SY0-601 Premium Exam: Certificate Mismatch and Network Security

A user is presented with a certificate mismatch warning from the browser when navigating to a website from inside the company network using a desktop. This describes which of the following attacks?

Which of the following tools is effective in preventing a user from accessing unauthorized removable media?

A Chief Security Officer is looking for a solution that can provide increased scalability and flexibility for back-end infrastructure, while reducing server resources and not requiring session persistence for applications. Which of the following would BEST meet the requirements?

Which of the following describes a social engineering technique that seeks to exploit a person's sense of urgency?

A phishing email stating a cash settlement has been awarded but will expire soon is an example of:

An audit identified PII being utilized in the development environment of a critical application. The Chief Privacy Officer (CPO) insists that this data must be removed. A security professional should implement data anonymization to satisfy both the CPO's and the development team's requirements. Is this statement true?

A company implementing a DLP solution on the file server wants different DLP rules assigned to the data based on the type of data hosted. The company should classify the data to help accomplish this goal. Is this statement true?

An unauthorized payment reported on the company's website resulted from users clicking on a link to attempt to unsubscribe from an unwanted mailing list. The link revealed the text 'Click here to unsubscribe'. The forensics investigator will MOST likely determine that this is an example of XSRF. Is this statement true?

A report delivered to the Chief Information Security Officer (CISO) shows that some user credentials could be exfiltrated. The report also indicates that users tend to choose the same credentials on different systems and applications. The CISO should use MFA policy to prevent someone from using the exfiltrated credentials. Is this statement true?

A smishing message stating a package is scheduled for pickup is an example of:

A vishing call that requests a donation be made to a local charity is an example of:

An application log shows the following: https://www.comptia.com/login.php.id='%20or%20'1'1='1'. This observation is an example of:

The Chief Privacy Officer (CPO) insists that data must be removed from the development environment due to PII being utilized. The developers are concerned that without real data they cannot perform functionality tests and search for specific data. Data encryption should be implemented to satisfy both the CPO's and the development team's requirements. Is this statement true?

Performing a risk analysis would help a company accomplish its goal of assigning different DLP rules to data on the file server based on its type. Is this statement true?