SY0-601 exam

A security analyst is reviewing the output of a web server log and notices a particular account is attempting to transfer large amounts of money: Which of the following types of attack is MOST likely being conducted?A . SQLiB . CSRFC . Session replayD . APIView AnswerAnswer: C

A RAT that was used to compromise an organization’s banking credentials was found on a user’s computer. The RAT evaded antivirus detection. It was installed by a user who has local administrator rights to the system as part of a remote management tool set. Which of the following recommendations would...

An organization is concerned that its hosted web servers are not running the most updated version of the software. Which of the following would work BEST to help identify potential vulnerabilities?A . hping3 -S corsptia.org -p 80B . nc ―1 ―v comptia.org -p 80C . nmap comptia.org -p 80 ―sVD...

Following a prolonged datacenter outage that affected web-based sales, a company has decided to move its operations to a private cloud solution. The security team has received the following requirements: • There must be visibility into how teams are using cloud-based services. • The company must be able to identify...

The Chief Financial Officer (CFO) of an insurance company received an email from Ann, the company’s Chief Executive Officer (CEO), requesting a transfer of $10,000 to an account. The email states Ann is on vacation and has lost her purse, containing cash and credit cards. Which of the following social-engineering...

An information security incident recently occurred at an organization, and the organization was required to report the incident to authorities and notify the affected parties. When the organization's customers became of aware of the incident, some reduced their orders or stopped placing orders entirely. Which of the following is the...

A security analyst needs to complete an assessment. The analyst is logged into a server and must use native tools to map services running on it to the server's listening ports. Which of the following tools can BEST accomplish this talk?A . NetcatB . NetstatC . NmapD . NessusView AnswerAnswer:...

Which of the following BEST explains the reason why a server administrator would place a document named password.txt on the desktop of an administrator account on a server?A . The document is a honeyfile and is meant to attract the attention of a cyberintruder.B . The document is a backup...

Which of the following will MOST likely adversely impact the operations of unpatched traditional programmable-logic controllers, running a back-end LAMP server and OT systems with human-management interfaces that are accessible over the Internet via a web interface? (Choose two.)A . Cross-site scriptingB . Data exfiltrationC . Poor system loggingD ....

Which of the following job roles would sponsor data quality and data entry initiatives that ensure business and regulatory requirements are met?A . The data ownerB . The data processorC . The data stewardD . The data privacy officer.View AnswerAnswer: C