SY0-601 Online Practice Questions and Answers

A large industrial system's smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs the company's security manager notices the generator's IP is sending packets to an internal file server's IP.

Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities?

A. Segmentation

B. Firewall whitelisting

C. Containment D. isolation

As part of annual audit requirements, the security team performed a review of exceptions to the company policy that allows specific users the ability to use USB storage devices on their laptops. The review yielded the following results. The exception process and policy have been correctly followed by the majority of users A small number of users did not create tickets for the requests but were granted access All access had been approved by supervisors. Valid requests for the access sporadically occurred across multiple departments. Access, in most cases, had not been removed when it was no longer needed

Which of the following should the company do to ensure that appropriate access is not disrupted but unneeded access is removed in a reasonable time frame?

A. Create an automated, monthly attestation process that removes access if an employee's supervisor denies the approval

B. Remove access for all employees and only allow new access to be granted if the employee's supervisor approves the request

C. Perform a quarterly audit of all user accounts that have been granted access and verify the exceptions with the management team

D. Implement a ticketing system that tracks each request and generates reports listing which employees actively use USB storage devices

A recent security assessment revealed that an actor exploited a vulnerable workstation within an organization and has persisted on the network for several months. The organization realizes the need to reassess its security strategy for mitigating risks within the perimeter. Which of the following solutions would BEST support the organization's strategy?

A. FIM

B. DLP

C. EDR

D. UTM

The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, including during a pandemic or crisis. However, the CEO is concerned that some staff members may take advantage of the flexibility and work from high-risk countries while on holiday or outsource work to a third-party organization in another country. The Chief Information Officer (CIO) believes the company can implement some basic controls to mitigate the majority of the risk. Which of the following would be BEST to mitigate the CEO's concerns? (Choose two.)

A. Geolocation

B. Time-of-day restrictions

C. Certificates

D. Tokens

E. Geotagging

F. Role-based access controls

A systems administrator is looking for a solution that will help prevent OAuth applications from being leveraged by hackers to tick users into authorizing the use of their corporate credentials.

Which of the following BEST describes this solution?

A. CASB

B. UEM

C. WAF

D. VPC

During a recent security assessment, a vulnerability was found in a common OS, The OS vendor was unaware of the issue and promised to release a patch within next quarter, Which of the following BEST describes this type of vulnerability?

A. Legacy operating system

B. Weak configuration

C. Zero day

D. Supply chain

Which of the following BEST reduces the security risks introduced when running systems that have expired vendor support and lack an immediate replacement?

A. Implement proper network access restrictions

B. Initiate a bug bounty program

C. Classify the system as shadow IT.

D. Increase the frequency of vulnerability scans

An organization has activated an incident response plan due to a malware outbreak on its network The organization has brought in a forensics team that has identified an internet- facing Windows server as the likely point of initial compromise The malware family that was detected is known to be distributed by manually logging on to servers and running the malicious code Which of the following actions would be BEST to prevent reinfection from the initial infection vector?

A. Prevent connections over TFTP from the internal network

B. Create a firewall rule that blocks port 22 from the internet to the server

C. Disable file shanng over port 445 to the server

D. Block port 3389 inbound from untrusted networks

An organization is building a single virtual environment that will host customer applications and data that require availability at all times. The data center that is hosting the environment will provide generator power and ISP services. Which of the following is the best solution to support the organization's requirement?

A. NIC teaming

B. Cloud backups

C. A load balancer appliance

D. UPS

Which of the following best describes why the SMS OTP authentication method is more risky to implement than the TOTP method?

A. The SMS OTP method requires an end user to have an active mobile telephone service and SIM card.

B. Generally, SMS OTP codes are valid for up to 15 minutes, while the TOTP time frame is 30 to 60 seconds.

C. The SMS OTP is more likely to be intercepted and lead to unauthorized disclosure of the code than the TOTP method.

D. The algorithm used to generate an SMS OTP code is weaker than the one used to generate a TOTP code.