Practice Free SY0-601 Exam Online Questions
A company needs to keep the fewest records possible, meet compliance needs, and ensure destruction of records that are no longer needed.
Which of the following best describes the policy that meets these requirements?
- A . Security policy
- B . Classification policy
- C . Retention policy
- D . Access control policy
Which of the following components can be used to consolidate and forward inbound internet traffic to multiple cloud environments though a single firewall?
- A . Transit gateway
- B . Cloud hot site
- C . Edge computing
- D . DNS sinkhole
A
Explanation:
A transit gateway is a network transit hub that can be used to interconnect virtual private clouds (VPCs) and on-premises networks. A transit gateway can consolidate and forward inbound internet traffic to multiple cloud environments through a single firewall by offering the following features: Attachments that can connect one or more VPCs, a Connect SD-WAN/third-party network appliance, an AWS Direct Connect gateway, a peering connection with another transit gateway, or a VPN connection to a transit gateway.
Transit gateway route table that can include dynamic and static routes that decide the next hop based on the destination IP address of the packet.
Associations and route propagation that can link each attachment with a route table and dynamically propagate routes to or from a transit gateway route table.
Reference:
What is a transit gateway? – Amazon VPC; Network Gateway C AWS Transit Gateway C Amazon Web Services; Configure VPN gateway transit for virtual network peering; AWS ― Difference between VPC Peering and Transit Gateway
A company’s legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries.
Which of the following is the most effective way to limit this access?
- A . Data masking
- B . Encryption
- C . Geolocation policy
- D . Data sovereignty regulation
C
Explanation:
A geolocation policy is a policy that restricts access to data or resources based on the physical location of the user or device. A geolocation policy can be implemented using technologies such as IP address filtering, GPS tracking, VPN blocking, etc. A geolocation policy can help the company’s legal department to ensure the documents cannot be accessed by individuals in high-risk countries by denying access requests from those countries.
A security analyst received the following requirements for the deployment of a security camera solution:
* The cameras must be viewable by the on-site security guards.
+ The cameras must be able to communicate with the video storage server.
* The cameras must have the time synchronized automatically.
* The cameras must not be reachable directly via the internet.
* The servers for the cameras and video storage must be available for remote maintenance via the company VPN.
Which of the following should the security analyst recommend to securely meet the remote connectivity requirements?
- A . Creating firewall rules that prevent outgoing traffic from the subnet the servers and cameras reside on
- B . Deploying a jump server that is accessible via the internal network that can communicate with the servers
- C . Disabling all unused ports on the switch that the cameras are plugged into and enabling MAC filtering
- D . Implementing a WAF to allow traffic from the local NTP server to the camera server
B
Explanation:
A jump server is a system that is used to manage and access systems in a separate security zone. It acts as a bridge between two different security zones and provides a controlled and secure way of accessing systems between them12. A jump server can also be used for auditing traffic and user activity for real-time surveillance3. By deploying a jump server that is accessible via the internal network, the security analyst can securely meet the remote connectivity requirements for the servers and cameras without exposing them directly to the internet or allowing outgoing traffic from their subnet.
The other options are not suitable because:
Which of the following involves an attempt to take advantage of database misconfigurations?
- A . Buffer overflow
- B . SQL injection
- C . VM escape
- D . Memory injection
A company wants to reconfigure an existing wireless infrastructure. The company needs to ensure the projected WAP placement will provide proper signal strength to all workstations.
Which of the following should the company use to best fulfill the requirements?
- A . Network diagram
- B . WPS
- C . 802.1X
- D . Heat map
A security administrator is analyzing the corporate wireless network. The network only has two access points running on channels 1 and 11. While using airodump-ng. the administrator notices other access points are running with the same corporate ESSID on all available channels and with the same BSSID of one of the legitimate access points.
Which of the following attacks is happening on the corporate network?
- A . On-path
- B . Evil twin
- C . Jamming
- D . Rogue access point
- E . Disassociation
A security administrator is analyzing the corporate wireless network. The network only has two access points running on channels 1 and 11. While using airodump-ng. the administrator notices other access points are running with the same corporate ESSID on all available channels and with the same BSSID of one of the legitimate access points.
Which of the following attacks is happening on the corporate network?
- A . On-path
- B . Evil twin
- C . Jamming
- D . Rogue access point
- E . Disassociation
An organization suffered numerous multiday power outages at its current location. The Chief Executive Officer wants to create a disaster recovery strategy to resolve this issue.
Which of the following options offer low-cost solutions? (Select two).
- A . Warm site
- B . Generator
- C . Hot site
- D . Cold site
- E . Cloud backups
- F . UPS
BF
Explanation:
A generator and a UPS (uninterruptible power supply) are low-cost solutions that can provide backup power to an organization in case of a power outage. A generator is a device that converts mechanical energy into electrical energy, while a UPS is a device that provides battery power to a system when the main power source fails. A generator and a UPS can help the organization to maintain its operations and prevent data loss during a power outage.
An external vendor recently visited a company’s headquarters for a presentation. Following the visit, a member of the hosting team found a file that the external vendor left behind on a server. The file contained detailed architecture information and code snippets.
Which of the following data types best describes this file?
- A . Government
- B . Public
- C . Proprietary
- D . Critical