SYO-601 update Exam Questions And Revised Answers
A security analyst is reviewing the vulnerability scan report for a web server following an incident. The vulnerability that was used to exploit
the server is present in historical vulnerability scan reports, and a patch is available for the...
A security analyst is reviewing the vulnerability scan report for a web server following an
incident. The vulnerability that was used to exploit
the server is present in historical vulnerability scan reports, and a patch is available for the
vulnerability. Which of the following is the MOST
likely cause?
A. Security patches were uninstalled due to user impact.
B. An adversary altered the vulnerability scan reports
C. A zero-day vulnerability was used to exploit the web server
D. The scan reported a false negative for the vulnerability - answers✔✔Correct Answer: A
A user is attempting to navigate to a website from inside the company network using a
desktop. When the user types in the URL, https://www.site.com, the user is presented with a
certificate mismatch warning from the browser. The user does not receive a warning when
visiting http://www.anothersite.com. Which of the following describes this attack?
A. On-path
B. Domain hijacking
C. DNS poisoning
D. Evil twin - answers✔✔Correct Answer: C
Which of the following tools is effective in preventing a user from accessing unauthorized
removable media?
A. USB data blocker
B. Faraday cage
C. Proximity reader
3.A Chief Security Officer is looking for a solution that can provide increased scalability and
flexibility for back-end infrastructure, allowing it to be updated and modified without
disruption to services. The security architect would like the solution selected to reduce the
back-end server resources and has highlighted that session persistence is not important for the
applications running on the back-end servers. Which of the following would BEST meet the
requirements?
A. Reverse proxy
B. Automated patch management
C. Snapshots
D. NIC teaming - answers✔✔Correct Answer: A. Reverse proxy
4.Which of the following describes a social engineering technique that seeks to exploit a
person's sense of urgency?
A. A phishing email stating a cash settlement has been awarded but will expire soon
B. A smishing message stating a package is scheduled for pickup
C. A vishing call that requests a donation be made to a local charity
D. A SPIM notification claiming to be undercover law enforcement investigating a
cybercrime - answers✔✔Correct Answer: A. A phishing email stating a cash settlement has
been awarded but will expire soon
A security analyst is reviewing application logs to determine the source of a breach and
locates the following log: https://www.comptia.com/login.php?id='%20or%20'1'1='1 Which
of the following has been observed?
A. DLL Injection
B. API attack
C. SQLi
D. XSS - answers✔✔Correct Answer: C
An audit identified PII being utilized in the development environment of a critical
application. The Chief Privacy Officer (CPO) is adamant that this data must be removed;
however, the developers are concerned that without real data they cannot perform
functionality tests and search for specific data. Which of the following should a security
professional implement to BEST satisfy both the CPO's and the development team's
requirements?
A. Data anonymization
B. Data encryption
C. Data masking
D. Data tokenization - answers✔✔Correct Answer: A
A company is implementing a DLP solution on the file server. The file server has PII,
financial information, and health information stored on it. Depending on what type of data
that is hosted on the file server, the company wants different DLP rules assigned to the data.
Which of the following should the company do to help accomplish this goal?
A. Classify the data.
B. Mask the data.
C. Assign the application owner.
D. Perform a risk analysis. - answers✔✔Correct Answer: A
8.A forensics investigator is examining a number of unauthorized payments that were
reported on the company's website. Some unusual log entries show users received an email
for an unwanted mailing list and clicked on a link to attempt to unsubscribe. One of the users
reported the email to the phishing team, and the forwarded email revealed the link to be:
Click here to unsubscribe Which of the following will the forensics investigator MOST likely
determine has occurred?
A. SQL injection
B. Broken authentication
C. XSS
D. XSRF - answers✔✔Correct Answer: D XSRF
A report delivered to the Chief Information Security Officer (CISO) shows that some user
credentials could be exfiltrated. The report also indicates that users tend to choose the same
credentials on different systems and applications. Which of the following policies should the
CISO use to prevent someone from using the exfiltrated credentials?
A. MFA
B. Lockout
A company wants to simplify the certificate management process. The company has a single
domain with several dozen subdomains, all of which are publicly accessible on the internet.
Which of the following BEST describes the type of certificate the company should
implement?
A. Subject alternative name
B. Wildcard
C. Self-signed
D. Domain validation - answers✔✔Correct Answer: B
Which of the following is an effective tool to stop or prevent the exfiltration of data from a
network?
A. DLP
B. NIDS
C. TPM
D. FDE - answers✔✔Correct Answer: A
Several attempts have been made to pick the door lock of a secure facility. As a result, the
security engineer has been assigned to implement a stronger preventative access control.
Which of the following would BEST complete the engineer's assignment?
A. Replacing the traditional key with an RFID key
B. Installing and monitoring a camera facing the door
C. Setting motion-sensing lights to illuminate the door on activity
D. Surrounding the property with fencing and gates - answers✔✔Correct Answer: A
Which of the following can be used by a monitoring tool to compare values and detect
password leaks without providing the actual credentials?
A. Hashing B. Tokenization C. Masking D. Encryption - answers✔✔Correct Answer: A
Les avantages d'acheter des résumés chez Stuvia:
Qualité garantie par les avis des clients
Les clients de Stuvia ont évalués plus de 700 000 résumés. C'est comme ça que vous savez que vous achetez les meilleurs documents.
L’achat facile et rapide
Vous pouvez payer rapidement avec iDeal, carte de crédit ou Stuvia-crédit pour les résumés. Il n'y a pas d'adhésion nécessaire.
Focus sur l’essentiel
Vos camarades écrivent eux-mêmes les notes d’étude, c’est pourquoi les documents sont toujours fiables et à jour. Cela garantit que vous arrivez rapidement au coeur du matériel.
Foire aux questions
Qu'est-ce que j'obtiens en achetant ce document ?
Vous obtenez un PDF, disponible immédiatement après votre achat. Le document acheté est accessible à tout moment, n'importe où et indéfiniment via votre profil.
Garantie de remboursement : comment ça marche ?
Notre garantie de satisfaction garantit que vous trouverez toujours un document d'étude qui vous convient. Vous remplissez un formulaire et notre équipe du service client s'occupe du reste.
Auprès de qui est-ce que j'achète ce résumé ?
Stuvia est une place de marché. Alors, vous n'achetez donc pas ce document chez nous, mais auprès du vendeur JustTracy. Stuvia facilite les paiements au vendeur.
Est-ce que j'aurai un abonnement?
Non, vous n'achetez ce résumé que pour $23.59. Vous n'êtes lié à rien après votre achat.
