Free preview mode
Enjoy the free questions and consider upgrading to gain full access!
SY0-601
Free trial
Verified
Question 126
An analyst is trying to identify insecure services that are running on the internal network. After performing a port scan, the analyst identifies that a server has some insecure services enabled on default ports. Which of the following BEST describes the services that are currently running and the secure alternatives for replacing them? (Choose three.)
Question 127
A security analyst needs to produce a document that details how a security incident occurred, the steps that were taken for recovery, and how future incidents can be avoided. During which of the following stages of the response process will this activity take place?
- A: Recovery
- B: Identification
- C: Lessons learned
- D: Preparation
Question 128
An administrator is configuring a firewall rule set for a subnet to only access DHCP, web pages, and SFTP, and to specifically block FTP. Which of the following would BEST accomplish this goal?
- A: [Permission Source Destination Port] Allow: Any Any 80 - Allow: Any Any 443 - Allow: Any Any 67 - Allow: Any Any 68 - Allow: Any Any 22 - Deny: Any Any 21 - Deny: Any Any
- B: [Permission Source Destination Port] Allow: Any Any 80 - Allow: Any Any 443 - Allow: Any Any 67 - Allow: Any Any 68 - Deny: Any Any 22 - Allow: Any Any 21 - Deny: Any Any
- C: [Permission Source Destination Port] Allow: Any Any 80 - Allow: Any Any 443 - Allow: Any Any 22 - Deny: Any Any 67 - Deny: Any Any 68 - Deny: Any Any 21 - Allow: Any Any
- D: [Permission Source Destination Port] Allow: Any Any 80 - Allow: Any Any 443 - Deny: Any Any 67 - Allow: Any Any 68 - Allow: Any Any 22 - Allow: Any Any 21 - Allow: Any Any
Question 129
While investigating a recent security incident, a security analyst decides to view all network connections on a particular server. Which of the following would provide the desired information?
- A: arp
- B: nslookup
- C: netstat
- D: nmap
Question 130
A company recently decided to allow its employees to use their personally owned devices for tasks like checking email and messaging via mobile applications. The company would like to use MDM, but employees are concerned about the loss of personal data. Which of the following should the IT department implement to BEST protect the company against company data loss while still addressing the employees’ concerns?
- A: Enable the remote-wiping option in the MDM software in case the phone is stolen.
- B: Configure the MDM software to enforce the use of PINs to access the phone.
- C: Configure MDM for FDE without enabling the lock screen.
- D: Perform a factory reset on the phone before installing the company's applications.
Question 131
The concept of connecting a user account across the systems of multiple enterprises is BEST known as:
- A: federation.
- B: a remote access policy.
- C: multifactor authentication.
- D: single sign-on.
Question 132
A user received an SMS on a mobile phone that asked for bank details. Which of the following social-engineering techniques was used in this case?
- A: SPIM
- B: Vishing
- C: Spear phishing
- D: Smishing
Question 133
A company is working on mobile device security after a report revealed that users granted non-verified software access to corporate data. Which of the following is the MOST effective security control to mitigate this risk?
- A: Block access to application stores
- B: Implement OTA updates
- C: Update the BYOD policy
- D: Deploy a uniform firmware
Question 134
A company is auditing the manner in which its European customers' personal information is handled. Which of the following should the company consult?
- A: GDPR
- B: ISO
- C: NIST
- D: PCI DSS
Question 135
A security analyst needs to implement security features across smartphones, laptops, and tablets. Which of the following would be the MOST effective across heterogeneous platforms?
- A: Enforcing encryption
- B: Deploying GPOs
- C: Removing administrative permissions
- D: Applying MDM software
Question 136
The new Chief Information Security Officer at a company has asked the security team to implement stronger user account policies. The new policies require:
- Users to choose a password unique to their last ten passwords
- Users to not log in from certain high-risk countries
Which of the following should the security team implement? (Choose two.)
- A: Password complexity
- B: Password history
- C: Geolocation
- D: Geofencing
- E: Geotagging
- F: Password reuse
Question 137
Which of the following is MOST likely to outline the roles and responsibilities of data controllers and data processors?
- A: SSAE SOC 2
- B: PCI DSS
- C: GDPR
- D: ISO 31000
Question 138
Which of the following is MOST likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented?
- A: An RTO report
- B: A risk register
- C: A business impact analysis
- D: An asset value register
- E: A disaster recovery plan
Question 139
A worldwide manufacturing company has been experiencing email account compromises. In one incident, a user logged in from the corporate office in France, but then seconds later, the same user account attempted a login from Brazil. Which of the following account policies would BEST prevent this type of attack?
- A: Network location
- B: Impossible travel time
- C: Geolocation
- D: Geofencing
Question 140
A new vulnerability in the SMB protocol on the Windows systems was recently discovered, but no patches are currently available to resolve the issue. The security administrator is concerned that servers in the company’s DMZ will be vulnerable to external attack; however, the administrator cannot disable the service on the servers, as SMB is used by a number of internal systems and applications on the LAN. Which of the following TCP ports should be blocked for all external inbound connections to the DMZ as a workaround to protect the servers? (Choose two.)
- A: 135
- B: 139
- C: 143
- D: 161
- E: 443
- F: 445
Question 141
A recent phishing campaign resulted in several compromised user accounts. The security incident response team has been tasked with reducing the manual labor of filtering through all the phishing emails as they arrive and blocking the sender’s email address, along with other time-consuming mitigation actions. Which of the following can be configured to streamline those tasks?
- A: SOAR playbook
- B: MDM policy
- C: Firewall rules
- D: URL filter
- E: SIEM data collection
Question 142
A user reports constant lag and performance issues with the wireless network when working at a local coffee shop. A security analyst walks the user through an installation of Wireshark and gets a five-minute pcap to analyze. The analyst observes the following output:
Which of the following attacks does the analyst MOST likely see in this packet capture?
- A: Session replay
- B: Evil twin
- C: Bluejacking
- D: ARP poisoning
Question 143
A security analyst is reviewing the following output from a system:
Which of the following is MOST likely being observed?
- A: ARP poisoning
- B: Man in the middle
- C: Denial of service
- D: DNS poisoning
Question 144
Which of the following concepts BEST describes tracking and documenting changes to software and managing access to files and systems?
- A: Version control
- B: Continuous monitoring
- C: Stored procedures
- D: Automation
Question 145
Which of the following are common VoIP-associated vulnerabilities? (Choose two.)
- A: SPIM
- B: Vishing
- C: Hopping
- D: Phishing
- E: Credential harvesting
- F: Tailgating
Question 146
A penetration tester is brought on site to conduct a full attack simulation at a hospital. The penetration tester notices a WAP that is hanging from the drop ceiling by its cabling and is reachable. Which of the following recommendations would the penetration tester MOST likely make given this observation?
- A: Employ a general contractor to replace the drop-ceiling tiles.
- B: Place the network cabling inside a secure conduit.
- C: Secure the access point and cabling inside the drop ceiling.
- D: Utilize only access points that have internal antennas
Question 147
Which of the following techniques eliminates the use of rainbow tables for password cracking?
- A: Hashing
- B: Tokenization
- C: Asymmetric encryption
- D: Salting
Question 148
During a security assessment, a security analyst finds a file with overly permissive permissions. Which of the following tools will allow the analyst to reduce the permissions for the existing users and groups and remove the set-user-ID bit from the file?
- A: ls
- B: chflags
- C: chmod
- D: lsof
- E: setuid
Question 149
A network administrator is concerned about users being exposed to malicious content when accessing company cloud applications. The administrator wants to be able to block access to sites based on the AUP. The users must also be protected because many of them work from home or at remote locations, providing on-site customer support. Which of the following should the administrator employ to meet these criteria?
- A: Implement NAC.
- B: Implement an SWG.
- C: Implement a URL filter.
- D: Implement an MDM.
Question 150
A website developer is working on a new e-commerce website and has asked an information security expert for the most appropriate way to store credit card numbers to create an easy reordering process. Which of the following methods would BEST accomplish this goal?
- A: Salting the magnetic strip information
- B: Encrypting the credit card information in transit
- C: Hashing the credit card numbers upon entry
- D: Tokenizing the credit cards in the database
Free preview mode
Enjoy the free questions and consider upgrading to gain full access!