w S+

Komptja frajdej #6

  • Pytanie z

    An organization would like to remediate the risk associated with its cloud service provider not meeting its advertised 99.999% availability metrics. Which of the following should the organization consult for the exact requirements for the cloud provider?

    • A. SLA
    • B. BPA
    • C. NDA
    • D. MOU

    Correct Wrong

  • Pytanie z

    A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?

    • A. Default system configuration
    • B. Unsecure protocols
    • C. Lack of vendor support
    • D. Weak encryption

    Correct Wrong

  • Pytanie z

    The Chief Information Security Officer directed a risk reduction in shadow IT and created a policy requiring all unsanctioned high-risk SaaS applications to be blocked from user access Which of the following is the BEST security solution to reduce this risk?

    • A. CASB
    • B. VPN concentrator
    • C. MFA
    • D. VPC endpoint

    Correct Wrong

  • Pytanie z

    An organization discovered a disgruntled employee exfiltrated a large amount of PII data by uploading files Which of the following controls should the organization consider to mitigate this risk?

    • A. EDR
    • B. Firewall
    • C. HIPS
    • D. DLP

    Correct Wrong

  • Pytanie z

    During an incident a company CIRT determine it is necessary to observe the continued network-based transaction between a callback domain and the malware running on an enterprise PC. Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?

    • A. Physical move the PC to a separate internet pint of presence
    • B. Create and apply micro segmentation rules.
    • C. Emulate the malware in a heavily monitored DMZ segment.
    • D. Apply network blacklisting rules for the adversary domain

    Correct Wrong

  • Pytanie z

    Which of the following would be BEST for a technician to review to determine the total risk an organization can bear when assessing a „cloud-first” adoption strategy?

    • A. Risk matrix
    • B. Risk tolerance
    • C. Risk register
    • D. Risk appetite

    Correct Wrong

    To determine the total risk an organization can bear, a technician should review the organization's risk tolerance, which is the amount of risk the organization is willing to accept. This information will help determine the organization's "cloud-first" adoption strategy. References: CompTIA Security+ Certification Exam Objectives (SY0-601)

  • Pytanie z

    A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?

    • A. Default system configuration
    • B. Unsecure protocols
    • C. Lack of vendor support
    • D. Weak encryption

    Correct Wrong

  • Pytanie z

    Which of the following best describes a tool used by an organization to identify, log, and track any potential risks and corresponding risk information?

    • A. Quantitative risk assessment
    • B. Risk register
    • C. Risk control assessment
    • D. Risk matrix

    Correct Wrong

  • Pytanie z

    During an assessment, a systems administrator found several hosts running FTP and decided to immediately block FTP communications at the firewall. Which of the following describes the greatest risk associated with using FTP?

    • A. Private data can be leaked
    • B. FTP is prohibited by internal policy.
    • C. Users can upload personal files
    • D. Credentials are sent in cleartext.

    Correct Wrong

  • Pytanie z

    Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?

    • A. Risk tolerance
    • B. Risk transfer
    • C. Risk register
    • D. Risk analysis

    Correct Wrong

  • Pytanie z

    Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?

    • A. Risk tolerance
    • B. Risk transfer
    • C. Risk register
    • D. Risk analysis

    Correct Wrong

  • Pytanie z

    An organization decided not to put controls in place because of the high cost of implementing the controls compared to the cost of a potential fine. Which of the following risk management strategies is the organization following?

    • A. Transference
    • B. Avoidance
    • C. Mitigation
    • D. Acceptance

    Correct Wrong

  • Pytanie z

    A company policy requires third-party suppliers to self-report data breaches within a specific time frame. Which of the following third-party risk management policies is the company complying with?

    • A. MOU
    • B. SLA
    • C. EOL
    • D. NDA

    Correct Wrong

  • Pytanie z

    A large bank with two geographically dispersed data centers Is concerned about major power disruptions at Both locations. Every day each location experiences very brief outages thai last (or a few seconds. However, during the summer a high risk of intentional under-voltage events that could last up to an hour exists, particularly at one of the locations near an industrial smelter. Which of the following is the BEST solution to reduce the risk of data loss?

    • A. Dual supply
    • B. Generator
    • C. PDU
    • D. Dally backups

    Correct Wrong

  • Pytanie z

    Which of the following Is the BEST reason to maintain a functional and effective asset management policy that aids in ensuring the security of an organization?

    • A. To provide data to quantify risk based on the organization’s systems
    • B. To keep all software and hardware fully patched for known vulnerabilities
    • C. To only allow approved, organization-owned devices onto the business network
    • D. To standardize by selecting one laptop model for all users in the organization

    Correct Wrong

  • Pytanie z

    A software developer used open-source libraries to streamline development. Which of the following is the greatest risk when using this approach?

    • A. Unsecure root accounts
    • B. Lack of vendor support
    • C. Password complexity
    • D. Default settings

    Correct Wrong

  • Pytanie z

    During a recent cybersecurity audit, the auditors pointed out various types of vulnerabilities in the production area. The production area hardware runs applications that are critical to production Which of the following describes what the company should do first to lower the risk to the Production the hardware.

    • A. Back up the hardware.
    • B. Apply patches.
    • C. Install an antivirus solution.
    • D. Add a banner page to the hardware.

    Correct Wrong

  • Pytanie z

    Which of the following is constantly scanned by internet bots and has the highest risk of attack in the case of the default configurations?

    • A. Wearable sensors
    • B. Raspberry Pi
    • C. Surveillance systems
    • D. Real-time operating systems

    Correct Wrong

  • Pytanie z

    Which of the following would help ensure a security analyst is able to accurately measure the overall risk to an organization when a new vulnerability is disclosed?

    • A. A full inventory of all hardware and software
    • B. Documentation of system classifications
    • C. A list of system owners and their departments
    • D. Third-party risk assessment documentation

    Correct Wrong

  • Pytanie z

    An organization’s corporate offices were destroyed due to a natural disaster, so the organization is now setting up offices in a temporary work space. Which of the following will the organization most likely consult?

    • A. The business continuity plan
    • B. The risk management plan
    • C. The communication plan
    • D. The incident response plan

    Correct Wrong

  • Pytanie z

    Which of the following is most likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented?

    • A. An RTO report
    • B. A risk register
    • C. A business impact analysis
    • D. An asset value register

    Correct Wrong

  • Pytanie z

    Which of the following roles is responsible for defining the protection type and Classification type for a given set of files?

    • A. General counsel
    • B. Data owner
    • C. Risk manager
    • D. Chief Information Officer

    Correct Wrong

  • Pytanie z

    The application development teams have been asked to answer the following questions:

    • Does this application receive patches from an external source?

    • Does this application contain open-source code?

    • Is this application accessible by external users?

    • Does this application meet the corporate password standard?

    Which of the following are these questions part of?

    • A. Risk control self-assessment
    • B. Risk management strategy
    • C. Risk acceptance
    • D. Risk matrix

    Correct Wrong

  • Pytanie z

    A governance, risk, and compliance team created a report that notes the existence of a chlorine processing facility two miles from one of the company offices. Which of the following describes this type of documentation?

    • A. Site risk assessment
    • B. Environmental impact report
    • C. Disaster recovery plan
    • D. Physical risk register

    Correct Wrong

  • Pytanie z

    Which of the following strategies shifts risks that are not covered in an organization’s risk strategy?

    • A. Risk transference
    • B. Risk avoidance
    • C. Risk mitigation
    • D. Risk acceptance

    Correct Wrong

  • Pytanie z

    Which of the following test describes the risk that is present once mitigations are applied?

    • A. Control risk
    • B. Residual risk
    • C. Inherent risk
    • D. Risk awareness

    Correct Wrong

  • Pytanie z

    A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?

    • A. Accept
    • B. Transfer
    • C. Mitigate
    • D. Avoid

    Correct Wrong

  • Pytanie z

    Which of the following scenarios best describes a risk reduction technique?

    • A. A security control objective cannot be met through a technical change, so the company purchases insurance and is no longer concerned about losses from data breaches
    • B. A security control objective cannot be met through a technical change, so the company implements a pokey to train users on a more secure method of operation
    • C. A security control objective cannot be met through a technical change, so the company performs regular audits to determine it violations have occurred
    • D. A security control objective cannot be met through a technical change, so the Chief Information Officer decides to sign off on the risk.

    Correct Wrong

  • Pytanie z

    Which of the following is an example of risk avoidance?

    • A. Installing security updates directly in production to expedite vulnerability fixes
    • B. Buying insurance to prepare for financial loss associated with exploits
    • C. Not installing new software to prevent compatibility errors
    • D. Not taking preventive measures to stop the theft of equipment

    Correct Wrong

  • Pytanie z

    Which of the following describes the maximum allowance of accepted risk?

    • A. Risk indicator
    • B. Risk level
    • C. Risk score
    • D. Risk threshold

    Correct Wrong

    Compensating controls (kontrole kompensacyjne). Kontrole kompensacyjne to dodatkowe środki bezpieczeństwa wprowadzone w celu zminimalizowania ryzyka związanego z istniejącymi słabościami systemu lub ograniczeniami innych kontroli. W tym przypadku, zapora ogniowa oraz wyłączenie niepotrzebnych usług służą jako środki zapewniające dodatkową ochronę dla systemu, który może być bardziej podatny na ataki z powodu swojego starszego charakteru.

  • Pytanie z

    Which of the following best describes the risk present after controls and mitigating factors have been applied?

    • A. Residual
    • B. Avoided
    • C. Inherent
    • D. Operational

    Correct Wrong

    Najlepszym opisem ryzyka, które pozostaje po zastosowaniu kontroli i czynników łagodzących, jest **A. Residual** (ryzyko pozostałe). Ryzyko pozostałe odnosi się do ryzyka, które pozostaje po wdrożeniu wszystkich możliwych środków kontrolnych i zaradczych. Jest to ryzyko, które organizacja musi zaakceptować, ponieważ nie wszystkie ryzyka mogą być całkowicie wyeliminowane.

  • Pytanie z

    A vulnerability scan returned the following results:

    2 Critical
    5 High
    15 Medium
    98 Low

    Which of the following would the information security team most likely use to decide if all discovered vulnerabilities must be addressed and the order in which they should be addressed?

    • A. Risk appetite
    • B. Risk register
    • C. Risk matrix
    • D. Risk acceptance

    Correct Wrong

    Zespół ds. bezpieczeństwa informacji najprawdopodobniej skorzysta z C. Risk matrix (macierzy ryzyka) do podjęcia decyzji, czy wszystkie wykryte podatności muszą być rozwiązane i w jakiej kolejności powinny być one adresowane. Macierz ryzyka to narzędzie, które pomaga w ocenie ryzyka poprzez klasyfikację podatności na podstawie ich prawdopodobieństwa wystąpienia oraz potencjalnego wpływu na organizację. Pozwala to na priorytetyzację działań remediacyjnych, skupiając się najpierw na najbardziej krytycznych zagrożeniach.

  • Pytanie z

    In a rush to meet an end-of-year business goal, the IT department was told to implement a new business application. The security engineer reviews the attributes of the application and decides the time needed to perform due diligence is insufficient from a cybersecurity perspective. Which of the following BEST describes the security engineer’s response?

    • A. Risk tolerance
    • B. Risk acceptance
    • C. Risk importance
    • D. Risk appetite

    Correct Wrong

    Risk Acceptance is the only one listed in the objectives. I get the logic with A that some people mentioned. However, risk tolerance is nowhere to be found in the objectives. I'm going with Risk acceptance and chalking it up to another shit CompTia question.

  • Pytanie z

    A third-party vendor is moving a particular application to the end-of-life stage at the end of the current year. Which of the following is the most critical risk if the company chooses to continue running the application?

    • A. Lack of security updates
    • B. Lack of new features
    • C. Lack of support
    • D. Lack of source code access

    Correct Wrong

Co myślisz?

0 Points
Łapka w górę Łapka w dół

Napisane przez black_manul

Dodaj komentarz

Twój adres e-mail nie zostanie opublikowany. Wymagane pola są oznaczone *

GIPHY App Key not set. Please check settings

Komptja frajdej #5

Firewall