
• C. The data owner
• D. The data controller

Answer: C

NEW QUESTION 6
Employees are having issues accessing the company's website. Some employees report very slow performance, while others cannot the website at all. The web and security administrators search the logs and find millions of half-open connections to port 443 on the web server. Further analysis reveals thousands of different source IPs initiating this traffic. Which of the following attacks is MOST likely occurring?

• A. DDoS
• B. Man-in-the-middle
• C. MAC flooding
• D. Domain hijacking

Answer: A

NEW QUESTION 7
A technician needs to prevent data loss in a laboratory. The laboratory is not connected to any external networks. Which of the following methods would BEST prevent data? (Select TWO)

• A. VPN
• B. Drive encryption
• C. Network firewall
• D. File-level encryption
• E. USB blocker
• F. MFA

Answer: BE

NEW QUESTION 8
An analyst needs to identify the applications a user was running and the files that were open before the user’s computer was shut off by holding down the power button. Which of the following would MOST likely contain that information?

• A. NGFW
• B. Pagefile
• C. NetFlow
• D. RAM

Answer: C

NEW QUESTION 9
Which of the following technical controls is BEST suited for the detection and prevention of buffer overflows on hosts?

• A. DLP
• B. HIDS
• C. EDR
• D. NIPS

Answer: C

NEW QUESTION 10
A recent audit uncovered a key finding regarding the use of a specific encryption standard in a web application that is used to communicate with business customers. Due to the technical limitations of its customers the company is unable to upgrade the encryption standard. Which of the following types of controls should be used to reduce the risk created by this scenario?

• A. Physical
• B. Detective
• C. Preventive
• D. Compensating

Answer: D

NEW QUESTION 11
A public relations team will be taking a group of guest on a tour through the facility of a large e-commerce company. The day before the tour, the company sends out an email to employees to ensure all whiteboars are cleaned and all desks are cleared. The company is MOST likely trying to protect against.

• A. Loss of proprietary information
• B. Damage to the company’s reputation
• C. Social engineering
• D. Credential exposure

Answer: C

NEW QUESTION 12
Which of the following allows for functional test data to be used in new systems for testing and training purposes to protect the read data?

• A. Data encryption
• B. Data masking
• C. Data deduplication
• D. Data minimization

Answer: B

NEW QUESTION 13
A security administrator suspects an employee has been emailing proprietary information to a competitor. Company policy requires the administrator to capture an exact copy of the employee’s hard disk. Which of the following should the administrator use?

• A. dd
• B. chmod
• C. dnsenum
• D. logger

Answer: A

NEW QUESTION 14
In which of the following risk management strategies would cybersecurity insurance be used?

• A. Transference
• B. Avoidance
• C. Acceptance
• D. Mitigation

Answer: A

NEW QUESTION 15
The following is an administrative control that would be MOST effective to reduce the occurrence of malware execution?

• A. Security awareness training
• B. Frequency of NIDS updates
• C. Change control procedures
• D. EDR reporting cycle

Answer: A

NEW QUESTION 16
While checking logs, a security engineer notices a number of end users suddenly downloading files with the .t ar.gz extension. Closer examination of the files reveals they are PE32 files. The end users state they did not initiate any of the downloads. Further investigation reveals the end users all clicked on an external email containing an infected MHT file with an href link a week prior. Which of the following is MOST likely occurring?

• A. A RAT was installed and is transferring additional exploit tools.
• B. The workstations are beaconing to a command-and-control server.
• C. A logic bomb was executed and is responsible for the data transfers.
• D. A fireless virus is spreading in the local network environment.

Answer: A

NEW QUESTION 17
A network engineer notices the VPN concentrator overloaded and crashes on days when there are a lot of remote workers. Senior management has placed greater importance on the availability of VPN resources for the remote workers than the security of the end users’ traffic. Which of the following would be BEST to solve this issue?

• A. iPSec
• B. Always On
• C. Split tunneling
• D. L2TP

Answer: B

NEW QUESTION 18
A smart retail business has a local store and a newly established and growing online storefront. A recent storm caused a power outage to the business and the local ISP, resulting in several hours of lost sales and delayed order processing. The business owner now needs to ensure two things:
* Protection from power outages
* Always-available connectivity In case of an outage
The owner has decided to implement battery backups for the computer equipment Which of the following would BEST fulfill the owner's second need?

• A. Lease a point-to-point circuit to provide dedicated access.
• B. Connect the business router to its own dedicated UPS.
• C. Purchase services from a cloud provider for high availability
• D. Replace the business's wired network with a wireless network.

Answer: C

NEW QUESTION 19
An organization is developing a plan in the event of a complete loss of critical systems and data. Which of the following plans is the organization MOST likely developing?

• A. Incident response
• B. Communications
• C. Disaster recovery
• D. Data retention

Answer: C

NEW QUESTION 20
The IT department’s on-site developer has been with the team for many years. Each time an application is released, the security team is able to identify multiple vulnerabilities. Which of the following would BEST help the team ensure the application is ready to be released to production?

• A. Limit the use of third-party libraries.
• B. Prevent data exposure queries.
• C. Obfuscate the source code.
• D. Submit the application to QA before releasing it.

Answer: D

NEW QUESTION 21
A commercial cyber-threat intelligence organization observes IoCs across a variety of unrelated customers. Prior to releasing specific threat intelligence to other paid subscribers, the organization is MOST likely obligated by contracts to:

• A. perform attribution to specific APTs and nation-state actors.
• B. anonymize any PII that is observed within the IoC data.
• C. add metadata to track the utilization of threat intelligence reports.
• D. assist companies with impact assessments based on the observed data.

Answer: B

NEW QUESTION 22
A cybersecurity manager has scheduled biannual meetings with the IT team and department leaders to discuss how they would respond to hypothetical cyberattacks. During these meetings, the manager presents a scenario and injects additional information throughout the session to replicate what might occur in a dynamic cybersecurity event involving the company, its facilities, its data, and its staff. Which of the following describes what the manager is doing?

• A. Developing an incident response plan
• B. Building a disaster recovery plan
• C. Conducting a tabletop exercise
• D. Running a simulation exercise

Answer: C

NEW QUESTION 23
......