SY0-601 exam

A retail company that is launching @ new website to showcase the company’s product line and other information for online shoppers registered the following URLs: * www companysite com * shop companysite com * about-us companysite com contact-us. companysite com secure-logon company site com Which of the following should the...

A security analyst has received several reports of an issue on an internal web application. Users state they are having to provide their credentials twice to log in. The analyst checks with the application team and notes this is not an expected behavior. After looking at several logs, the analyst...

A global company is experiencing unauthorized logging due to credential theft and account lockouts caused by brute-force attacks. The company is considering implementing a third-party identity provider to help mitigate these attacks. Which of the following would be the BEST control for the company to require from prospective vendors?A ....

A security analyst is running a vulnerability scan to check for missing patches during a suspected security rodent During which of the following phases of the response process is this activity MOST likely occurring?A . ContainmentB . IdentificationC . RecoveryD . PreparationView AnswerAnswer: B Explanation: Vulnerability scanning is a proactive...

A company is implementing a new SIEM to log and send alerts whenever malicious activity is blocked by its antivirus and web content filters. Which of the following is the primary use case for this scenario?A . Implementation of preventive controlsB . Implementation of detective controlsC . Implementation of deterrent...

A security analyst reports a company policy violation in a case in which a large amount of sensitive data is being downloaded after hours from various mobile devices to an external site. Upon further investigation, the analyst notices that successful login attempts are being conducted with impossible travel times during...

Which of the following must be in place before implementing a BCP?A . SLAB . AUPC . NDAD . BIAView AnswerAnswer: D Explanation: A Business Impact Analysis (BIA) is a critical component of a Business Continuity Plan (BCP). It identifies and prioritizes critical business functions and determines the impact of...

Which of the following would MOST likely be identified by a credentialed scan but would be missed by an uncredentialed scan?A . Vulnerabilities with a CVSS score greater than 6.9.B . Critical infrastructure vulnerabilities on non-IP protocols.C . CVEs related to non-Microsoft systems such as printers and switches.D . Missing...

Which of the following uses six initial steps that provide basic control over system security by including hardware and software inventory, vulnerability management, and continuous monitoring to minimize risk in all network environments?A . ISO 27701B . The Center for Internet SecurityC . SSAE SOC 2D . NIST Risk Management...

Remote workers in an organization use company-provided laptops with locally installed applications and locally stored data Users can store data on a remote server using an encrypted connection. The organization discovered data stored on a laptop had been made available to the public. Which of the following security solutions would...