SYO 601 STUDY (EXAM
TOPICS ; IT EXAMS #1-
410) QUESTIONS WITH
100% PASSED
SOLUTIONS!!
SYO 601
Evatee 8/5/24 [Course title]
,SYO 601 STUDY (EXAM TOPICS ; IT EXAMS #1-
410) QUESTIONS WITH 100% PASSED
SOLUTIONS!!
A user is attempting to navigate to a website from inside the company network
using a desktop. When the user types in the URL, https://www.site.com, the
user is presented with a certificate mismatch warning from the browser. The
user does not receive a warning when visiting http://www.anothersite.com.
Which of the following describes this attack?
A. On-path
B. Domain hijacking
C. DNS poisoning
D. Evil twin Answer - DNS poisoning
Which of the following tools is effective in preventing a user from accessing
unauthorized removable media?
A. USB data blocker
B. Faraday cage
C. Proximity reader
D. Cable lock Answer - A. USB data blocker
A Chief Security Officer is looking for a solution that can provide increased
scalability and flexibility for back-end infrastructure, allowing it to be updated
and modified without disruption to services. The security architect would like
the solution selected to reduce the back-end server resources and has
,highlighted that session persistence is not important for the applications
running on the back-end servers. Which of the following would BEST meet the
requirements?
A. Reverse proxy
B. Automated patch management
C. Snapshots
D. NIC teaming Answer - A. Reverse proxy
Which of the following describes a social engineering technique that seeks to
exploit a person's sense of urgency?
A. A phishing email stating a cash settlement has been awarded but will expire
soon
B. A smishing message stating a package is scheduled for pickup
C. A vishing call that requests a donation be made to a local charity
D. A SPIM notification claiming to be undercover law enforcement investigating
a cybercrime Answer - A phishing email stating a cash settlement has been
awarded but will expire soon
A security analyst is reviewing application logs to determine the source of a
breach and locates the following log: https://www.comptia.com/login.php?
id='%20or%20'1'1='1Which of the following has been observed?
A. DLL Injection
B. API attack
C. SQLi
D. XSS Answer - C. SQLi
, An audit identified PII being utilized in the development environment of a
critical application. The Chief Privacy Officer (CPO) is adamant that this data
must be removed; however, the developers are concerned that without real
data they cannot perform functionality tests and search for specific data.
Which of the following should a security professional implement to BEST satisfy
both the CPO's and the development team's requirements?
A. Data anonymization
B. Data encryption
C. Data masking
D. Data tokenization Answer - C. Data masking
A company is implementing a DLP solution on the file server. The file server has
PII, financial information, and health information stored on it. Depending on
what type of data that is hosted on the file server, the company wants different
DLP rules assigned to the data. Which of the following should the company do
to help accomplish this goal?
A. Classify the data.
B. Mask the data.
C. Assign the application owner.
D. Perform a risk analysis. Answer - A. Classify the data.
A forensics investigator is examining a number of unauthorized payments that
were reported on the company's website. Some unusual log entries show users
received an email for an unwanted mailing list and clicked on a link to attempt
to unsubscribe. One of the users reported the email to the phishing team, and
the forwarded email revealed the link to be:<a
href="https://www.company.com/payto.do?
routing=00001111&acct=22223334&amount=250">Click here to
unsubscribe</a>Which of the following will the forensics investigator MOST
likely determine has occurred?
TOPICS ; IT EXAMS #1-
410) QUESTIONS WITH
100% PASSED
SOLUTIONS!!
SYO 601
Evatee 8/5/24 [Course title]
,SYO 601 STUDY (EXAM TOPICS ; IT EXAMS #1-
410) QUESTIONS WITH 100% PASSED
SOLUTIONS!!
A user is attempting to navigate to a website from inside the company network
using a desktop. When the user types in the URL, https://www.site.com, the
user is presented with a certificate mismatch warning from the browser. The
user does not receive a warning when visiting http://www.anothersite.com.
Which of the following describes this attack?
A. On-path
B. Domain hijacking
C. DNS poisoning
D. Evil twin Answer - DNS poisoning
Which of the following tools is effective in preventing a user from accessing
unauthorized removable media?
A. USB data blocker
B. Faraday cage
C. Proximity reader
D. Cable lock Answer - A. USB data blocker
A Chief Security Officer is looking for a solution that can provide increased
scalability and flexibility for back-end infrastructure, allowing it to be updated
and modified without disruption to services. The security architect would like
the solution selected to reduce the back-end server resources and has
,highlighted that session persistence is not important for the applications
running on the back-end servers. Which of the following would BEST meet the
requirements?
A. Reverse proxy
B. Automated patch management
C. Snapshots
D. NIC teaming Answer - A. Reverse proxy
Which of the following describes a social engineering technique that seeks to
exploit a person's sense of urgency?
A. A phishing email stating a cash settlement has been awarded but will expire
soon
B. A smishing message stating a package is scheduled for pickup
C. A vishing call that requests a donation be made to a local charity
D. A SPIM notification claiming to be undercover law enforcement investigating
a cybercrime Answer - A phishing email stating a cash settlement has been
awarded but will expire soon
A security analyst is reviewing application logs to determine the source of a
breach and locates the following log: https://www.comptia.com/login.php?
id='%20or%20'1'1='1Which of the following has been observed?
A. DLL Injection
B. API attack
C. SQLi
D. XSS Answer - C. SQLi
, An audit identified PII being utilized in the development environment of a
critical application. The Chief Privacy Officer (CPO) is adamant that this data
must be removed; however, the developers are concerned that without real
data they cannot perform functionality tests and search for specific data.
Which of the following should a security professional implement to BEST satisfy
both the CPO's and the development team's requirements?
A. Data anonymization
B. Data encryption
C. Data masking
D. Data tokenization Answer - C. Data masking
A company is implementing a DLP solution on the file server. The file server has
PII, financial information, and health information stored on it. Depending on
what type of data that is hosted on the file server, the company wants different
DLP rules assigned to the data. Which of the following should the company do
to help accomplish this goal?
A. Classify the data.
B. Mask the data.
C. Assign the application owner.
D. Perform a risk analysis. Answer - A. Classify the data.
A forensics investigator is examining a number of unauthorized payments that
were reported on the company's website. Some unusual log entries show users
received an email for an unwanted mailing list and clicked on a link to attempt
to unsubscribe. One of the users reported the email to the phishing team, and
the forwarded email revealed the link to be:<a
href="https://www.company.com/payto.do?
routing=00001111&acct=22223334&amount=250">Click here to
unsubscribe</a>Which of the following will the forensics investigator MOST
likely determine has occurred?
