pm exam 3

Question 1

A finance company is legally required to maintain seven years of tax
records for all of their customers. Which of the following would be the
BEST way to implement this requirement?
❍ A. Create an automated script to remove all tax information
more than seven years old
❍ B. Print and store all tax records in a seven-year cycle
❍ C. Allow users to download tax records from their account login
❍ D. Create a separate daily backup archive for all applicable tax records

Answer 1

The Answer: D. Create a separate daily backup archive for all
applicable tax records
The important consideration for a data retention mandate is to always have
access to the information over the proposed time frame. In this example,
a daily backup would ensure that tax information is constantly archived
over a seven year period and could always be retrieved if needed. If data
was inadvertently deleted from the primary storage, the backup would still
maintain a copy.
The incorrect answers:
A. Create an automated script to remove all tax information
more than seven years old
The requirement is to maintain data for at least seven years, but there’s no
requirement to remove that data once it’s more than seven years old. For
example, some financial information may need to be retained well beyond
the seven year mandate.
B. Print and store all tax records in a seven-year cycle
Paper has its place, but creating physical output of tax records and storing
them for seven years would include a significant cost in time, materials,
and inventory space. The requirement to store data for seven years doesn’t
require the information to be stored in a physical form.
C. Allow users to download tax records from their account login
Including a feature to allow users access to their records is useful for the
user community, but it doesn’t provide any data protection for the seven
year retention period.
More information:
SY0-601, Objective 5.3 - Managing Data
https://professormesser.link/601050303

Question 2

A system administrator is designing a data center for an insurance
company’s new public cloud and would like to restrict user access to
sensitive data. Which of the following would provide ongoing visibility,
data security, and control of cloud-based applications?
❍ A. HSM
❍ B. CASB
❍ C. 802.1X
❍ D. EDR

Answer 2

The Answer: B. CASB
A CASB (Cloud Access Security Broker) allows the security administrator
to manage security policies for cloud-based applications.
The incorrect answers:
A. HSM
An HSM (Hardware Security Module) manages certificates, digital keys,
and can often offload cryptographic functions. An HSM is not used for
visibility and control of cloud-based applications.
C. 802.1X
802.1X is an authentication standard for port-based network access
control, or NAC. 802.1X does not provide visibility or control of
cloud-based applications.
D. EDR
EDR (Endpoint Detection and Response) is a security solution for
end-user devices to protect against malicious software and threats.
More information:
SY0-601, Objective 3.6 - Cloud Security Solutions
https://professormesser.link/601030605

Question 3

A device is exhibiting intermittent connectivity when viewing remote web 
sites. A security administrator views the local device ARP table:
Internet Address Physical Address
192.168.1.1 60:3d:26:69:71:fc
192.168.1.101 e2:c3:53:79:4c:51
192.168.1.102 7a:3b:8f:21:86:57
192.168.1.103 60:3d:26:69:71:fc
192.168.1.104 00:80:92:c7:c8:49
192.168.1.105 d0:81:7a:d3:f0:d5
Which of the following would be the MOST likely explanation of this 
connectivity issue?
❍ A. DDoS
❍ B. Wireless disassociation
❍ C. Rogue access point
❍ D. ARP poisoning

Answer 3

The Answer: D. ARP poisoning
The duplicate MAC (Media Access Control) address from 192.168.1.1
and 192.168.1.103 indicates MAC spoofing or ARP (Address Resolution
Protocol) poisoning. There should not be duplicate MAC addresses
associated with two IP addresses on the same subnet.
The incorrect answers:
A. DDoS
A DDoS (Distributed Denial of Service) attack would not duplicate a
MAC address on an IP subnet.
B. Wireless disassociation
Wireless disassociation uses specially crafted wireless management frames
to disconnect wireless devices from a network. A duplicate MAC address
does not indicate a wireless disassociation attack.
C. Rogue access point
A rogue access point would have its own MAC address and it would not
be duplicated on the local IP subnet.
More information:
SY0-601, Objective 1.4 - On-Path Attacks
https://professormesser.link/601010407

Question 4

A system administrator is implementing a fingerprint scanner to provide
access to the data center. Which of these metrics should be kept at a
minimum in order to prevent unauthorized persons from accessing the
data center?
❍ A. TOTP
❍ B. FRR
❍ C. HOTP
❍ D. FAR

Answer 4

The Answer: D. FAR
FAR (False Acceptance Rate) is the likelihood that an unauthorized user
will be accepted. The FAR should be kept as close to zero as possible.
The incorrect answers:
A. TOTP
A TOTP (Time-based One-Time Password) is an algorithm that provides
a pseudo-random number as an authentication factor. A TOTP does not
describe the accuracy of a biometric system.
B. FRR
FRR (False Rejection Rate) is the likelihood that an authorized user will
be rejected. If the FRR is incrementing, then authorized users will not gain
access to the data center. This value is not associated with unauthorized
access.
C. HOTP
HOTP (HMAC-based One-Time Password) is an algorithm that
provides an authentication factor based on a one-time password. An
HOTP does not describe the accuracy of a biometric system.
More information:
SY0-601, Objective 2.4 - Biometrics
https://professormesser.link/601020402

Question 5

The IT department of a transportation company maintains an on-site
inventory of chassis-based network switch interface cards. If a failure
occurs, the on-site technician can replace the interface card and have the
system running again in sixty minutes. Which of the following BEST
describes this recovery metric?
❍ A. MTBF
❍ B. MTTR
❍ C. RPO
❍ D. RTO

Answer 5

The Answer: B. MTTR
MTTR (Mean Time To Restore) is the amount of time required to get
back up and running. This is sometimes called Mean Time To Repair.
The incorrect answers:
A. MTBF
MTBF (Mean Time Between Failures) is a prediction of how long the
system will be operational before a failure occurs.
C. RPO
An RPO (Recovery Point Objective) is a qualifier that determines when
the system is recovered. A recovered system may not be completely
repaired, but it will be running well enough to maintain a certain level of
operation.
D. RTO
An RTO (Recovery Time Objective) is the service level goal to work
towards when recovering a system and getting back up and running.
More information:
SY0-601, Objective 5.4 - Business Impact Analysis
https://professormesser.link/601050403

Question 6

A company maintains a server farm in a large data center. These servers
are for internal use only and are not accessible externally. The security
team has discovered that a group of servers was breached before the latest
updates were applied. Breach attempts were not logged on any other
servers. Which of these threat actors would be MOST likely involved in
this breach?
❍ A. Competitor
❍ B. Insider
❍ C. Nation state
❍ D. Script kiddie

Answer 6

The Answer: B. Insider
None of these servers were accessible from the outside, and the only
servers with any logged connections were those that also were susceptible
to the latest vulnerabilities. To complete this attack, you would need a very
specific knowledge of the exact systems that were vulnerable and a way to
communicate with those servers. For either of those reasons, the Insider
threat as would be the most likely from the available list.
The incorrect answers:
A. Competitor
Although an unethical competitor could be interested in disabling certain
systems, the specificity of this attack and the lack of accessibility to the
systems would seem to dismiss a competitor.
C. Nation state
A nation state would have the resources needed to attack a network, gain
access to the internal systems, and then somehow monitor the update
processes for each server. However, the scope and breadth of such an attack
would be complex, and this would make the nation state a very speculative
option and not the most likely option from the available list.
D. Script kiddie
Script kiddies don’t generally have access to an internal network, and they
aren’t discerning enough to track the status of which systems may have
been recently updated.
More information:
SY0-601, Objective 1.5 - Threat Actors
https://professormesser.link/601010501

Question 7

An organization has contracted with a third-party to perform a
vulnerability scan of their Internet-facing web servers. The report shows
that the web servers have multiple Sun Java Runtime Environment ( JRE)
vulnerabilities, but the server administrator has verified that JRE is not
installed. Which of the following would be the BEST way to handle this
report?
❍ A. Install the latest version of JRE on the server
❍ B. Quarantine the server and scan for malware
❍ C. Harden the operating system of the web server
❍ D. Ignore the JRE vulnerability alert

Answer 7

The Answer: D. Ignore the JRE vulnerability alert
It’s relatively common for vulnerability scans to show vulnerabilities that
don’t actually exist, especially if the scans are not credentialed. An issue
that is identified but does not actually exist is a false positive, and it can be
dismissed once the alert has been properly researched.
The incorrect answers:
A. Install the latest version of JRE on the server
The system administrator verified that JRE was not currently installed
on the server, so it would not be possible for that vulnerability to actually
exist. Installing an unneeded version of JRE on the server could potentially
open the server to actual vulnerabilities.
B. Quarantine the server and scan for malware
The JRE false positive isn’t an indication of malware, and no mention is
made of the report including any additional vulnerabilities or reports of
malware.
C. Harden the operating system of the web server
Although it’s always a good best practice to harden the operating system
of an externally-facing server, this vulnerability scan report doesn’t indicate
any particular vulnerability with the operating system itself. If the scan
identified specific OS vulnerabilities, then additional hardening may be
required.
More information:
SY0-601, Objective 1.7 - Vulnerability Scans
https://professormesser.link/601010702

Question 8

A security administrator has installed a new firewall to protect a web
server VLAN. The application owner requires that all web server sessions
communicate over an encrypted channel. Which of these rules should the
security administrator include in the firewall rulebase? (Select TWO)
❍ A. Source: ANY, Destination: ANY, Protocol: TCP, Port: 23, Deny
❍ B. Source: ANY, Destination: ANY, Protocol: TCP, Port: 443, Deny
❍ C. Source: ANY, Destination: ANY, Protocol: TCP, Port: 80, Deny
❍ D. Source: ANY, Destination: ANY, Protocol: TCP, Port: 443, Allow
❍ E. Source: ANY, Destination: ANY, Protocol: TCP, Port: 80, Allow

Answer 8

The Answers:
C. Source: ANY, Destination: ANY, Protocol: TCP, Port: 80, Deny
D. Source: ANY, Destination: ANY, Protocol: TCP, Port: 443, Allow
Most web servers use tcp/80 for HTTP (Hypertext Transfer Protocol)
communication and tcp/443 for HTTPS (Hypertext Transfer Protocol
Secure). HTTP traffic sends traffic in the clear, so the first firewall rule
would block any tcp/80 traffic before it hits the web server. The second
rule allows HTTPS encrypted traffic to continue to the web server over
tcp/443.
The incorrect answers:
A. Source: ANY, Destination: ANY, Protocol: TCP, Port: 23, Deny
The insecure Telnet protocol commonly uses tcp/23, but most web servers
would not be listening on tcp/23. An explicit tcp/23 deny rule would not
provide any additional web server security.
B. Source: ANY, Destination: ANY, Protocol: TCP, Port: 443, Deny
The encrypted HTTPS protocol uses tcp/443, so the security
administrator would not want to deny that traffic through the firewall.
E. Source: ANY, Destination: ANY, Protocol: TCP, Port: 80, Allow
Since the application owner requires encrypted communication, allowing
HTTP over tcp/80 should not be allowed through the firewall.
More information:
SY0-601, Objective 3.3 - Firewalls
https://professormesser.link/601030306

Question 9

A private company uses an SSL proxy to examine the contents of an
encrypted application during transmission. How could the application
developers prevent the use of this proxy examination in the future?
❍ A. OCSP stapling
❍ B. Offline CAs
❍ C. Certificate chaining
❍ D. Certificate pinning

Answer 9

The Answer: D. Certificate pinning
Certificate pinning embeds or “pins” a certificate inside of an application.
When the application contacts a service, the service certificate will
be compared to the pinned certificate. If the certificates match, the
application knows that it can trust the service. If the certificates don’t
match, then the application can choose to shut down, show an error
message, or make the user aware of the discrepancy. An SSL proxy will use
a different certificate than the service certificate, so an application using
certificate pinning can identify and react to this situation.
The incorrect answers:
A. OCSP stapling
OCSP (Online Certificate Status Protocol) stapling is a method that has
the certificate holder verify their own certificate status. The OCSP status is
commonly “stapled” into the SSL handshake process.
B. Offline CAs
An offline CA (Certificate Authority) is a common way to prevent the
exploitation of a root authority. If the CA is offline, then you can’t hack it.
However, an online or offline CA won’t prevent the use of an SSL proxy.
C. Certificate chaining
Intermediate certificates are often listed between a web server’s SSL
certificate and the root certificate. This list of intermediate certificates is
called a “chain.” It’s important to configure web servers with the proper
chain, or the end user may receive an error in their browser that the server
can’t be trusted.
More information:
SY0-601, Objective 3.9 - Certificate Concepts
http://professormesser.link/601030904

Question 10

A security administrator is concerned that a user may have installed a
rogue access point on the corporate network. Which of the following
could be used to confirm this suspicion?
❍ A. UTM log
❍ B. WAF log
❍ C. Switch log
❍ D. DLP log

Answer 10

The Answer: C. Switch log
A rogue access point would be difficult to identify once it’s on the network,
but at some point the access point would need to physically connect to the
corporate network. An analysis of switch interface activity would be able
to identify any new devices and their MAC addresses.
The incorrect answers:
A. UTM log
A UTM (Unified Threat Management) gateway is an all-in-one device
that provides firewall services, URL filtering, spam filtering, and more.
From the UTM’s perspective, the traffic from a rogue access point would
look similar to all other traffic on the network.
B. WAF log
A WAF (Web Application Firewall) would not be able to determine if
web server traffic was from a rogue access point or a legitimate wired
device.
D. DLP log
DLP (Data Loss Prevention) is important for stopping the transfer of
confidential data, but it would not be able to identify traffic from a rogue
access point.
More information:
SY0-601, Objective 4.3 - Log Files
https://professormesser.link/601040303

Question 11

During a ransomware outbreak, an organization was forced to rebuild
database servers from known good backup systems. In which of the
following incident response phases were these database servers brought
back online?
❍ A. Recovery
❍ B. Lessons learned
❍ C. Containment
❍ D. Identification

Answer 11

The Answer: A. Recovery
The recovery phase focuses on getting things back to normal after an
attack. This is the phase that removes malware, fixes vulnerabilities, and
recovers the damaged systems.
The incorrect answers:
B. Lessons learned
Once an event is over, it’s useful to have a post-incident meeting to discuss
the things that worked and things that didn’t.
C. Containment
When an event occurs, it’s important to minimize the impact. Isolation
and containment can help to limit the spread and effect of an event.
D. Identification
Identifying the event is an important step that initiates the rest of the
incident response processes.
More information:
SY0-601, Objective 4.2 - Incident Response
https://professormesser.link/601040201

Question 12

Which of these would be used to provide HA for a web-based 
database application?
❍ A. SIEM 
❍ B. UPS
❍ C. DLP
❍ D. VPN concentrator

Answer 12

The Answer: B. UPS
HA (High Availability) means that the service should always be on and
available. The only device on this list that would provide HA is the UPS
(Uninterruptible Power Supply). If power is lost, the UPS will provide
electricity using battery power or a gas-powered generator.
The incorrect answers:
A. SIEM
A SIEM (Security Information and Event Management) system
consolidates data from devices on the network and provides log searching
and reporting features. A SIEM does not provide any HA functionality.
C. DLP
DLP (Data Loss Prevention) is a method of identifying and preventing
the transfer of personal or confidential information through the network.
DLP does not provide any HA functionality.
D. VPN concentrator
A VPN (Virtual Private Network) concentrator is used as an endpoint to
an endpoint VPN solution. VPN concentrators do not provide any HA
functionality.
More information:
SY0-601, Objective 2.5 - Power Redundancy
https://professormesser.link/601020503

Question 13

Sam, a user in the purchasing department, would like to send an email to
Jack. Which of these would allow Jack to verify the sender of the email?
❍ A. Digitally sign it with Sam’s private key
❍ B. Digitally sign it with Sam’s public key
❍ C. Digitally sign it with Jack’s private key
❍ D. Digitally sign it with Jack’s public key

Answer 13

The Answer: A. Digitally sign it with Sam’s private key
The sender of a message digitally signs with their own private key to
ensure integrity, authentication, and non-repudiation of the signed
contents. The digital signature is validated with the sender’s public key.
The incorrect answers:
B. Digitally sign it with Sam’s public key
Since everyone effectively has access to public keys, adding a digital
signature with a publicly available key doesn’t provide any security features.
C. Digitally sign it with Jack’s private key
Jack’s private key would only be available to Jack, so Sam could not
possibly use Jack’s private key when performing any cryptographic
functions.
D. Digitally sign it with Jack’s public key
As with Sam’s public key that would be available to anyone, using Jack’s
public key would not provide any security features.
More information:
SY0-601, Objective 2.8 - Hashing and Digital Signatures
https://professormesser.link/601020803

Question 14

The contract of a long-term temporary employee is ending. Which of
these would be the MOST important part of the off-boarding process?
❍ A. Perform an on-demand audit of the user’s privileges
❍ B. Archive the decryption keys associated with the user account
❍ C. Document the user’s outstanding tasks
❍ D. Obtain a signed copy of the Acceptable Use Policies

Answer 14

The Answer: B. Archive the decryption keys associated with the
user account
Without the decryption keys, it will be impossible to access any of the
user’s protected files once they leave the company. Given the other possible
answers, this one is the only one that would result in unrecoverable data
loss if not properly followed.
The incorrect answers:
A. Perform an on-demand audit of the user’s privileges
The user’s account will be disabled once they leave the organization, so an
audit of their privileges would not be very useful.
C. Document the user’s outstanding tasks
Creating documentation is important, but it’s not as important as retaining
the user’s data with the decryption keys.
D. Obtain a signed copy of the Acceptable Use Policies
Acceptable Use Policies (AUPs) are usually signed during the on-boarding
process. You won’t need an AUP if the user is no longer accessing the
network.
More information:
SY0-601, Objective 5.3 - Personnel Security
https://professormesser.link/601050301

Question 15

A security administrator would like to encrypt all telephone
communication on the corporate network. Which of the following
protocols would provide this functionality?
❍ A. TLS
❍ B. SRTP
❍ C. SSH
❍ D. S/MIME

Answer 15

The Answer: B. SRTP
SRTP (Secure Real-Time Transport Protocol) is an encrypted version of
the RTP (Real-Time Transport Protocol) VoIP (Voice over IP) protocol.
SRTP uses AES (Advanced Encryption Standard) to encrypt the voice
and video over a VoIP connection.
The incorrect answers:
A. TLS
TLS (Transport Layer Security) is the modern version of SSL (Secure
Sockets Layer), and it’s commonly used for encrypting communication to
a web server.
C. SSH
SSH (Secure Shell) is used to encrypt terminal communication. The best
practice is to use SSH instead of the insecure Telnet protocol.
D. S/MIME
S/MIME (Secure/Multipurpose Internet Mail Extensions) provides
security for the content of an email message.
More information:
SY0-601, Objective 3.1 - Secure Protocols
https://professormesser.link/601030101

Question 16

Which of the following processes merges developed code, tests for issues,
and automatically moves the newly developed application to production
without any human intervention?
❍ A. Continuous deployment
❍ B. Continuity of operations
❍ C. Continuous delivery
❍ D. Continuous integration

Answer 16

The Answer: A. Continuous deployment
Continuous deployment automates every aspect of deploying software.
After the developer creates the code, the testing and deployment process is
completely hands-off and does not need any human intervention.
The incorrect answers:
B. Continuity of operations
Continuity of operations is used during disaster recovery or incident
recovery. This process provides options for keeping the business processes
available during or after the incident.
C. Continuous delivery
Continuous delivery automates the testing process, but it requires human
intervention for the final deployment to production.
D. Continuous integration
With continuous integration, code is constantly written and merged into
the central repository many times each day.
More information:
SY0-601, Objective 2.3 - Automation and Scripting
https://professormesser.link/601020305

Question 17

A company would like to install an IPS to observe normal network
activity and block any traffic that deviates from this baseline. Which of
these IPS types would be the BEST fit for this requirement?
❍ A. Heuristic
❍ B. Anomaly-based
❍ C. Behavior-based
❍ D. Signature-based

Answer 17

The Answer: B. Anomaly-based
Anomaly-based detection will build a baseline of what it considers to be
normal. Once the baseline is established, the IPS (Intrusion Prevention
System) will then block any traffic that deviates from the baseline.
The incorrect answers:
A. Heuristic
Heuristic IPS technology uses artificial intelligence to identify attacks that
have no prior signature.
C. Behavior-based
Behavior-based IPS technology will alert if a particular type of bad
behavior occurs. For example, a URL with an apostrophe and SQL
command would indicate a SQL injection, and someone trying to view /
etc/shadow would indicate an attempt to gain access to a protected part
of the file system. This is universally considered to be bad behavior, and it
would be flagged by a behavior-based IPS.
D. Signature-based
A signature-based IPS is looking for a specific traffic flow pattern, and
once that traffic matches the signature the traffic can be blocked.
More information:
SY0-601, Objective 3.3 - Intrusion Prevention
https://professormesser.link/601030309

Question 18

A security engineer is capturing packets on an internal company network
and is documenting the IP addresses and MAC addresses associated with
the local network devices. Which of these commands would provide the
MAC address of the default gateway at 10.11.1.1?
❍ A. ping 10.11.1.1
arp -a
❍ B. tracert 10.11.1.1
❍ C. dig 10.11.1.1
❍ D. ipconfig /all

Answer 18

The Answer: A. ping 10.11.1.1 arp -a

The arp (Address Resolution Protocol) command can be used to view
the local ARP cache. The cache contains a lookup table containing IP
addresses and their associated MAC (Media Access Control) address. If
an engineer pings a device on the local network and then views the ARP
cache, they will see the MAC address that was resolved during the ARP
process.

The incorrect answers:
B. tracert 10.11.1.1
The tracert (traceroute) command will display the IP addresses of routers
between two devices. MAC addresses are not displayed in the traceroute
output.
C. dig 10.11.1.1
The dig (Domain Information Groper) command is used to gather
information from DNS (Domain Name System) servers. MAC address
information is not viewable with the dig command.
D. ipconfig /all
The ipconfig command will display IP address and MAC address
information for the local Windows computer, but it does not show the
MAC address information of the default gateway.
More information:
SY0-601, Objective 4.1 - Reconnaissance Tools Part 1
https://professormesser.link/601040101

Question 19

Which of the following would be the MOST effective use of 
asymmetric encryption?
❍ A. Real-time video encryption
❍ B. Store passwords
❍ C. Protect data on mobile devices
❍ D. Securely derive a session key

Answer 19

The Answer: D. Securely derive a session key
The Diffie-Hellman process can combine public and private keys to derive
the same session key on both sides of a conversation without sending that
session key across the network.
The incorrect answers:
A. Real-time video encryption
The high speeds require for real-time video encryption and decryption
would not be an efficient use for asymmetric encryption. Most high-speed
or large-scale encryption uses symmetric encryption.
B. Store passwords
The best practice for password storage is to use hashes instead of
encryption. Hashes ensure that a stored password can’t be reverse
engineered to produce the original password.
C. Protect data on mobile devices
The limited CPU and power available on a mobile device requires a more
efficient form of confidentiality than asymmetric encryption. It’s common
for mobile devices to use elliptic curve cryptography (ECC), for example.
More information:
SY0-601, Objective 2.8 -
Symmetric and Asymmetric Cryptography
https://professormesser.link/601020802

Question 20

Which of the following would be the MOST significant security concern
when protecting against criminal syndicates?
❍ A. Prevent users from posting passwords near their workstations
❍ B. Require identification cards for all employees and guests
❍ C. Maintain reliable backup data
❍ D. Use access control vestibules at all data center locations

Answer 20

The Answer: C. Maintain reliable backup data
Organized crime is often after data, and can sometimes encrypt or delete
data on a service. A good set of backups can often resolve these issues
quickly and without any ransomware payments to an organized crime
entity.
The incorrect answers:
A. Prevent users from posting passwords near their workstations
Criminal syndicate members usually access systems remotely. Although
it’s important that users don’t write down their passwords, the organized
crime members aren’t generally in a position to see them.
B. Require identification cards for all employees and guests
Since the criminal syndicate members rarely visit a site, having
identification for employees and visitors isn’t the largest concern associated
with this threat actor.
D. Use access control vestibules at all data center locations
Access control vestibules control the flow of people through an area, and
organized crime members aren’t usually visiting a data center.
More information:
SY0-601, Objective 1.5 - Threat Actors
https://professormesser.link/601010501

Question 21

Visitors to a corporate data center must enter through the main doors
of the building. Which of the following security controls would be the
BEST choice to successfully guide people to the front door?
(Select TWO)
❍ A. Cable locks
❍ B. Bollards
❍ C. Biometrics
❍ D. Fencing
❍ E. Industrial camouflage
❍ F. Video surveillance

Answer 21

The Answers: B. Bollards and D. Fencing
Both bollards and fencing provide physical security controls that can direct
people through an area by limiting their access to other areas.
The incorrect answers:
A. Cable locks
A cable lock would help keep a computer or laptop securely fastened to a
table or desk, but it wouldn’t help direct people to a particular entrance.
C. Biometrics
Biometrics provide a unique authentication factor, but they aren’t
commonly used to direct people to a particular building entrance.
E. Industrial camouflage
Industrial camouflage would not draw any attention to the entrance, and
would ultimately make the entrance more difficult to find.
F. Video surveillance
Video surveillance would make it easy to monitor and view visitors
approaching the building, but it would not provide any directions to the
front doors.
More information:
SY0-601, Objective 2.7 - Physical Security Controls
https://professormesser.link/601020701

Question 22

A company runs two separate applications in their data center. The
security administrator has been tasked with preventing all communication
between these applications. Which of the following would be the BEST
way to implement this security requirement?
❍ A. Firewall
❍ B. Protected distribution
❍ C. Air gap
❍ D. VLANs

Answer 22

The Answer: C. Air gap
An air gap is a physical separation between networks. Air gapped networks
are commonly used to separate networks that must never communicate to
each other.
The incorrect answers:
A. Firewall
A firewall would provide a method of filtering traffic between networks,
but firewalls can often be misconfigured and inadvertently allow some
traffic to pass. Although this is one option, it’s not the best option given
the alternative of an air gap.
B. Protected distribution
A protected distribution is a physically secure cabled network. This usually
consists of a sealed metal conduit to protect from taps and cable cuts. A
protected distribution does not restrict traffic between networks.
D. VLANs
A VLAN (Virtual Local Area Network) is a logical method of segmenting
traffic within network switches. Although this segmentation is effective,
it’s not as secure as an air gap.
More information:
SY0-601, Objective 2.7 - Secure Areas
https://professormesser.link/601020702

Question 23

A company’s security engineer is working on a project to simplify the
employee onboarding and offboarding process. One of the project goals is
to allow individuals to use their personal phones for work purposes. If the
user leaves the company, the company data will be removed but the user’s
data would remain intact. Which of these technologies would meet this
requirement?
❍ A. Policy management
❍ B. Geofencing
❍ C. Containerization
❍ D. Storage encryption

Answer 23

The Answer: C. Containerization
The storage segmentation of containerization keeps the enterprise apps
and data separated from the user’s apps and data. During the offboarding
process, only the company information is deleted and the user’s personal
data is retained.
The incorrect answers:
A. Policy management
Policies can often be managed through a mobile device manager, allowing
the security administrator to limit the use of certain apps, camera
functions, or data storage. These management functions are important, but
they don’t necessarily affect the separation of storage or removal of data
inside of the mobile device.
B. Geofencing
Geofencing restricts or allows features when a mobile device is in a
particular location. Geofencing will not have any effect on the separation
of data inside of a mobile device.
D. Storage encryption
If a mobile device is lost or stolen, storage encryption ensures that the data
will remain confidential. The encryption process itself does not provide any
separation between enterprise data and user data.
More information:
SY0-601, Objective 3.5 - Mobile Device Management
https://professormesser.link/601030502