Professor Messer – SYO-601 – Practice Exam C


SYO-601 - Security+ - Exam C

A private company uses an SSL proxy to examine the contents of an encrypted application during transmission. How could the application developers prevent the use of this proxy examination in the future?

A company is concerned their EDR solution will not be able to stop more advanced ransomware variants. Technicians have created a backup and restore utility that will get the most systems up and running less than an hour after an attack. What type of security control is associated with this restore process?

A finance company is legally required to maintain seven years of tax records for all of their customers. Which of the following would be the BEST way to implement this requirement?


A company's security cameras have identified an unknown person walking into a fenced disposal area in the back of the building and them leaving with a box containing printed documents. Which of the following attacks is this person attempting?

A developed has created an application that will store password information in a database. Which of the following BEST describes a way of protecting these credentials by adding random data to the password?

a company is implementing a series of automated processes when responding to a security event. Which of the following would provide a linear checklist of steps to perform?

In an environment using discretionary access controls, which of these would control the rights and permissions associated with a file or directory?

A security administrator has installed a new firewall to protect a web server VLAN. The application owner requires that all web server sessions communicate over an encrypted channel. Which of these rules should the security administrator include in the firewall rulebase? (Select TWO)

An attacker was able to download ten thousand company employee login credentials containing usernames and hashed passwords. Less than an hour later, a list containing all ten thousand usernames and passwords in plain text where posted to an online fire storage repository. which of the following would BEST describe hos this attack was able to post this information?

An IT manager is leading a project to implement a global standard for a privacy information management system. Which of these standards would BEST apply to this project?

A network administrator is viewing a log file from a web server:[0]=md5&vars[1][0]=_HelloThinkPHP

Which of the following would be the BEST way to prevent this attack?

During a ransomware outbreak, an organization was forced to rebuild database servers from known good backup systems. In which of the following incident response phases were these database servers brought back online?

A security administrator would like to encrypt all telephone communication on the corporate network. Which of the of the following protocols would provide this functionality?

A company maintains a server farm in a large data center. These servers are for internal use only and are not accessible externally. The security team has discovered that a group of servers was breached before the latest updates were applied. Breach attempts were not logged on any other servers. Which of these threat actors would be MOST likely involved in this breach?

To upgrade an interanl application, the development team provides the operations teacm with a patch and instructions for backing up, patching, and reverting the patch if needed. The operations team schedules a date for the upgrade, informs the business divisions, and tests the upgrade process after completion. Which of the following describes this process?

A security administrator has installed a network-based DLP solution to determine if file transfers contain PII. Which of the following describes the data during the file transfer?

Richard is reviewing this information from an IPS log:

MAINB_IPS: 22Jun2019 09:02:50 reject

Alert: HTTP Suspicious Webdav OPTIONS Method Request; Host: Server

Severity: medium; Performance Impact: 3;

Category: infor-leak; Packet capture; disable

Proto:TCP; dst; src:

Which of the following can be associated with this log information? (Select TWO)


a company is implementing a public file-storage and cloud-based sharing service but does not want to build a separate authentication front-end. Instead, the company would like users to authenticate with an existing account on a trusted third-party website. Which of the following should the company implement?

a security administrator is preparing a phishing email that will be sent to employees as part of a periodic security test. The email is spoofed to appear as an unknown thir-party and asks employees to immediately click a link or their state licensing will be revoked. Which of these social engineering principles are used by this email?

An incident response team would like to validate their disaster recovery plans without making any changes to the infrastructure. Which of the following would be the best course of action?

A security administrator is concerned that a user may have installed a rogue access point on the corporate network. Which of the following could be used to confirm this suspicion?

A medical imaging company would like to connect all remote locations together with high-speed network links. The network connections must maintain high throughput rates and must always be available during working hours. In which of the following should these requirements be enforced with the network provider?

Sam, a user in the purchasing department, would like to send an email to Jack. Which of these should Sam use that would allow Jack to verify the sender of the email?

A technology company is manufacturing military-grade radar tracking system that can instantly identify any nearby unmanned aerial vehicles (UAVs). The UAV detector must be able to instantly identify and react to a vehicle without delay. Which of the following would BEST describe this tracking system?

A transportation company maintains a scheduling application and a database in a virtualized cloud-based environment. Which of the following would be the BEST way to backup these services?

A company has contracted with a third-party to provide penetration testing services. The service includes a port scan of each externally-facing device. This is an example of:

a system administrator is designing a data center for an insurance company's new public cloud and would like to restrict user access to sensitive data. Which of the the following would provide ongoing visibility, data security, and control of cloud-based applications?

What type of vulnerability would be associated with this log information?


A security administrator would like to implement an authentication system that uses cryptographic tickets to validate users. Which of the following would provide this functionality?

a system administrator is implementing a fnigerprint scanner to provide access to the data center. Which of these metrics should be kept at a minimum in order to prevent unauthorized persons from accessing the data center?

a server administrator is building a new web server and needs to provide operating system access to the web server executable. Which of the following account types should be configured?

A user downloaded and installed a utility for compressing and decompressing files. Immediately after installing the utility, the user's overall workstation performance degraded, and it now takes twice as much time to perform any tasks on the compter. Which of the following is the BEST description of this malware infection?

The contract of a long-term temporary employee is ending. Which of these would be the MOST important part of the off-boarding process?

A security administrator is researching the methods used by attackers to gain access to web servers. Which of the following would provide additional information about these techniques?

Daniel, a cybersecurity analyst, has been asked to respond to a denial of service attack against a web server. Daniel first collects information in the arp cache, then a copy of the server's temporary file system, and finally system logs from the web server. What part of the forensics gathering process did Daniel follow?

Which of these would be used to provide HA for a web-based database application?

Which of the following cloud deployments would include CPU, storage, and networking, but not include any operating system or application?

Which of the following BEST describes a risk matrix?

A security administrator has identified an internally developed application that allows users to modify SQL queries through a web-based front-end. To prevent this modification, the administrator has recommended that all queries be completely removed from the application front-end and placed onto the back-end of the application server. Which of the following would describe this implementation?

A network IPS has created this log entry:

Frame 4: 937 bytes on wire (7496 bits), 937 bytes captured

Ethernet II, SRC: HewlettP_82:d8:31, Dst: Cisco_a1:b0:d1

Internet Protocol Version 4, SRC:, Dst:

Transmission Control Protocol, Src Port: 3863, Dst Port: 1433

Application Data: SELECT * FROM users Where username='x' or 'x'='x' and password='x' or 'x'='x'


A system administrator has installed a new firewall between the corporate user network and the data center network. When the firewall is turned on with the default settings, users complain that the application in the data center is no longer working. Which of the following would be the best way to correct this application issue?

Which of these would be used to provide multi-factor authentication?

Which of the following processes merges developed code, tests for issues, and automatically moves the newly developed application to production without any human intervention?

The IT department of a transportation company maintains an on-site inventory of chassis-based network switch interface cards. If a failure occurs, the on-site technician can repolace the interface card and have the system running again in sixty minutes. Which of the following BEST describes this recovery metric?

An organization has contracted with a third-party to perform a vulnerability scan of their Internet-facing web servers. The report shows that the web servers have multiple Sun Java Runtime Environment (JRE) vulnerabilities, but the server administrator has verified the JRE is not installed. Which of the following would be the BEST way to handle this report?

Each year, a certain number of laptops are lost or stolen and must be replaced by the company. Which of the following would describe the total cost the company spends each year on laptop replacements?

A system administrator is viewing this output from Microsoft's System File checker:

15:43:01 - Repairing corrupted file C:\Windows\System32\Kernal32.dll

15:43:03 - Repairing corrupted file C:\Windows\System32\netapi32.dll

15:43:07 - Repairing corrupted file C:\Windows\System32\user32.dll

15:43:43 - Repair complete

Which of the following malware types is the MOST likely cause of this output?


A security administrator would like to minimize the number of certificate status checks made by web clients tot he certificate authority. Which of the following would be the BEST option for this requirement?

A device is exhibiting intermittent connectivity when viewing remote websites. A security administrator views the local device ARP table:

Internet Address Physical Address 60:3d:26:69:71:fc e2:c3:53:79:4c:51 7a:3b:8f:21:86:57 60:3d:26:69:71:fc 00:80:92:c7:c8:49 d0:81:7a:d3:f0:d5

Which of the following would be the MOST likely explanation of this connectivity issue?

Which of the following is the process for replacing sensitive data with a non-sensitive and functional placeholder?