Free CompTIA SY0-601 Exam Dumps and SY0-601 Exam Questions

Question No: 11

MultipleChoice

A company is receiving emails with links to phishing sites that look very similar to the company's own website address and content. Which of the following is the BEST way for the company to mitigate this attack?

Options

ACreate a honeynet to trap attackers who access the VPN with credentials obtained by phishing.

BGenerate a list of domains similar to the company's own and implement a DNS sinkhole for each.

CDisable POP and IMAP on all Internet-facing email servers and implement SMTPS.

DUse an automated tool to flood the phishing websites with fake usernames and passwords.

Question No: 12

MultipleChoice

A company labeled some documents with the public sensitivity classification This means the documents can be accessed by:

Options

Aemployees of other companies and the press

Ball members of the department that created the documents

Conly the company's employees and those listed in the document

Donly the individuate listed in the documents

Question No: 13

MultipleChoice

A security engineer was assigned to implement a solution to prevent attackers from gaining access by pretending to be authorized users. Which of the following technologies meets the requirement?

Options

ASSO

BIDS

CMFA

DTPM

Question No: 14

MultipleChoice

A company recently experienced a significant data loss when proprietary Information was leaked to a competitor. The company took special precautions by using proper labels; however, email filter logs do not have any record of the incident. An Investigation confirmed the corporate network was not breached, but documents were downloaded from an employee's COPE tablet and passed to the competitor via cloud storage. Which of the following is the BEST mitigation strategy to prevent this from happening in the future?

Options

AUser training

BCASB

CMDM

DEDR

Question No: 15

MultipleChoice

Which of the following is the MOST relevant security check to be performed before embedding third-parry libraries in developed code?

Options

ACheck to see if the third party has resources to create dedicated development and staging environments.

BVerify the number of companies that downloaded the third-party code and the number of contributions on the code repository.

CAssess existing vulnerabilities affecting the third-parry code and the remediation efficiency of the libraries' developers.

DRead multiple penetration-testing reports for environments running software that reused the library.

Question No: 16

MultipleChoice

The Chief Information Security Officer (CISO) has requested that a third-party vendor provide supporting documents that show proper controls are in place to protect customer dat

a. Which of the following would be BEST for the third-party vendor to provide to the CISO?

Options

AGDPR compliance attestation

BCloud Security Alliance materials

CSOC 2 Type 2 report

DNIST RMF workbooks

Question No: 17

MultipleChoice

A recent audit cited a risk involving numerous low-criticality vulnerabilities created by a web application using a third-party library. The development staff state there are still customers using the application even though it is end of life and it would be a substantial burden to update the application for compatibility with more secure libraries. Which of the following would be the MOST prudent course of action?

Options

AAccept the risk if there is a clear road map for timely decommission

BDeny the risk due to the end-of-life status of the application.

CUse containerization to segment the application from other applications to eliminate the risk

DOutsource the application to a third-party developer group

Question No: 18

MultipleChoice

A security analyst is investigating suspicious traffic on the web server located at IP address 10.10.1.1. A search of the WAF logs reveals the following output:

Which of the following is MOST likely occurring?

Options

AXSS attack

BSQLi attack

CReplay attack

DXSRF attack

Question No: 19

MultipleChoice

Due to unexpected circumstances, an IT company must vacate its main office, forcing all operations to alternate, off-site locations. Which of the following will the company MOST likely reference for guidance during this change?

Options

AThe business continuity plan

BThe retention policy

CThe disaster recovery plan

DThe incident response plan

Question No: 20

MultipleChoice

A security proposal was set up to track requests for remote access by creating a baseline of the users' common sign-in properties. When a baseline deviation is detected, an Iv1FA challenge will be triggered. Which of the following should be configured in order to deploy the proposal?

Options

AContext-aware authentication

BSimultaneous authentication of equals

CExtensive authentication protocol

DAgentless network access control