Free SY0-601 Exam Braindumps (page: 2)

Page 2 of 213

A security analyst is reviewing application logs to determine the source of a breach and locates the following log: https://www.comptia.com/login.php?id='%20or%20'1'1='1
Which of the following has been observed?

  1. DLL Injection
  2. API attack
  3. SQLi
  4. XSS

Answer(s): C



An audit identified PII being utilized in the development environment of a critical application. The Chief Privacy Officer (CPO) is adamant that this data must be removed; however, the developers are concerned that without real data they cannot perform functionality tests and search for specific data. Which of the following should a security professional implement to BEST satisfy both the CPO's and the development team's requirements?

  1. Data anonymization
  2. Data encryption
  3. Data masking
  4. Data tokenization

Answer(s): A



A company is implementing a DLP solution on the file server. The file server has PII, financial information, and health information stored on it. Depending on what type of data that is hosted on the file server, the company wants different DLP rules assigned to the data. Which of the following should the company do to help accomplish this goal?

  1. Classify the data.
  2. Mask the data.
  3. Assign the application owner.
  4. Perform a risk analysis.

Answer(s): A



A forensics investigator is examining a number of unauthorized payments that were reported on the company's website. Some unusual log entries show users received an email for an unwanted mailing list and clicked on a link to attempt to unsubscribe. One of the users reported the email to the phishing team, and the forwarded email revealed the link to be:

<a href="https://www.company.com/payto.do?routing=00001111&acct=22223334&amount=250">Click here to unsubscribe</a>

Which of the following will the forensics investigator MOST likely determine has occurred?

  1. SQL injection
  2. Broken authentication
  3. XSS
  4. XSRF

Answer(s): D

Explanation:

The forensics investigator will most likely determine that a Cross-Site Request Forgery (CSRF) attack has occurred. In a CSRF attack, an attacker tricks a user into performing an unintended action on a website or application by forging a request that appears to come from a trusted source. In this case, the users were directed to a website where they unknowingly made unauthorized payments by clicking on a link in a phishing email. The link appears to be harmless, but actually contains code that instructs the user's browser to make a payment on the company's website. The unauthorized payments were made because the website accepted the forged request without verifying the authenticity of the request.



Page 2 of 213



Post your Comments and Discuss CompTIA SY0-601 exam with other Community members:

Victor 5/7/2024 4:05:49 PM
I purchased the primum package after downloading the free sample. The practice questions are very detailed and relevant to actual exam. I saw very similar questions when writing my exam. Passed it very easily.
Australia
upvote

Moneer 5/5/2024 4:58:21 PM
Just passed the comptia exam this afternoon. These questions in the exam dumps PDF are valid.
United States
upvote

James 5/3/2024 8:12:31 PM
Thanks for your help
Anonymous
upvote

allseed 5/3/2024 1:26:45 PM
cybersequrity group
LIBYAN ARAB JAMAHIRIYA
upvote

T-dawg 4/24/2024 5:17:30 AM
Digging it. I have been using this site for the past 4 years to help me prepare for my exams and they have not failed me so far. Please keep up the good work and great support provided by your team.
FRANCE
upvote

Sith 4/21/2024 10:05:26 AM
I have been using this site for the past 4 years to help me prepare for my exams and they have not failed me so far. Please keep up the good work and great support provided by your team.
Italy
upvote

Cate 4/15/2024 7:56:05 AM
I just purchased the full PDG version. The contract looks promising and we'll formatted.
Australia
upvote

Mandeep 4/13/2024 8:55:49 PM
The PDF version is very good and much cheaper than the other sites.
INDIA
upvote

jjj 4/10/2024 9:28:10 PM
question 44? Is the answer wrong
Anonymous
upvote

Hey 4/1/2024 10:37:50 AM
interesting
Anonymous
upvote

Hey 4/1/2024 10:29:40 AM
Best place to practice the questions
Anonymous
upvote

hye 3/25/2024 6:55:05 PM
On question 156, where are you getting the PSK from?
UNITED STATES
upvote

sam doha 3/18/2024 5:13:11 PM
Passed exam syo-601 on 3/18/24. These questions helped a lot. Many questions are word by word, but many of them are asked differently. Just have to understand the concept, rather than memorizing the answer only.
Anonymous
upvote

Houang 3/18/2024 12:57:56 AM
I wrote my exam today. This dump helped me pass with a mark of 839.
UNITED STATES
upvote

sam doha 3/18/2024 12:17:01 AM
Looks good so far on page 1
Anonymous
upvote

6ikario 2/12/2024 1:21:23 PM
He like 9tut of Cisco that I was using in the past
Anonymous
upvote

Eric 2/5/2024 2:54:27 PM
nice collection
UNITED STATES
upvote

Nezrin 2/5/2024 6:34:49 AM
Suallar dusundurucu ve heleki san idi.
Anonymous
upvote

shan................... 2/4/2024 4:25:07 PM
Hi, there its used to downloaded question not any more why?.. I used to download N+ AND SECURITY+ in pendrive since I upgraded os windows10 I plug in pendrive in usb those download files r not opening any more its shows error bcz change os. I had vista os home edtion it was worked before now does'nt, so anyhow how can I download these questions.....thx
UNITED STATES
upvote

Rr 11/17/2023 12:44:00 AM
the advanced encryption standard (aes) encryption algorithm a widely supported encryption type for all wireless networks that contain any confidential data. 26 is right. eap is wrong
UNITED STATES
upvote

Mort 10/19/2023 7:09:00 PM
question: 162 should be dlp (b)
EUROPEAN UNION
upvote

Tom 12/12/2023 8:53:00 PM
question 134s answer shoule be "dlp"
JAPAN
upvote

Lewis 7/6/2023 8:49:00 PM
kool thumb up
UNITED STATES
upvote

JM 12/19/2023 1:22:00 PM
answer to 134 is casb. while data loss prevention is the goal, in order to implement dlp in cloud applications you need to deploy a casb.
UNITED STATES
upvote

John 11/12/2023 8:48:00 PM
why only give explanations on some, and not all questions and their respective answers?
UNITED STATES
upvote

MortonG 10/19/2023 6:32:00 PM
question: 128 d is the wrong answer...should be c
EUROPEAN UNION
upvote

Jason 9/30/2023 1:07:00 PM
question 81 should be c.
CANADA
upvote

JM 12/19/2023 2:41:00 PM
q47: intrusion prevention system is the correct answer, not patch management. by definition, there are no patches available for a zero-day vulnerability. the way to prevent an attacker from exploiting a zero-day vulnerability is to use an ips.
UNITED STATES
upvote

johnpaul 11/15/2023 7:55:00 AM
first time using this site
ROMANIA
upvote

CV 9/9/2023 1:54:00 PM
its time to comptia sec+
GREECE
upvote

al 6/7/2023 10:25:00 AM
most answers not correct here
Anonymous
upvote

Jas 10/25/2023 6:01:00 PM
165 should be apt
UNITED STATES
upvote

TS 7/18/2023 3:32:00 PM
good knowledge
Anonymous
upvote

Missy 9/26/2023 11:20:00 AM
question 47 is wrong. as by definition a zero-day vulnerability would not have a patch available to apply.
UNITED STATES
upvote