Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

SY0-601 Study Test Questions with Complete Verified Solutions 2024/2025, Exams of Computer Networks

SY0-601 Study Test Questions with Complete Verified Solutions 2024/2025

Typology: Exams

2023/2024

Available from 06/29/2024

TheHub
TheHub 🇺🇸

3.6

(11)

3K documents

1 / 23

Toggle sidebar

Related documents


Partial preview of the text

Download SY0-601 Study Test Questions with Complete Verified Solutions 2024/2025 and more Exams Computer Networks in PDF only on Docsity! SY0-601 Study Test Questions with Complete Verified Solutions 2024/2025 Which of the following has a cyber security framework (CSF) that focuses exclusively on IT security, rather than IT service provisioning? National Institute of Standards and Technology (NIST) International Organization for Standardization (ISO) Control Objectives for Information and Related Technologies (COBIT) Sherwood Applied Business Security Architecture (SABSA) The _____ requires federal agencies to develop security policies for computer systems that process confidential information. Sarbanes-Oxley Act (SOX) Computer Security Act Federal information Security Management Act (FISMA) Gramm-Leach-Bliley Act (GLBA) How might the goals of a basic network management not be well-aligned with the goals of security? Management focuses on confidentiality and availability. Management focuses on confidentiality over availability. Management focuses on integrity and confidentiality. Management focuses on availability over confidentiality. A company has an annual contract with an outside firm to perform a security audit on their network. The purpose of the annual audit is to determine if the company is in compliance with their internal directives and policies for security control. What broad class of security control that accurately demonstrates the purpose of the audit? Managerial Technical Physical Compensating Any external responsibility for an organization's security lies mainly with which individuals? The owner Tech staff Management Public relations After a poorly handled security breach, a company updates its security policy to include an improved incident response plan. Which security controls does this update address? Compensating Deterrent Corrective Detective An engineer looks to implement security measures by following the five functions in the National Institute of Standards and Technology (NIST) Cybersecurity Framework. When documenting the "detect" function, what does the engineer focus on? Evaluate risks and threats Install, operate, and decommission assets Ongoing proactive monitoring Restoration of systems and data Which security related phrase relates to the integrity of data? A vendor website, such as Microsoft's Security Intelligence blog A closed or proprietary threat intelligence platform A security engineer investigates a recent system breach. When compiling a report of the incident, how does the engineer classify the actor and the vector? Threat Vulnerability Risk Exploit A user with authorized access to systems in a software development firm installs a seemingly harmless, yet unauthorized program on a workstation without the IT department's sanction. Identify the type of threat that is a result of this user's action. Unintentional insider threat Malicious insider threat Intentional attack vector External threat with insider knowledge A company technician goes on vacation. While the technician is away, a critical patch released for Windows servers is not applied. According to the National Institute of Standards and Technology (NIST), what does the delay in applying the patch create on the server? Control Risk Threat Vulnerability When exploring the deep web, a user will need which of the following to find a specific and hidden dark web site? The Onion Router (TOR) Dark web search engine A specific URL Open Source Intelligence (OSINT) A contractor has been hired to conduct security reconnaissance on a company. The contractor browses the company's website to identify employees and then finds their Facebook pages. Posts found on Facebook indicate a favorite bar that employees frequent. The contractor visits the bar and learns details of the company's security infrastructure through small talk. What reconnaissance phase techniques does the contractor practice? (Select all that apply.) Open Source Intelligence (OSINT) Scanning Social engineering Persistence A network administrator uses two different automated vulnerability scanners. They regularly update with the latest vulnerability feeds. If the system regularly performs active scans, what type of error is the system most likely to make? False positive False negative Validation error Configuration error A manufacturing company hires a pentesting firm to uncover any vulnerabilities in their network with the understanding that the pen tester receives no information about the company's system. Which of the following penetration testing strategies is the manufacturing company requesting? Black box Sandbox Gray box White box A system administrator must scan the company's network to identify which ports are open and which software and software versions are running on each. Determine the syntax that should be used to yield the desired information if the administrator will be executing this task from a Linux command line. Netstat -a Nmap -A 10.1.0.0/24 Nmap -O 10.1.0.0/24 Netstat -r Which statement best explains the differences between black box, white box, and gray box attack profiles used in penetration testing? A black box pen tester acts as a privileged insider and must perform no reconnaissance. A white box pen tester has no access, and reconnaissance is necessary. A gray box actor is a third-party actor who mediates between a black box and white box pen tester. A black box pen tester acts as the adversary in the test, while the white box pen tester acts in a defensive role. A gray box pen tester is a third-party actor who mediates between a black box pen tester and a white box pen tester. In a black box pen test, the contractor receives no privileged information, so they must perform reconnaissance. In contrast, a white box pen tester has complete access and skips reconnaissance. A gray box tester has some, but not all information, and requires partial reconnaissance. In a white box pen test, the contractor receives no privileged information, so they must perform reconnaissance. In contrast, a black box pen tester has complete access and skips reconnaissance. A gray box tester has some, but not all information, and requires partial reconnaissance. Analyze and eliminate the item that is NOT an example of a reconnaissance technique. Initial exploitation Open Source Intelligence (OSINT) Social engineering Scanning Identify the command that can be used to detect the presence of a host on a particular IP address. ipconfig ifconfig ip Detection of security setting misconfiguration Web application scanning A contractor has been hired to conduct penetration testing on a company's network. They have decided to try to crack the passwords on a percentage of systems within the company. They plan to annotate the type of data that is on the systems that they can successfully crack to prove the ease of access to data. Evaluate the penetration steps and determine which are being utilized for this task. (Select all that apply.) Test security controls Bypass security controls Verify a threat exists Exploit vulnerabilities Select the appropriate methods for packet capture. (Select all that apply.) Wireshark Packet analyzer Packet injection Tcpdump Encryption vulnerabilities allow unauthorized access to protected data. Which component is subject to brute-force enumeration? An unsecured protocol A software vulnerability A weak cipher A lost decryption key Following a data breach at a large retail company, their public relations team issues a statement emphasizing the company's commitment to consumer privacy. Identify the true statements concerning this event. (Select all that apply.) The data breach must be an intentional act of corporate sabotage. The privacy breach may allow the threat actor to sell the data to other malicious actors. Data exfiltration by a malicious actor may have caused the data breach. The data breach event may compromise data integrity, but not information availability. Examine each attack vector. Which is most vulnerable to escalation of privileges? Software Operating System (OS) Applications Ports A hacker set up a Command and Control network to control a compromised host. What is the ability of the hacker to use this remote connection method as needed known as? Weaponization Persistence Reconnaissance Pivoting Compare and contrast vulnerability scanning and penetration testing. Select the true statement from the following options. Vulnerability scanning is conducted by a "white hat" and penetration testing is carried out by a "black hat." Vulnerability scanning by eavesdropping is passive, while penetration testing with credentials is active. Penetration testing and vulnerability scanning are considered "black hat" practices. Vulnerability scanning is part of network reconnaissance, but penetration testing is not. An employee calls IT personnel and states that they received an email with a PDF document to review. After the PDF was opened, the system has not been performing correctly. An IT admin conducted a scan and found a virus. Determine the two classes of viruses the computer most likely has. (Select all that apply.) Boot sector Program Script Macro A system administrator has just entered their credentials to enter a secure server room. As the administrator is entering the door, someone is walking up to the door with their hands full of equipment and appears to be struggling to move items around while searching for their credentials. The system administrator quickly begins to assist by getting items out of the person's hands, and they walk into the room together. This person is not an employee, but someone attempting to gain unauthorized access to the server room. What type of social engineering has occurred? Familiarity/liking Consensus/social proof Authority and intimidation Identity fraud A user's PC is infected with a virus that appears to be a memory resident and loads anytime an external universal serial bus (USB) thumb drive is attached. Examine the following options and determine which describes the infection type. Uses a local scripting engine. Written to the partition table of a disk. Replicates over network resources. Monitors local application activity. Before leaving for lunch, an employee receives a phone call, but there is no one on the line. Distracted by the odd interruption, the employee forgets to log out of the computer. Earlier that day, a person from the building across the street watched the employee entering login credentials using high-powered binoculars. Which form of social engineering is being used in this situation? Vishing Encryption algorithms add salt when computing password hashes. Encryption algorithms must utilize a blockchain. Which two cryptographic functions can be combined to authenticate a sender and prove the integrity of a message? Hashing and symmetric encryption Public key cryptography and digital enveloping Hashing and digital enveloping Public key cryptography and hashing A security technician needs to transfer a large file to another user in a data center. Which statement best illustrates what type of encryption the technician should use to perform the task? The technician should use symmetric encryption for authentication and data transfer. The technician should use asymmetric encryption to verify the data center user's identity and agree on a symmetric encryption algorithm for the data transfer. The technician should use asymmetric encryption for authentication and data transfer. The technician should use symmetric encryption to verify the data center user's identity and agree on an asymmetric encryption algorithm for the data transfer. A system administrator downloads and installs software from a vendor website. Soon after installing the software, the administrator's computer is taken over remotely. After closer investigation, the software package was modified, probably while it was downloading. What action could have prevented this incident from occurring? Validate the software using a checksum Validate the software using a private certificate Validate the software using a key signing key Validate the software using Kerberos Which of the following is NOT a use of cryptography? Non-repudiation Obfuscation Security through obscurity Resiliency Which statement best illustrates the importance of a strong true random number generator (TRNG) or pseudo-random number generator (PRNG) in a cryptographic implementation? A weak number generator leads to many published keys sharing a common factor. A weak number generator creates numbers that are never reused. A strong number generator creates numbers that are never reused. A strong number generator adds salt to encryption values. An attacker uses a cryptographic technology to create a covert message channel in transmission control protocol (TCP) packet data fields. What cryptographic technique does this attack strategy employ? Homomorphic encryption Blockchain Steganography Key stretching During a penetration test, an adversary operator sends an encrypted message embedded in an attached image. Analyze the scenario to determine what security principles the operator is relying on to hide the message. (Select all that apply.) Security by obscurity Integrity Prepending Confidentiality Evaluate the differences between stream and block ciphers and select the true statement. A block cipher is suitable for communication applications. A stream cipher is subjected to complex transposition and substitution operations, based on the value of the key used. A block cipher is padded to the correct size if there is not enough data in the plaintext. A stream cipher's plaintext is divided into equal-sized blocks Which statement best describes key differences between symmetric and asymmetric cryptographic ciphers? Symmetric encryption is used for confidentiality, and uses the same key for encryption and decryption. Asymmetric encryption is primarily used for confidentiality, and uses different keys for encryption and decryption. Symmetric encryption is used for authentication, and is the most efficient method of encryption for large data transfers. Asymmetric encryption is used for non-repudiation and is the most efficient method of encryption for large data transfers. A hospital must balance the need to keep patient privacy information secure and the desire to analyze the contents of patient records for a scientific study. What cryptographic technology can best support the hospital's needs? Blockchain Quantum computing is not yet sufficiently secure to run current cryptographic ciphers. Perfect forward security (PFS) Homomorphic encryption A security team is in the process of selecting a cryptographic suite for their company. Analyze cryptographic implementations and determine which of the following performance factors is most critical to this selection process if users primarily access systems on mobile devices. Speed Latency Computational overhead Cost Phishing Man-in-the-middle An employee works on a small team that shares critical information about the company's network. When sending emails that have this information, what would be used to provide the identity of the sender and prove that the information has not been tampered with? Private key Digital signature Public key RSA algorithm Compare and contrast the modes of operation for block ciphers. Which of the following statements is true? ECB and CBC modes allow block ciphers to behave like stream ciphers. CTR and GCM modes allow block ciphers to behave like stream ciphers. ECB and GCM modes allow block ciphers to behave like stream ciphers. CBC and CTR modes allow block ciphers to behave like stream ciphers. If not managed properly, certificate and key management can represent a critical vulnerability. Assess the following statements about key management and select the true statements. (Select all that apply.) If a key used for signing and encryption is compromised, it can be easily destroyed with a new key issued. It is exponentially more difficult to ensure the key is not compromised with multiple backups of a private key. If a private key, or secret key, is not backed up, the storage system represents a single point of failure. The same private key can securely encrypt and sign a document. An employee handles key management and has learned that a user has used the same key pair for encrypting documents and digitally signing emails. Prioritize all actions that should be taken and determine the first action that the employee should take. Revoke the keys. Recover the encrypted data. Generate a new key pair. Generate a new certificate. Consider the life cycle of an encryption key. Which of the following is NOT a stage in a key's life cycle? Storage Verification Expiration and renewal Revocation Which certificate field shows the name of the Certificate Authority (CA) expressed as a Distinguished Name (DN)? Version Signature algorithm Issuer Subject An employee has requested a digital certificate for a user to access the Virtual Private Network (VPN). It is discovered that the certificate is also being used for digitally signing emails. Evaluate the possible extension attributes to determine which should be modified so that the certificate only works for VPN access. Extension ID Critical Value Distinguished encoding rules An employee handling key management discovers that a private key has been compromised. Evaluate the stages of a key's life cycle and determine which stage the employee initiates upon learning of the compromise. Certificate generation Key generation Expiration and renewal Revocation Key _______________ occurs during the initial distribution of the key, or after having revoked one. generation The X.509 standard defines the fields (information) that must be present in a digital certificate. Which of the following is NOT a required field? Extensions Public key Endorsement key Subject A Certificate Revocation List (CRL) has a publish period set to 24 hours. Based on the normal procedures for a CRL, what is the most applicable validity period for this certificate? 26 hours 1 hour 23 hours 72 hours What is the purpose of a server certificate? Allow signing and encrypting email messages. Guarantee the validity of a browser plug-in or software application.