Professor Messer, SY0-601, Practice Exam A

A business manager is documenting a set of steps for processing orders if the primary Internet connection fails. Which of these would BEST describe these steps?

A remote user has received a text message requesting login details to the corporate VPN server. Which of the following would BEST describe this message?

A CISO (Chief Information Security Officer) would like to decrease the response time when addressing security incidents. Unfortunately, the company does not have the budget to hire additional security engineers. Which of the following would assist the CISO with this requirement?

Elizabeth, a security administrator, is concerned about the potential for data exfiltration using external storage drives. Which of the following would be the BEST way to prevent this method of data exfiltration?

Which of these best describes two-factor authentication?

A security administrator is concerned about data exfiltration resulting from the use of malicious phone charging stations. Which of the following would be the BEST way to protect against this threat?

A security incident has occurred on a file server. Which of the following data sources should be gathered to address file storage volatility? (Select TWO)

A member of the accounting team was out of the office for two weeks, and an important financial transfer was delayed until they returned. Which of the following would have prevented this delay?

An insurance company has created a set of policies to handle data breaches. The security team has been given this set of requirements based on these policies:

• Access records from all devices must be saved and archived
• Any data access outside of normal working hours must be immediately reported
• Data access must only occur inside the country
• Access logs and audit reports must be created from a single database

Which of the following should be implemented by the security team to meet these requirements? (Select THREE)

A security administrator is designing an authentication process for a new remote site deployment. They would like the users to provide their credentials when they authenticate in the morning, and they do not want any additional authentication requests to appear during the rest of the day.  Which of the following should be used to meet this requirement?

Employees of an organization have received an email offering a cash bonus for completing an internal training course. The link in the email requires users to login with their Windows Domain credentials, but the link appears to be located on an external server. Which of the following would BEST describe this email?

a system administrator, Daniel, is working on a contract that will specify a minimum required uptime for a set of Internet-facing firewalls. Danial needs to know how often the firewall hardware is expected to fail between repairs. Which of the following would BEST describe this information?

A company's outgoing email server currently uses SMTP with no encryption. The security administrator would like to implement encryption between email clients without changing the existing server-to-server communication. Which of the following would be the BEST way to implement thisd requirement?

A security administrator needs to identify all references to a Javascript file in the HTML of a web page. Which of the following tools should be used to view the source of the web page and search through the file for a specific filename? (Select TWO)

The security policies in a manufacturing company prohibit the transmission of customer information. However, a security administrator has received an alert that credit card numbers were transmitted as an email attachment. Which of the following was the MOST likely source of this alert message?

A security administrator has been asked to respond to a potential security breach of the company's database, and they need to gather the most volatile data before powering down the database servers. In which order should they collect this information?

A security team has been provided with a non-credentialed vulnerability scan report created by a third-party. Which of the following would they expect to see on this report?

Which part of the PC startup process verifies the digital signature of the OS kernel?

A security administrator has gathered this information:

Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp6 416 0 2601:4c3:4080:82.63976 yv-in-x5e.1e100..https CLOSE_WAIT
tcp6 0 0 2601:4c3:4080:82.63908 atl14s80-in-x0a..https ESTABLISHED
tcp6 0 0 fe80::4de1:1d4:8.36253 fe80::38b0:a2b1:.1025 ESTABLISHED
tcp6 0 0 fe80::4de1:1d4:8.1024 fe80::38b0:a2b1:.1024 ESTABLISHED

Which of the following is being used to create this information?

Which of these cloud deployment models would share resources between a private virtualized data center and externally available cloud services?

A server administrator at a bank has noticed a decrease in the number of visitors to the bank website. Additional research shows that users are being directed to a different IP address than the bank's web server. Which of the following would MOST likely describe this attack?

A network administrator has installed a new access point, but only a portion of the wireless devices are able to connect to the network. Other devices can see the access point, but they are not able to connect even when using the correct wireless settings. Which of the following security features was MOST likely enabled?

An MSP is designing a new server room for a large company. Which of the following should be included in the design to provide redundancy? (Select TWO)

A user has assigned individual rights and permissions to a file on their network drive. The user adds three additional individuals to have read-only access to the file. Thich of the following would describe this access control model?

A company hires a large number of seasonal employees, and their system access should normally be disabled when the employee leaves the company.  The security administrator would like to verify that their systems cannot be accessed by any of the former employees. Which of the following would be the BEST way to provide this verification?

A manufacturing company would like to track the progress of parts as they are used on an assembly line. Which of the following technologies would be the BEST choice for this task?

A manufacturing company has moved an inventory application from their internal systems to a PaaS service. Which of the following would be the BEST way to manage security policies on this new service?

A security administrator needs to identify all computers on the company network infected with a specific malware variant. Which of the following would be the BEST way to identify these systems?

A company has just purchased a new application server, and the security director wants to determine if the system is seeecure.  The system is currently install in a test environment and will not be available to users until the rollout to production next week. Which of the following would be the BEST way to determine if any part of the system can be exploited?

A file server has a full backup performed each Monday at 1 AM. Incremental backups are performed at 1 AM on Tuesday, Wednesday, Thursday, and Friday. The system administrator needs to perform a full recovery of the file server on Thursday afternoon. How many backup sets would be required to complete the recovery?

Which of the following describes a monetary loss if one event occurs?

A security manager ahs created a report showing intermittent network communication from external IP addresses to certain workstations on the internal network. These traffic patterns occur at random times during the day. Which of the following would be the MOST likely reason for these traffic patterns?

An organization maintains a large database of customer information for sales tracking and customer support. Which person in the organization would be responsible for managing the access rights to this data?

An organization is installing a UPS for their new data center. Which of the following would BEST describe this type of control?

Which cryptographic method is used to add trust to a digital certificate?

Which of the following would be commonly provided by a CASB (Select TWO)

A company is creating a security policy that will protect all corporate mobile devices:

• All mobile devices must be automatically locked after a predefined time period
• Some mobile devices will be used by the remote sales teams, so the location of each device needs to be traceable
• All of the user's information should be completely separated from company data.

Which of the following would be the BEST way to establish these security policy rules?

Which of the following is true of a rainbow table? (Select TWO)

A recent audit has found that existing password policies do not include any restrictions on password attempts, and users are not required to periodically change their passwords. Which of the following would correct these policy issues? (Select TWO)

A user with restricted access has typed this text in a serach field of an interanl web-based application:

USER77 or '1'='1

After submitting this search request, all of the database records are displayed on the screen. Which of the following would BEST describe this search?

A data center manager has built a Faraday cage in the data center, and a set of application servers have been placed inside the Faraday cage. Which of the following would be the MOST likely reason for the data center manager to install this configuration of equipment?

The embedded OS in a company's time clock appliance is configured to reset the file system and reboot when a file system error occurs. On one of the time clocks, this file system error occurs during the startup process and causes the system to constantly reboot. Which of the following BEST describes this issue?

A recent report shows the return of a vulnerability that was previously patched four months ago. After researching this issue, the security team has found that a recent patch has reintroduced this vulnerability on the servers. Which of the following should the security administrator implement to prevent this issue from occurring in the future?

A security administrator has configured a virtual machine in a screened subnet with a guest login account and no password.  Which of the following would be the MOST likely reason for this configuration?

A security analyst has identified a number of sessions from a single IP address with a TTL equal to zero. One of the sessions has a destination of the Internet firewall, and a session immediately after has a destination of your DMZ server. Which of the following BEST describes this log information?

A company would like to securely deploy applications without the overhead of installing a virtual machine for each syste. Which of the following would be the BEST way to deploy these applications?

A network administrator would like each user to authenticate with their personal username and password when connecting to the company's wireless network. Which of the following should the network administrator configure on the wireless access points?

When a home user connects to the corporate VPN, they are no longer able to print to their local network printer. Once the user disconnects from the VPN, the printer works normally. Which of the following would be the MOST likely reason for this issue?

An organization has identified a significant vulnerability in a firewall that was recently installed for Internet connectivity. The firewall company has stated there are not plans to create a patch for this vulnerability. Which of the following would BEST describe this issue?

A security manager would like to ensure that unique hashes are used with an application login process. Which of the following would be the BEST way to add random data when generating a set of stored password hashes?

Which of the following standards provides information on privacy and managing PII?

A department store policy requires that a floor manager approves each transaction when a gift certificate is used for payment. The security team has found that some of these transactions have been proceed without the approval of a manager. Which of the following would provide a separation of duties to enforce this store policy?

An organization's content management system (CMS) currently labels files and documents as "Unclassified" and "Restricted". On a recent update to the CMS, a new classification type of "PII" was added. Which of the following would be the MOST likely reason for this addition?

Which of the following would be the BEST way to provide a website login using existing credentials from a third-party site?

A company is deploying a new mobile application to all of its employees in the field. Some of the problems associated with this rollout include:

• The company does not have a way to manage the mobile devices in the field
• Company data on mobile devices in the field introduces additional risk
• Team members have many different kinds of mobile devices

Which of the following deployment models would address these concerns?

A company encourages users to encrypt all of their confidential materials on a central server. The organization would like to enable key escrow as a backup. Which of these keys should the organization place in escrow?

A company would like to protect the data stored on laptops used in the field. Which of the following would be the BEST choice for this requirement?

What kind of security control is associated with a login banner?

a company's security policy requires that login access should only be available if a person is physically within the same building as the server. Which of the following would be the BEST way to provide this requirement?

A system administrator has been called to a system that is suspected to have a malware infection. The administrator has removed the device from the network and has disconnected all USB flash drives. Which of these incident response steps is the administrator following?

How can a company ensure that all data on a mobile device is unrecoverable if the device is lost or stolen?

A security administrator is adding additional authentication controls to the existing infrastructure. Which of the following should be added by the security administrator? (Select TWO)

Which of these protocols use TLS to provide secure communication? (Select Two)

A user connects to a third-party website and receives this message:

Your connection is not private.

NET:ERR_CERT_INVALID

Which of the following attacks would be the MOST likely reason for this message?

Which of these threat actors would be MOST likely to attack systems for direct financial gain?

a data breach has occurred in a large insurance company. A security administrator is building new servers and security systems to get all of the financials back online. Which part of the incident response process would BEST describe these actions?

Your development team has installed a new application and database to a cloud service. After running a vulnerability scanner on the application instance, you find that the database is available for anyone to query without providing any authentication.  Which of these vulnerabilities is MOST associated with this issue?

an IPS at your company has found a sharp increase in traffic from all-in-one-printers. After researching, your security team has found a vulnerability associated with these devices that allows the device to be remotely controlled by a third-party. Which category would BEST describe these devices?

A corporate security team would like to consolidate and protect the private keys across all of their web servers. Which of  these would be the BEST way to securly store these keys?

An attacker has discovered a way to disable a server by sending specially crafted packets from many remote devices to the operating system. When the packet is received, the system crashes and must be rebooted to restore normal operations. Which of the following would BEST describe this attack?

You've hired a third-party to gather information about your company's servers and data. The third-party will not have direct access to your internal network but can gather information from any other source.

Which of the following would BEST describe this approach?

A Linux administrator is downloading an updated version of her Linux distribution. The download site shows a link to the ISO and a SHA256 hash value. Which of these would describe the use of this has value?

a user has opened a helpdesk ticket complaining of poor system performance, excessive pop-up messages, and the cursor moving without anyone touching the mouse. This issue began after they opened a spreadsheet from a vendor containing part numbers and pricing information. Which of the following is MOST likely the cause of this user's issues?

A company has decided to perform a disaster recovery exercise during an annual meeting with the IT directors and senior directors. A simulated disaster will be presented, and the participants will discuss the logistics and processes required to resolve the disaster. Which of the following would BEST describe this exercise?

An attacker has sent more information than expected in a single API call, and this has allowed the execution of arbitrary code. Which of the following would BEST describe this attack?

Rodney, a security engineer, is viewing this record from the firewall logs:

UTC 40/05/2018 03:09:158098  AV Gateway Alert 136.127.92.171 80 -> 10.16.10.14 60818
Gateway Anti-Virus Alert:  XPASCK.A_7854 (Trojan) block.

Which of the following can be observed from this log information?

A security administrator is collecting information associated with a ransomware infection on the company's web servers. Which of the the following log files would provide information regarding the memory contents of these servers?

An attacker calls into a company's help desk and pretends to be the director of the company's manufacturing department. The attacker states that they have forgotten their password and they need to have the password reset quickly for an important meeting. What kind of attack would BEST describe this phone call?

Jennifer is reviewing this security log from her IPS:

ALERT 2018-06-01 13:07:09 [163bcf65118-179b547b]
Cross-Site Scripting in JSON Data
22.43.112.74:3332 -> 64.235.145.35:80
URL/index.html - Method POST - Query String "-"
User Agent: curl/7.21.3 (i386-redhat-linux-gnu) libcurl/7.21.3
NSS/3.13.1.0 zlib/1.2.5 libidn/1.19 libssh2/1.2.7
Detail: token=""

Which of the following can be determined from this log information? (Select TWO)

A manufacturing company would like to use an existing router to separate a corporate network and a manufacturing floor that use the same physical switch. The company does not want to install any additional hardware. Which of the following would be the BEST choice for this segmentation?

Which of the following risk management strategies would include the purchase and installation of an NGFW?

A security engineer runs a monthly vulnerability scan. The scan doesn't list any vulnerabilities for Windows servers, but a significant vulnerability was announced last week and none of the servers are patched yet. Which of the following best describes this result?

Which of the following would be the BEST way to confirm the secure baseline of a deployed application instance?

A security administrator has been using EAP-FAST wireless authentication since the migration from WEP to WPA2. The company's network team now needs to support additional authentication protocols inside of an encrypted tunnel. Which of the following would meet the network team's requirements?

A web-based manufacturing company processes monthly charges to credit card information saved in the customer's profile. Which of the following standards would be required to maintian this payment information?