SY0-601 exam

An analyst is working on an email security incident in which the target opened an attachment containing a worm. The analyst wants to implement mitigation techniques to prevent further spread. Which of the following is the BEST course of action for the analyst to take?A . Apply a DLP solution.B...

A security assessment found that several embedded systems are running unsecure protocols. These Systems were purchased two years ago and the company that developed them is no longer in business. Which of the following constraints BEST describes the reason the findings cannot be remediated?A . inability to authenticateB . Implied...

After a phishing scam fora user's credentials, the red team was able to craft payload to deploy on a server. The attack allowed the installation of malicious software that initiates a new remote session. Which of the following types of attacks has occurred?A . Privilege escalationB . Session replayC ....

The following are the logs of a successful attack. Which of the following controls would be BEST to use to prevent such a breach in the future?A . Password historyB . Account expirationC . Password complexityD . Account lockoutView AnswerAnswer: C Explanation: To prevent such a breach in the future,...

A company wants to modify its current backup strategy to modify its current backup strategy to minimize the number of backups that would need to be restored in case of data loss. Which of the following would be the BEST backup strategyA . Incremental backups followed by differential backupsB ....

A customer has reported that an organization's website displayed an image of a smiley (ace rather than the expected web page for a short time two days earlier. A security analyst reviews log tries and sees the following around the lime of the incident: Which of the following is MOST...

A security analyst is responding to an alert from the SIEM. The alert states that malware was discovered on a host and was not automatically deleted. Which of the following would be BEST for the analyst to perform?A . Add a deny-all rule to that host in the network ACLB...

A security analyst was deploying a new website and found a connection attempting to authenticate on the site's portal. While Investigating. The incident, the analyst identified the following Input in the username field: Which of the following BEST explains this type of attack?A . DLL injection to hijack administrator servicesB...

The Chief Information Security Officer directed a risk reduction in shadow IT and created a policy requiring all unsanctioned high-risk SaaS applications to be blocked from user access. Which of the following is the BEST security solution to reduce this risk?A . CASBB . VPN concentratorC . MFAD . VPC...

A network analyst is investigating compromised corporate information. The analyst leads to a theory that network traffic was intercepted before being transmitted to the internet. The following output was captured on an internal host: Based on the IoCS, which of the following was the MOST likely attack used to compromise...