SY0-601 EXAM SCRIPT 2025/2026 QUESTIONS AND
ANSWERS GUARANTEE A+
✔✔brute force attack - ✔✔the password cracker tries every possible combination of
characters
✔✔Spraying attack - ✔✔Tries to log onto a system with common passwords before
moving on.
✔✔dictionary attack - ✔✔A password attack that creates encrypted versions of common
dictionary words and compares them against those in a stolen password file.
✔✔rainbow table - ✔✔A table of hash values and their corresponding plaintext values
that can be used to look up password values if an attacker is able to steal a system's
encrypted password file.
✔✔collision - ✔✔A situation in which two objects in close contact exchange energy and
momentum
✔✔Birthday Attack - ✔✔An attack that searches for any two digests that are the same.
✔✔Cross-Site Scripting (XSS) - ✔✔An attack that injects scripts into a Web application
server to direct attacks at clients.
✔✔SQL Injection - ✔✔An attack that targets SQL servers by injecting commands to be
manipulated by the database.
✔✔DLL injection - ✔✔An attack that injects a Dynamic Link Library (DLL) into memory
and runs it. Attackers rewrite DLL, inserting malicious code
✔✔Replay Attack - ✔✔A type of network attack where an attacker
captures network traffic and stores it for
retransmission at a later time to gain
unauthorized access to a network.
✔✔Shimming - ✔✔A driver manipulation method. It uses additional code to modify the
behavior of a driver.
✔✔SSL Stripping - ✔✔An attack that focuses on stripping the security from HTTPS-
enabled websites.
✔✔Race Condition - ✔✔A programming flaw that occurs when two sets of code attempt
to access the same resource. The first one to access the resource wins, which can
result in inconsistent results.
, ✔✔Directory Traversal - ✔✔An attack that takes advantage of a vulnerability so that a
user can move from the root directory to restricted directories.
✔✔Bluejacking - ✔✔An attack that sends unsolicited messages to Bluetooth-enabled
devices.
✔✔Blue Snarfing - ✔✔stealing contact lists, images, and other data using bluetooth
✔✔On-path attack - ✔✔Formerly known as man in the middle where the attacker
redirects the victims traffic without there knowledge.
✔✔DNS poisoning - ✔✔An attack that substitutes DNS addresses so that the computer
is automatically redirected to an attacker's device.
✔✔Shadow IT - ✔✔The information systems and solutions built and deployed by
departments other than the information systems department. In many cases, the
information systems department may not even be aware of these efforts.
✔✔SIEM - ✔✔Security Information and Event Management
✔✔Syslog - ✔✔System Log, standard for message logging.
✔✔SIEM data - ✔✔data inputs ,server auth, vpn connections,
✔✔soar - ✔✔security orchestration, automation and response.
✔✔Rules of Engagement (ROE) - ✔✔Detailed guidelines and constraints regarding the
execution of information security testing. The ROE is established before the start of a
security test, and gives the test team authority to conduct defined activities without the
need for additional permissions.
✔✔Passive Footprinting - ✔✔collecting information from publicly accessible sources
✔✔Continous Integration - ✔✔Merging developer updates continuously (daily) to avoid
integration challenges
✔✔Continous Delivery - ✔✔automate the testing process automate the release
process.
✔✔federation - ✔✔provide network access to others not just employees.
✔✔Attestation - ✔✔the lending of credibility to assertions made by a third party
ANSWERS GUARANTEE A+
✔✔brute force attack - ✔✔the password cracker tries every possible combination of
characters
✔✔Spraying attack - ✔✔Tries to log onto a system with common passwords before
moving on.
✔✔dictionary attack - ✔✔A password attack that creates encrypted versions of common
dictionary words and compares them against those in a stolen password file.
✔✔rainbow table - ✔✔A table of hash values and their corresponding plaintext values
that can be used to look up password values if an attacker is able to steal a system's
encrypted password file.
✔✔collision - ✔✔A situation in which two objects in close contact exchange energy and
momentum
✔✔Birthday Attack - ✔✔An attack that searches for any two digests that are the same.
✔✔Cross-Site Scripting (XSS) - ✔✔An attack that injects scripts into a Web application
server to direct attacks at clients.
✔✔SQL Injection - ✔✔An attack that targets SQL servers by injecting commands to be
manipulated by the database.
✔✔DLL injection - ✔✔An attack that injects a Dynamic Link Library (DLL) into memory
and runs it. Attackers rewrite DLL, inserting malicious code
✔✔Replay Attack - ✔✔A type of network attack where an attacker
captures network traffic and stores it for
retransmission at a later time to gain
unauthorized access to a network.
✔✔Shimming - ✔✔A driver manipulation method. It uses additional code to modify the
behavior of a driver.
✔✔SSL Stripping - ✔✔An attack that focuses on stripping the security from HTTPS-
enabled websites.
✔✔Race Condition - ✔✔A programming flaw that occurs when two sets of code attempt
to access the same resource. The first one to access the resource wins, which can
result in inconsistent results.
, ✔✔Directory Traversal - ✔✔An attack that takes advantage of a vulnerability so that a
user can move from the root directory to restricted directories.
✔✔Bluejacking - ✔✔An attack that sends unsolicited messages to Bluetooth-enabled
devices.
✔✔Blue Snarfing - ✔✔stealing contact lists, images, and other data using bluetooth
✔✔On-path attack - ✔✔Formerly known as man in the middle where the attacker
redirects the victims traffic without there knowledge.
✔✔DNS poisoning - ✔✔An attack that substitutes DNS addresses so that the computer
is automatically redirected to an attacker's device.
✔✔Shadow IT - ✔✔The information systems and solutions built and deployed by
departments other than the information systems department. In many cases, the
information systems department may not even be aware of these efforts.
✔✔SIEM - ✔✔Security Information and Event Management
✔✔Syslog - ✔✔System Log, standard for message logging.
✔✔SIEM data - ✔✔data inputs ,server auth, vpn connections,
✔✔soar - ✔✔security orchestration, automation and response.
✔✔Rules of Engagement (ROE) - ✔✔Detailed guidelines and constraints regarding the
execution of information security testing. The ROE is established before the start of a
security test, and gives the test team authority to conduct defined activities without the
need for additional permissions.
✔✔Passive Footprinting - ✔✔collecting information from publicly accessible sources
✔✔Continous Integration - ✔✔Merging developer updates continuously (daily) to avoid
integration challenges
✔✔Continous Delivery - ✔✔automate the testing process automate the release
process.
✔✔federation - ✔✔provide network access to others not just employees.
✔✔Attestation - ✔✔the lending of credibility to assertions made by a third party
