SY0-601

A manufacturer creates designs for very high security products that are required to be protected and controlled by the government regulations. These designs are not accessible by corporate networks or the Internet . Which of the following is the BEST solution to protect these designs?A . An air gapB ....

An organization needs to implement more stringent controls over administrator/root credentials and service accounts. Requirements for the project include: ✑ Check-in/checkout of credentials ✑ . The ability to use but not know the password ✑ Automated password changes ✑ Logging of access to credentials Which of the following solutions would...

A network administrator has been alerted that web pages are experiencing long load times. After determining it is not a routing or DNS issue, the administrator logs in to the router, runs a command, and receives the following output: Which of the following is the router experiencing?A . DDoS attackB...

When selecting a technical solution for identity management, an architect chooses to go from an in-house to a third-party SaaS provider . Which of the following risk management strategies is this an example of?A . AcceptanceB . MitigationC . AvoidanceD . TransferenceView AnswerAnswer: D Explanation: Risk Transference refers to the...

A security analyst has received an alert about being sent via email. The analyst’s Chief information Security Officer (CISO) has made it clear that PII must be handle with extreme care From which of the following did the alert MOST likely originate?A . S/MIMEB . DLPC . IMAPD . HIDSView...

A security analyst receives a SIEM alert that someone logged in to the appadmin test account, which is only used for the early detection of attacks. The security analyst then reviews the following application log: Which of the following can the security analyst conclude?A . A replay attack is being...

Which of the following will MOST likely adversely impact the operations of unpatched traditional programmable-logic controllers, running a back-end LAMP server and OT systems with human-management interfaces that are accessible over the Internet via a web interface? (Choose two.)A . Cross-site scriptingB . Data exfiltrationC . Poor system loggingD ....

Which of the following are the MOST likely vectors for the unauthorized inclusion of vulnerable code in a software company’s final software releases? (Select TWO.)A . Unsecure protocolsB . Use of penetration-testing utilitiesC . Weak passwordsD . Included third-party librariesE . Vendors/supply chainF . Outdated anti-malware softwareView AnswerAnswer: D,E

Which of the following BEST explains the difference between a data owner and a data custodian?A . The data owner is responsible for adhering to the rules for using the data, while the data custodian is responsible for determining the corporate governance regarding the dataB . The data owner is...

Which of the following policies would help an organization identify and mitigate potential single points of failure in the company’s IT/security operations?A . Least privilegeB . Awareness trainingC . Separation of dutiesD . Mandatory vacationView AnswerAnswer: C Explanation: Separation of duties - is a means of establishing checks and balances...