Page 1 of 243
SY0-601 Exam Dump WITH ALL 550 QUESTIONS
AND CORRECT DETAILED SOLUTIONS LATEST
UPDATED VERSION JUST RELEASED
Question: 1
Phishing and spear-phishing attacks have been occurring more frequently against a company's
staff. Which of the following would MOST likely help mitigate this issue?
A. DNSSEC and DMARC
B. DNS query logging
C. Exact mail exchanger records in the DNS
D. The addition of DNS conditional forwarders
Answer: C
Question: 1
On which of the following is the live acquisition of data for forensic analysis MOST
dependent? (Choose two.)
A. Data accessibility
B. Legal hold
C. Cryptographic or hash algorithm
D. Data retention legislation
, Page 2 of 243
E. Value and volatility of data
F. Right-to-audit clauses
Answer: EF
Question: 2
Which of the following incident response steps involves actions to protect critical systems
while maintaining business operations?
A. Investigation
B. Containment
C. Recovery
D. Lessons learned
Answer: B
Question: 3
A security auditor is reviewing vulnerability scan data provided by an internal security team.
Which of the following BEST indicates that valid credentials were used?
A. The scan results show open ports, protocols, and services exposed on the target host
B. The scan enumerated software versions of installed programs
C. The scan produced a list of vulnerabilities on the target host
D. The scan identified expired SSL certificates
Answer: B
, Page 3 of 243
Question: 4
Which of the following BEST explains the difference between a data owner and a data
custodian?
A. The data owner is responsible for adhering to the rules for using the data, while the data
custodian is responsible for determining the corporate governance regarding the data
B. The data owner is responsible for determining how the data may be used, while the data
custodian is responsible for implementing the protection to the data
C. The data owner is responsible for controlling the data, while the data custodian is
responsible for maintaining the chain of custody when handling the data
D. The data owner grants the technical permissions for data access, while the data custodian
maintains the database access controls to the data
Answer: B
Question: 5
A network engineer needs to build a solution that will allow guests at the company's
headquarters to access the Internet via WiFi. This solution should not allow access to the
internal corporate network, but it should require guests to sign off on the acceptable use
policy before accessing the Internet. Which of the following should the engineer employ to
meet these requirements?
A. Implement open PSK on the APs
B. Deploy a WAF
, Page 4 of 243
C. Configure WIPS on the APs
D. Install a captive portal
Answer: D
Question: 16
A security analyst has been asked to investigate a situation after the SOC started to receive
alerts from the SIEM. The analyst first looks at the domain controller and finds the following
events:
To better understand what is going on, the analyst runs a command and receives the
following output:
Based on the analyst's findings, which of the following attacks is being executed?
A. Credential harvesting
B. Keylogger
C. Brute-force
D. Spraying
Answer: D
Question: 17
Which of the following cloud models provides clients with servers, storage, and networks but
nothing else?
A. SaaS
SY0-601 Exam Dump WITH ALL 550 QUESTIONS
AND CORRECT DETAILED SOLUTIONS LATEST
UPDATED VERSION JUST RELEASED
Question: 1
Phishing and spear-phishing attacks have been occurring more frequently against a company's
staff. Which of the following would MOST likely help mitigate this issue?
A. DNSSEC and DMARC
B. DNS query logging
C. Exact mail exchanger records in the DNS
D. The addition of DNS conditional forwarders
Answer: C
Question: 1
On which of the following is the live acquisition of data for forensic analysis MOST
dependent? (Choose two.)
A. Data accessibility
B. Legal hold
C. Cryptographic or hash algorithm
D. Data retention legislation
, Page 2 of 243
E. Value and volatility of data
F. Right-to-audit clauses
Answer: EF
Question: 2
Which of the following incident response steps involves actions to protect critical systems
while maintaining business operations?
A. Investigation
B. Containment
C. Recovery
D. Lessons learned
Answer: B
Question: 3
A security auditor is reviewing vulnerability scan data provided by an internal security team.
Which of the following BEST indicates that valid credentials were used?
A. The scan results show open ports, protocols, and services exposed on the target host
B. The scan enumerated software versions of installed programs
C. The scan produced a list of vulnerabilities on the target host
D. The scan identified expired SSL certificates
Answer: B
, Page 3 of 243
Question: 4
Which of the following BEST explains the difference between a data owner and a data
custodian?
A. The data owner is responsible for adhering to the rules for using the data, while the data
custodian is responsible for determining the corporate governance regarding the data
B. The data owner is responsible for determining how the data may be used, while the data
custodian is responsible for implementing the protection to the data
C. The data owner is responsible for controlling the data, while the data custodian is
responsible for maintaining the chain of custody when handling the data
D. The data owner grants the technical permissions for data access, while the data custodian
maintains the database access controls to the data
Answer: B
Question: 5
A network engineer needs to build a solution that will allow guests at the company's
headquarters to access the Internet via WiFi. This solution should not allow access to the
internal corporate network, but it should require guests to sign off on the acceptable use
policy before accessing the Internet. Which of the following should the engineer employ to
meet these requirements?
A. Implement open PSK on the APs
B. Deploy a WAF
, Page 4 of 243
C. Configure WIPS on the APs
D. Install a captive portal
Answer: D
Question: 16
A security analyst has been asked to investigate a situation after the SOC started to receive
alerts from the SIEM. The analyst first looks at the domain controller and finds the following
events:
To better understand what is going on, the analyst runs a command and receives the
following output:
Based on the analyst's findings, which of the following attacks is being executed?
A. Credential harvesting
B. Keylogger
C. Brute-force
D. Spraying
Answer: D
Question: 17
Which of the following cloud models provides clients with servers, storage, and networks but
nothing else?
A. SaaS
