Free SY0-601 Exam Braindumps

- (Exam Topic 3)
A security analyst needs to perform periodic vulnerability scans on production systems. Which of the following scan Types would produce the BEST vulnerability scan report?

1. A. Port
2. B. Intrusive
3. C. Host discovery
4. D. Credentialed

Correct Answer: D

- (Exam Topic 2)
A security analyst is evaluating the risks of authorizing multiple security solutions to collect data from the company's cloud environment Which of the following is an immediate consequence of these integrations?

1. A. Non-compliance with data sovereignty rules
2. B. Loss of the vendor's interoperability support
3. C. Mandatory deployment of a SIEM solution
4. D. Increase in the attack surface

Correct Answer: A

- (Exam Topic 2)
A company is moving its retail website to a public cloud provider. The company wants to tokenize credit card data but not allow the cloud provider to see the stored credit card information. Which of the following would BEST meet these objectives?

1. A. WAF
2. B. CASB
3. C. VPN
4. D. TLS

Correct Answer: B

- (Exam Topic 3)
A security analyst receives a SIEM alert that someone logged in to the appadmin test account, which is only used for the early detection of attacks. The security analyst then reviews the following application log:

Which of the following can the security analyst conclude?

1. A. A replay attack is being conducted against the application.
2. B. An injection attack is being conducted against a user authentication system.
3. C. A service account password may have been changed, resulting in continuous failed logins within the application.
4. D. A credentialed vulnerability scanner attack is testing several CVEs against the application.

Correct Answer: C

- (Exam Topic 1)
A company is providing security awareness training regarding the importance of not forwarding social media messages from unverified sources. Which of the following risks would this training help to prevent?

1. A. Hoaxes
2. B. SPIMs
3. C. Identity fraud
4. D. Credential harvesting

Correct Answer: A
Hoax
A hoax is a falsehood deliberately fabricated to masquerade as the truth. It is distinguishable from errors in observation or judgment, rumors, urban legends, pseudo sciences, and April Fools' Day events that are passed along in good faith by believers or as jokes.
Identity theft
Identity theft occurs when someone uses another person's personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. The term identity theft was coined in 1964. Identity fraud (also known as identity theft or crime) involves someone using another individual's personal information without consent, often to obtain a benefit.
Credential Harvesting
Credential Harvesting (or Account Harvesting) is the use of MITM attacks, DNS poisoning, phishing, and other vectors to amass large numbers of credentials (username / password combinations) for reuse.