C. Insecure protocols An insecure protocol will transmit information "in the clear," or without any type of encryption or protection. The incorrect answers: A. Weak encryption A weak encryption cipher will appear to protect data, but instead can be commonly circumvented to reveal the plaintext. In this example, the email addresses and passwords were not encrypted and could be viewed in a packet capture. B. Improper patch management Maintaining systems to the latest patch version will protect against vulnerabilities and security issues. Sending information in the clear over the network is not commonly associated with an unpatched system. D. Open ports Open ports are usually associated with a service or application on a device. An open port is not commonly associated with any encryption or protected network communication. More information: SY0-601, Objective 1.6 - Vulnerability Types https://professormesser.link/601010601

A. Brute force A WPS personal identification number (PIN) was designed to have only 11,000 possible iterations, making a brute force attack possible if the access point doesn’t provide any protection against multiple guesses. The incorrect answers: B. Client hijacking The processes of adding a device through WPS occurs well before any app or client is used. C. Cryptographic vulnerability The vulnerability in WPS is based on a limited number of PIN options and not a cryptographic shortcoming. D. Spoofing Spoofing an existing device would not provide access to a WPS-enabled network. More information: SY0-601, Objective 3.4 - Wireless Authentication Methods https://professormesser.link/601030402

B. Acceptance Risk acceptance is a business decision that places the responsibility of the risky activity on the organization itself. The incorrect answers: A. Mitigation If the organization was to purchase additional backup facilities and update their backup processes to include offline backup storage, they would be mitigating the risk of a ransomware infection. C. Transference Purchasing insurance to cover a risky activity is a common method of transferring risk from the organization to the insurance company. D. Risk-avoidance To avoid the risk of ransomware, the organization would need to completely disconnect from the Internet and disable all methods that ransomware might use to infect a system. This risk response technique would most likely not apply to ransomware. More information: SY0-601, Objective 5.4 - Risk Management Types https://professormesser.link/601050401

C. Hacktivist A hacktivist often has a political statement to make, and their hacking efforts would commonly result in a public display of that information. The incorrect answers: A. Organized crime Organized crime is usually motivated by money. An organized crime group is more interested in stealing information than defacing sites. B. Nation state Nation states are highly sophisticated hackers, and their efforts are usually focused on obtaining confidential government information or disrupting governmental operations. D. Competitor A competitor may be interested in making another company look bad, but the reason for the denial of services is not commonly based on a political agenda. More information: SY0-601, Objective 1.5- Threat Actors https://professormesser.link/601010501

D. Disconnect the web servers from the network The unusual log entries on the web server indicate that the system may have been exploited. In that situation, the servers should be isolated to prevent access to or from those systems. The incorrect answers: A. Check the IPS logs for any other potential attacks Before looking for additional exploits, the devices showing a potential exploit should be isolated and contained. B. Create a plan for removing malware from the web servers The recovery process should occur after the systems have been isolated and contained. C. Disable any breached user accounts This is part of the recovery process, and it should occur after isolation and containment of the exploited servers. More information: SY0-601, Objective 4.2 - Incident Response Process https://professormesser.link/601040201

A. The antivirus application identified three viruses and quarantined two viruses The logs are showing the name of files on the local device and a quarantine disposition, which indicates that two of the files were moved (quarantined) to a designated area of the drive. This will prevent the malicious files from executing and will safely store the files for any future investigation. The second file in the list failed the quarantine process, and was most likely because the library was already in use by the operating system and could not be moved. The incorrect answers: B. The host-based firewall blocked two traffic flows A host-based firewall will allow or deny traffic flows based on IP address, port number, application, or other criteria. A host-based firewall does not block traffic flows based on the name of an existing file, and the firewall process would not quarantine or move files to other folders. 8:55:30 AM | D:\Downloads\ChangeLog-5.0.4.scr | Quarantine Success 9:22:54 AM | C:\Program Files\Photo Viewer\ViewerBase.dll | Quarantine Failure 9:44:05 AM | C:\Sales\Sample32.dat | Quarantine Success Practice Exam B - Answers 197 C. A host-based whitelist has blocked two applications from executing The “quarantine” disposition refers to a file that has been moved from one location to another. A whitelist function would simply stop the application from executing without changing the location of an application file. D. A network-based IPS has identified two known vulnerabilities The logs from a network-based IPS (Intrusion Prevention System) would not commonly be located on a user’s laptop, and those logs would display allow or deny dispositions based on the name of a known vulnerability. A network-based IPS would also not commonly move (quarantine) files on an end-user’s computer. More information: SY0-601, Objective 4.3 - Log Files https://professormesser.link/601040303

A. Sideloading If Apple’s iOS has been circumvented using jailbreaking, then apps can be installed without using the Apple App Store. This installation process that circumvents the App Store is called sideloading. The incorrect answers: B. MMS install Text messages that prompt to install an application will link to the App Store version of the application. C. OTA updates OTA (Over the Air) updates are commonly provided from the carrier and are not part of mobile app installations. D. Tethering Tethering uses a mobile phone as a communications medium to the Internet, and it does not have any relationship to the apps that are installed on the mobile device. More information: SY0-601, Objective 3.5 - Mobile Device Enforcement https://professormesser.link/601030504