SY0_701_100 Part 3

Which of the following elements of digital forensics should a company use if it needs to ensure the integrity of evidence?. Preservation. E-discovery. Acquisition. Containment.

A legal department must maintain a backup from all devices that have been shredded and recycled by a third party. Which of the following best describes this Requirement?. Data retention. Certification. Sanitization. Destruction.

Which of the following is the main consideration when a legacy system that is a critical part of a company’s infrastructure cannot be replaced?. Resource provisioning. Cost. Single point of failure. Complexity.

Which of the following activities is the first stage in the incident response process?. Detection. Declaration. Containment. Verification.

Which of the following can be used to compromise a system that is running an RTOS?. Cross-site scripting. Memory injection. Replay attack. Ransomware.

A security analyst wants to better understand the behavior of users and devices in order to gain visibility into potential malicious activities. The analyst needs a control to detect when actions deviate from a common baseline. Which of the following should the analyst use?. Intrusion prevention system. Sandbox. Endpoint detection and response. Antivirus.

A security administrator observed the following in a web sever log while investigating an incident: image Which of the following attacks did the security administrator most likely see?. Privilege escalation. Credential replay. Brute force. Directory traversal.

A security analyst has determined that a security breach would have a financial impact of $15,000 and is expected to occur twice within a three-year period- Which of the following is the ALE for this risk?. $37,500. $10,000. $315,000. $330,000.

Which of the following is a compensating control for providing user access to a high-risk website?. Enabling threat prevention features on the firewall. Configuring a SIEM tool to capture all web traffic. Setting firewall rules to allow traffic from any port to that destination. Blocking that website on the endpoint protection software.

An attacker submits a request containing unexpected characters in an attempt to gain unauthorized access to information within the underlying systems. Which of the following best describes this attack?. Side loading. Target of evaluation. Resource reuse. SQL injection.

A company discovered its data was advertised for sale on the dark web. During the initial investigation, the company determined the data was proprietary data. Which of the following is the next Step the company should take?. Identify the attacker's entry methods. Report the breach to the local authorities. Notify the applicable parties of the breach. Implement vulnerability scanning of the company/s systems.

Which of the following techniques can be used to sanitize the data contained on a hard drive while allowing for the hard drive to be repurposed?. Degaussing. Drive shredder. Retention platform. Wipe tool.

An organization is implementing a COPE mobile device management policy. Which of the following should the organization include in the COPE policy? (Choose two.). Remote wiping of the device. Data encryption. Requiring passwords with eight characters. Data usage caps. Employee data ownership. Personal application Store access.

Which of the following should a security team do first before a new web sever goes live?. Harden the virtual host. Create WAF rules. Enable network intrusion detection-. Apply patch management.

A systems administrator discovers a system that is no longer receiving support from the vendor. However, this system and its environment are critical to running the business, cannot be modified, and must stay online. Which of the following risk treatments is the most appropriate in this situation?. Reject. Accept. Transfer. Avoid.

Which of the following best describe the benefits of a microservices architecture when compared to a monolithic architecture?(Choose two.). Easier debugging of the system. Reduced cost of ownership of the system. Improved scalability of the system. Increased compartmentalization of the system. Stronger authentication of the system. Reduced complexity of the system.

An employee clicks a malicious link in an email that appears to be from the company/s Chief Executive Officer. The employee's computer is infected with ransomware that encrypts the company’s files. Which of the following is the most effective way for the company to prevent similar incidents in the future?. Security awareness training. Database encryption. Segmentation. Reporting suspicious emails.

An organization needs to determine how many employees are accessing the building each day in order to configure the proper access controls. Which of the following control types best meets this requirement?. Detective. Corrective. Directive. Preventive.

Which of the following types of vulnerabilities is primarily caused by improper use and management of cryptographic certificates?. Misconfiguration. Resource reuse. Insecure key storage. Weak cipher suites.

A security consultant is working with a client that wants to physically isolate its secure systems. Which of the following best describes this architecture?. SDN. Air gapped. Containerized. Highly available.

An organization wants to implement a secure solution for remote users. The users handle sensitive PHI on a regular basis and need to access an internally developed corporate application. Which of the following best meet the organization's security requirements? (Choose two.). Local administrative password. Perimeter network. Jump server. WAF. MFA. VPN.

A company is in the process of migrating to cloud-based services. The company's IT department has limited resources for migration and ongoing support. Which of the following best meets the company's needs?. IPS. WAF. SASE. IAM.

A security officer is implementing a security awareness program and is placing security-themed posters around the building and is assigning online user training. Which of the following would the security officer most likely implement?. Password policy. Access badges. Phishing campaign. Risk assessment.

A user’s workstation becomes unresponsive and displays a ransom note demanding payment to decrypt files. Before the attack, the user opened a resume they received in a message, browsed the company’s website, and installed OS updates. Which of the following is the most likely vector of this attack?. Spear-phishing attachment. Watering hole. Infected website. Typosquatting.

Which of the following would be the best solution to deploy a Iow-cost standby site that includes hardware and internet access?. Recovery site. Cold site. Hot site. Warm site.

Which of the following would a security administrator use to comply with a secure baseline during a patch update?. Information security policy. Service-level expectations. Standard operating procedure. Test result report.

A government official receives a blank envelope containing photos and a note instructing the official to wire a large sum of money by midnight to prevent the photos from being leaked on the internet. Which of the following best describes the threat actors intent?. Organized crime. Philosophical beliefs. Espionage. Blackmail.

Which of the following is the best security reason for closing service ports that are not needed?. To mitigate risks associated with unencrypted traffic. To eliminate false positives from a 'vulnerability scan. To reduce a system's attack surface. To improve a systems resource utilization.

A malicious actor conducted a brute-force attack on a company/s web servers and eventually gained access to the company/s customer information database. Which of the following is the most effective way to prevent similar attacks?. Regular patching of severs. Web application firewalls. Multifactor authentication. Enabling encryption of customer data.

Which of the following is the primary reason why false negatives on a vulnerability scan should be a concern?. The system has vulnerabilities that are not being detected. The time to remediate vulnerabilities that do not exist is excessive. Vulnerabilities with a Iower severity will be prioritized over critical vulnerabilities-. The system has vulnerabilities, and a patch has not yet been released.

Which of the following should be used to ensure an attacker is unable to read the contents of a mobile device's drive if the device is lost?. TPM. ECC. FDE. HSM.

A company is concerned about theft of client data from decommissioned laptops. Which of the following is the most cost-effective method to decrease this risk?. WiPing. Recycling. Shredding. Deletion.

A company that has a large IT operation is looking to better control, standardize, and Iower the time required to build new severs. Which of the following architectures will best achieve the company's objectives?. loT. IaC. IaaS. ICS.

A security administrator documented the following records during an assessment of network services: image image When consulting the service owner, the administrator validated that the new address was not part of the company network. Which of the following was the company most likely experiencing?. DDoS attack. DNS poisoning. Ransomware compromise. Spyware infection.

Which of the following options will provide the Iowest RTO and RPO for a database?. Snapshots. On-site backups. Jornaling. Hot site.

Which of the following is a possible consequence of a VM escape?. Malicious instructions can be inserted into memory and give the attacker elevated permissions. An attacker can access the hypervisor and compromise other VMs. Unencrypted data can be read by a user who is in a separate environment. Users can install software that is not on the manufacturer's approved list.

While investigating a possible incident, a security analyst discovers the following: image Which of the following should the analyst do first?. Implement a WAF>. Disable the query.php script. Block brute-force attempts on temporary users. Check the users table for new accounts.

A security team at a large, global company needs to reduce the cost of storing data used for performing investigations. Which of the following types of data should have its retention length reduced?. Packet capture. Endpoint logs. OS security logs. Vulnerability scan.

Which of the following actors attacking an organization is the most likely to be motivated by personal beliefs?. Nation-state. Organized crime. Hacktivist. Insider threat.

A company wants to improve the availability of its application with a solution that requires minimal effort in the event a server needs to be replaced or added. Which of the following would be the best solution to meet these objectives?. Load balancing. Fault tolerance. Proxy servers. Replication.

Which of the following should a security team use to document persistent vulnerabilities with related recommendations?. Audit report. Risk register. Compliance report. Penetration test.

Which of the following is a type of vulnerability that involves inserting scripts into web-based applications in order to take control of the client's web browser?. SQL injection. Cross-site scripting. Zero-day exploit. On-path attack.

An organization purchased a critical business application containing sensitive data. The organization would like to ensure that the application is not exploited by common data exfiltration attacks. Which of the following approaches would best help to fulfill this requirement?. WAF. URL scanning. Reverse proxy. NAC.

Due to a cyberattack, a company's IT systems were not operational for an extended period of time. The company wants to measure how quickly the systems must be restored in order to minimize business disruption. Which of the following would the company most likely use?. Recovery point objective. Risk appetite. Risk tolerance. Recovery time objective. Mean time between failure.