SY0_701_100 Part 6

An auditor notices that, before logging into the firewall, an employee opens a document in a shared folder that contains administrative credentials. Which of the following should the auditor recommend implementing?. Situational awareness. Operational security. Password management. Acceptable use policy.

Which of the following is the best safeguard to protect against an extended power failure?. Off-site backups. Batteries. Uninterruptible power supplies. Generators.

Which of the following data protection strategies can be used to confirm file integrity?. Masking. Encryption. Hashing. Obfuscation.

Users see a certificate warning on their browsers when connecting to the server over HTTPS Which of the following is the most likely cause?. The server is using a wildcard certificate. The server is using a root certificate. The sever is using no certificate at all. The server is using a self-signed certificate.

Which of the following is the best reason to complete an audit in a banking environment?. Regulatory requirement. Organizational change. Self-assessment requirement. Service-level requirement.

A security analyst identifies an employee who added an unauthorized wireless router to an office branch. After an investigation, the router is removed, and the employee is given mandatory retraining. Which of the following best describes this incident?. Unskilled attacker. Hacktivist. Nation-state. Shadow IT.

A recent review of logs indicates many attempts to join an internal wireless network from external devices. The connections appear to be originating from surrounding buildings. Which of the following would best help minimize the visibility of the wireless network?. Mobile device management. Pre-shared keys. Heat maps. Site survey.

A security analyst wants to automate a task that shares data between programs. Which of the following is the best option for the analyst to use?. SOAR. API. SFTP. RDP.

Which of the following describes effective change management procedures?. Approving the change after a successful deployment. Having a backout plan when a patch fails. Using a spreadsheet for tracking changes. Using an automatic change control bypass for security updates.

Which of the following attacks exploits a potential vulnerability as a result of direct access to a system using weak cryptographic algorithms?. Password cracking. On-path. Digital signing. Side-channel.

A remote employee navigate to a shopping website on their company-owned computer. The employee clicks a link that contains a malicious file. Which of the following would prevent this file from downloading?. DLP. FIM. NAC. EDR.

A customer changes the underlying file structure of a new mobile Phone to install a keylogger with administrator permissions. Which of the following does this best describe?. Resource reuse. Bloatware installation. Side loading. Jailbreaking.

A company decides to purchase an insurance policy. Which of the following risk management strategies is this company implementing?. Mitigate. Accept. Avoid. Transfer.

Which of the following describes the reason for using an MDM solution to prevent jailbreaking?. To secure end-of-life devices from incompatible firmware updates. To avoid hypervisor attacks through VM escape. To eliminate buffer overflows at the application layer. To prevent users from changing the OS of mobile devices.

A security team installs an IPS on an organization's network and needs to configure the system to detect and prevent specific network attacks. Which of the following settings should the team configure first within the IPSQ?. Allow list policies. Packet inspection. Logging and reporting. Firewall rules.

A systems administrator needs to provide traveling employees with a security measure that will protect company devices regardless of where they are working. Which of the following should the administrator implement?. Isolation. Segmentation. ACL. HIPS.

Which of the following principles requires that a company must keep files or records for a prescribed period of time before it disposes of those files or records?. Data verification. Data backups. Data archiving. Data retention.

Which of the following is the best mitigation for a zero-day vulnerability found in mission-critical production servers that must be highly available?. Virtualizing and migrating to a containerized instance. Removing and sandboxing to an isolated network. Monitoring and implementing compensating controls. Patching and redeploying to production as quickly as possible.

A company executive connects to various networks, such as hotel guest Wi-Fi. while traveling. A security analyst needs to provide a solution that will allow the executive to securely access the corporate internal resources. Which of the following would best meet this requirement?. EAP. Jump server. Perimeter network. VPN.

Which of the following architecture models ensures that critical systems are physically isolated on the network to prevent access from users with remote access privileges?. Segmentation. Virtualized. Air-gapped. Serverless.

Which of the following is used to monitor suspicious traffic in real time between multiple systems within an organization?. NetFlow. Infrared sensors. Development network. Honeynet.

A security analyst is reviewing the security of a SaaS application that the company intends to purchase. Which of the following documentations should the security analyst request from the SaaS application vendor?. Service-level agreement. Third-party audit. Statement of work. Data privacy agreement.

An administrator has configured a quarantine subnet for all guest devices that connect to the network. Which of the following would be best for the security team to configure on the MDM before allowing access to corporate resources?. Device fingerprinting. Compliance attestation. NAC. 802 .1X.

A company wants to update its disaster recovery plan to include a dedicated location for immediate continued operations if a catastrophic event occurs. Which of the following options is best to include in the disaster recovery plan?. Hot site. Warm site. Geolocation. Cold site.

A security administrator protects passwords by using hashing- Which of the following best describes What the administrator is doing?. Adding extra characters at the end to increase password length. Generating a token to make the passwords temporal. Using mathematical algorithms to make passwords unique. Creating a rainbow table to protect passwords in a list.

A security team receives reports about high latency and complete network unavailability throughout most of the office building- Flow logs from the campus switches show high traffic on TCP 445. Which of the following is most likely the root cause of this incident?. Buffer overflow. NTP amplification attack. Worm. Kerberoasting attack.

A security analyst is monitoring logs from the organization's SIEM and identifies logs related to one of their salespeople: image Which of the following is being displayed in the logs?. Impossible travel. SMTP replay. Directory traversal. Cross-site request forgery.

A security analyst must prevent remote users from accessing malicious URLs. The sites need to be checked inline for reputation, content, or categorization. Which of the following technologies will help secure the enterprise?. VPN. SASE. NGFW. SD-WAN.

An analyst discovers a suspicious item in the SQL server logs- Which of the following could be evidence of an attempted SQL injection?. cat /etc/ shadow. dig 25.36.99.11. cd ../../../. Userld - 10 OR 1-1.

Which of the following digital forensics activities would a security team perform when responding to legal requests in a pending investigation?. E-discovery. User provisioning. Firewall log export. Root cause analysis.

A security analyst is reviewing the security or a SaaS application that the company intends to purchase. Which of the following documentations should the security analyst request from the SaaS application vendor?. Service-level agreement. Third-party audit. Statement or work. Data privacy agreement.

A security patch is applied to a server. Which of the following will validate this remediation?. Rescanning. Dynamic analysis. Reporting. Static analysis.

Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?. To track the status of patching installations. To find shadow IT Cloud deployments. To continuously monitor hardware inventory. To hunt for active attackers in the network.

A company is required to use certified hardware when building networks. Which of the following best addresses the risks associated with procuring counterfeit hardware?. A thorough analysis of the supply Chain. A legally enforceable corporate acquisition policy. A right to audit clause in vendor contracts and SOWs. An in-depth penetration test of all suppliers and vendors.

While a school district is performing state testing, a security analyst notices all internet services are unavailable. The analyst discovers that ARP poisoning is occurring on the network ana then terminates access for the host. Which of the following is most likely responsive for this malicious activity?. Unskilled attacker. Shadow IT. Credential stuffing. DMARC failure.

The internal security team is investigating a suspicious attachment and wants to perform a behavior analysis in an isolated environment. Which of the following will the security team most likely use?. Sandbox. Jump server. Work computer. Container.

Which of the following hardening techniques must be applied on a container image before deploying it to a production environment? (Choose two.). Remove default applications. Install a NIPS. Disable Telnet. Reconfigure the DNS. Add an SFTP server.

A group of people is working together to run multiple ransomware attacks against targets that the group selected to yield the most financial gain. Which of the following best describes this type of activity?. Organized crime. Nation-state actor. Shadow IT. Hacktivism.

Which of the following is the best way to remove personal data from a social media account that is no longer being used?. Exercise the right to be forgotten. Uninstall the social media application. Perform a factory reset. Terminate the social media account.

An organization has experienced a breach because a hacker utilized a standard users two-year-old password that the hacker found on the dark web. Which of the following would have prevented this attack?. Privileged access management. Account lockout. Reuse policy. Complexity requirements.

A Chief Information Security Officer (CISO) of an enterprise environment wants to ensure that users cannot navigate to known malicious domains. The CISO also wants web traffic on the network inspected for malicious activity. Which of the following actions should the CISO take?. Place the intrusion system into IPS mode to block incoming malicious domains, and ensure secure protocol selection is enforced on all network segments. Deploy EDR software on all company systems, and perform user behavior analytics to detect users going to anomalous domains. Ensure the company's name servers use DNS filtering, and configure systems to use a centralized TLS proxy to inspect all HTTP and HTTPS traffic. Set up a NAC on all segments of the company network, and set the network firewall to block known malicious port numbers at the perimeter.

After completing onboarding at a company and reviewing the company's handbooks and ACIP an employee downloads an unapproved application on a company desktop. Which of the following is the best course of action tor the company to take?. Educate the employee's manager. Silently uninstall the software. Ensure the employee completes focused training. Terminate the employee.

A company is experiencing loss of availability due to excessive trafic to their front-end web servers. The company hires a digital forensics expert to investigate the incident. Which of the following logs should the digital forensics expert review first to diagnose the details of this incident?. Router. Load balancer. Switch. Firewall.

An organization has published a list of domains that end users are not authorized to visit on company devices in order to mitigate data loss or installation or malicious code. A security analyst observes multiple successful attempts to reach a new suspicious domain from an end user's workstation. Which of the following options can best prevent future access to unauthorized domains?. Assign user awareness training. Modify the unauthorized content policy. Deploy an allow list. Update the proxy filters.

Users report that certain processes from a batch job are not working correctly and various resources are unavailable. An application owner provides the source and destination address information, and the errors are replicated for troubleshooting purposes. Which of the following should the security team perform next to help isolate the on going issue?. Penetration testing. Packet capture. Vulnerability scan. Firewall rues analysis.

A user receives a malicious text message that routes to a fake bank login. Which of the following attack types does this scenario describe?. Impersonation. Phishing. Vishing. Smishing.

An employee decides to collect PII data from the company's system for personal use. The employee compresses the data into a single encrypted file before sending the file to their personal email. The security department becomes aware of the attempted misuse and blocks the attachment from leaving the corporate environment. Which of the following types of employee training would most likely reduce the occurrence of this type of issue? (Choose two.). Privacy legislation. Social engineering. Risk management. Company compliance. Phishing. Remote work.

Which of the following would best allow a company to prevent access to systems from the internet?. Containerization. Virtualization. SD-WAN. Air-gapped.

While conducting a business continuity tabletop exercise, the security team becomes concerned by potential impacts if a generator were to develop a fault during an extended outage. Which of the following is the team most likely to consider when conducting and planning infrastructure maintenance activities?. RPO. ARO. MTBF. MTTR.

Which of the following prevents unauthorized modifications to internal processes, assets, and security controls?. Change management. Playbooks. Incident response. Acceptable use policy.

A company's Chief Information Security Officer (CISO) wants to enhance the capabilities of the incident response team. The CISO directs the incident response team to deploy a tool that rapidly analyzes host and network data from potentially compromised systems and forwards the data for further correlation and reporting. Which of the following tools should the incident response team deploy?. NAC. IPS. SIEM. EDR.

Which of the following vulnerabilities results in an application running extremely slowly due to an abnormally large number of incoming packets?. Race conditions. Cross-site scripting. Buffer overflow. Side loading.

A company experiences a breach. The investigation reveals that the threat actor used a zero-day vulnerability to gain access and move laterally. Which of the following would best improve the company's security posture and minimize the time to detect this type of incident?. NAC. IDS. DLP. UBA.

Which of the following data types best describes an Al tool developed by a company to automate the ticketing system under a specific contract?. Classified. Regulated information. Open source. Intellectual property.

A user sits in a coffee shop on a government-issued laptop. A stranger starts a conversation with the user and starts asking about where the user works, What mission the user works in, and additional personal information. Which of the following best describes the stranger's behavior?. Insider threat. Phishing. Social engineering. Risky.

A security analyst is working with the IT group to define appropriate procedures for the destruction of media and assets in the enterprise environment. Which of the following methods provides the strongest level of assurance that the data has been disposed of properly?. Degaussing. Multipass wipe. Hashing. Erasure. Shredding.

A security officer observes that a software development team is not complying with its corporate security policy on encrypting confidential data. Which of the following categories refers to this type of non-compliance?. External. Standard. Regulation. Internal.

Which of the following is an advantage of a microservice-based architecture over traditional software architectures?. Updates can be done one or more times per day if security issues arise. Managing communication between microservices is more streamlined. The internal structure of the code is hidden from users, making exploits more difficult to write. The services are written by a single team and can be debugged more quickly.

Which of the following most securely protects data at rest?. TLS 12. AES-256. Masking. Salting.

Which of the following is a risk for a company using end-of-life applications on its network?. Default credentials. Open service ports. Vulnerable software. Insecure networks.

An accounting clerk sent money to an attacker's bank account after receiving fraudulent instructions over the Phone to use a new account. Which of the following would most likely prevent this activity in the future?. Standardizing security incident reporting. Executing regular phishing campaigns. Implementing insider threat detection measures. Updating processes for sending wire transfers.

A company's security team is reviewing its business continuity plan and must determine the amount of time needed for operations to resume after a disaster. Which of the following describes the time frame the security team is trying to determine?. Recovery time objective. Recovery point objective. Mean time between failures. Mean time to repair.

An organization purchases software from an overseas company. The organization's IDS solution detects that advertising data from the software is unexpectedly reporting back to the overseas company. Which of the following threat vectors does this best describe?. Espionage. Supply Chain. Nation-state. Insider threat.

Which of the following is a vulnerability concern for end-of-life hardware?. Failure to follow hardware disposal procedures could result in unintended data release. The supply Chain may not have replacement hardware. Newly released software may require computing resources not available on legacy hardware. The vendor may stop providing patches and updates.

Which of the following can be best used to discover a company's publicly available breach information?. OSINT. SIEM. CVE. CVSS.

Which of the following is a component of a risk register?. Key risk indicators. Continuous risk assessment. Risk appetite. Risk culture.

Which of the following makes lac a preferred security architecture over traditional infrastructure models?. Common attacks are less likely to be effective. Configuration can be better managed and replicated. Outsourcing to a third party with more expertise in network defense is possible. Optimization can occur across a number of computing instances.

A company wants to ensure that a mission-critical database can only be accessed from specific internal IP addresses. Which of the following should the company deploy to meet this requirement?. Web application firewall. Network tap. Intrusion prevention system. Jump server.

Which of the following encryption methods protects data if a user loses their laptop?. Volume. Full disk. Partition. File.

A security administrator must use a strategy to protect the company's data. The security administrator decides to deploy FDE on the end user devices and TLS for all web connections. Which of the following concepts are being used? (Choose two.). Data segmentation. Data in transit. Data sovereignty. Data in use. Data at rest. Data redundancy.

An administrator investigating an incident is concerned about the downtime of a critical server due to a failed drive. Which of the following would the administrator use to estimate the time needed to fix the issue?. MTTR. MTBF. RTO. RPO.

A red-team provider tailgates into an organization's facility. Which of the following has occurred?. Insider threat. Brute-force attack. Physical penetration test. Active reconnaissance.

A store is setting up wireless access for their employees. Management wants to limit the number of access points while ensuring all areas of the store are covered. Which of the following tools will help management determine the number of access points needed?. Signal locator. WPA3. Heat map. Site survey.

Which of the following agreements defines response time, escalation points, and performance metrics?. BPA. MOA. NDA. SLA.

A security engineer has been assigned to work on a request from outside counsel. The security engineer must prove all email correspondence within a specific date range. Which of the following actions should be taken first in response to the request?. Send litigation hold notifications to identify affected data. Form a team to determine root cause analysis. Establish the Chain of custody. Determine the type of preservation needed for evidence.

During an assessment, an organization provides a penetration tester with a website URL and login credentials. However, the tester does not have access to the source code. Which of the following describes the type of test being performed?. Partially known. Unknown. Known. Obfuscated.

A business manager is concerned about the availability of an application running on hardware in the local data center. Which of the following solutions will improve availability while reducing maintenance overhead?. Deploy load balancing and HA. Transition from on premises to cloud. Purchase cybersecurity insurance. Decommission end-of-life hardware.

A CIRT team updates their playbooks to include instructions to respond to a ransomware attack To prepare for a real event, the team performs a simulation and assesses their performance afterward. Which of the following activities does this describe?. Lessons learned. Root cause analysis. Disaster recovery planning. Tabletop exercise.

A security analyst regularly receives emails from users who are concerned that attached files may be malicious. Which of the following should the analyst use to evaluate the suspicious files and report back as to whether or not files are a threat?. Sanitization. Sandbox. Static analysis. Enumeration.

Which of the following best describes when a user installs an application from an unofficial application store?. Side loading. Jailbreaking. Privilege escalation. Code signing.

A security analyst learns that an attack vector, which was used as a part of a recent incident, was a well-known IOT device exploit. The analyst needs to review logs to identify the time of initial exploit. Which of the following logs should the analyst review first?. Wireless access point. Switch. Firewall. NAC.

Which of the following describes an agent-based application that detects and blocks malicious behavior on enterprise systems while disconnected from the corporate network?. Endpoint protection. System patching. HDS. NGFW.

Which of the following would be used to detect an employee who is emailing a customer list to a personal account before leaving the company?. DLP. IDS. FIM. EDR.

Which of the following is the most closely associated with confidentiality?. NDA. SOW. MOU. BPA.

A private equity firm has been the target of protests. The firm discovers its public website has been defaced. Which of the following is most likely the threat actor?. Nation-state. Unskilled attacker. Organized crime. Hacktivist.

A database engineer needs sample customer data for testing purposes. Which of the following techniques can be used to remove sensitive information from database records while still providing sufficient data to perform testing?. Obfuscation. RBAC. Tokenization. Filtering.

A manager meets with various stakeholders involved with a recently resolved security incident. During the meeting, they discuss potential improvements to the environment in order to better respond to future incidents- Which of the following incident response activities does this describe?. Recovery. Analysis. Lessons learned. Containment.

Which of the following cryptographic solutions would allow an organization to recover encrypted data after a key becomes corrupted or is deleted?. Self-signed certificates. Escrow. Tokenization. Trusted Platform Module.

After multiple phishing simulations, the Chief Security Officer announces a new program that incentives employees to not click phishing links in the upcoming quarter. Which of the following security awareness execution techniques does this represent?. Computer-based training. Insider threat awareness. SOAR playbook. Gamification.

A security analyst sees an increase of vulnerabilities on workstations after a deployment of a company group policy. Which of the following vulnerability types will the analyst most likely find on the workstations?. Misconfiguration. Zero-day. Malicious update. Supply Chain.

Which of the following data recovery strategies will result in a quick recovery at Iow costa?. Hot. Cold. Manual. Warm.

An organization failed to account for the right-to-be-forgotten regulations. Which of the following impacts might this action have on the company?. Fines. Data breaches. Revenue Ioss. Blackmail.

Which of the following can automate vulnerability management?. CVE. SCAP. OSINT. CVSS.

Which of the following uses proprietary controls and is designed to function in harsh environments over many years with limited remote access management?. loT. ICS. Microservers. Containers.

Which of the following is a reason to perform a one-time risk assessment?. Quantifying an annual Ioss expectancy. Updating the risk register periodically. Complying with a regulation. Decommissioning an application.

A security team wants to work with the same organization's development team to ensure WAF policies are automatically created when applications are deployed. Which of the following concepts describes this capability?. IaC. loc. loT. laaS.

An EDR solution recognizes that a specific workstation has outbound traffic to a malicious IP. Which of the following would be the best action to take to contain the threat?. Change the passwords for all users accessing that workstation. Isolate the workstation as part of immediate response. Patch the workstation because it is likely vulnerable. Review the hardening and policies affecting that workstation.

An MSSP manages firewalls for hundreds of clients. Which of the following tools would be most helpful to create a standard configuration template in order to improve the efficiency of firewall changes?. SNMP. Benchmarks. Netflow. SCAP.

A company is experiencing issues with employees leaving the company for a competitor and taking customer contact information with them. Which of the following tools will help prevent this from recurring?. IDS. FIM. NAC. UBA.

Which of the following would most likely prevent exploitation of an end-of-life, business critical system?. Monitoring. Isolation. Decommissioning. Encryption.