SY0_701_multiplas

To improve the security at a data center, a security administrator implements a CCTV system and posts several signs about the possibility of being filmed- Which of the following best describe these types of controls? (Choose two.). preventive. Deterrent. Corrective. Directive. Compensating. Detective.

Which of the following methods can be used to detect attackers who have successfully infiltrated a network? (Choose two.). Tokenization. CVCD. Honeypots. Threat modeling. DNS sinkhole. Data obfuscation.

A network team segmented a critical, end-of-life sever to a VLAN that can only be reached by specific devices but cannot be reached by the perimeter network. Which of the following best describe the controls the team implemented? (Choose two.). Managerial physical. Corrective. Detective. Compensating. Technical. Deterrent.

A security analyst at an organization observed several user logins from outside the organization's network. The analyst determined that these logins were not performed by individuals within the organization. Which of the following recommendations would reduce the likelihood of future attacks? (Choose two.). Disciplinary actions for users. Conditional access policies. More regular account audits. Implementation of additional authentication factors. Enforcement of content filtering policies. A review of user account permissions.

A security team is addressing a risk associated with the attack surface of the organization's web application over port 443. Currently, no advanced network security capabilities are in place. Which of the following would be best to set up? (Choose two.). NDS. Honeypot. Certificate revocation list. HIPS. WAF. SIEM.

A company is developing a critical system for the government and storing project information on a file share. Which of the following describes how this data will most likely be classified? (Choose two.). Private. Confidential. Public. Operational. Urgent. Restricted.

A company installed cameras and added signs to alert visitors that they are being recorded. Which of the following controls did the company implement?(Choose two.). Directive. Deterrent. Preventive. Detective. Corrective. Technical.

A company Plans to secure its systems by: • Preventing users from sending sensitive data over corporate email • Restricting access to potentially harmful websites Which of the following features should the company set up?(Choose two.). DLP software. DNS filtering. File integrity monitoring. Stateful firewall. Guardrails. Antivirus signature.

An organization's web servers host an online ordering system. The organization discovers that the servers are vulnerable to a malicious JavaScript injection, which could allow attackers to access customer payment information. Which of the following mitigation strategies would be most effective for preventing an attack on the organization's web servers? (Choose two.). Regularly updating server software and patches. Implementing Strong password policies. Encrypting sensitive data at rest and in transit. Utilizing a web-application firewall. Performing regular vulnerability scans. Removing payment information from the servers.

An organization is implementing a COPE mobile device management policy. Which of the following should the organization include in the COPE policy? (Choose two.). Remote wiping of the device. Data encryption. Requiring passwords with eight characters. Data usage caps. Employee data ownership. Personal application Store access.

Which of the following best describe the benefits of a microservices architecture when compared to a monolithic architecture? (Choose two.). Easier debugging of the system. Reduced cost of ownership of the system. Improved scalability of the system. Increased compartmentalization of the system. Stronger authentication of the system.

An organization wants to implement a secure solution for remote users. The users handle sensitive PHI on a regular basis and need to access an internally developed corporate application. Which of the following best meet the organization's security requirements? (Choose two.). Local administrative password. Perimeter network. Jump server. WAF. MFA. VPN.

Which of the following are the best security controls for controlling on-premises access? (Choose two.). Swipe card. Picture ID. Phone authentication application. Biometric scanner. Camera. Memorable question.

A security analyst needs to improve the company's authentication policy following a password audit. Which of the following should be included in the policy? (Choose two.). Length. Complexity. Least privilege. Something you have. Security keys. Biometrics.

Which of the following are the first steps an analyst should perform when developing a heat map? (Choose two.). Methodically walk around the office noting Wi-Fi signal strength. Create or obtain a layout of the office. Measure cable lengths between access points. Create or obtain a layout of the office. Review access logs to determine the most active devices. Remove possible impediments to radio transmissions.