SY0-401 (v.4) 7
A user has received an email from an external source which asks for details on the company’s new product line set for release in one month. The user has a detailed spec sheet but it is marked “Internal Proprietary Information”. Which of the following should the user do NEXT?
Contact their manager and request guidance on how to best move forward
Contact the help desk and/or incident response team to determine next steps
Provide the requestor with the email information since it will be released soon anyway
Reply back to the requestor to gain their contact information and call them
Which of the following is BEST carried out immediately after a security breach is discovered?
Risk transference
Access control revalidation
Change management
Incident management
A security analyst informs the Chief Executive Officer (CEO) that a security breach has just occurred. This results in the Risk Manager and Chief Information Officer (CIO) being caught unaware when the CEO asks for further information. Which of the following strategies should be implemented to ensure the Risk Manager and CIO are not caught unaware in the future?
Procedure and policy management
Chain of custody management
Change management
Incident management
Requiring technicians to report spyware infections is a step in which of the following?
Routine audits
Change management
Incident management
Clean desk policy
Which of the following is the BEST approach to perform risk mitigation of user access control rights?
Conduct surveys and rank the results.
Perform routine user permission reviews.
Implement periodic vulnerability scanning.
Disable user accounts that have not been used within the last two weeks.
An internal auditor is concerned with privilege creep that is associated with transfers inside the company. Which mitigation measure would detect and correct this?
User rights reviews
Least privilege and job rotation
Change management
Change Control
A security administrator is responsible for performing periodic reviews of user permission settings due to high turnover and internal transfers at a corporation. Which of the following BEST describes the procedure and security rationale for performing such reviews?
Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned.
Review the permissions of all transferred users to ensure new permissions are granted so the employee can work effectively.
Ensure all users have adequate permissions and appropriate group memberships, so the volume of help desk calls is reduced.
Ensure former employee accounts have no permissions so that they cannot access any network file stores and resources.
Various network outages have occurred recently due to unapproved changes to network and security devices. All changes were made using various system credentials. The security analyst has been tasked to update the security policy. Which of the following risk mitigation strategies would also need to be implemented to reduce the number of network outages due to unauthorized changes?
User rights and permissions review
Configuration management
Incident management
Implement security controls on Layer 3 devices
After an audit, it was discovered that the security group memberships were not properly adjusted for employees’ accounts when they moved from one role to another. Which of the following has the organization failed to properly implement? (Select TWO).
Mandatory access control enforcement.
User rights and permission reviews.
Technical controls over account management.
Account termination procedures.
Management controls over account management.
Incident management and response plan.
The security administrator is currently unaware of an incident that occurred a week ago. Which of the following will ensure the administrator is notified in a timely manner in the future?
User permissions reviews
Incident response team
Change management
Routine auditing
The system administrator has deployed updated security controls for the network to limit risk of attack. The security manager is concerned that controls continue to function as intended to maintain appropriate security posture. Which of the following risk mitigation strategies is MOST important to the security manager?
User permissions
Policy enforcement
Routine audits
Change management
Which of the following security account management techniques should a security analyst implement to prevent staff, who has switched company roles, from exceeding privileges?
Internal account audits
Account disablement
Time of day restriction
Password complexity
Encryption of data at rest is important for sensitive information because of which of the following?
Facilitates tier 2 support, by preventing users from changing the OS
Renders the recovery of data harder in the event of user password loss
Allows the remote removal of data following eDiscovery requests
Prevents data from being accessed following theft of physical equipment
A company is trying to limit the risk associated with the use of unapproved USB devices to copy documents. Which of the following would be the BEST technology control to use in this scenario?
Content filtering
IDS
Audit logs
DLP
Several employees have been printing files that include personally identifiable information of customers. Auditors have raised concerns about the destruction of these hard copies after they are created, and management has decided the best way to address this concern is by preventing these files from being printed. Which of the following would be the BEST control to implement?
File encryption
Printer hardening
Clean desk policies
Data loss prevention
Which of the following security strategies allows a company to limit damage to internal systems and provides loss control?
Restoration and recovery strategies
Deterrent strategies
Containment strategies
Detection strategies
Matt, a security analyst, needs to implement encryption for company data and also prevent theft of company data. Where and how should Matt meet this requirement?
Matt should implement access control lists and turn on EFS.
Matt should implement DLP and encrypt the company database.
Matt should install Truecrypt and encrypt the company server.
Matt should install TPMs and encrypt the company database.
An employee recently lost a USB drive containing confidential customer data. Which of the following controls could be utilized to minimize the risk involved with the use of USB drives?
DLP
Asset tracking
HSM
Access control
Which of the following controls would prevent an employee from emailing unencrypted information to their personal email account over the corporate network?
DLP
CRL
TPM
HSM
Which of the following are Data Loss Prevention (DLP) strategies that address data in transit issues? (Select TWO).
Scanning printing of documents.
Scanning of outbound IM (Instance Messaging).
Scanning copying of documents to USB.
Scanning of SharePoint document library.
Scanning of shared drives.
Scanning of HTTP user traffic.
Scanning of outbound IM (Instance Messaging).
Which of the following assets is MOST likely considered for DLP?
Application server content
USB mass storage devices
Reverse proxy
Print server
The Chief Information Officer (CIO) is concerned with moving an application to a SaaS cloud provider. Which of the following can be implemented to provide for data confidentiality assurance during and after the migration to the cloud?
HPM technology
Full disk encryption
DLP policy
TPM technology
Which of the following is a Data Loss Prevention (DLP) strategy and is MOST useful for securing data in use?
Email scanning
Content discovery
Database fingerprinting
Endpoint protection
A customer service department has a business need to send high volumes of confidential information to customers electronically. All emails go through a DLP scanner. Which of the following is the BEST solution to meet the business needs and protect confidential information?
Automatically encrypt impacted outgoing emails
Automatically encrypt impacted incoming emails
Monitor impacted outgoing emails
Prevent impacted outgoing emails
Which of the following is a best practice when a mistake is made during a forensics examination?
The examiner should verify the tools before, during, and after an examination.
The examiner should attempt to hide the mistake during cross-examination.
The examiner should document the mistake and workaround the problem.
The examiner should disclose the mistake and assess another area of the disc.
An incident response team member needs to perform a forensics examination but does not have the required hardware. Which of the following will allow the team member to perform the examination with minimal impact to the potential evidence?
Using a software file recovery disc
Mounting the drive in read-only mode
Imaging based on order of volatility
Imaging based on order of volatility
Which of the following should Jane, a security administrator, perform before a hard drive is analyzed with forensics tools?
Identify user habits
Disconnect system from network
Capture system image
Interview witnesses
Computer evidence at a crime is preserved by making an exact copy of the hard disk. Which of the following does this illustrate?
Taking screenshots
System image capture
Chain of custody
Order of volatility
To ensure proper evidence collection, which of the following steps should be performed FIRST?
Take hashes from the live system
Review logs
Capture the system image
Copy all compromised files
A security administrator needs to image a large hard drive for forensic analysis. Which of the following will allow for faster imaging to a second hard drive?
Cp /dev/sda /dev/sdb bs=8k
Tail -f /dev/sda > /dev/sdb bs=8k
Dd in=/dev/sda out=/dev/sdb bs=4k
Locate /dev/sda /dev/sdb bs=4k
A security technician wishes to gather and analyze all Web traffic during a particular time period. Which of the following represents the BEST approach to gathering the required data?
Configure a VPN concentrator to log all traffic destined for ports 80 and 443.
Configure a proxy server to log all traffic destined for ports 80 and 443.
Configure a switch to log all traffic destined for ports 80 and 443.
Configure a NIDS to log all traffic destined for ports 80 and 443.
A forensic analyst is reviewing electronic evidence after a robbery. Security cameras installed at the site were facing the wrong direction to capture the incident. The analyst ensures the cameras are turned to face the proper direction. Which of the following types of controls is being used?
Detective
Deterrent
Corrective
Preventive
Joe, a security administrator, is concerned with users tailgating into the restricted areas. Given a limited budget, which of the following would BEST assist Joe with detecting this activity?
Place a full-time guard at the entrance to confirm user identity.
Install a camera and DVR at the entrance to monitor access.
Revoke all proximity badge access to make users justify access.
Install a motion detector near the entrance.
The incident response team has received the following email message. From: monitor@ext-company.com To: security@company.com Subject: Copyright infringement A copyright infringement alert was triggered by IP address 13.10.66.5 at 09: 50: 01 GMT. After reviewing the following web logs for IP 13.10.66.5, the team is unable to correlate and identify the incident. 09: 45: 33 13.10.66.5 http: //remote.site.com/login.asp?user=john 09: 50: 22 13.10.66.5 http: //remote.site.com/logout.asp?user=anne 10: 50: 01 13.10.66.5 http: //remote.site.com/access.asp?file=movie.mov 11: 02: 45 13.10.65.5 http: //remote.site.com/download.asp?movie.mov=ok Which of the following is the MOST likely reason why the incident response team is unable to identify and correlate the incident?
The logs are corrupt and no longer forensically sound.
Traffic logs for the incident are unavailable.
Chain of custody was not properly maintained.
Incident time offsets were not accounted for.
A system administrator is responding to a legal order to turn over all logs from all company servers. The system administrator records the system time of all servers to ensure that:
HDD hashes are accurate.
The NTP server works properly.
Chain of custody is preserved.
Time offset can be calculated.
{"name":"SY0-401 (v.4) 7", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"A user has received an email from an external source which asks for details on the company’s new product line set for release in one month. The user has a detailed spec sheet but it is marked “Internal Proprietary Information”. Which of the following should the user do NEXT?, Which of the following is BEST carried out immediately after a security breach is discovered?, A security analyst informs the Chief Executive Officer (CEO) that a security breach has just occurred. This results in the Risk Manager and Chief Information Officer (CIO) being caught unaware when the CEO asks for further information. Which of the following strategies should be implemented to ensure the Risk Manager and CIO are not caught unaware in the future?","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}
More Quizzes
How well do you know me?
1050
So, you want to be a...
320
What's right for you? Fostering, Volunteering, or Owning a Pet?
1265
Anion
623194
Trial
100
Practice Quiz #3
1167
How well do you know me?
1267
EXAM 2 REVIEW
13611
How well do you know FPL
10515
Aaa
100
Student Introduction
4228
Mennyit tudsz a Covid-19 járványról?
740