SY0-601 Free Practice Test

- (Exam Topic 4)
An analyst has determined that a server was not patched and an external actor exfiltrated data on port 139. Which of the following sources should the analyst review to BEST ascertain how the incident could have been prevented?

1. A. The vulnerability scan output
2. B. The security logs
3. C. The baseline report
4. D. The correlation of events

Correct Answer: A

- (Exam Topic 6)
Which of the following is required in order for an IDS and a WAF to be effective on HTTPS traffic?

1. A. Hashing
2. B. DNS sinkhole
3. C. TLS inspection
4. D. Data masking

Correct Answer: B

- (Exam Topic 4)
An enterprise to keep cryptpgraphic keys in a sade manner.Whihc of the fikkowug network appliances can achieve this goals?

1. A. HSM
2. B. CASB
3. C. TPM
4. D. DLP

Correct Answer: A

- (Exam Topic 6)
Which of the following provides a catalog of security and privacy controls related to the United States federal information systems?

1. A. GDPR
2. B. PCI DSS
3. C. ISO 27000
4. D. NIST 800-53

Correct Answer: D

- (Exam Topic 4)
n attack relies on an end user visiting a website the end user would typically visit; however, the site is compromised and uses vulnerabilities in the end user's browser to deploy malicious software. Which of the following types of attack does this describe?

1. A. Smishing
2. B. Whaling
3. C. Watering hole
4. D. Phishing

Correct Answer: C