SY0-601 Exam Questions - Real & Updated Questions PDF [Q249-Q272]

NO.249 Security analyst must enforce policies to harden an MOM infrastructure. The requirements are as follows:
– Ensure mobile devices can be traded and wiped.
– Confirm mobile devices are encrypted.
Which of the following should the analyst enable on all the devices to meet these requirements?

Geofencing

Biometric authentication

Geolocation

Geotagging

NO.250 An organization routes all of its traffic through a VPN Most users are remote and connect into a corporate datacenter that houses confidential information There is a firewall at the Internet border followed by a DIP appliance, the VPN server and the datacenter itself.
Which of the following is the WEAKEST design element?

The DLP appliance should be integrated into a NGFW.

Split-tunnel connections can negatively impact the DLP appliance’s performance

Encrypted VPN traffic will not be inspected when entering or leaving the network

Adding two hops in the VPN tunnel may slow down remote connections

NO.251 A company was recently breached Part of the company’s new cybersecurity strategy is to centralize the logs from all security devices Which of the following components forwards the logs to a central source?

Log enrichment
B Log aggregation

Log parser

Log collector

NO.252 A company has been experiencing very brief power outages from its utility company over the last few months.
These outages only last for one second each time. The utility company is aware of the issue and is working to replace a faulty transformer. Which of the following BEST describes what the company should purchase to ensure its critical servers and network devices stay online?

Dual power supplies

A UPS

A generator

APDU

NO.253 A newly purchased corporate WAP needs to be configured in the MOST secure manner possible.
INSTRUCTIONS
Please click on the below items on the network diagram and configure them accordingly:
WAP
DHCP Server
AAA Server
Wireless Controller
LDAP Server
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

NO.254 A recent security audit reveaied that @ popular website with IP address 172.16 1 also has an FTP service thal employees were using to store sensitive corporate data. The organization’s outbound firewall processes rules top-down. Which of the following would permit HTTP and HTTPS, while denying all other services for this host?

NO.255 n organization plans to transition the intrusion detection and prevention techniques on a critical subnet to an anomaly-based system. Which of the following does the organization need to determine for this to be successful?

The baseline

The endpoint configurations

The adversary behavior profiles

The IPS signatures

NO.256 A security analyst is evaluating solutions to deploy an additional layer of protection for a web application The goal is to allow only encrypted communications without relying on network devices Which of the following can be implemented?

HTTP security header

DNSSEC implementation

SRTP

S/MIME

NO.257 A junior systems administrator noticed that one of two hard drives in a server room had a red error notification. The administrator removed the hard drive to replace it but was unaware that the server was configured in an array. Which of the following configurations would ensure no data is lost?

RAID 0

RAID 1

RAID 2

RAID 3

NO.258 An end user reports a computer has been acting slower than normal for a few weeks. During an investigation, an analyst determines the system is sending the user’s email address and a ten-digit number to an IP address once a day. The only recent log entry regarding the user’s computer is the following:

Which of the following is the MOST likely cause of the issue?

The end user purchased and installed a PUP from a web browser

A bot on the computer is brute forcing passwords against a website

A hacker is attempting to exfiltrate sensitive data

Ransomware is communicating with a command-and-control server.

NO.259 An organization recently acquired an ISO 27001 certification. Which of the following would MOST likely be considered a benefit of this certification?

It allows for the sharing of digital forensics data across organizations

It provides insurance in case of a data breach

It provides complimentary training and certification resources to IT security staff.

It certifies the organization can work with foreign entities that require a security clearance

It assures customers that the organization meets security standards

NO.260 Entering a secure area requires passing through two doors, both of which require someone who is already inside to initiate access. Which of the following types of physical security controls does this describe?

Cameras
B: Faraday cage

Access control vestibule

Sensors

Guards

NO.261 Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.
INSTRUCTIONS
Not all attacks and remediation actions will be used.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

NO.262 A company was compromised, and a security analyst discovered the attacker was able to get access to a service account. The following logs were discovered during the investigation:

Which of the following MOST likely would have prevented the attacker from learning the service account name?

Race condition testing

Proper error handling

Forward web server logs to a SIEM

Input sanitization

NO.263 A large financial services firm recently released information regarding a security breach within its corporate network that began several years before. During the time frame in which the breach occurred, indicators show an attacker gained administrative access to the network through a file downloaded from a social media site and subsequently installed it without the user’s knowledge. Since the compromise, the attacker was able to take command and control the computer systems anonymously while obtaining sensitive corporate and personal employee information. Which of the following methods did the attacker MOST likely use to gain access?

A bot

A fileless virus

A logic bomb

A RAT

NO.264 A company is setting up a web server on the Internet that will utilize both encrypted and unencrypted web-browsing protocols. A security engineer runs a port scan against the server from the Internet and sees the following output:

Which of the following steps would be best for the security engineer to take NEXT?

Allow DNS access from the internet.

Block SMTP access from the Internet

Block HTTPS access from the Internet

Block SSH access from the Internet.

NO.265 A security analyst is reviewing the output of a web server log and notices a particular account is attempting to transfer large amounts of money:

Which of the following types of attack is MOST likely being conducted?

SQLi

CSRF

Session replay

API

NO.266 Which of the following describes the ability of code to target a hypervisor from inside

Fog computing

VM escape

Software-defined networking

Image forgery

Container breakout

NO.267 Asecurity engineer needs to recommend a solution to defend against malicious actors misusing protocols and being allowed through network defenses Which of the following will the engineer MOST likely recommend?

Acontent filter

AWAF

Anext-generation firewall

An IDS

NO.268 A security analyst needs to be able to search and correlate logs from multiple sources in a single tool Which of the following would BEST allow a security analyst to have this ability?

SOAR

SIEM

Log collectors

Network-attached storage

NO.269 An attacked is attempting to exploit users by creating a fake website with the URL www.validwebsite.com.
The attacker’s intent is to imitate the look and feel of a legitimate website to obtain personal information from unsuspecting users. Which of the following social-engineering attacks does this describe?

Information elicitation

Typo squatting

Impersonation

Watering-hole attack

NO.270 An analyst visits an internet forum looking for information about a tool. The analyst finds a threat that appears to contain relevant information. One of the posts says the following:

Which of the following BEST describes the attack that was attempted against the forum readers?

SOU attack

DLL attack

XSS attack

API attack

NO.271 A security manager for a retailer needs to reduce the scope of a project to comply with PCI DSS.
The PCI data is located in different offices than where credit cards are accepted. All the offices are connected via MPLS back to the primary datacenter. Which of the following should the security manager implement to achieve the objective?

Segmentation

Containment

Geofencing

Isolation

NO.272 A security analyst was deploying a new website and found a connection attempting to authenticate on the site’s portal. While Investigating The incident, the analyst identified the following Input in the username field:

Which of the following BEST explains this type of attack?