SY0-601 exam

The security team received a report of copyright infringement from the IP space of the corporate network. The report provided a precise time stamp for the incident as well as the name of the copyrighted files. The analyst has been tasked with determining the infringing source machine and instructed to...

An organization wants seamless authentication to its applications. Which of the following should the organization employ to meet this requirement?A . SOAP B. SAML C. SSO D. KerberosView AnswerAnswer: C Explanation: Single Sign-On (SSO) is a mechanism that allows users to access multiple applications with a single set of login...

Which of the following is the MOST secure but LEAST expensive data destruction method for data that is stored on hard drives?A . Pulverizing B. Shredding C. Incinerating D. DegaussingView AnswerAnswer: B Explanation: Shredding may be the most secure and cost-effective way to destroy electronic data in any media that...

A security analyst wants to verify that a client-server (non-web) application is sending encrypted traffic. Which of the following should the analyst use?A . openssl B. hping C. netcat D. tcpdumpView AnswerAnswer: A Explanation: To verify that a client-server (non-web) application is sending encrypted traffic, a security analyst can use...

A developer is building a new portal to deliver single-pane-of-glass management capabilities to customers with multiple firewalls. To Improve the user experience, the developer wants to implement an authentication and authorization standard that uses security tokens that contain assertions to pass user Information between nodes. Which of the following roles...

A business is looking for a cloud service provider that offers a la carte services, including cloud backups, VM elasticity, and secure networking. Which of the following cloud service provider types should business engage?A . A laaS B. PaaS C. XaaS D. SaaSView AnswerAnswer: A Explanation: Infrastructure as a Service...

During an incident a company CIRT determine it is necessary to observe the continued network-based transaction between a callback domain and the malware running on an enterprise PC. Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk...

A security analyst has received several reports of an issue on an internal web application. Users state they are having to provide their credentials twice to log in. The analyst checks with the application team and notes this is not an expected behavior. After looking at several logs, the analyst...

A security administrator is setting up a SIEM to help monitor for notable events across the enterprise. Which of the following control types does this BEST represent?A . Preventive B. Compensating C. Corrective D. DetectiveView AnswerAnswer: D Explanation: A SIEM is a security solution that helps detect security incidents by...

A company is implementing a new SIEM to log and send alerts whenever malicious activity is blocked by its antivirus and web content filters. Which of the following is the primary use case for this scenario?A . Implementation of preventive controls B. Implementation of detective controls C. Implementation of deterrent...