B. The service provider will provide 99.999% uptime An SLA (Service Level Agreement) is a contract that specifies the minimum terms for provided services. It’s common to include uptime, response times, and other service metrics in an SLA. The incorrect answers: A. The customer will connect to partner locations over an IPsec tunnel A service level agreement describes the minimum service levels provided to the customer. You would not commonly see descriptions of how the service will be used in the SLA contract. C. The customer applications use HTTPS over tcp/443 The protocols used by the customer’s applications aren’t part of the service requirements from the ISP. D. Customer application use will be busiest on the 15th of each month The customer’s application usage isn’t part of the service requirements from the ISP. More information: SY0-601, Objective 5.3 - Third-party Risk Management https://professormesser.link/601050302

C. Influence campaign Influence campaigns are carefully crafted attacks that exploit social media and traditional media. The incorrect answers: A. On-path An on-path attack uses an attacker in the middle of a conversation to capture or modify information as it traverses the network. B. Watering hole A watering hole attack uses a carefully selected attack location to infect visitors to a specific website. D. Phishing A phishing attack traditionally uses email in an effort to convince the victim to disclose private or sensitive information. More information: SY0-601, Objective 1.1 - Influence Campaigns https://professormesser.link/601010108

C. Tokenization Tokenization is a technique that replaces user data with a non-sensitive placeholder, or token. Tokenization is commonly used on mobile devices to purchase using a credit card without transmitting the credit card number. The incorrect answers: A. Masking Data masking hides sensitive data by hiding the information or replacing it with a non-sensitive alternative. An example of masking would be replacing an account number on a receipt with hash marks. B. DLP DLP (Data Loss Prevention) solutions can identify and block sensitive data from being sent over the network. DLP does not provide any additional security or protection for real-time financial transactions. D. NGFW An NGFW (Next-Generation Firewall) is an application-aware security technology. NGFW solutions can provide additional controls for specific applications, but they won't provide any additional account protections when sending financial details. More information: SY0-601, Objective 2.1 - Protecting Data https://professormesser.link/601020102

C. Customer information is transferred between countries Data sovereignty laws can mandate how data is handled. Data that resides in a country is usually subject to the laws of that country, and compliance regulations may not allow the data to be moved outside of the country. The incorrect answers: A. IPsec connects data centers over public Internet links Connecting remote locations using IPsec tunnels over public Internet connections is a common method of securely linking sites together. If someone was to capture the data traversing these links, they would find that all of the data was encrypted. B. Fulfillment requests are shipped within the customer’s country There are no significant security issues associated with shipments within the same country. D. The data centers are located geographically distant from each other A best practice for many international organizations is to have data centers in geographically diverse locations to minimize the impact of any single data center outage. More information: SY0-601, Objective 2.1 - Protecting Data https://professormesser.link/601020102

B. SAE WPA3 (Wi-Fi Protected Access 3) enhances the PSK (Pre-Shared Key) authentication process by privately deriving session keys instead of sending the key hashes across the network. The incorrect answers: A. 802.1X 802.1X is a standard for authentication using AAA (Authentication, Authorization and Accounting) services. 802.1X is commonly used in conjunction with LDAP, RADIUS, or a similar authentication service. C. WEP WEP (Wired Equivalent Privacy) is an older wireless encryption algorithm that was ultimately found to have cryptographic vulnerabilities. D. WPS WPS (Wi-Fi Protected Setup) is a standard method of connecting devices to a wireless network without requiring a PSK or passphrase. More information: SY0-601, Objective 3.4 - Wireless Cryptography https://professormesser.link/601030401

B. Block all unknown outbound network traffic at the Internet firewall Keylogging software has two major functions; record keystrokes, and transmit those keystrokes to a remote location. Local file scanning and software best-practices can help prevent the initial installation, and controlling outbound network traffic can block unauthorized file transfers. The incorrect answers: A. Prevent the installation of all software Blocking software installations may prevent the initial malware infection, but it won’t provide any control of outbound keylogged data. C. Install host-based anti-virus software A good anti-virus application can identify malware before the installation occurs, but anti-virus does not commonly provide any control of network communication. D. Scan all incoming email attachments at the email gateway Malware can be installed from many sources, and sometimes the source is unexpected. Scanning or blocking executables at the email gateway can help prevent infection but it won’t provide any control of outbound file transfers. More information: SY0-601, Objective 1.2 - An Overview of Malware https://professormesser.link/601010201

E. The client computer does not have the proper certificate installed The error message states that the server credentials could not be validated. This indicates that the certificate authority that signed the server’s certificate is either different than the CA certificate installed on the client’s workstation, or the client workstation does not have an installed copy of the CA’s certificate. This validation process ensures that the client is communicating to a trusted server and there are no man-in-the-middle attacks occurring. The incorrect answers: A. The user’s computer is in the incorrect VLAN The RADIUS server certificate validation process should work properly from all VLANs. The error indicates that the communication process is working properly, so an incorrect VLAN would not be the cause of this issue. B. The RADIUS server is not responding If the RADIUS server had no response to the user, then the process would simply timeout. In this example, the error message indicates that the communication process is working between the RADIUS server and the client’s computer. C. The user’s computer does not support WPA3 encryption The first step when connecting to a wireless network is to associate with the 802.11 access point. If WPA3 encryption was not supported, the authentication process would not have occurred and the user’s workstation would not have seen the server credentials. D. The user is in a location with an insufficient wireless signal The error message regarding server validation indicates that the wireless signal is strong enough to send and receive data on the wireless network. More information: SY0-601, Objective 3.9 - Public Key Infrastructure https://professormesser.link/601030901