Exam SY0-601 All QuestionsBrowse all questions from this exam
Go to Exam
Question 656

The cost of removable media and the security risks of transporting data have become too great for a laboratory. The laboratory has decided to interconnect with partner laboratories to make data transfers easier and more secure. The Chief Security Officer (CSO) has several concerns about proprietary data being exposed once the interconnections are established. Which of the following security features should the network administrator implement to prevent unwanted data exposure to users in partner laboratories?

    Correct Answer: D

    To secure proprietary data when interconnecting with partner laboratories, implementing a VPN with full tunneling and NAS authenticating through Active Directory is the most appropriate solution. The VPN ensures that data is transmitted over a secure, encrypted channel, preventing unauthorized interception during transit. Additionally, using Network Attached Storage (NAS) authenticated through Active Directory means that access is restricted to authenticated users, providing a robust layer of access control to prevent unauthorized data exposure. This combination addresses both the secure transmission of data and stringent user authentication, aligning with the Chief Security Officer’s concerns.

Discussion
32d799aOption: D

For the scenario described where proprietary data might be exposed once interconnections are established with partner laboratories, option D (VPN with full tunneling and NAS authenticating through the Active Directory) offers a holistic security solution. It combines the encrypted communication features of a VPN with the strong user and device authentication mechanisms of Active Directory.

Mr_TtttOption: C

CompTIA makes nice discussion starter here, but I would prefer clear questions with clear aswers for my money. As I understand, question here to transfer SOME data, which they want to share with other labs, but KEEP themself the rest, which they NOT want to share. From this point of view only C makes some sense, if there are agents, who has the rights, knowledge, training to send out what is meant to send out.

ps1hackerOption: D

A. VLAN zoning: could maybe prevent a hacker from traversing the network, but the scenario is regarding insider threats. B. DLP: stops everything from being transferred. Why even build this in the first place if DLP will stop all data transfers C. NAC: doesn’t prevent users from sending proprietary info THROUGH a transfer agent. Basically useless in this scenario. D. VPN: provides security and accountability by requiring AD logging. So data can be linked to each user, minimizing insider threats.

adam.regula91

you're absolutely right. Option B is impossibe as DLP may block the traffic

GeronemoOption: B

B. DLP (Data Loss Prevention) running on hosts to prevent file transfers between networks. DLP solutions help prevent unauthorized data transfers by monitoring and controlling the movement of sensitive data across networks. By running DLP on hosts within the laboratory's network, the administrator can enforce policies to prevent the unauthorized transfer of proprietary data to partner laboratories. This approach ensures that sensitive data remains protected and does not leak outside the organization's boundaries. While options like VLAN zoning (A), NAC (Network Access Control) (C), and VPN with full tunneling (D) may provide network segmentation or encryption, they do not specifically address the prevention of unwanted data exposure to partner laboratories. DLP is specifically designed to monitor and control data transfers, making it the most suitable solution for preventing unauthorized data exposure in this scenario.

cannonOption: C

Chat says something I hadn't considered. the CSO is worried that only the authorized devices (w agents) at the partner labs have access. -- Answer: C. NAC that permits only data-transfer agents to move data between networks Explanation: Network Access Control (NAC): Network Access Control (NAC) is a security solution that ensures only authorized devices are granted access to network resources. In the context of the scenario, implementing NAC can help prevent unwanted data exposure by allowing only designated data-transfer agents to move data between the laboratory's network and partner laboratories' networks. NAC solutions can enforce policies that specify which devices are allowed to connect to the network and what resources they can access. By permitting only authorized data-transfer agents, the risk of unauthorized access to proprietary data is mitigated.

max.daps

Guys I just passed SYO-601 today July 08, 2024, with 752. I got about 20% of the questions from this platform, and 3 out of 4 of the PBQs. My advice is that read some textbooks in addition to this platform and you will be fine. If you depend solely on this platform you might not be lucky to get many questions coming out of this platform. The discussions here helps too so read them and do your own reading on any question to be sure. I pass the first time with no IT background so you can do it too but read wide. All the best.

spearousOption: A

A is right. first glance, only A and D make sense. However, by segementing the network, only certain servers can access the file server, although they are external facing, that's power of vlan. don't just see "external facing" and wipe that option off. This is a better option than VPN, because anyone login to VPN will get the data, while vlan only the designed server can access it, making all under control.

TechSageOption: D

The correct answer is **D. VPN with full tunneling and NAS authenticating through the Active Directory**. This is because a VPN (Virtual Private Network) with full tunneling establishes a secure, encrypted connection over a potentially unsecure network, like the internet. It's like a private tunnel in the internet that can securely transmit data between networks. This ensures that even if the data is intercepted, it cannot be understood due to the encryption. NAS (Network Attached Storage) authenticating through Active Directory means that the users are authenticated (their identities are confirmed) via a central directory before they can access the data. This ensures that only authorized users can access the data. This option addresses the CSO's concerns regarding proprietary data exposure as it provides secure data transmission and restricts data access to authenticated users only. The other options (A, B, and C) do not provide both these security measures. Therefore, D is the correct answer.

Payu1994Option: B

B. DLP running on hosts to prevent file transfers between networks: Data Loss Prevention (DLP) systems can monitor and control the movement of data within and outside the network. Running DLP on hosts allows for fine-grained control over file transfers and can prevent unauthorized data exposure. This solution addresses the concern of preventing unwanted data exposure effectively.

BD69Option: D

I picked D, because it the only solution that provides encryption and authentication and authorization for both the VPN and the NAS where the data is being stored. I don't understand how answer A would provide any real security over the internet (VLANs are more like security through obscurity and not encrypted) by itself and B & C is really for preventing file transfers, but when one is allowed, it's all in the clear and a MITM attack could restore it (off the Internet).

brf2017Option: C

NAC (Network Access Control) best choice here. VLAN - does segmentation - but not really secure and placing a file transfer server in an external facing zone? no... DLP - Data Loss Prevention - good for preventing data xfer - but the question is talking about xfer between two labs.... (no) VPN - that better since it uses encryption during data exchange, but does not prevent unauthorized device access... yes it did say AD in the question but that does not deal with data transfer between two systems. Best answer is NAC here.

SirakOption: D

VLAN zoning and VPN tunneling are both methods used to segment and secure network traffic, but they serve different purposes. VLAN zoning is a technique used to divide a network into separate virtual LANs, allowing for better control and management of network traffic within a single physical network. On the other hand, VPN tunneling creates a secure, encrypted connection over a public network, such as the internet, to connect remote users or branch offices to a central network. While VLAN zoning is more focused on internal network segmentation, VPN tunneling is used to securely connect external networks to a central network. D - VON with full tunneling

Hellome123Option: B

ChatGPT Given the concern of the Chief Security Officer (CSO) about proprietary data exposure, the most suitable option would be: B. DLP running on hosts to prevent file transfers between networks Data Loss Prevention (DLP) solutions are designed to monitor, detect, and prevent unauthorized data transfers. By implementing DLP on hosts within the interconnected network, the laboratory can ensure that sensitive data is not transferred outside of authorized channels or networks. This would address the CSO's concerns about proprietary data exposure and provide granular control over data transfers.

Marleigh

You know chatGPT scrapes the internet for answers, right? So when a bunch of people say the wrong thing, it will also choose the wrong thing... DLP is, in my opinion, more useful if it were asking how to stop users from exposing this data, like from a user point of view. The way this question is worded, especially the "data transfer" aspect of it, leads me to believe that D would be the most correct answer. tbf, this is a poorly worded question with poorly worded answers. TLDR; please people stop posting chatGPT answers and use the discussions to understand why the other options are wrong.

russianOption: D

"For the scenario described where proprietary data might be exposed once interconnections are established with partner laboratories, option D (VPN with full tunneling and NAS authenticating through the Active Directory) offers a holistic security solution. It combines the encrypted communication features of a VPN with the strong user and device authentication mechanisms of Active Directory. "

Rami1996Option: B

B. DLP running on hosts to prevent file transfers between networks: Data Loss Prevention (DLP) solutions can monitor and control data transfers, helping to prevent unauthorized file transfers. This solution can be effective in preventing data exposure by monitoring and blocking sensitive data transfers between networks.

BD69Option: D

D is obviously the most secure, and the most configurable, here A, B & C can all be compromised via MITM attacks

BD69

Another note on DLP. It's reasonable to assume that these partner labs are sending proprietary data TO EACH OTHER, so DLP rules would have to be relaxed. Proprietary data sent, when it is sent across the Internet, will be easily sniffed. DLP, alone, has no encryption. With A, we can only assume that SFTP or FTPS will be used in file transfer server. This is a good method, however, nothing beats answer D (especially integrated with Active Directory which includes Role, User, and Resource Management ). D is a no-brainer. No assumptions have to be made

[Removed]Option: C

This company only wants to upgrade removable media capabilities to allow file transfers. B is fine and all, but it says it "prevents" file transfers. Answer A for VLAN zoning would be more of a benefit if you were merging networks/companies. VPN full tunneling at D makes no sense to me when they only need to do file transfer. C makes the most sense to me.

Paula77

NAC is more about controlling access to a network, not specifically about preventing data exposure.