SY0-601 exam

A software company adopted the following processes before releasing software to production; • Peer review • Static code scanning • Signing A considerable number of vulnerabilities are still being detected when code is executed on production. Which of the following security tools can improve vulnerability detection on this environment?A ....

A penetration tester was able to compromise an internal server and is now trying to pivot the current session in a network lateral movement. Which of the following tools if available on the server, will provide the MOST useful information for the next assessment step?A . Autopsy B. Cuckoo C....

During a recent penetration test, the tester discovers large amounts of data were exfiltrated over the course of 12 months via the internet. The penetration tester stops the test to inform the client of the findings. Which of the following should be the client's NEXT step to mitigate the issue''A...

An organization is planning lo open other data centers to sustain operations in the event of a natural disaster. Which of the following considerations would BEST support the organization's resiliency?A . Geographic dispersal B. Generator power C. Fire suppression D. Facility automationView AnswerAnswer: A

A large bank with two geographically dispersed data centers is concerned about major power disruptions at both locations Every day each location expenences very bnef outages that last for a few seconds However dunng the summer a high risk of intentional brownouts that last up to an hour exists particularly...

A SOC operator is analyzing a log file that contains the following entries: A . SQL injection and improper input-handling attempts B. Cross-site scripting and resource exhaustion attempts C. Command injection and directory traversal attempts D. Error handling and privilege escalation attemptsView AnswerAnswer: C

A report delivered to the Chief Information Security Officer (CISO) shows that some user credentials could be exfilltrated. The report also indicates that users tend to choose the same credentials on different systems and applications. Which of the following policies should the CISO use to prevent someone from using the...

Due to unexpected circumstances, an IT company must vacate its main office, forcing all operations to alternate, off-site locations. Which of the following will the company MOST likely reference for guidance during this change?A . The business continuity plan B. The retention policy C. The disaster recovery plan D. The...

A security analyst is receiving numerous alerts reporting that the response time of an internet-facing application has been degraded However, the internal network performance was not degraded. Which of the following MOST likely explains this behavior?A . DNS poisoning B. MAC flooding C. DDoS attack D. ARP poisoningView AnswerAnswer: C

A company is providing security awareness training regarding the importance of not forwarding social media messages from unverified sources. Which of the following risks would this training help to prevent?A . Hoaxes B. SPIMs C. Identity fraud D. Credential harvestingView AnswerAnswer: A Explanation: Hoax A hoax is a falsehood deliberately...