SYO 601 study | Study sets combined \ Questions and
Answers
1. A user is attempting to navigate to a website from inside the company net- work using a desktop. When the
user types in the URL, https://www.site.com, the user is presented with a certificate mismatch warning from the
brows-
er. The user does not receive a warning when visiting http://www.another- site.com. Which of the following
describes this attack?
A. On-path
B. Domain hijacking
C. DNS poisoning
D. Evil twin: DNS poisoning
2. Which of the following tools is effective in preventing a user from accessing unauthorized removable media?
A. USB data blocker
B. Faraday cage
C. Proximity reader
D. Cable lock: A. USB data blocker
3. A Chief Security Officer is looking for a solution that can provide increased scalability and flexibility for back-
end infrastructure, allowing it to be updated and modified without disruption to services. The security architect
would like the solution selected to reduce the back-end server resources and has highlighted that session
persistence is not important for the applications running on the back-end servers. Which of the following would
BEST meet the requirements?
A. Reverse proxy
B. Automated patch management
C. Snapshots
D. NIC teaming: A. Reverse proxy
4. Which of the following describes a social engineering technique that seeks to exploit a person's sense of
urgency?
A. A phishing email stating a cash settlement has been awarded but will expire soon
B. A smishing message stating a package is scheduled for pickup
1/
202
, SYO 601 study | Study sets combined \ Questions and
Answers
C. A vishing call that requests a donation be made to a local charity
D. A SPIM notification claiming to be undercover law enforcement investigat- ing a cybercrime: A phishing email
stating a cash settlement has been awarded but will expire soon
2/
202
, SYO 601 study | Study sets combined \ Questions and
Answers
5. A security analyst is reviewing application logs to determine the source of a breach and locates the
following log: https://www.comptia.com/lo- gin.php?id='%20or%20'1'1='1Which of the following has been
observed?
A. DLL Injection
B. API attack
C. SQLi
D. XSS: C. SQLi
6. An audit identified PII being utilized in the development environment of a critical application. The Chief
Privacy Officer (CPO) is adamant that this
data must be removed; however, the developers are concerned that without real data they cannot perform
functionality tests and search for specific data. Which of the following should a security professional implement to
BEST satisfy both the CPO's and the development team's requirements?
A. Data anonymization
B. Data encryption
C. Data masking
D. Data tokenization: C. Data masking
7. A company is implementing a DLP solution on the file server. The file server has PII, financial information,
and health information stored on it. Depending on what type of data that is hosted on the file server, the company
wants different DLP rules assigned to the data. Which of the following should the company do to help accomplish
this goal?
A. Classify the data.
B. Mask the data.
C. Assign the application owner.
D. Perform a risk analysis.: A. Classify the data.
8. A forensics investigator is examining a number of unauthorized pay- ments that were reported on the
company's website. Some unusu-
al log entries show users received an email for an unwanted mail- ing list and clicked on a link to
attempt to unsubscribe. One of
the users reported the email to the phishing team, and the forward-
3/
202
, SYO 601 study | Study sets combined \ Questions and
Answers
ed email revealed the link to be:<a href="https://www.company.com/pay- to.do?
routing=00001111&acct=22223334&amount=250">Click here to unsub- scribe</a>Which of the following will
the forensics investigator MOST likely determine has occurred?
4/
202
Answers
1. A user is attempting to navigate to a website from inside the company net- work using a desktop. When the
user types in the URL, https://www.site.com, the user is presented with a certificate mismatch warning from the
brows-
er. The user does not receive a warning when visiting http://www.another- site.com. Which of the following
describes this attack?
A. On-path
B. Domain hijacking
C. DNS poisoning
D. Evil twin: DNS poisoning
2. Which of the following tools is effective in preventing a user from accessing unauthorized removable media?
A. USB data blocker
B. Faraday cage
C. Proximity reader
D. Cable lock: A. USB data blocker
3. A Chief Security Officer is looking for a solution that can provide increased scalability and flexibility for back-
end infrastructure, allowing it to be updated and modified without disruption to services. The security architect
would like the solution selected to reduce the back-end server resources and has highlighted that session
persistence is not important for the applications running on the back-end servers. Which of the following would
BEST meet the requirements?
A. Reverse proxy
B. Automated patch management
C. Snapshots
D. NIC teaming: A. Reverse proxy
4. Which of the following describes a social engineering technique that seeks to exploit a person's sense of
urgency?
A. A phishing email stating a cash settlement has been awarded but will expire soon
B. A smishing message stating a package is scheduled for pickup
1/
202
, SYO 601 study | Study sets combined \ Questions and
Answers
C. A vishing call that requests a donation be made to a local charity
D. A SPIM notification claiming to be undercover law enforcement investigat- ing a cybercrime: A phishing email
stating a cash settlement has been awarded but will expire soon
2/
202
, SYO 601 study | Study sets combined \ Questions and
Answers
5. A security analyst is reviewing application logs to determine the source of a breach and locates the
following log: https://www.comptia.com/lo- gin.php?id='%20or%20'1'1='1Which of the following has been
observed?
A. DLL Injection
B. API attack
C. SQLi
D. XSS: C. SQLi
6. An audit identified PII being utilized in the development environment of a critical application. The Chief
Privacy Officer (CPO) is adamant that this
data must be removed; however, the developers are concerned that without real data they cannot perform
functionality tests and search for specific data. Which of the following should a security professional implement to
BEST satisfy both the CPO's and the development team's requirements?
A. Data anonymization
B. Data encryption
C. Data masking
D. Data tokenization: C. Data masking
7. A company is implementing a DLP solution on the file server. The file server has PII, financial information,
and health information stored on it. Depending on what type of data that is hosted on the file server, the company
wants different DLP rules assigned to the data. Which of the following should the company do to help accomplish
this goal?
A. Classify the data.
B. Mask the data.
C. Assign the application owner.
D. Perform a risk analysis.: A. Classify the data.
8. A forensics investigator is examining a number of unauthorized pay- ments that were reported on the
company's website. Some unusu-
al log entries show users received an email for an unwanted mail- ing list and clicked on a link to
attempt to unsubscribe. One of
the users reported the email to the phishing team, and the forward-
3/
202
, SYO 601 study | Study sets combined \ Questions and
Answers
ed email revealed the link to be:<a href="https://www.company.com/pay- to.do?
routing=00001111&acct=22223334&amount=250">Click here to unsub- scribe</a>Which of the following will
the forensics investigator MOST likely determine has occurred?
4/
202
