Practice Free SY0-601 Exam Online Questions
An administrator has identified and fingerprinted specific files that will generate an alert if an attempt is made to email these files ^outside of the organization.
Which of the following best describes the tool the administrator is using?
- A . DLP
- B . SNMP traps
- C . SCAP
- D . IPS
A security analyst is hardening a network infrastructure
The analyst is given the following requirements
• Preserve the use of public IP addresses assigned to equipment on the core router
• Enable "in transport" encryption protection to the web server with the strongest ciphers.
Which of the following should the analyst implement to meet these requirements? (Select two).
- A . Configure VLANs on the core router
- B . Configure NAT on the core router.
- C . Configure BGP on the core router
- D . Enable AES encryption on the web server
- E . Enable 3DES encryption on the web server
- F . Enable TLSv2 encryption on the web server
B, F
Explanation:
NAT (Network Address Translation) is a technique that allows a router to translate private IP addresses into public IP addresses and vice versa. It can preserve the use of public IP addresses assigned to equipment on the core router by allowing multiple devices to share a single public IP address. TLSv2 (Transport Layer Security version 2) is a cryptographic protocol that provides secure communication over the internet. It can enable “in transport” encryption protection to the web server with the strongest ciphers by encrypting the data transmitted between the web server and the clients using advanced algorithms and key exchange methods.
Which of the following are cases in which an engineer should recommend the decommissioning of a network device? (Select two).
- A . The device has been moved from a production environment to a test environment.
- B . The device is configured to use cleartext passwords.
- C . The device is moved to an isolated segment on the enterprise network.
- D . The device is moved to a different location in the enterprise.
- E . The device’s encryption level cannot meet organizational standards.
- F . The device is unable to receive authorized updates.
A company wants the ability to restrict web access and monitor the websites that employees visit.
Which Of the following would best meet these requirements?
- A . Internet Proxy
- B . VPN
- C . WAF
- D . Firewall
A
Explanation:
An internet proxy is a server that acts as an intermediary between a client and a destination server on the internet. It can restrict web access and monitor the websites that employees visit by filtering the requests and responses based on predefined rules and policies, and logging the traffic and activities for auditing purposes
A security administrator Installed a new web server. The administrator did this to Increase the capacity (or an application due to resource exhaustion on another server.
Which of the following algorithms should the administrator use to split the number of the connections on each server In half?
- A . Weighted response
- B . Round-robin
- C . Least connection
- D . Weighted least connection
B
Explanation:
The administrator should use a round-robin algorithm to split the number of connections on each server in half. Round-robin is a load-balancing algorithm that distributes incoming requests to the available servers one by one in a cyclical order. This helps to evenly distribute the load across all of the servers, ensuring that no single server is overloaded.
Which of the following cloud models provides clients with servers, storage, and networks but nothing else?
- A . SaaS
- B . PaaS
- C . laaS
- D . DaaS
C
Explanation:
laaS (Infrastructure as a Service) is a cloud model that provides clients with servers, storage, and networks but nothing else. It allows clients to have more control and flexibility over the configuration and management of their infrastructure resources, but also requires them to install and maintain their own operating systems, applications, etc.
An organization is concerned about hackers bypassing MFA through social engineering of phone carriers.
Which of the following would most likely protect against such an attack?
- A . Receiving alerts about unusual log-in activity
- B . Receiving a six-digit code via SMS
- C . Receiving a push notification to a mobile application
- D . Receiving a phone call for automated approval
An organization recently released a zero-trust policy that will enforce who is able to remotely access certain data. Authenticated users who access the data must have a need to know, depending on their level of permissions.
Which of the following is the first step the organization should take when implementing the policy?
- A . Determine a quality CASB solution.
- B . Configure the DLP policies by user groups.
- C . Implement agentless NAC on boundary devices.
- D . Classify all data on the file servers.
D
Explanation:
zero trust is a security strategy that assumes breach and verifies each request as though it originates from an untrusted network12. A zero trust policy is a set of “allow rules” that specify conditions for accessing certain resources3.
According to one source4, the first step in implementing a zero trust policy is to identify and classify all data and assets in the organization. This helps to determine the level of sensitivity and risk associated with each resource and apply appropriate access controls.
Classifying all data on the file servers is the first step in implementing a zero trust policy because it helps to determine the level of sensitivity and risk associated with each resource and apply appropriate access controls.
Reference: Zero Trust implementation guidance | Microsoft Learn
A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee’s corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation.
Which of the following logs should the analyst use as a data source?
- A . Application
- B . IPS/IDS
- C . Network
- D . Endpoint
A security administrator received an alert for a user account with the following log activity:
Which of the following best describes the trigger for the alert the administrator received?
- A . Number of failed log-in attempts
- B . Geolocation
- C . Impossible travel time
- D . Time-based log-in attempt
C
Explanation:
Impossible travel time is an anomaly detection that indicates a possible compromise of a user account. It occurs when the same user connects from two different countries and the time between those connections is shorter than the time it would take to travel from the first location to the second by conventional means. This suggests that a different user is using the same credentials or that a proxy or VPN is being used to mask the true location. The log activity shows that the user connected from two different IP addresses in different countries (US and Brazil) within a span of 37 minutes, which is impossible to achieve by normal travel.
Reference: Detecting and Remediating Impossible Travel – Microsoft Community Hub; Anomaly detection policies – Microsoft Defender for Cloud Apps; Understanding Microsoft 365 Impossible Travel Rules | Blumira