Cybersecurity 601 Exam
NO.6 An enterprise has hired an outside security firm to conduct penetration testing on its
Network and applications. The firm has only been given the documentation available to the
customers of the applications. Which of the following BEST represents the type of testing that will
occur?
A. Bug bounty
B. Black-box
C. Gray-box
D. White-box
D. White-box
NO.18 A systems administrator needs to install a new wireless network for authenticated guest
access. The wireless network should support 802. IX using the most secure encryption and protocol
available. Perform the following slops:
1. Configure the RADIUS server.
2. Configure the WiFi controller.
3. Preconfigure the client for an incoming guest. The guest AD credentials are:
User: guest01
Password: guestpass
Answer: Use the same settings as describe in below images.
NO.22 A security administrator needs to create a RAIS configuration that is focused on high read
speeds and fault tolerance. It is unlikely that multiple drivers will fail simultaneously. Which of the
following RAID configurations should the administration use?
A. RA1D 0
B. RAID1
C. RAID 5
D. RAID 10
C. RAID 5
NO.24 During an incident response, a security analyst observes the following log entry on the web
server. Which of the following BEST describes the type of attack the analyst is experience?
A. SQL injection
B. Cross-site scripting
C. Pass-the-hash
D. Directory traversal
Directory traversal
NO.30 A security analyst receives a SIEM alert that someone logged in to the appadmin test account,
which is only used for the early detection of attacks. The security analyst then reviews the following
application log: Which of the following can the security analyst conclude?
A. A replay attack is being conducted against the application.
B. An injection attack is being conducted against a user authentication system.
C. A service account password may have been changed, resulting in continuous failed logins within the
application.
D. A credentialed vulnerability scanner attack is testing several CVEs against the application.
A service account password may have been changed, resulting in continuous failed logins within the
application.
NO.35 Which of the following represents a biometric FRR?
,A. Authorized users being denied access
B. Users failing to enter the correct PIN
C. The denied and authorized numbers being equal
D. The number of unauthorized users being granted access
A. Authorized users being denied access
developers are writing code and merging it into shared repositories several times a day, where it is
tested automatically. Which of the following concepts does this BEST represent?
A. Functional testing
B. Stored procedures
C. Elasticity
D. Continuous integration
D. Continuous integration
The SIEM at an organization has detected suspicious traffic coming a workstation in its internal
network. An analyst in the SOC the workstation and discovers malware that is associated with a
botnet is installed on the device A review of the logs on the workstation reveals that the privileges of
the local account were escalated to a local administrator. To which of the following groups should the
analyst report this real-world event?
A. The NOC team
B. The vulnerability management team
C. The CIRT
D. The read team
A. The NOC team
NO.48 Several employees return to work the day after attending an industry trade show. That same
day, the security manager notices several malware alerts coming from each of the employee's
workstations. The security manager investigates but finds no signs of an attack on the perimeter
firewall or the NIDS. Which of the following is MOST likely causing the malware alerts?
A. A worm that has propagated itself across the intranet, which was initiated by presentation media
B. A fileless virus that is contained on a vCard that is attempting to execute an attack
C. A Trojan that has passed through and executed malicious code on the hosts
D. A USB flash drive that is trying to run malicious code but is being blocked by the host firewall
A. A worm that has propagated itself across the intranet, which was initiated by presentation media
56 Which of the following would BEST identify and remediate a data-loss event in an enterprise using
third-party, web-based services and file-sharing platforms?
A. SIEM
B. CASB
C. UTM
D. DLP
D. DLP
NO.68 An attacker is trying to gain access by installing malware on a website that is known to be
visited by the target victims. Which of the following is the attacker MOST likely attempting?
A. A spear-phishing attack
B. A watering-hole attack
C. Typo squatting
D. A phishing attack
B. A watering-hole attack
, NO.69 A desktop support technician recently installed a new document-scanning software program
on a computer However, when the end user tried to launch the program, it did not respond. Which of
the following is MOST likely the cause?
A. A new firewall rule is needed to access the application.
B. The system was quarantined for missing software updates
C. The software was not added to the application whitelist.
D. The system was isolated from the network due to infected software.
C. The software was not added to the application whitelist.
NO.71 A company just developed a new web application for a government agency. The application
must be assessed and authorized prior to being deployed. Which of the following is required to assess
the vulnerabilities resident in the application?
A. Repository transaction logs
B. Common Vulnerabilities and Exposures
C.Static code analysis
D. non-credentialed scans
C. Static code analysis
NO.80 A company recently experienced an attack during which its main website was directed to the
attacker's web server, allowing the attacker to harvest credentials from unsuspecting customers.
Which of the following should the company implement to prevent this type of attack occurring in the
future?
A. IPSec
B. SSL/TLS
C. DNSSEC
D. S/MIME
A. IPSec
NO.83 The spread of misinformation surrounding the outbreak of a novel virus on election day ted to
eligible voters choosing not to take the risk of going to the polls This is an example of: A. prepending.
B. an influence campaign
C. a watering-hole attack
D. intimidation
E. information elicitation
D. intimidation
NO.85 Which of the following terms should be included in a contract to help a company monitor the
ongoing security maturity of a new vendor?
A. A right-to-audit clause allowing for annual security audits
B. Requirements for event logs to be kept for a minimum of 30 days
C. Integration of threat intelligence in the company's AV
D. A data-breach clause requiring disclosure of significant data loss
A. A right-to-audit clause allowing for annual security audits
NO.92 The new Chief Executive Officer (CEO) of a large company has announced a partnership with a
vendor that will provide multiple collaboration applications t make remote work easier. The company
has a geographically dispersed staff located in numerous remote offices in different countries. The
company's IT administrators are concerned about network traffic and load if all users simultaneously
download the application. Which of the following would work BEST to allow each geographic region
to download the software without negatively impacting the corporate network?
A. Update the host IDS rules.
B. Enable application whitelisting.
NO.6 An enterprise has hired an outside security firm to conduct penetration testing on its
Network and applications. The firm has only been given the documentation available to the
customers of the applications. Which of the following BEST represents the type of testing that will
occur?
A. Bug bounty
B. Black-box
C. Gray-box
D. White-box
D. White-box
NO.18 A systems administrator needs to install a new wireless network for authenticated guest
access. The wireless network should support 802. IX using the most secure encryption and protocol
available. Perform the following slops:
1. Configure the RADIUS server.
2. Configure the WiFi controller.
3. Preconfigure the client for an incoming guest. The guest AD credentials are:
User: guest01
Password: guestpass
Answer: Use the same settings as describe in below images.
NO.22 A security administrator needs to create a RAIS configuration that is focused on high read
speeds and fault tolerance. It is unlikely that multiple drivers will fail simultaneously. Which of the
following RAID configurations should the administration use?
A. RA1D 0
B. RAID1
C. RAID 5
D. RAID 10
C. RAID 5
NO.24 During an incident response, a security analyst observes the following log entry on the web
server. Which of the following BEST describes the type of attack the analyst is experience?
A. SQL injection
B. Cross-site scripting
C. Pass-the-hash
D. Directory traversal
Directory traversal
NO.30 A security analyst receives a SIEM alert that someone logged in to the appadmin test account,
which is only used for the early detection of attacks. The security analyst then reviews the following
application log: Which of the following can the security analyst conclude?
A. A replay attack is being conducted against the application.
B. An injection attack is being conducted against a user authentication system.
C. A service account password may have been changed, resulting in continuous failed logins within the
application.
D. A credentialed vulnerability scanner attack is testing several CVEs against the application.
A service account password may have been changed, resulting in continuous failed logins within the
application.
NO.35 Which of the following represents a biometric FRR?
,A. Authorized users being denied access
B. Users failing to enter the correct PIN
C. The denied and authorized numbers being equal
D. The number of unauthorized users being granted access
A. Authorized users being denied access
developers are writing code and merging it into shared repositories several times a day, where it is
tested automatically. Which of the following concepts does this BEST represent?
A. Functional testing
B. Stored procedures
C. Elasticity
D. Continuous integration
D. Continuous integration
The SIEM at an organization has detected suspicious traffic coming a workstation in its internal
network. An analyst in the SOC the workstation and discovers malware that is associated with a
botnet is installed on the device A review of the logs on the workstation reveals that the privileges of
the local account were escalated to a local administrator. To which of the following groups should the
analyst report this real-world event?
A. The NOC team
B. The vulnerability management team
C. The CIRT
D. The read team
A. The NOC team
NO.48 Several employees return to work the day after attending an industry trade show. That same
day, the security manager notices several malware alerts coming from each of the employee's
workstations. The security manager investigates but finds no signs of an attack on the perimeter
firewall or the NIDS. Which of the following is MOST likely causing the malware alerts?
A. A worm that has propagated itself across the intranet, which was initiated by presentation media
B. A fileless virus that is contained on a vCard that is attempting to execute an attack
C. A Trojan that has passed through and executed malicious code on the hosts
D. A USB flash drive that is trying to run malicious code but is being blocked by the host firewall
A. A worm that has propagated itself across the intranet, which was initiated by presentation media
56 Which of the following would BEST identify and remediate a data-loss event in an enterprise using
third-party, web-based services and file-sharing platforms?
A. SIEM
B. CASB
C. UTM
D. DLP
D. DLP
NO.68 An attacker is trying to gain access by installing malware on a website that is known to be
visited by the target victims. Which of the following is the attacker MOST likely attempting?
A. A spear-phishing attack
B. A watering-hole attack
C. Typo squatting
D. A phishing attack
B. A watering-hole attack
, NO.69 A desktop support technician recently installed a new document-scanning software program
on a computer However, when the end user tried to launch the program, it did not respond. Which of
the following is MOST likely the cause?
A. A new firewall rule is needed to access the application.
B. The system was quarantined for missing software updates
C. The software was not added to the application whitelist.
D. The system was isolated from the network due to infected software.
C. The software was not added to the application whitelist.
NO.71 A company just developed a new web application for a government agency. The application
must be assessed and authorized prior to being deployed. Which of the following is required to assess
the vulnerabilities resident in the application?
A. Repository transaction logs
B. Common Vulnerabilities and Exposures
C.Static code analysis
D. non-credentialed scans
C. Static code analysis
NO.80 A company recently experienced an attack during which its main website was directed to the
attacker's web server, allowing the attacker to harvest credentials from unsuspecting customers.
Which of the following should the company implement to prevent this type of attack occurring in the
future?
A. IPSec
B. SSL/TLS
C. DNSSEC
D. S/MIME
A. IPSec
NO.83 The spread of misinformation surrounding the outbreak of a novel virus on election day ted to
eligible voters choosing not to take the risk of going to the polls This is an example of: A. prepending.
B. an influence campaign
C. a watering-hole attack
D. intimidation
E. information elicitation
D. intimidation
NO.85 Which of the following terms should be included in a contract to help a company monitor the
ongoing security maturity of a new vendor?
A. A right-to-audit clause allowing for annual security audits
B. Requirements for event logs to be kept for a minimum of 30 days
C. Integration of threat intelligence in the company's AV
D. A data-breach clause requiring disclosure of significant data loss
A. A right-to-audit clause allowing for annual security audits
NO.92 The new Chief Executive Officer (CEO) of a large company has announced a partnership with a
vendor that will provide multiple collaboration applications t make remote work easier. The company
has a geographically dispersed staff located in numerous remote offices in different countries. The
company's IT administrators are concerned about network traffic and load if all users simultaneously
download the application. Which of the following would work BEST to allow each geographic region
to download the software without negatively impacting the corporate network?
A. Update the host IDS rules.
B. Enable application whitelisting.
