Valid SY0-601 Dumps shared by ExamDiscuss.com for Helping Passing SY0-601 Exam! ExamDiscuss.com now offer the newest SY0-601 exam dumps, the ExamDiscuss.com SY0-601 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com SY0-601 dumps with Test Engine here:
Access SY0-601 Dumps Premium Version
(1061 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 118/267
A security analyst has been reading about a newly discovered cyberattack from a known threat actor Which of the following would best support the analyst's review of the tactics, techniques, and protocols the throat actor was observed using in previous campaigns?
Correct Answer: B
Explanation
The MITRE ATT&CK framework would best support the analyst's review of the tactics, techniques, and procedures (TTPs) the threat actor was observed using in previous campaigns. The MITRE ATT&CK framework is a knowledge base that describes the common TTPs used by various threat actors across different stages of an attack lifecycle. The framework can help security analysts understand how adversaries operate, what tools they use, what vulnerabilities they exploit, what indicators they leave behind, etc. The framework can also help security analysts improve their detection and response capabilities by providing recommendations and best practices.
The MITRE ATT&CK framework would best support the analyst's review of the tactics, techniques, and procedures (TTPs) the threat actor was observed using in previous campaigns. The MITRE ATT&CK framework is a knowledge base that describes the common TTPs used by various threat actors across different stages of an attack lifecycle. The framework can help security analysts understand how adversaries operate, what tools they use, what vulnerabilities they exploit, what indicators they leave behind, etc. The framework can also help security analysts improve their detection and response capabilities by providing recommendations and best practices.
- Question List (267q)
- Question 1: Which of the following teams combines both offensive and def...
- Question 2: An organization is concerned about intellectual property the...
- Question 3: When implementing automation with loT devices, which of the ...
- Question 4: An employee's company account was used in a data breach Inte...
- Question 5: Physical access to the organization's servers in the data ce...
- Question 6: A newly purchased corporate WAP needs to be configured in th...
- Question 7: A new security engineer has started hardening systems. One o...
- Question 8: Which Of the following is a primary security concern for a s...
- Question 9: A new vulnerability in the SMB protocol on the Windows syste...
- Question 10: Several universities are participating in a collaborative re...
- Question 11: Which of the following test helps to demonstrate integrity d...
- Question 12: Which of the following can best protect against an employee ...
- Question 13: A security architect is designing a remote access solution f...
- Question 14: A company was recently breached Pan of the company's new cyb...
- Question 15: A security administrator is integrating several segments ont...
- Question 16: A security professional wants to enhance the protection of a...
- Question 17: Which of the following environment utilizes dummy data and i...
- Question 18: A security analyst is concerned about traffic initiated to t...
- Question 19: A security architect is working on an email solution that wi...
- Question 20: A security assessment found that several embedded systems ar...
- Question 21: A worldwide manufacturing company has been experiencing emai...
- Question 22: A retail store has a business requirement to deploy a kiosk ...
- Question 23: Which of the following types of controls is a turnstile?...
- Question 24: As part of the building process for a web application, the c...
- Question 25: Which of the following best describes configuring devices to...
- Question 26: A backup operator wants to perform a backup to enhance the R...
- Question 27: An information security manager for an organization is compl...
- Question 28: A security analyst is taking part in an evaluation process t...
- Question 29: An employee's company email is configured with conditional a...
- Question 30: A large retail store's network was breached recently. and th...
- Question 31: A company is required to continue using legacy software to s...
- Question 32: A network analyst is investigating compromised corporate inf...
- Question 33: Which of the following best describes when an organization U...
- Question 34: A security analyst is currently addressing an active cyber i...
- Question 35: The technology department at a large global company is expan...
- Question 36: Which of the following terms should be included in a contrac...
- Question 37: A security administrator Is managing administrative access t...
- Question 38: During a Chief Information Security Officer (CISO) conventio...
- Question 39: Which of the following would be most effective to contain a ...
- Question 40: A wet-known organization has been experiencing attacks from ...
- Question 41: Which of the following environments can be stood up in a sho...
- Question 42: An audit identified Pll being utilized in the development en...
- Question 43: A company currently uses passwords for logging in to company...
- Question 44: A backdoor was detected on the containerized application env...
- Question 45: A company recently added a DR site and is redesigning the ne...
- Question 46: A user downloaded an extension for a browser, and the user's...
- Question 47: A large industrial system's smart generator monitors the sys...
- Question 48: A threat actor used a sophisticated attack to breach a well-...
- Question 49: In which of the following scenarios is tokenization the best...
- Question 50: Server administrators want to configure a cloud solution so ...
- Question 51: Several users have been violating corporate security policy ...
- Question 52: Security analysts have noticed the network becomes flooded w...
- Question 53: A network engineer receives a call regarding multiple LAN-co...
- Question 54: A company recently experienced a major breach. An investigat...
- Question 55: A user reports constant lag and performance issues with the ...
- Question 56: A security analyst is investigating a report from a penetrat...
- Question 57: A security analyst needs to recommend a solution that will a...
- Question 58: A desktop support technician recently installed a new docume...
- Question 59: An organization would like to remediate the risk associated ...
- Question 60: Which of the following secure application development concep...
- Question 61: Which of the following is a solution that can be used to sto...
- Question 62: A user attempts to load a web-based application, but the exp...
- Question 63: An enterprise has hired an outside security firm to facilita...
- Question 64: An application owner reports suspicious activity on an inter...
- Question 65: The security team received a report of copyright infringemen...
- Question 66: While troubleshooting a service disruption on a mission-crit...
- Question 67: A company installed several crosscut shredders as part of in...
- Question 68: Which of the following describes a maintenance metric that m...
- Question 69: When planning to build a virtual environment, an administrat...
- Question 70: An attacker is using a method to hide data inside of benign ...
- Question 71: During an incident, an EDR system detects an increase in the...
- Question 72: The technology department at a large global company is expan...
- Question 73: A cyber security administrator is using iptables as an enter...
- Question 74: A network manager is concerned that business may be negative...
- Question 75: A security administrator needs to add fault tolerance and lo...
- Question 76: A security engineer is hardening existing solutions to reduc...
- Question 77: A security researcher is tracking an adversary by noting its...
- Question 78: A building manager is concerned about people going in and ou...
- Question 79: A security engineer is reviewing the logs from a SAML applic...
- Question 80: A Security engineer needs to implement an MDM solution that ...
- Question 81: Which of the following procedures would be performed after t...
- Question 82: An organization is repairing the damage after an incident. W...
- Question 83: An audit report indicates multiple suspicious attempts to ac...
- Question 84: A security analyst is investigating a phishing email that co...
- Question 85: As part of the lessons-learned phase, the SOC is tasked with...
- Question 86: An organization is having difficulty correlating events from...
- Question 87: A Chief Information Security Officer (CISO) is evaluating th...
- Question 88: The spread of misinformation surrounding the outbreak of a n...
- Question 89: A security analyst receives a SIEM alert that someone logged...
- Question 90: Which of the following disaster recovery tests is the LEAST ...
- Question 91: Which of the following is most likely to contain ranked and ...
- Question 92: A company is required to continue using legacy software to s...
- Question 93: A software company is analyzing a process that detects softw...
- Question 94: Which of the following threat vectors would appear to be the...
- Question 95: An organization wants to enable built-in FDE on all laptops ...
- Question 96: A retail company that is launching @ new website to showcase...
- Question 97: Which of the following should a Chief Information Security O...
- Question 98: A network administrator has been alerted that web pages are ...
- Question 99: Which of the following should customers who are involved wit...
- Question 100: Which of the following would be used to find the most common...
- Question 101: An employee's laptop was stolen last month. This morning, th...
- Question 102: A data owner has been tasked with assigning proper data clas...
- Question 103: An organization discovered a disgruntled employee exfiltrate...
- Question 104: A security analyst wants to verify that a client-server (non...
- Question 105: A security practitioner is performing due diligence on a ven...
- Question 106: An internet company has created a new collaboration applicat...
- Question 107: Which of the following best reduces the security risks intro...
- Question 108: A financial institution would like to store its customer dat...
- Question 109: The Chief Technology Officer of a local college would like v...
- Question 110: The alert indicates an attacker entered thousands of charact...
- Question 111: A security engineer needs to build @ solution to satisfy reg...
- Question 112: An organization has expanded its operations by opening a rem...
- Question 113: A company was recently breached. Part of the company's new c...
- Question 114: A security analyst was deploying a new website and found a c...
- Question 115: A company is switching to a remote work model for all employ...
- Question 116: A security administrator received an alert for a user accoun...
- Question 117: A company recently suffered a breach in which an attacker wa...
- Question 118: A security analyst has been reading about a newly discovered...
- Question 119: Which of the following uses six initial steps that provide b...
- Question 120: A security researcher has alerted an organization that its s...
- Question 121: A company completed a vulnerability scan. The scan found mal...
- Question 122: A network penetration tester has successfully gained access ...
- Question 123: Which of the following roles is responsible for defining the...
- Question 124: Two organizations are discussing a possible merger Both Orga...
- Question 125: Which of the following Is the BEST reason to maintain a func...
- Question 126: A security engineer is installing a WAF to protect the compa...
- Question 127: During the onboarding process, an employee needs to create a...
- Question 128: An organization has hired a security analyst to perform a pe...
- Question 129: Which of the following describes software on network hardwar...
- Question 130: Which of the following is an administrative control that wou...
- Question 131: Which of the following scenarios best describes a risk reduc...
- Question 132: A company is launching a website in a different country in o...
- Question 133: Which of the following cryptographic concepts would a securi...
- Question 134: A company was compromised, and a security analyst discovered...
- Question 135: A company is concerned about individuals driving a car into ...
- Question 136: A systems engineer thinks a business system has been comprom...
- Question 137: An organization is concerned that ils hosted web servers are...
- Question 138: An administrator is configuring a firewall rule set for a su...
- Question 139: A company Is planning to install a guest wireless network so...
- Question 140: A company owns a public-facing e-commerce website. The compa...
- Question 141: A security incident has been resolved Which of the following...
- Question 142: A small, local company experienced a ransomware attack. The ...
- Question 143: Which of the following is a security implication of newer 1C...
- Question 144: A security analyst is assisting a team of developers with be...
- Question 145: Which of the following supplies non-repudiation during a for...
- Question 146: After installing a patch On a security appliance. an organiz...
- Question 147: A systems administrator is required to enforce MFA for corpo...
- Question 148: A security architect at a large, multinational organization ...
- Question 149: Which of the following describes the exploitation of an inte...
- Question 150: A secondly administration is trying to determine whether a s...
- Question 151: An attacker was eavesdropping on a user who was shopping onl...
- Question 152: A security analyst is investigating a malware incident at a ...
- Question 153: A junior security analyst is reviewing web server logs and i...
- Question 154: A Chief Information Security Officer (CISO) wants to explici...
- Question 155: A security analyst is responding to an alert from the SIEM. ...
- Question 156: A security analyst must enforce policies to harden an MDM in...
- Question 157: An organization's Chief Security Officer (CSO) wants to vali...
- Question 158: Which of the following BEST describes a technique that compe...
- Question 159: A security administrator performs weekly vulnerability scans...
- Question 160: A security administrator installed a new web server. The adm...
- Question 161: A security analyst notices an unusual amount of traffic hitt...
- Question 162: An organization has been experiencing outages during holiday...
- Question 163: Unauthorized devices have been detected on the internal netw...
- Question 164: A company's help desk received several AV alerts indicating ...
- Question 165: A company is auditing the manner in which its European custo...
- Question 166: Certain users are reporting their accounts are being used to...
- Question 167: A security engineer is building a file transfer solution to ...
- Question 168: A company wants to modify its current backup strategy to mod...
- Question 169: As part of a company's ongoing SOC maturation process, the c...
- Question 170: During an investigation, the incident response team discover...
- Question 171: Which of the following must be in place before implementing ...
- Question 172: During an incident, a company's CIRT determines it is necess...
- Question 173: Which of the following can reduce vulnerabilities by avoidin...
- Question 174: A data cento has experienced an increase in under-voltage ev...
- Question 175: A security investigation revealed mat malicious software was...
- Question 176: A large bank with two geographically dispersed data centers ...
- Question 177: A security analyst needs to implement an MDM solution for BY...
- Question 178: A vulnerability has been discovered and a known patch to add...
- Question 179: A retail executive recently accepted a job with a major comp...
- Question 180: A customer called a company's security team to report that a...
- Question 181: A global pandemic is forcing a private organization to close...
- Question 182: A company would like to move to the cloud. The company wants...
- Question 183: Which of the following BEST describes data streams that are ...
- Question 184: A company recently experienced a significant data loss when ...
- Question 185: Which of the following are common VoIP-associated vulnerabil...
- Question 186: Which of the following is the MOST secure but LEAST expensiv...
- Question 187: Which of the following describes where an attacker can purch...
- Question 188: A security architect is required to deploy to conference roo...
- Question 189: Which of the following environments utilizes dummy data and ...
- Question 190: Which of the following measures the average time that equipm...
- Question 191: A user reports trouble using a corporate laptop. The laptop ...
- Question 192: Which of the following is a cryptographic concept that opera...
- Question 193: To reduce and limit software and infrastructure costs the Ch...
- Question 194: A security administrator needs to inspect in-transit files o...
- Question 195: A company's Chief Information Security Officer (CISO) recent...
- Question 196: Which of the following conditions impacts data sovereignty?...
- Question 197: A network architect wants a server to have the ability to re...
- Question 198: A company is developing a new initiative to reduce insider t...
- Question 199: Which of the following exercises should an organization use ...
- Question 200: A security administrator recently used an internal CA to iss...
- Question 201: Which of the following will increase cryptographic security?...
- Question 202: A new plug-and-play storage device was installed on a PC in ...
- Question 203: Which of the following environments would MOST likely be use...
- Question 204: An organization recently released a zero-trust policy that w...
- Question 205: A security administrator examines the ARP table of an access...
- Question 206: Which of the following incident response phases should the p...
- Question 207: A security administrator is working on a solution to protect...
- Question 208: A security team will be outsourcing several key functions to...
- Question 209: An organization is moving away from the use of client-side a...
- Question 210: Which Of the following supplies non-repudiation during a for...
- Question 211: Stakeholders at an organisation must be kept aware of any in...
- Question 212: A web server has been compromised due to a ransomware attack...
- Question 213: An organization suffered numerous multiday power outages at ...
- Question 214: The application development team is in the final stages of d...
- Question 215: An organization's Chief Information Security Officer is crea...
- Question 216: Multiple beaconing activities to a malicious domain have bee...
- Question 217: A penetration tester was able to compromise a host using pre...
- Question 218: A systems administrator set up an automated process that che...
- Question 219: The manager who is responsible for a data set has asked a se...
- Question 220: An organization decided not to put controls in place because...
- Question 221: Which of the following is used to quantitatively measure the...
- Question 222: An organization routes all of its traffic through a VPN Most...
- Question 223: A company is adopting a BYOD policy and is looking for a com...
- Question 224: Which Of the following vulnerabilities is exploited an attac...
- Question 225: As part of the building process for a web application, the c...
- Question 226: A network administrator needs to determine Ihe sequence of a...
- Question 227: A security administrator is setting up a SIEM to help monito...
- Question 228: Which of the following controls would be the MOST cost-effec...
- Question 229: An IT manager is estimating the mobile device budget for the...
- Question 230: A security analyst is investigating what appears to be unaut...
- Question 231: A security analyst receives an alert from the company's S1EM...
- Question 232: Which of the following security design features can an devel...
- Question 233: During a recent security assessment, a vulnerability was fou...
- Question 234: Security analysts are conducting an investigation of an atta...
- Question 235: Which of the following BEST describes the method a security ...
- Question 236: Ann, a customer, received a notification from her mortgage c...
- Question 237: An organization's corporate offices were destroyed due to a ...
- Question 238: The Chief Executive Officer (CEO) of an organization would l...
- Question 239: Which of the following holds staff accountable while escorti...
- Question 240: A security analyst is investigating network issues between a...
- Question 241: A security administrator needs to provide secure access to i...
- Question 242: An organization with a low tolerance for user inconvenience ...
- Question 243: A security analyst has been tasked with ensuring all program...
- Question 244: Which of the following identifies the point in time when an ...
- Question 245: An email security vendor recently added a retroactive alert ...
- Question 246: A company recently implemented a patch management policy; ho...
- Question 247: Which of the following involves the inclusion of code in the...
- Question 248: Which of the following is a reason why a forensic specialist...
- Question 249: A software company adopted the following processes before re...
- Question 250: A company recently experienced an attack during which its ma...
- Question 251: An organization relies on third-party videoconferencing to c...
- Question 252: A company is moving its retail website to a public cloud pro...
- Question 253: A store receives reports that shoppers' credit card informat...
- Question 254: A help desk technician receives a phone call from someone cl...
- Question 255: A network-connected magnetic resonance imaging (MRI) scanner...
- Question 256: An employee received multiple messages on a mobile device. T...
- Question 257: A third party asked a user to share a public key for secure ...
- Question 258: An organization experiences a cybersecurity incident involvi...
- Question 259: An organization has hired a red team to simulate attacks on ...
- Question 260: A systems engineer is building a new system for production. ...
- Question 261: A company reduced the area utilized in its datacenter by cre...
- Question 262: An attacker is trying to gain access by installing malware o...
- Question 263: A company needs to enhance Its ability to maintain a scalabl...
- Question 264: An incident response technician collected a mobile device du...
- Question 265: Per company security policy, IT staff members are required t...
- Question 266: Remote workers in an organization use company-provided lapto...
- Question 267: A security analyst is reviewing packet capture data from a c...
