SY0-601 exam

An employee's company account was used in a data breach Interviews with the employee revealed: • The employee was able to avoid changing passwords by using a previous password again. • The account was accessed from a hostile, foreign nation, but the employee has never traveled to any other countries....

When planning to build a virtual environment, an administrator need to achieve the following, • Establish polices in Limit who can create new VMs • Allocate resources according to actual utilization‘ • Require justication for requests outside of the standard requirements. • Create standardized categories based on size and resource...

An analyst Is generating a security report for the management team. Security guidelines recommend disabling all listening unencrypted services. Given this output from Nmap: Which of the following should the analyst recommend to disable?A . 21/tcp B. 22/tcp C. 23/tcp D. 443/tcpView AnswerAnswer: A

A company would like to provide flexibility for employees on device preference. However, the company is concerned about supporting too many different types of hardware. Which of the following deployment models will provide the needed flexibility with the GREATEST amount of control and security over company data and infrastructure?A ....

A network engineer and a security engineer are discussing ways to monitor network operations. Which of the following is the BEST method?A . Disable Telnet and force SSH. B. Establish a continuous ping. C. Utilize an agentless monitor D. Enable SNMPv3 With passwords.View AnswerAnswer: C Explanation: An agentless monitor is...

During a security assessment, a security finds a file with overly permissive permissions. Which of the following tools will allow the analyst to reduce the permission for the existing users and groups and remove the set-user-ID from the file?A . 1s B. chflags C. chmod D. lsof E. setuidView AnswerAnswer:...

Which of the following BEST describes a technique that compensates researchers for finding vulnerabilities?A . Penetration testing B. Code review C. Wardriving D. Bug bountyView AnswerAnswer: D Explanation: A bug bounty is a technique that compensates researchers for finding vulnerabilities in software or systems. A bug bounty program is an...

Employees at a company are receiving unsolicited text messages on their corporate cell phones. The unsolicited text messages contain a password reset Link. Which of the attacks is being used to target the company?A . Phishing B. Vishing C. Smishing D. SpamView AnswerAnswer: C Explanation: Smishing is a type of...

A new vulnerability in the SMB protocol on the Windows systems was recently discovered, but no patches are currently available to resolve the issue. The security administrator is concerned tf servers in the company's DMZ will be vulnerable to external attack; however, the administrator cannot disable the service on the...

A backdoor was detected on the containerized application environment. The investigation detected that a zero-day vulnerability was introduced when the latest container image version was downloaded from a public registry. Which of the following is the BEST solution to prevent this type of incident from occurring again?A . Enforce the...