SY0_701_100 Part 5

Which of the following security principles most likely requires validation before allowing traffic between systems?. Policy enforcement. Authentication. Zero Trust architecture. Confidentiality.

An organization keeps severs with confidential information in the same network as workstations. An attacker compromises a workstation and moves laterally to a server. Which of the following could have prevented the attacker from accessing the server?. Load balancers. Security zones. Virtual private networks. Proxy servers.

An organization found gaps in its software development environment and is implementing compensating controls to better protect its systems from external threats. Which of the following would be most effective? (Choose two.). Platform hardening. Expanded logging. Network segmentation. Access control. Data encryption. Application allow list.

Which of the following activities is used to determine the reason an incident occurred, prior to closing the incident?. Root cause analysis. Detection. E-discovery. Lessons learned.

An accounting employee recently used software that was not approved by the company. Which of the following risks does this most likely represent?. Unskilled attacker. Hacktivist. Shadow IT. Supply Chain.

An attacker defaces a company/s website and refuses to relinquish control until the company removes specific harmful chemicals from its products. Which of the following best describes this type of threat actor?. Unskilled attacker. Hacktivist. Organized crime. Espionage.

A retail company receives a request to remove a customer data. Which of the following is the retail company considered under GDPR legislation?. Data processor. Data controller. Data subject. Data custodian.

Which of the following is the greatest advantage that network segmentation provides?. End-to-end encryption. Decreased resource utilization. Enhanced endpoint protection. Configuration enforcement. Security zones.

While a user reviews their email, a host gets infected by malware that came from an external hard drive plugged into the host. The malware steals all the uses credentials stored in the browser. Which of the following training topics should the user review to prevent this situation from reoccurring?. Operational security. Removable media and cables. Password management. Social engineering.

A database engineer needs sample customer data for testing purposes. Which of the following can prevent unauthorized viewing or disclosure of PIIQ?. Masking. REAC. Tokenization. Filtering.

An administrator needs to ensure all emails sent and received by a specific address are stored in a non-alterable format- Which of the following best describes this forensic concept?. E-discovery. Acquisition. Legal hold. Chain of custody.

Which of the following should a systems administrator do after performing remediation activities?. Classify. Archive. Rescan. Isolate.

Which of the following is a technical security control?. Security guard. Policy. Fence. Firewall.

A user attempts to send an invoice to a customer. When the user follows up with the customer to see if the invoice was received, the customer informs the user that it went to the spam folder. The management team has asked the systems administrator to implement measures to reduce the likelihood of this happening again by implementing server authentication. Which of the following should the systems administrator implement?. SPF. DMARC. XDR. DNSSEC.

An employee receives from a vendor a marketing communication email that includes an attachment. When the employee opens the attachment, the employee's screen displays Odd text requesting payment in order to recover data. Within moments, a company-wide email is sent to employees requesting that employees disconnect their computers from the internet and shut them down. Which of the following describes this type of malware?. Trojan. Worm. Ransomware. Virus.

A company recently purchased a new building that does not have an existing wireless or wired infrastructure. A network engineer at the company needs to determine the placement of the access points in the new building. Which of the following accurately describes the task the network engineer will be performing?. Heat map. Internal assessment. Corporate reconnaissance. Site survey.

An organization wants to increase an application's resiliency by configuring access to multiple servers in the organization's geographically dispersed environment. Which of the following best describes this architecture?. Containerized. Multitenant. Load balanced. Virtualized.

A company/s leadership team wants to ensure employees only print business-related documents on company printers. Which of the following documents should the company add this directive to?. Information security policy. Data classification policy. Business continuity plan. Acceptable use policy.

A user sends an email that includes a digital signature for validation. Which of the following security concepts would ensure a user cannot deny they sent the email?. Non-repudiation. Confidentiality. Integrity. Authentication.

A systems administrator wants to use a technical solution to explicitly define file permissions for the entire team. Which of the following should the administrator implement?. ACL. Monitoring. Isolation. HIPS.

A vendor salesperson is a personal friend of a company/s Chief Financial Officer (CFO). The company recently made a large purchase from the vendor, which was directly approved by the CFO. Which of the following best describes this situation?. Rules of engagement. Conflict of interest. Due diligence. Contractual impact. Reputational damage.

During a SQL update of a database, a temporary field used as part of the update sequence was modified by an attacker before the update completed in order to allow access to the system. Which of the following best describes this type of vulnerability?. Race condition. Memory injection. Malicious update. Side loading.

Which of the following options most efficiently maintains a system state in the event of a system failure?. Hybrid Cloud. Cold site. Full backup. Load balancing.

A company is concerned with supply Chain compromise of new servers and wants to limit this risk. Which of the following should the company review first?. Sanitization procedure. Acquisition process. Change management. Asset tracking.

Which of the following would help reduce alert fatigue?. Penetration testing. Compensating controls. Rule tuning. Log aggregation.

An organization decides that most employees will work remotely. The existing VPN solution does not have adequate bandwidth, and the content filtering proxy is on premises. Which of the following strategies will enable the business to securely achieve its objective while also being prepared to quickly scale for growth?. Integrate with an SASE platform, and deploy the agent to all laptops. Purchase a larger internet circuit, and create a NAT policy for the proxy. Purchase a SOAR solution to decrease response times for remote workers. Install a secondary VPN and proxy at the disaster recovery site, and automate failover.

The board of a company needs to tell the leadership team which activities are too risky to undertake during business operations. Which of the following risk management strategies does the board need to explain to the leadership team?. The company’s risk assessment. The company’s risk acceptance. The company’s risk register. The company’s risk tolerance.

A company/s accounts payable clerk receives a message from a vendor asking to change their bank account before paying an invoice. The clerk makes the change and sends the payment to the new account. Days later, the clerk receives another message from the same vendor with a request for a missing payment to the original bank account. Which of the following has most likely occurred?. Phishing campaign. Data exfiltration. Pretext calling. Business email compromise.

Which of the following is the most likely reason a security analyst would review SIEM logs?. To check for recent password reset attempts. To monitor for potential DDoS attacks. To assess the scope of a privacy breach. To see correlations across multiple hosts.

Which of the following security controls is a company implementing by deploying HIPS? (Choose two.). Directive. Preventive. physical. Corrective. Compensating. Detective.

Which of the following policies outlines What employees can and cannot do on company-issued devices?. Acceptable use. Data classification. Change management. Business continuity.

Which of the following data types relates to data sovereignty?. Data classified as public in Other countries. Personally identifiable data while traveling. Health data shared between doctors in Other nations. Data at rest outside of a country’s borders.

A penetration test reveals that users can easily access internal VLANs from the company’s guest Wi-Fi. Which of the following security principles would remediate this vulnerability by improving network authentication mechanisms?. VLAN ACLs. Captive portal. DNSSEC. 802.1X.

A company recently set up a system for employees to access their files remotely. However, the IT team has noticed that some employees are using personal devices to access the system. Which of the following security techniques could help mitigate the risk of unauthorized connections by personal devices?. Multifactor Authentication. Conditional Access Policies. Cloud Access Security Broker. Data Loss Prevention.

A software developer wishes to implement an application security technique that will provide assurance of the application's integrity. Which of the following techniques will achieve this?. Secure cookies. Input validation. Static analysis. Code signing.

Which of the following are the best methods for hardening end user devices? (Choose two). Full disk encryption. Group-level permissions. Account lockout. Endpoint protection. Proxy server. Segmentation.

Which of the following control types involves restricting IP connect to a route is web management interface to protect it from being exploited by a vulnerability?. Corrective. Physical. Preventive. Managerial.

Which of the following is the best physical security measure that prevents unauthorized vehicles from entering a data center while still allowing foot traffic?. Access control vestibules. Fencing. Video surveillance. Retractable bollards.

A security analyst receives an alert from a front-end web server connected to a database back end. The alert contains the following logs: Image Which of the following attacks is occurring?. Buffer overflow. Brute-force. Injection. Replay.

A systems administrator has overwritten all of the supervisors permissions in order to perform malicious activities. Which of the following does this describe?. Shadow IT. Unskilled attacker. Insider threat. Hacktivist.

Several employees download a product program that is useful but also leaks contact information and corporate organizational structure details. Which of the following is the best way to prevent this issue?. Application allow list. Workstation hardening. Refusal of unsigned code. IP blocklist. Standard user accounts.

Which of the following methods to secure data is most often used to protect data in transit?. Encryption. Obfuscation. Permission restrictions. Hashing.

Which of the following would best prepare a security team for a specific incident response scenario?. Situational awareness. Risk assessment. Root cause analysis. Tabletop exercise.

Which of the following would best ensure a controlled version release of a new software application?. Business continuity planning. Quantified risk analysis. Static code analysis. Change management procedures.

The Chief Executive Officer has requested that a vendor conduct a penetration test without engaging the internal IT team to validate the companys investment in security tools, awareness training, and SOC personnel. Which of the following penetration testing methods is most likely being used?. Unknown. Known. Integrated. Partially known.

A Chief Information Security Officer wants to enhance security capabilities to block PH from being emailed or downloaded to unapproved external media. Which of the following solutions will accomplish this goal?. Deploying DLP software on servers and endpoints. Configuring severs and endpoints to use a centralized web proxy. Implementing secure protocols on servers and endpoints. Installing EDR software on severs and endpoints.

Which of the following does a user often agree to when logging in to a domain?. AUP. MAC. EULA. EAP.

A developer receives this message when testing a new external website: This site cannot be reached. Which of the following logs would most likely help identify' the root cause?. Firewall. IDS. Application. System.

After a breach at a data processing center, an administrator receives a notification that administrative passwords were leaked online. Which of the following should be used to prevent this incident from occurring in the future?. Password management. Password complexity. Password policy. Password vault.

A forensic engineer determines that the root cause of a compromise is a SQL injection attack. Which of the following should the engineer review to identify the command used by the threat actor?. Metadata. Application log. System log. Netflow log.

Employees receive a text message containing a link to a web page that prompts the user to enter their ID and a work Phone number- The text message appears to come from the Chief Executive Officer, but it is later discovered that the message is not legitimate. Which of the following does this best represent? (Choose two.). Misinformation. Smishing. Impersonation. Typosquatting. Pretexting. Phishing.

An attorney prints confidential documents to a copier in an office space near multiple workstations and a reception desk- When the attorney goes to the copier to retrieve the documents, the documents are missing. Which of the following would best prevent this from reoccurring?. Place the copier in the legal department. Configure DLP on the attorneys workstation. Set up LDAP authentication on the printer. Conduct a physical penetration test.

Which of the following threat vectors would a user be vulnerable to when using a smartphone to scan a two-dimensional matrix barcode?. Quishing. Smishing. Vishing. Phishing.

An analyst identifies that multiple users have the same passwords, but the hashes appear to be completely different. Which of the following most likely explains this issue?. Data masking. Salting. Key escrow. Tokenization.

A user receives an aggressive text from an unknown sender who is demanding money. Which of the following attacks is this an example of?. Impersonation. Typosquatting. Smishing. Scareware.

Which of the following is most likely a security concern when installing and using Iowcost IOT devices in infrastructure environments?. Counterfeit products. Device responsiveness. Ease of deployment. Data remanence.

An administrator must implement a solution that provides security and network connectivity between two companies. Which of the following infrastructure solutions is the best for this purpose?. UTM. VPN. NAC. NGFW.

In which of the following will unencrypted PLC management traffic most likely be found?. SDN. loT. VPN. SCADA.

An employee clicked a malicious link in an email and downloaded malware onto the company/s computer network. The malicious program exfiltrated thousands of customer records. Which of the following should the company implement to best prevent this in the future?. User awareness training. Network monitoring. Endpoint protection. Data loss prevention.

According to various privacy rules and regulations, users have the power to request that all data pertaining to them is deleted. This is known as: right to be forgotten. attestation and acknowledgement. data retention. information deletion.

Which of the following can be deployed in data centers as a protection against an undervoltage event?. Resource management. Load balancer. Surge protector. Uninterruptable power supply.

Which of the following activities should a systems administrator perform to quarantine a potentially infected system?. Move the device into an air-gapped environment. Disable remote log-in through Group Policy. Convert the device into a sandbox. Remote wipe the device using the MDM platform.

An employee receives a work phone. Instead of starting up with the normal operating system, the Phone loads to a gaming platform using administrative credentials. Which of the following issues occurred?. Misconfiguration. Side loading. Malicious update. Jailbreaking.

Which of the following are activities that should be completed during the containment and eradication phases of the incident response process? (Choose two.). Notifying stakeholders. Restoring the system. Identifying the threat. Removing the malicious threat. Developing a recovery plan. Analyzing the incident.

A university uses two different Cloud solutions for storing student data. Which of the following does this represent?. Load balancer. Parallel processing. Platform diversity. Clustering.

A security engineer needs to patch an OS vulnerability that impacts all corporate laptops. Which of the following is necessary to ensure all corporate laptops are patched?. Ownership. Inventory. Classification. Enumeration.

A security team purchases a tool for Cloud security posture management. The team is quickly overwhelmed by the number of misconfigurations the tool detects. Which of the following should the security team configure to establish secure baselines for Cloud resource usage?. CASB. IAM. Guardrails. XDR.

A software engineering manager wants to scan the code for security vulnerabilities before it is pushed into production. Which of the following types of analysis should the manager select?. Static. Threat. Packet. Dynamic. Package.

All clients who connect to the switchports are required to complete a posture analysis before accessing the internet. Which of the following should the IT team configure to help secure the enterprise infrastructure?. IPS. VPN. WAF. NAC.

Which of the following is an example of a certificate that is generated by an internal source?. Digital signature. Asymmetric key. Self-signed. Symmetric key.

Which of the following actions would reduce the number of false positives for an analyst to manually review?. Create playbooks as part of a SOAR platform. Redefine the patch management process. Replace an EDR tool with an XDR solution. Disable AV heuristics scanning.

A security analyst is prioritizing vulnerability scan results using a risk-based approach. Which of the following is the most efficient resource for the analyst to use?. Business impact analysis. Common Vulnerability Scoring System. Risk register. Exposure factor.

A government agency requires publicly traded organizations to report cyber breaches within a designated time period. By law, these reports are made public. Which of the following could cause loss of existing and future business for an organization after reports are published?. Fines and penalties. Reputational damage. Board oversight. Conflicts of interest.

A company with a high-availability website is looking to harden its controls at any cost. The company wants to ensure that the site is secure by finding any possible issues. Which of the following would most likely achieve this goal?. Permission restrictions. Bug bounty program. Vulnerability scan. Reconnaissance.

A penetration tester visits a clients website and downloads the site's content. Which of the following actions is the penetration tester performing?. Unknown environment testing. Vulnerability scan. Due diligence. Passive reconnaissance.

Which of the following actions must an organization take to comply with a person's request for the right to be forgotten?. Purge all personally identifiable attributes. Encrypt ail of the person’s data. Remove all of the person's data. Obfuscate all of the person’s data.

Which of the following is a social engineering attack in which a bad actor impersonates a web URL?. Pretexting. Misinformation. Typosquatting. Watering-hole.

A company is in the process of cutting jobs to manage costs. The Chief Information Security Officer is concerned about the increased risk of an insider threat. Which of the following would most likely help the security awareness team address this potential threat?. Immediately disable the accounts of staff who are likely to be terminated. Train supervisors to identify' and manage disgruntled employees. Configure DLP to monitor staff who will be terminated. Raise awareness for business leaders on social engineering techniques.

Which of the following sites Offers immediate service restoration following a disaster?. Cloud-based. Hot. Warm. Cold.

An administrator must authenticate users to systems using credentials already authenticated by a business partner’s LDAP system. Which of the following should the administrator deploy to enable this functionality?. Media access control. Interoperability. OAUTH. Federation.

A systems administrator discovers a guest user gained access to classified reports. Upon further investigation, the logs indicate that the user was added to the administrator group. Which of the following best describes this attack?. Credential replay. Privilege escalation. Directory traversal. Brute-force.

Which of the following actions should be performed on end-of-life equipment before it is discarded?. Isolation. Patching. Decommissioning. Monitoring.

Which of the following would a sense provider supply as an assurance for a disposal service as part of a disposal process?. Insurance. Certification. Classification. Retention.

A government worker secretly copies classified files that contain defense tactics information to an external drive- The government worker then gives the external drive to a corrupt organization. Which of the following best describes the motivation of the worker?. Espionage. Data exfiltration. Financial gain. Blackmail.

A Chief Security Offiocer signs off on a request to allow inbound SMB and RDP from the internet to a single VLAN. Which of the following is the most likely explanation for this activity?. The company built a new file-sharing site. The IT team requested a new jump host. The security team is integrating with an SASE platform. The security team created a honeynet.

Which of the following is a benefit of an RTO when conducting a business impact analysis?. It determines the likelihood of an incident and its cost. It determines the roles and responsibilities for incident responders. It determines the state that systems should be restored to following an incident. It determines how long an organization can tolerate downtime after an incident.

The help desk receives multiple calls indicating machines with an outdated OS version are running slowly. Several users report seeing virus detection alerts. Which of the following mitigation techniques should be reviewed first?. Patching. Segmentation. Monitoring. Isolation.

The security department is remediating vulnerabilities that were found during an audit of newly deployed systems. Which of the following must be done to ensure compliance?. Confirm false positives. Review the attack surface. Conduct a rescan. Report the remediations.

A human resources (HR) employee working from home leaves their company laptop open on the kitchen table- A family member walking through the kitchen reads an email from the Chief Financial Officer addressed to the HR department. The email contains information referencing company layoffs. The family member posts the content of the email to social media. Which of the following policies will the HR employee most likely need to review after this incident?. Hybrid work environment. Operation security. Data loss prevention. Social engineering.

The security team notices that the Always On VPN solution sometimes fails to connect. This leaves remote users unprotected because they cannot connect to the on-premises web proxy. Which of the following changes will best provide web protection in this scenario?. Implement network access control. Configure the local gateway to point to the VPN. Create a public NAT to the on-premises proxy. Install a host-based content filtering solution.

A company is experiencing a high number of users who are clicking on email-based attacks even though those users have completed annual training. The company’s Chief Security Officer wants to identify' and reduce which users are phished the most often. Which of the following will best achieve this result?. Begin a semiannual in-person training course with mandatory attendance- The users would perform exercises that simulate answering Phone calls from attackers performing social engineering attacks. Deploy a product that would occasionally send users emails to simulate an attack. The product would alert the security team whenever a user dicks links in the product's emails. Hire a security consultant to give a personalized seminar at the company. The consultant would share stones of famous companies that had breaches and explain the ramifications of those events. Require an MFA when signing in to the email client. Users would need to authenticate once a week at a minimum and daily when working remotely.

Prior to implementing a design change, the change must go through multiple steps to ensure that it does not cause any security issues. Which of the following is most likely to be one of those steps?. Management review. Load testing. Maintenance notifications. Procedure updates.

Which of the following mitigation techniques would a security analyst most likely use to avoid bloatware on devices?. Disabled ports/protocols. Application allow list. Default password changes. Access control permissions.

Which of the following is a benefit of Launching a bug bounty program? (Choose two.). Improved reputation for the organization. Reduction in the number of zero-day vulnerabilities. Increased security awareness for the workforce. Reduced cost of managing the program. Quicker discovery of vulnerabilities. Improved patch management process.

Which of the following security controls are a company implementing by deploying HIPSQ (Choose two.). Directive. Preventive. physical. Corrective. Compensating. Detective.

Which of the following best explains a concern with OS-based vulnerabilities?. An exploit would give an attacker access to system functions that span multiple applications. The OS vendor’s patch cycle Is not frequent enough to mitigate the large number of threats. Most users trust the core operating system features and may not notice if the system has been compromised. Exploitation of an operating system vulnerability is typically easier than any other vulnerability.

Which of the following is the most likely benefit of conducting an internal audit?. Findings are reported to shareholders. Reports are not formal and can be reassigned. Control gaps are identified for remediation. The need for external audits is eliminated.

An organization discovers that its cold site does not have enough storage and computers available- Which of the following was most likely the cause of this failure?. Capacity planning. Load balancing. Backups. Platform diversity.

Which of the following attacks uses a website to collectively target a group of developers within an organization?. Typosquatting. Watering hole. Denial of service. Credential replay.

During a penetration test in a hypervisor, the security engineer is able to use a script to inject a malicious payload and access the host filesystem. Which of the following best describes this vulnerability?. VM escape. Cross-site scripting. Malicious update. SQL injection.