SY0-701 CertMaster CE Domain 4.0
Exam QAS 100% Correct!!
Network security baselines - ANSWERSThe IT team of a medium-sized business is
planning to enhance network security. They want to enforce minimum security controls
and configurations across all network devices, including firewalls, routers, and switches.
What should they establish to achieve this objective?
Endpoint logs, log files generated by the OS components of the affected host computer,
and logs from the host-based intrusion detection system. - ANSWERSA security
operations analyst at a financial institution analyzes an incident involving unauthorized
transactions. The analyst suspects that a malware infection on one of the endpoints
might have led to the unauthorized access. To identify the root cause and trace the
activities of the suspected malware, which combination of data sources should the
analyst primarily consider?
Something you have - ANSWERSAfter a breach, an organization implements new
multifactor authentication (MFA) protocols. What MFA philosophy incorporates using a
smart card or key fob to support authentication?
Patching - ANSWERSA cyber team is responding to regulatory requirements after the
organization falls victim to a breach. What remediation practice involves the application
of updates to systems to fix known vulnerabilities?
Agent-based filtering - ANSWERSAn organization wants to enhance its cybersecurity by
implementing web filtering. The company needs a solution that provides granular control
over web traffic, ensures policy enforcement even when employees are off the
corporate network, and can log and analyze Internet usage patterns. Which of the
following strategies BEST meets these requirements?
Can lead to delays in remediation, Increase window of opportunity for attackers -
ANSWERSAn IT admin has been testing a newly released software patch and
discovered an exploitable vulnerability. The manager directs the IT admin to
immediately report to Common Vulnerability and Exposures (CVE), utilizing the
Common Vulnerability Scoring System (CVSS) to base the score for the vulnerability.
What could happen if there are delays in completing the report? (Select the two best
options.)
DKIM - ANSWERSA cyber technician is enhancing application security capabilities for
corporate email accounts following a breach. Which of the following options leverages
encryption features to enable email verification by allowing the sender to sign emails
using a digital signature?
, Provisioning and de-provisioning of user accounts involve creating, modifying, and
removing user accounts to maintain appropriate access levels. The principle of least
privilege guides the assignment of permissions, ensuring users have only the necessary
access for their job roles. - ANSWERSAt a large company, the IT department manages
user accounts and permissions for the organization's various systems. The IT team
employs a well-structured provisioning and de-provisioning process to create, modify,
and remove user accounts and assign permissions to minimize potential security risks.
Which statements related to user account provisioning and permission assignments are
correct? (Select the two best options.)
Automatically update the vulnerability scanner's database via a vulnerability feed
Integrate the scanner with the Security Content Automation Protocol (SCAP)
Adjust the environmental variables within the vulnerability management system -
ANSWERSA new system administrator has been spending the morning manually
entering new vulnerability signatures based on Common Vulnerabilities and Exposures
(CVE) data and using the Common Vulnerability Scoring System (CVSS) for
remediation guidance. To enhance efficiency and ensure the vulnerability scanner
remains up-to-date with minimal manual effort, what actions should the administrator
have taken instead? (Select the three best options.)
Incident response plan - ANSWERSDuring the process of merging two companies, the
integrated security team is tasked with consolidating their approaches to managing
cybersecurity incidents. Which comprehensive document should be developed to
outline the overall strategy and procedures for incident response, encompassing
preparation, identification, containment, eradication, recovery, communication protocols,
and contacts and resources for responders?
Degaussing the servers, rendering the data irretrievable, followed by reselling or
recycling the servers after certification - ANSWERSA financial services company is
decommissioning many servers that contain highly sensitive financial information. The
company's data protection policy stipulates the need to use the most secure data
destruction methods and comply with strict regulatory requirements. The company also
has a significant environmental sustainability commitment and seeks to minimize waste
wherever possible. What should the company's primary course of action be during this
process?
- ANSWERSA chief security officer (CSO) is overseeing the deployment of a Security
Information and Event Management (SIEM) system in a large organization with a mix of
computer systems and network appliances. The CSO has concerns about the system
resources that the data collection process on the individual computer systems utilizes.
Which method should the CSO consider to minimize the resource usage on these
systems while ensuring effective data collection for the SIEM system?
Network segmentation
Exam QAS 100% Correct!!
Network security baselines - ANSWERSThe IT team of a medium-sized business is
planning to enhance network security. They want to enforce minimum security controls
and configurations across all network devices, including firewalls, routers, and switches.
What should they establish to achieve this objective?
Endpoint logs, log files generated by the OS components of the affected host computer,
and logs from the host-based intrusion detection system. - ANSWERSA security
operations analyst at a financial institution analyzes an incident involving unauthorized
transactions. The analyst suspects that a malware infection on one of the endpoints
might have led to the unauthorized access. To identify the root cause and trace the
activities of the suspected malware, which combination of data sources should the
analyst primarily consider?
Something you have - ANSWERSAfter a breach, an organization implements new
multifactor authentication (MFA) protocols. What MFA philosophy incorporates using a
smart card or key fob to support authentication?
Patching - ANSWERSA cyber team is responding to regulatory requirements after the
organization falls victim to a breach. What remediation practice involves the application
of updates to systems to fix known vulnerabilities?
Agent-based filtering - ANSWERSAn organization wants to enhance its cybersecurity by
implementing web filtering. The company needs a solution that provides granular control
over web traffic, ensures policy enforcement even when employees are off the
corporate network, and can log and analyze Internet usage patterns. Which of the
following strategies BEST meets these requirements?
Can lead to delays in remediation, Increase window of opportunity for attackers -
ANSWERSAn IT admin has been testing a newly released software patch and
discovered an exploitable vulnerability. The manager directs the IT admin to
immediately report to Common Vulnerability and Exposures (CVE), utilizing the
Common Vulnerability Scoring System (CVSS) to base the score for the vulnerability.
What could happen if there are delays in completing the report? (Select the two best
options.)
DKIM - ANSWERSA cyber technician is enhancing application security capabilities for
corporate email accounts following a breach. Which of the following options leverages
encryption features to enable email verification by allowing the sender to sign emails
using a digital signature?
, Provisioning and de-provisioning of user accounts involve creating, modifying, and
removing user accounts to maintain appropriate access levels. The principle of least
privilege guides the assignment of permissions, ensuring users have only the necessary
access for their job roles. - ANSWERSAt a large company, the IT department manages
user accounts and permissions for the organization's various systems. The IT team
employs a well-structured provisioning and de-provisioning process to create, modify,
and remove user accounts and assign permissions to minimize potential security risks.
Which statements related to user account provisioning and permission assignments are
correct? (Select the two best options.)
Automatically update the vulnerability scanner's database via a vulnerability feed
Integrate the scanner with the Security Content Automation Protocol (SCAP)
Adjust the environmental variables within the vulnerability management system -
ANSWERSA new system administrator has been spending the morning manually
entering new vulnerability signatures based on Common Vulnerabilities and Exposures
(CVE) data and using the Common Vulnerability Scoring System (CVSS) for
remediation guidance. To enhance efficiency and ensure the vulnerability scanner
remains up-to-date with minimal manual effort, what actions should the administrator
have taken instead? (Select the three best options.)
Incident response plan - ANSWERSDuring the process of merging two companies, the
integrated security team is tasked with consolidating their approaches to managing
cybersecurity incidents. Which comprehensive document should be developed to
outline the overall strategy and procedures for incident response, encompassing
preparation, identification, containment, eradication, recovery, communication protocols,
and contacts and resources for responders?
Degaussing the servers, rendering the data irretrievable, followed by reselling or
recycling the servers after certification - ANSWERSA financial services company is
decommissioning many servers that contain highly sensitive financial information. The
company's data protection policy stipulates the need to use the most secure data
destruction methods and comply with strict regulatory requirements. The company also
has a significant environmental sustainability commitment and seeks to minimize waste
wherever possible. What should the company's primary course of action be during this
process?
- ANSWERSA chief security officer (CSO) is overseeing the deployment of a Security
Information and Event Management (SIEM) system in a large organization with a mix of
computer systems and network appliances. The CSO has concerns about the system
resources that the data collection process on the individual computer systems utilizes.
Which method should the CSO consider to minimize the resource usage on these
systems while ensuring effective data collection for the SIEM system?
Network segmentation
