Practice Free SY0-601 Exam Online Questions
Which of the following describes the reason root cause analysis should be conducted as part of incident response?
- A . To gather loCs for the investigation
- B . To discover which systems have been affected
- C . To eradicate any trace of malware on the network
- D . To prevent future incidents of the same nature
A user downloaded an extension for a browser, and the user’s device later became infected. The analyst who Is Investigating the Incident saw various logs where the attacker was hiding activity by deleting data.
The following was observed running:
New-Partition -DiskNumber 2 -UseMaximumSize -AssignDriveLetter C| Format-Volume -Driveletter C
– FileSystemLabel "New"-FileSystem NTFS – Full -Force -Confirm:$false.
Which of the following is the malware using to execute the attack?
- A . PowerShell
- B . Python
- C . Bash
- D . Macros
A
Explanation:
PowerShell is a scripting language and command-line shell that can be used to automate tasks and manage systems. PowerShell can also be used by malware to execute malicious commands and evade detection. The code snippet in the question is a PowerShell command that creates a new partition on disk 2, formats it with NTFS file system, and assigns it a drive letter C. This could be part of an attack that wipes out the original data on the disk or creates a hidden partition for storing malware or stolen data.
Reference:
https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/scripting-and-automation/
https://learn.microsoft.com/en-us/powershell/module/storage/new-partition?view=windowsserver2022-ps
While checking logs, a security engineer notices a number of end users suddenly downloading files with the.tar.gz extension-Closer examination of the files reveals they are PE32 files. The end users state they did not initiate any of the downloads. Further investigation reveals the end users all clicked on an external email containing an infected MHT file with an href link a week prior.
Which of the following is MOST likely occurring?
- A . A RAT was installed and is transferring additional exploit tools.
- B . The workstations are beaconing to a command-and-control server.
- C . A logic bomb was executed and is responsible for the data transfers
- D . A fileless virus is spreading in the local network environment.
An organization decided not to put controls in place because of the high cost of implementing the controls compared to the cost of a potential fine.
Which of the following risk management strategies is the organization following?
- A . Transference
- B . Avoidance
- C . Mitigation
- D . Acceptance
D
Explanation:
Acceptance is a risk management strategy that involves acknowledging the existence and potential impact of a risk, but deciding not to take any action to reduce or eliminate it. This strategy is usually adopted when the cost of implementing controls outweighs the benefit of mitigating the risk, or when the risk is deemed acceptable or unavoidable. In this case, the organization decided not to put controls in place because of the high cost compared to the potential fine, which means they accepted the risk.
Reference: https://www.comptia.org/blog/what-is-risk-acceptance
A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area.
Which of the following would most likely have prevented this breach?
- A . A firewall
- B . A device pin
- C . A USB data blocker
- D . Biometrics
C
Explanation:
A USB data blocker is a device that prevents data transfer between a USB device and a host computer, while still allowing charging. This can prevent data breaches caused by malicious USB chargers or devices that may attempt to access or infect the phone’s data.
Which of the following best describes the tolerances a security architect follows when designing a control environment?
- A . Control risk
- B . Risk register
- C . Risk appetite
- D . Inherent risk
A security analyst finds a rogue device during a monthly audit of current endpoint assets that are connected to the network. The corporate network utilizes 802.1X for access control. To be allowed on the network, a device must have a known hardware address, and a valid username and password must be entered in a captive portal.
The following is the audit report:
Which of the following is the most likely way a rogue device was allowed to connect?
- A . A user performed a MAC cloning attack with a personal device.
- B . A DHCP failure caused an incorrect IP address to be distributed.
- C . An administrator bypassed the security controls for testing.
- D . DNS hijacking let an attacker intercept the captive portal traffic.
Employees in the research and development business unit receive extensive training 10 ensure they understand how to best protect company data.
Which of the following is the type of data these employees are most likely to use in day-to-day work activities?
- A . Encrypted
- B . Intellectual property
- C . Critical
- D . Data in transit
B
Explanation:
Intellectual property is a type of data that is proprietary and unique to an organization. It includes trade secrets and other information that the organization does not want to share with third parties or competitors. Employees in the research and development business unit are most likely to use intellectual property in their day-to-day work activities, as they are involved in creating new products, services, or processes for the organization. Intellectual property data requires a high level of security and protection, as it can provide a competitive advantage or disadvantage if leaked or stolen.
Encrypted data is not a type of data, but a state of data. Encryption is a method of transforming data into an unreadable format using a key, so that only authorized parties can access it. Encryption can be applied to any type of data, such as intellectual property, critical data, or data in transit.
Critical data is a type of data that is essential for the operation and continuity of an organization. It includes information such as customer records, financial transactions, employee details, and so on. Critical data may or may not be intellectual property, depending on the nature and source of the data. Critical data also requires a high level of security and protection, as it can affect the reputation, performance, or legal compliance of the organization.
Data in transit is not a type of data, but a state of data. Data in transit refers to data that is moving
from one location to another over a network, such as the internet, a LAN, or a WAN. Data in transit can be vulnerable to interception, modification, or theft by malicious actors. Data in transit can also be any type of data, such as intellectual property, critical data, or PII.
Which of the following describes an executive team that is meeting in a board room and testing the company’s incident response plan?
- A . Continuity of operations
- B . Capacity planning
- C . Tabletop exercise
- D . Parallel processing
An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee internet traffic.
Which of the following will help achieve these objectives?
- A . Deploying a SASE solution to remote employees
- B . Building a load-balanced VPN solution with redundant internet
- C . Purchasing a low-cost SD-WAN solution for VPN traffic
- D . Using a cloud provider to create additional VPN concentrators