CompTIA Updated SY0-601 Exam Questions and Answers by deniz

Utilizing split tunneling so only traffic for corporate resources is encrypted would best maintain high-quality videoconferencing while minimizing latency when connected to the VPN. Split tunneling is a technique that allows a VPN user to access both the public internet and the private network simultaneously, without routing all traffic through the VPN. This can improve the performance and quality of videoconferencing applications that rely on low latency and high bandwidth, as well as reduce the load on the VPN server.

CSRF stands for Cross-Site Request Forgery, which is an attack that forces an end user to execute unwanted actions on a web application in which they are currently authenticated1. In this case, the attacker may have tricked the user into clicking a malicious link or visiting a malicious website that sends forged requests to the web server of the bank, using the user’s session cookie or other credentials. The web server then performs the money transfer requests as if they were initiated by the user, without verifying the origin or validity of the requests.

A. SQLi. This is not the correct answer, because SQLi stands for SQL Injection, which is an attack that exploits a vulnerability in a web application’s database layer, where malicious SQL statements are inserted into an entry field for execution2. The output of the web server log does not show any SQL statements or commands.

B. CSRF. This is the correct answer, because CSRF is an attack that exploits the trust a web server has in a user’s browser, where malicious requests are sent to the web server using the user’s credentials1. The output of the web server log shows multiple GET requests with different account numbers and amounts, which may indicate a CSRF attack.

C. Spear phishing. This is not the correct answer, because spear phishing is an attack that targets a specific individual or organization with a personalized email or message that contains a malicious link or attachment3. The output of the web server log does not show any email or message content or headers.

D. API. This is not the correct answer, because API stands for Application Programming Interface, which is a set of rules and specifications that allow software components to communicate and exchange data. API is not an attack method, but rather a way of designing and developing software applications.

A transit gateway is a network transit hub that can be used to interconnect virtual private clouds (VPCs) and on-premises networks. A transit gateway can consolidate and forward inbound internet traffic to multiple cloud environments through a single firewall by offering the following features:

• Attachments that can connect one or more VPCs, a Connect SD-WAN/third-party network appliance, an AWS Direct Connect gateway, a peering connection with another transit gateway, or a VPN connection to a transit gateway.
• Transit gateway route table that can include dynamic and static routes that decide the next hop based on the destination IP address of the packet.
• Associations and route propagation that can link each attachment with a route table and dynamically propagate routes to or from a transit gateway route table. References: What is a transit gateway? - Amazon VPC; Network Gateway – AWS Transit Gateway – Amazon Web Services; Configure VPN gateway transit for virtual network peering; AWS — Difference between VPC Peering and Transit Gateway

Hacktivists are hackers who use their skills to promote a political or social cause, such as human rights, environmentalism, anti-censorship, etc. Hacktivists may target organizations or individuals who oppose their views or agendas, and launch cyberattacks such as defacement, denial-of-service, data theft, or sabotage. In this case, the security manager should consider hacktivists as a potential threat actor who may launch cyberattacks in response to the CEO’s controversial opinion article.