SY0-601 Practice Test

A security analyst is investigating an incident to determine what an attacker was able to do
on a compromised laptop. The analyst reviews the following SIEM log:

Which of the following describes the method that was used to compromise the laptop?

A.

An attacker was able to move laterally from PC1 to PC2 using a pass-the-hash attack

B.

An attacker was able to bypass application whitelisting by emailing a spreadsheet
attachment with an embedded PowerShell in the file

C.

An attacker was able to install malware to the CAasdf234 folder and use it to gam administrator nights and launch Outlook

D.

An attacker was able to phish user credentials successfully from an Outlook user profile

A security analyst has received an alert about being sent via email. The analyst’s Chief information Security Officer (CISO) has made it clear that PII must be handle with extreme care From which of the following did the alert MOST likely originate?

A.

S/MIME

B.

DLP

C.

IMAP

D.

HIDS

A pharmaceutical sales representative logs on to a laptop and connects to the public WiFi to check emails and update reports. Which of the following would be BEST to prevent other devices on the network from directly accessing the laptop? (Choose two.)

A.

Trusted Platform Module

B.

Ahost-based firewall

C.

A DLP solution

D.

Full disk encryption

E.

A VPN

F.

Antivirus software

Which of the following technical controls is BEST suited for the detection and prevention of buffer overflows on hosts?

A.

DLP

B.

HIDS

C.

EDR

D.

NIPS

A cybersecurity analyst reviews the log files from a web server and sees a series of files that indicates a directory-traversal attack has occurred. Which of the following is the analyst http://selfexamtraining.com/uploadimages/SY0-601-Q-39.jpgMOST likely seeing?

A.

Option A

B.

Option B

C.

Option C

D.

Option D