SY0-601 exam

An organization wants to integrate its incident response processes into a workflow with automated decision points and actions based on predefined playbooks. Which of the following should the organization implement?A . SIEMB . SOARC . EDRD . CASBView AnswerAnswer: B Explanation: Security Orchestration, Automation, and Response (SOAR) should be implemented...

After a hardware incident, an unplanned emergency maintenance activity was conducted to rectify the issue. Multiple alerts were generated on the SIEM during this period of time. Which of the following BEST explains what happened?A . The unexpected traffic correlated against multiple rules, generating multiple alerts.B . Multiple alerts were...

A bad actor tries to persuade someone to provide financial information over the phone in order to gain access to funds. Which of the following types of attacks does this scenario describe?A . VishingB . PhishingC . Spear phishingD . WhalingView AnswerAnswer: A Explanation: Vishing is a social engineering attack...

An analyst Is generating a security report for the management team. Security guidelines recommend disabling all listening unencrypted services. Given this output from Nmap: Which of the following should the analyst recommend to disable?A . 21/tcpB . 22/tcpC . 23/tcpD . 443/tcpView AnswerAnswer: A Explanation:

Which of the following conditions impacts data sovereignty?A . Rights managementB . Criminal investigationsC . Healthcare dataD . International operationsView AnswerAnswer: D Explanation: Data sovereignty refers to the legal concept that data is subject to the laws and regulations of the country in which it is located. International operations can...

A security analyst is investigating multiple hosts that are communicating to external IP addresses during the hours of 2:00 a.m - 4:00 am. The malware has evaded detection by traditional antivirus software. Which of the following types of malware is MOST likely infecting the hosts?A . A RATB . RansomwareC...

Which of the following BEST describes a social-engineering attack that relies on an executive at a small business visiting a fake banking website where credit card and account details are harvested?A . WhalingB . SpamC . Invoice scamD . PharmingView AnswerAnswer: A Explanation: A social engineering attack that relies on...

A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?A . Default system configurationB . Unsecure protocolsC . Lack of vendor supportD . Weak encryptionView AnswerAnswer: C Explanation: Using legacy software to support a critical...

Which of the following disaster recovery tests is the LEAST time consuming for the disaster recovery team?A . TabletopB . ParallelC . Full interruptionD . SimulationView AnswerAnswer: A Explanation: A tabletop exercise is a type of disaster recovery test that simulates a disaster scenario in a discussion-based format, without actually...

Which of the following environments utilizes dummy data and is MOST likely to be installed locally on a system that allows code to be assessed directly and modified easily with each build?A . ProductionB . TestC . StagingD . DevelopmentView AnswerAnswer: D Explanation: A development environment is the environment that...