Practice Free SY0-601 Exam Online Questions
A Chief Security Officer (CSO) is concerned that cloud-based services are not adequately protected from advanced threats and malware. The CSO believes there is a high risk that a data breach could occur in the near future due to the lack of detective and preventive controls.
Which of the following should be implemented to best address the CSO’s concerns? (Select two).
- A . AWAF
- B . A CASB
- C . An NG-SWG
- D . Segmentation
- E . Encryption
- F . Containenzation
BE
Explanation:
A CASB (Cloud Access Security Broker) and encryption are two solutions that can address the CSO’s concerns about cloud-based services security. A CASB is a software tool or service that acts as an intermediary between users and cloud service providers, enforcing security policies and providing visibility and control over cloud activities. A CASB can help detect and prevent advanced threats and malware by applying data loss prevention, threat protection, anomaly detection, and encryption capabilities to cloud data and traffic456 Encryption is a process of transforming data into an unreadable format using a secret key or algorithm, making it inaccessible to unauthorized parties. Encryption can help protect cloud data from breaches by ensuring that only authorized users with the correct key can decrypt and access the data. Encryption can be applied to data at rest (stored in the cloud) or data in transit (moving between the cloud and users)789
Reference:
CompTIA Security+ SY0-601 Certification Study Guide, Chapter 8: Implementing Secure Protocols, page 360;.
What is a Cloud Access Security Broker (CASB)? | McAfee; Cloud Access Security Brokers (CASBs) – Gartner IT Glossary;.
What is Cloud Access Security Broker (CASB)? – Definition from WhatIs.com;.
What is Encryption? | Malwarebytes; Encryption – Wikipedia;.
What is Encryption? How Does Encryption Work? | Kaspersky
A research company discovered that an unauthorized piece of software has been detected on a small number of machines in its lab The researchers collaborate with other machines using port 445 and on the internet using port 443 The unauthorized software is starting to be seen on additional machines outside of the lab and is making outbound communications using HTTPS and SMS. The security team has been instructed to resolve the issue as quickly as possible while causing minimal disruption to the researchers.
Which of the following is the best course of action in this scenario?
- A . Update the host firewalls to block outbound Stv1B.
- B . Place the machines with the unapproved software in containment
- C . Place the unauthorized application in a Bocklist.
- D . Implement a content filter to block the unauthorized software communication,
B
Explanation:
Containment is an incident response strategy that aims to isolate and prevent the spread of an attack or compromise within a network or system. It can resolve the issue of unauthorized software detected on a small number of machines in a lab as quickly as possible while causing minimal disruption to the researchers by stopping the software from communicating with external sources using HTTPS and SMS and preventing it from infecting additional machines outside of the lab
A security analyst was deploying a new website and found a connection attempting to authenticate on the site’s portal. While Investigating.
The incident, the analyst identified the following Input in the username field:
Which of the following BEST explains this type of attack?
- A . DLL injection to hijack administrator services
- B . SQLi on the field to bypass authentication
- C . Execution of a stored XSS on the website
- D . Code to execute a race condition on the server
B
Explanation:
The input "admin’ or 1=1–" in the username field is an example of SQL injection (SQLi) attack. In this case, the attacker is attempting to bypass authentication by injecting SQL code into the username field that will cause the authentication check to always return true.
Reference: CompTIA Security+ SY0-601 Exam Objectives: 3.1 Given a scenario, use appropriate software tools to assess the security posture of an organization.
A company needs to keep the fewest records possible meet compliance needs, and ensure destruction of records that are no longer needed.
Which of the following best describes the policy that meets these requirements?
- A . Security policy
- B . Classification policy
- C . Retention policy
- D . Access control policy
A small, local company experienced a ransomware attack. The company has one web-facing server and a few workstations. Everything is behind an ISP firewall. A single web-facing server is set up on the router to forward all ports so that the server is viewable from the internet. The company uses an older version of third-party software to manage the website. The assets were never patched.
Which of the following should be done to prevent an attack like this from happening again? (Select three).
- A . Install DLP software to prevent data loss.
- B . Use the latest version of software.
- C . Install a SIEM device.
- D . Implement MDM.
- E . Implement a screened subnet for the web server.
- F . Install an endpoint security solution.
- G . Update the website certificate and revoke the existing ones.
- H . Deploy additional network sensors.
A large retail store’s network was breached recently. and this news was made public. The Store did not lose any intellectual property, and no customer information was stolen. Although no fines were incurred as a result, the Store lost revenue after the breach.
Which of the following is the most likely reason for this issue?
- A . Employee training
- B . Leadership changes
- C . Reputation
- D . Identity theft
C
Explanation:
Reputation is the perception or opinion that customers, partners, investors, etc., have about a company or its products and services. It can affect the revenue and profitability of a company after a network breach, even if no intellectual property or customer information was stolen, because it can damage the trust and confidence of the stakeholders and reduce their willingness to do business with the company
The alert indicates an attacker entered thousands of characters into the text box of a web form. The web form was intended for legitimate customers to enter their phone numbers.
Which of the attacks has most likely occurred?
- A . Privilege escalation
- B . Buffer overflow
- C . Resource exhaustion
- D . Cross-site scripting
B
Explanation:
A buffer overflow attack occurs when an attacker inputs more data than the buffer can store, causing the excess data to overwrite adjacent memory locations and corrupt or execute code1. In this case, the attacker entered thousands of characters into a text box that was intended for phone numbers, which are much shorter. This could result in a buffer overflow attack that compromises the web application or server. The other options are not related to this scenario. Privilege escalation is when an attacker gains unauthorized access to higher-level privileges or resources2. Resource exhaustion is when an attacker consumes all the available resources of a system, such as CPU, memory, disk space, etc., to cause a denial of service3. Cross-site scripting is when an attacker injects malicious code into a web page that is executed by the browser of a victim who visits the page.
Reference: 1: https://www.fortinet.com/resources/cyberglossary/buffer-overflow 2: https://www.imperva.com/learn/application-security/privilege-escalation/ 3: https://www.imperva.com/learn/application-security/resource-exhaustion/: https://owasp.org/www-community/attacks/xss/
An organization would like to remediate the risk associated with its cloud service provider not meeting its advertised 99.999% availability metrics.
Which of the following should the organization consult for the exact requirements for the cloud provider?
- A . SLA
- B . BPA
- C . NDA
- D . MOU
A
Explanation:
The Service Level Agreement (SLA) is a contract between the cloud service provider and the organization that stipulates the exact requirements for the cloud provider. It outlines the level of service that the provider must deliver, including the minimum uptime percentage, support response times, and the remedies and penalties for failing to meet the agreed-upon service levels.
A penetration-testing firm is working with a local community bank to create a proposal that best fits the needs of the bank. The bank’s information security manager would like the penetration test to resemble a real attack scenario, but it cannot afford the hours required by the penetration-testing firm.
Which of the following would best address the bank’s desired scenario and budget?
- A . Engage the penetration-testing firm’s red-team services to fully mimic possible attackers.
- B . Give the penetration tester data diagrams of core banking applications in a known-environment test.
- C . Limit the scope of the penetration test to only the system that is used for teller workstations.
- D . Provide limited networking details in a partially known-environment test to reduce reconnaissance efforts.
A penetration test revealed that several Linux servers were misconfigured at the file level and access was granted incorrectly. A security analyst is referencing the instructions in the incident response runbook for remediation information.
Which of the following is the best command to use to resolve the issue?
- A . chmod
- B . cat
- C . grep
- D . dig