Home / CompTIA / SY0-601

Question list

List of questions

Question 1

(0)

DRAG DROP A data owner has been tasked with assigning proper data classifications and destruction methods for various types of data contained within the environment.

Question 2

(0)

DRAG DROP A security engineer is setting up passwordless authentication for the first time. INSTRUCTIONS Use the minimum set of commands to set this up and verify that it works. Commands cannot b

Question 3

(0)

DRAG DROP Leveraging the information supplied below, complete the CSR for the server to set up TLS (HTTPS) • Hostname: ws01 • Domain: comptia.org • IPv4: 10.1.9.50 • IPV4: 10.2.10.50 • Root: h

Question 4

(0)

DRAG DROP An attack has occurred against a company. INSTRUCTIONS You have been tasked to do the following: Identify the type of attack that is occurring on the network by clicking on the attacke

Question 5

(0)

HOTSPOT You received the output of a recent vulnerability assessment. Review the assessment and scan output and determine the appropriate remedialion(s} 'or «ach dewce. Remediation options may be

Question 6

(0)

HOTSPOT Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation. INSTRUCTIONS Not all attacks and remediation acti

Question 7

(0)

HOTSPOT An incident has occurred in the production environment. Analyze the command outputs and identify the type of compromise. If at any time you would like to bring back the initial state of t

Question 8

(0)

HOTSPOT The security administrator has installed a new firewall which implements an implicit DENY policy by default. INSTRUCTIONS Click on the firewall and configure it to allow ONLY the

Question 9

(0)

HOTSPOT You are security administrator investigating a potential infection on a network. Click on each host and firewall. Review all logs to determine which host originated the Infecton and then d

Question 10

(0)

A company has discovered unauthorized devices are using its WiFi network, and it wants to harden the access point to improve security. Which f the following configuration should an analysis enable T

Question 382 - SY0-601 discussion

An engineer wants to inspect traffic to a cluster of web servers in a cloud environment Which of the following solutions should the engineer implement? (Select two).

CASB

WAF

Load balancer

VPN

TLS

DAST

Suggested answer: B, C

Explanation:

A web application firewall (WAF) is a solution that inspects traffic to a cluster of web servers in a cloud environment and protects them from common web-based attacks, such as SQL injection, crosssite

scripting, and denial-of-service1. A WAF can be deployed as a cloud service or as a virtual appliance in front of the web servers. A load balancer is a solution that distributes traffic among multiple web servers in a cloud environment and improves their performance, availability, and

scalability2. A load balancer can also perform health checks on the web servers and route traffic only to the healthy ones. The other options are not relevant to this scenario. A CASB is a cloud access

security broker, which is a solution that monitors and controls the use of cloud services by an

organization’s users3. A VPN is a virtual private network, which is a solution that creates a secure and

encrypted connection between two networks or devices over the internet. TLS is Transport Layer

Security, which is a protocol that provides encryption and authentication for data transmitted over a

network. DAST is dynamic application security testing, which is a method of testing web applications

for vulnerabilities by simulating attacks on them.

Reference: 1: https://www.imperva.com/learn/application-security/what-is-a-web-applicationfirewall-waf/ 2:

https://www.imperva.com/learn/application-security/load-balancing/ 3:

https://www.imperva.com/learn/application-security/cloud-access-security-broker-casb/ :

https://www.imperva.com/learn/application-security/vpn-virtual-private-network/ :

https://www.imperva.com/learn/application-security/transport-layer-security-tls/ :

https://www.imperva.com/learn/application-security/dynamic-application-security-testing-dast/ :

https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-bestpractices/plan-for-traffic-inspection

: https://docs.microsoft.com/en-us/azure/private-link/inspecttraffic-with-azure-firewall

: https://docs.microsoft.com/en-us/azure/architecture/examplescenario/gateway/application-gateway-before-azure-firewall

Show Answer

asked 02/10/2024

DAVID LOPEZ MORGADO

41 questions

Your answer: A B C D E F

0 comments

Sorted by