SY0-601 Online Practice Questions and Answers
A Chief Information Officer is concerned about employees using company-issued laptops lo steal data when accessing network shares. Which of the following should the company Implement?
A. DLP
B. CASB
C. HIDS
D. EDR
E. UEFI
The process of passively gathering information prior to launching a cyberattack is called:
A. tailgating.
B. reconnaissance.
C. pharming
D. prepending
Which of the following terms should be included in a contract to help a company monitor the ongoing security maturity of a new vendor?
A. A right-to-audit clause allowing for annual security audits
B. Requirements for event logs to be kept for a minimum of 30 days
C. Integration of threat intelligence in the company's AV
D. A data-breach clause requiring disclosure of significant data loss
A root cause analysis reveals that a web application outage was caused by one of the company's developers uploading a newer version of the third-party libraries that were shared among several applications. Which of the following implementations would be BEST to prevent the issue from reoccurring?
A. CASB
B. SWG
C. Containerization
D. Automated failover
A company provides mobile devices to its users to permit access to email and enterprise applications. The company recently started allowing users to select from several different vendors and device models. When configuring the MDM, which of the following is a key security implication of this heterogeneous device approach?
A. The most common set of MDM configurations will become the effective set of enterprise mobile security controls.
B. All devices will need to support SCEP-based enrollment; therefore, the heterogeneity of the chosen architecture may unnecessarily expose private keys to adversaries.
C. Certain devices are inherently less secure than others, so compensatory controls will be needed to address the delta between device vendors.
D. MDMs typically will not support heterogeneous deployment environments, so multiple MDMs will need to be installed and configured.
A Chief Information Security Officer (CISO) is evaluating the dangers involved in deploying a new ERP system for the company. The CISO categorizes the system, selects the controls that apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system. Which of the following is the CISO using to evaluate the environment for this new ERP system?
A. The Diamond Model of Intrusion Analysis
B. CIS Critical Security Controls
C. NIST Risk Management Framework
D. ISO 27002
Which of the following is the MOST likely reason for securing an air-gapped laboratory HVAC system?
A. To avoid data leakage
B. To protect surveillance logs
C. To ensure availability
D. To facilitate third-party access
Which biometric error would allow an unauthorized user to access a system?
A. False acceptance
B. False entrance
C. False rejection
D. False denial
A marketing coordinator is trying to access a social media application on a company laptop but is getting blocked. The coordinator opens a help desk ticket to report the issue. Which of the following documents should a security analyst review to determine whether accessing social media applications on a company device is permitted?
A. Incident response policy
B. Business continuity policy
C. Change management policy
D. Acceptable use policy
HOTSPOT
You received the output of a recent vulnerability assessment. Review the assessment and scan output and determine the appropriate remedialion(s} 'or choose devices.
Remediation options may be selected multiple times, and some devices may require more than one remediation.
Hot Area:
