SY0-601 Online Practice Questions and Answers

An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has been given all the developer's documentation about the internal architecture. Which of the following BEST represents the type of testing that will occur?

A. Bug bounty

B. White-box

C. Black-box

D. Gray-box

A network administrator at a large organization is reviewing methods to improve the security of the wired LAN. Any security improvement must be centrally managed and allow corporate-owned devices to have access to the intranet but limit others to Internet access only. Which of the following should the administrator recommend?

A. 802.1X utilizing the current PKI infrastructure

B. SSO to authenticate corporate users

C. MAC address filtering with ACLS on the router

D. PAM for user account management

An attacker is attempting to harvest user credentials on a client's website. A security analyst notices multiple attempts of random usernames and passwords.

When the analyst types in a random username and password, the logon screen displays the following message:

The username you entered does not exist.

Which of the following should the analyst recommend be enabled?

A. Input validation

B. Obfuscation

C. Error handling

D. Username lockout

After consulting with the Chief Risk Officer (CRO). a manager decides to acquire cybersecurity insurance for the company Which of the following risk management strategies is the manager adopting?

A. Risk acceptance

B. Risk avoidance

C. Risk transference

D. Risk mitigation

In a phishing attack, the perpetrator is pretending to be someone in a position of power in an effort to influence the target to click or follow the desired response. Which of the following principles is being used?

A. Authority

B. Intimidation

C. Consensus

D. Scarcity

A security engineer needs to enhance MFA access to sensitive areas in a building. A key card and fingerprint scan are already in use. Which of the following would add another factor of authentication?

A. Hard token

B. Retina scan

C. SMS text

D. Keypad PIN

A company is implementing BYOD and wants to ensure all users have access to the same cloud-based services. Which of the following would BEST allow the company to meet this requirement?

A. laaS

B. PasS

C. MaaS

D. SaaS

A company wants to reconfigure an existing wireless infrastructure. The company needs to ensure the projected WAP placement will provide proper signal strength to all workstations. Which of the following should the company use to best fulfill the requirements?

A. Network diagram

B. WPS

C. 802.1X

D. Heat map

Which of the following is an algorithm performed to verify that data has not been modified?

A. Hash

B. Code check

C. Encryption

D. Checksum

Two companies are in the process of merging. The companies need to decide how to standardize their information security programs. Which of the following would best align the security programs?

A. Shared deployment of CIS baselines

B. Joint cybersecurity best practices

C. Both companies following the same CSF

D. Assessment of controls in a vulnerability report