SY0-601 exam

A database administrator wants to grant access to an application that will be reading and writing data to a database. The database is shared by other applications also used by the finance department. Which of the following account types Is MOST appropriate for this purpose?A . Service B. Shared C....

A security analyst was asked to evaluate a potential attack that occurred on a publicly accessible section of the company's website. The malicious actor posted an entry in an attempt to trick users into cltckmg the following: Which of the following was MOST likely observed?A . DLL injection B. Session...

Which of the following is the BEST example of a cost-effective physical control to enforce a USB removable media restriction policy?A . Putting security/antitamper tape over USB ports logging the port numbers and regularly inspecting the ports B. Implementing a GPO that will restrict access to authorized USB removable media...

An administrator is experiencing issues when trying to upload a support file to a vendor A pop-up message reveals that a payment card number was found in the file, and the file upload was Mocked. Which of the following controls is most likely causing this issue and should be checked...

During a recent penetration test, the tester discovers large amounts of data were exfiltrated over the course of 12 months via the internet. The penetration tester stops the test to inform the client of the findings. Which of the following should be the client's NEXT step to mitigate the issue''A...

A security engineer was assigned to implement a solution to prevent attackers from gaining access by pretending to be authorized users. Which of the following technologies meets the requirement?A . SSO B. IDS C. MFA D. TPMView AnswerAnswer: C

An attacker was eavesdropping on a user who was shopping online. The attacker was able to spoof the IP address associated with the shopping site. Later, the user received an email regarding the credit card statement with unusual purchases. Which of the following attacks took place?A . On-path attack B....

Which of the following is the MOST relevant security check to be performed before embedding third-parry libraries in developed code?A . Check to see if the third party has resources to create dedicated development and staging environments. B. Verify the number of companies that downloaded the third-party code and the...

A security analyst is investigating suspicious traffic on the web server located at IP address 10.10.1.1. A search of the WAF logs reveals the following output: Which of the following is MOST likely occurring?A . XSS attack B. SQLi attack C. Replay attack D. XSRF attackView AnswerAnswer: B

After gaining access to a dual-homed (i.e.. wired and wireless) multifunction device by exploiting a vulnerability in the device's firmware, a penetration tester then gains shell access on another networked asset This technique is an example of:A . privilege escalation B. footprinting C. persistence D. pivoting.View AnswerAnswer: A