SY0_701_100 Part 6

An auditor notices that, before logging into the firewall, an employee opens a document in a shared folder that contains administrative credentials. Which of the following should the auditor recommend implementing?. Situational awareness. Operational security. Password management. Acceptable use policy.

Which of the following is the best safeguard to protect against an extended power failure?. Off-site backups. Batteries. Uninterruptible power supplies. Generators.

Which of the following data protection strategies can be used to confirm file integrity?. Masking. Encryption. Hashing. Obfuscation.

Users see a certificate warning on their browsers when connecting to the server over HTTPS Which of the following is the most likely cause?. The server is using a wildcard certificate. The server is using a root certificate. The sever is using no certificate at all. The server is using a self-signed certificate.

Which of the following is the best reason to complete an audit in a banking environment?. Regulatory requirement. Organizational change. Self-assessment requirement. Service-level requirement.

A security analyst identifies an employee who added an unauthorized wireless router to an office branch. After an investigation, the router is removed, and the employee is given mandatory retraining. Which of the following best describes this incident?. Unskilled attacker. Hacktivist. Nation-state. Shadow IT.

A recent review of logs indicates many attempts to join an internal wireless network from external devices. The connections appear to be originating from surrounding buildings. Which of the following would best help minimize the visibility of the wireless network?. Mobile device management. Pre-shared keys. Heat maps. Site survey.

A security analyst wants to automate a task that shares data between programs. Which of the following is the best option for the analyst to use?. SOAR. API. SFTP. RDP.

Which of the following describes effective change management procedures?. Approving the change after a successful deployment. Having a backout plan when a patch fails. Using a spreadsheet for tracking changes. Using an automatic change control bypass for security updates.

Which of the following attacks exploits a potential vulnerability as a result of direct access to a system using weak cryptographic algorithms?. Password cracking. On-path. Digital signing. Side-channel.

A remote employee navigate to a shopping website on their company-owned computer. The employee clicks a link that contains a malicious file. Which of the following would prevent this file from downloading?. DLP. FIM. NAC. EDR.

A customer changes the underlying file structure of a new mobile Phone to install a keylogger with administrator permissions. Which of the following does this best describe?. Resource reuse. Bloatware installation. Side loading. Jailbreaking.

A company decides to purchase an insurance policy. Which of the following risk management strategies is this company implementing?. Mitigate. Accept. Avoid. Transfer.

Which of the following describes the reason for using an MDM solution to prevent jailbreaking?. To secure end-of-life devices from incompatible firmware updates. To avoid hypervisor attacks through VM escape. To eliminate buffer overflows at the application layer. To prevent users from changing the OS of mobile devices.

A security team installs an IPS on an organization's network and needs to configure the system to detect and prevent specific network attacks. Which of the following settings should the team configure first within the IPSQ?. Allow list policies. Packet inspection. Logging and reporting. Firewall rules.

A systems administrator needs to provide traveling employees with a security measure that will protect company devices regardless of where they are working. Which of the following should the administrator implement?. Isolation. Segmentation. ACL. HIPS.

Which of the following principles requires that a company must keep files or records for a prescribed period of time before it disposes of those files or records?. Data verification. Data backups. Data archiving. Data retention.

Which of the following is the best mitigation for a zero-day vulnerability found in mission-critical production servers that must be highly available?. Virtualizing and migrating to a containerized instance. Removing and sandboxing to an isolated network. Monitoring and implementing compensating controls. Patching and redeploying to production as quickly as possible.

A company executive connects to various networks, such as hotel guest Wi-Fi. while traveling. A security analyst needs to provide a solution that will allow the executive to securely access the corporate internal resources. Which of the following would best meet this requirement?. EAP. Jump server. Perimeter network. VPN.

Which of the following architecture models ensures that critical systems are physically isolated on the network to prevent access from users with remote access privileges?. Segmentation. Virtualized. Air-gapped. Serverless.

Which of the following is used to monitor suspicious traffic in real time between multiple systems within an organization?. NetFlow. Infrared sensors. Development network. Honeynet.

A security analyst is reviewing the security of a SaaS application that the company intends to purchase. Which of the following documentations should the security analyst request from the SaaS application vendor?. Service-level agreement. Third-party audit. Statement of work. Data privacy agreement.

An administrator has configured a quarantine subnet for all guest devices that connect to the network. Which of the following would be best for the security team to configure on the MDM before allowing access to corporate resources?. Device fingerprinting. Compliance attestation. NAC. 802 .1X.

A company wants to update its disaster recovery plan to include a dedicated location for immediate continued operations if a catastrophic event occurs. Which of the following options is best to include in the disaster recovery plan?. Hot site. Warm site. Geolocation. Cold site.

A security administrator protects passwords by using hashing- Which of the following best describes What the administrator is doing?. Adding extra characters at the end to increase password length. Generating a token to make the passwords temporal. Using mathematical algorithms to make passwords unique. Creating a rainbow table to protect passwords in a list.

A security team receives reports about high latency and complete network unavailability throughout most of the office building- Flow logs from the campus switches show high traffic on TCP 445. Which of the following is most likely the root cause of this incident?. Buffer overflow. NTP amplification attack. Worm. Kerberoasting attack.

A security analyst is monitoring logs from the organization's SIEM and identifies logs related to one of their salespeople: image Which of the following is being displayed in the logs?. Impossible travel. SMTP replay. Directory traversal. Cross-site request forgery.

A security analyst must prevent remote users from accessing malicious URLs. The sites need to be checked inline for reputation, content, or categorization. Which of the following technologies will help secure the enterprise?. VPN. SASE. NGFW. SD-WAN.

An analyst discovers a suspicious item in the SQL server logs- Which of the following could be evidence of an attempted SQL injection?. cat /etc/ shadow. dig 25.36.99.11. cd ../../../. Userld - 10 OR 1-1.

Which of the following digital forensics activities would a security team perform when responding to legal requests in a pending investigation?. E-discovery. User provisioning. Firewall log export. Root cause analysis.

A security analyst is reviewing the security or a SaaS application that the company intends to purchase. Which of the following documentations should the security analyst request from the SaaS application vendor?. Service-level agreement. Third-party audit. Statement or work. Data privacy agreement.

A security patch is applied to a server. Which of the following will validate this remediation?. Rescanning. Dynamic analysis. Reporting. Static analysis.

Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?. To track the status of patching installations. To find shadow IT Cloud deployments. To continuously monitor hardware inventory. To hunt for active attackers in the network.

A company is required to use certified hardware when building networks. Which of the following best addresses the risks associated with procuring counterfeit hardware?. A thorough analysis of the supply Chain. A legally enforceable corporate acquisition policy. A right to audit clause in vendor contracts and SOWs. An in-depth penetration test of all suppliers and vendors.

While a school district is performing state testing, a security analyst notices all internet services are unavailable. The analyst discovers that ARP poisoning is occurring on the network ana then terminates access for the host. Which of the following is most likely responsive for this malicious activity?. Unskilled attacker. Shadow IT. Credential stuffing. DMARC failure.

The internal security team is investigating a suspicious attachment and wants to perform a behavior analysis in an isolated environment. Which of the following will the security team most likely use?. Sandbox. Jump server. Work computer. Container.

Which of the following hardening techniques must be applied on a container image before deploying it to a production environment? (Choose two.). Remove default applications. Install a NIPS. Disable Telnet. Reconfigure the DNS. Add an SFTP server.

A group of people is working together to run multiple ransomware attacks against targets that the group selected to yield the most financial gain. Which of the following best describes this type of activity?. Organized crime. Nation-state actor. Shadow IT. Hacktivism.

Which of the following is the best way to remove personal data from a social media account that is no longer being used?. Exercise the right to be forgotten. Uninstall the social media application. Perform a factory reset. Terminate the social media account.

An organization has experienced a breach because a hacker utilized a standard users two-year-old password that the hacker found on the dark web. Which of the following would have prevented this attack?. Privileged access management. Account lockout. Reuse policy. Complexity requirements.

A Chief Information Security Officer (CISO) of an enterprise environment wants to ensure that users cannot navigate to known malicious domains. The CISO also wants web traffic on the network inspected for malicious activity. Which of the following actions should the CISO take?. Place the intrusion system into IPS mode to block incoming malicious domains, and ensure secure protocol selection is enforced on all network segments. Deploy EDR software on all company systems, and perform user behavior analytics to detect users going to anomalous domains. Ensure the company's name servers use DNS filtering, and configure systems to use a centralized TLS proxy to inspect all HTTP and HTTPS traffic. Set up a NAC on all segments of the company network, and set the network firewall to block known malicious port numbers at the perimeter.

After completing onboarding at a company and reviewing the company's handbooks and ACIP an employee downloads an unapproved application on a company desktop. Which of the following is the best course of action tor the company to take?. Educate the employee's manager. Silently uninstall the software. Ensure the employee completes focused training. Terminate the employee.

A company is experiencing loss of availability due to excessive trafic to their front-end web servers. The company hires a digital forensics expert to investigate the incident. Which of the following logs should the digital forensics expert review first to diagnose the details of this incident?. Router. Load balancer. Switch. Firewall.

An organization has published a list of domains that end users are not authorized to visit on company devices in order to mitigate data loss or installation or malicious code. A security analyst observes multiple successful attempts to reach a new suspicious domain from an end user's workstation. Which of the following options can best prevent future access to unauthorized domains?. Assign user awareness training. Modify the unauthorized content policy. Deploy an allow list. Update the proxy filters.

Users report that certain processes from a batch job are not working correctly and various resources are unavailable. An application owner provides the source and destination address information, and the errors are replicated for troubleshooting purposes. Which of the following should the security team perform next to help isolate the on going issue?. Penetration testing. Packet capture. Vulnerability scan. Firewall rues analysis.

A user receives a malicious text message that routes to a fake bank login. Which of the following attack types does this scenario describe?. Impersonation. Phishing. Vishing. Smishing.

An employee decides to collect PII data from the company's system for personal use. The employee compresses the data into a single encrypted file before sending the file to their personal email. The security department becomes aware of the attempted misuse and blocks the attachment from leaving the corporate environment. Which of the following types of employee training would most likely reduce the occurrence of this type of issue? (Choose two.). Privacy legislation. Social engineering. Risk management. Company compliance. Phishing. Remote work.

Which of the following would best allow a company to prevent access to systems from the internet?. Containerization. Virtualization. SD-WAN. Air-gapped.

While conducting a business continuity tabletop exercise, the security team becomes concerned by potential impacts if a generator were to develop a fault during an extended outage. Which of the following is the team most likely to consider when conducting and planning infrastructure maintenance activities?. RPO. ARO. MTBF. MTTR.

Which of the following prevents unauthorized modifications to internal processes, assets, and security controls?. Change management. Playbooks. Incident response. Acceptable use policy.