SY0_701_100 Part 7

Which of the following is the best physical security control to prevent damage from a vehicle?. Security guard. Fencing. Lighting. Bollards.

Which of the following is the most likely motivation for a hacktivist?. Financial gain. Service disruption. Philosophical beliefs. Corporate espionage.

An employee from the accounting department logs in to the website used for processing the company/s payments. After logging in, a new desktop application automatically downloads on the employee's computer and causes the computer to restart. Which of the following attacks has occurred?. XSS. Watering hole. Typosquatting. Buffer overflow.

Which of the following is a company addressing when it rolls out MDM on all COPE devices?. Malware outbreaks. Phishing attacks. Unsupported applications. Data masking.

Which of the following threat actors would most likely target an organization by using a logic bomb within an internally-developed application?. Nation-state. Trusted insider. Organized crime group. Hacktivist.

Which of the following security concepts is being followed when applying encryption to sensitive data?. Confidentiality. Non-repudiation. Availability. Integrity.

Which of the following strategies most effectively protects sensitive data at rest in a database?. Hashing. Masking. Tokenization. Obfuscation.

An IT team rolls out a new management application that uses a randomly generated MFA token that is sent to the administrators phone. Despite this new MFA precaution, there is a security breach of the same software. Which of the following describes this kind of attack?. Smishing. Typosquatting. Espionage. Pretexting.

During the investigation of a webmail log-in using compromised credentials, a security analyst needs to review information about the source IP for the log-in. Which of the following logs should the analyst retrieve?. Network. Application. System. Firewall.

Which of the following should be used to ensure that a device is inaccessible to a network-connected resource?. Disablement of unused services. Web application firewall. Host isolation. Network-based IDS.

Which of the following should be deployed on an external facing web server in order to establish an encrypted connection?. Public key. Private key. Asymmetric key. Symmetric key.

An organization is evaluating the cost of licensing a new solution to prevent ransomware. Which of the following is the most helpful in making this decision?. ALE. SLE. RTO. ARO.

While browsing a web page, a user receives a pop-up with a link telling them to navigate to another site. To which of the following is the site vulnerable?. DoS. XSS. SQLi. TOC.

A business is expanding to a new country and must protect customers from accidental disclosure of specific national identity information. Which of the following should the security engineer update to best meet business requirements?. SIEM. SCAP. DLP. WAF.

Which of the following would an organization most likely use to minimize the loss of data on a file server in the event that data needs to be restored due to loss of the primary sever?. Monitoring. Journaling. Obfuscation. Tokenization.

Which of the following should be used to select a label for a file based on the file's value, sensitivity, or applicable regulations?. Verification. Certification. Classification. Inventory.

A security analyst is collecting evidence in response to an incident. Which of the following must the analyst maintain in order to ensure the admissibility of the evidence in a court case?. Chain of custody. Legal hold. E-discovery. Tabletop exercise.

Which of the following should a security analyst use to prioritize the remediation of a vulnerability?. loC. OSINT. CVE. CVSS.

A security analyst reviews the following SIEM events: image Which of the following best describes the observed behavior?. Brute-force attack. Privilege escalation. Cross-site scripting. Password sharing.

Which of the following types of vulnerabilities involves attacking a system to access adjacent hosts?. VM escape. Side loading. Remote code execution. Resource exhaustion.