ExamGecko
Search Search Login
Home Home / CompTIA / SY0-701
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following threat actors is the most likely to be hired by a foreign government to attack critical systems located in other countries?
Which of the following is used to add extra complexity before using a one-way data transformation algorithm?
An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is the best for this scenario?
A Chief Information Security Officer wants to monitor the company's servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?
Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?
A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?
A newly identified network access vulnerability has been found in the OS of legacy loT devices. Which of the following would best mitigate this vulnerability quickly?
Which of the following involves an attempt to take advantage of database misconfigurations?
An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following social engineering techniques are being attempted? (Choose two.)
Which of the following security concepts is the best reason for permissions on a human resources fileshare to follow the principle of least privilege?

Question 94 - SY0-701 discussion

Report
Export

A Chief Information Security Officer wants to monitor the company's servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?

A.
Logging all NetFlow traffic into a SIEM
Answers
A.
Logging all NetFlow traffic into a SIEM
B.
Deploying network traffic sensors on the same subnet as the servers
Answers
B.
Deploying network traffic sensors on the same subnet as the servers
C.
Logging endpoint and OS-specific security logs
Answers
C.
Logging endpoint and OS-specific security logs
D.
Enabling full packet capture for traffic entering and exiting the servers
Most voted
Answers (4)
Most voted
D.
Enabling full packet capture for traffic entering and exiting the servers
Suggested answer: D

Explanation:

Full packet capture is a technique that records all network traffic passing through a device, such as a router or firewall. It allows for detailed analysis and investigation of network events, such as SQLi attacks, by providing the complete content and context of the packets. Full packet capture can help identify the source, destination, payload, and timing of an SQLi attack, as well as the impact on the server and database. Logging NetFlow traffic, network traffic sensors, and endpoint and OS-specific security logs can provide some information about network activity, but they do not capture the full content of the packets, which may limit the scope and depth of the investigation.

Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 372-373

Show Answer
asked 02/10/2024
Jesus De Leon Luis
47 questions
PreviousPreviousNextNext
User
Your answer:
6 comments
Sorted by
Up
2
Down
User
Wilker Aguiar

Edited 19 days ago

Voted D

The best strategy to monitor for SQL injection (SQLi) attacks and enable comprehensive investigations is D

Reply
Reply
Report
Up
1
Down
User
Nikolay Yankov

Edited 19 days ago

Voted D

To monitor for SQL Injection (SQLi) attacks and conduct comprehensive investigations, capturing and analyzing all traffic entering and exiting the servers is essential. Full packet capture allows the security team to examine the actual data transmitted, including the raw HTTP/S requests that could contain malicious SQL injection payloads. => D

Reply
Reply
Report
User
tho nguyen

Edited 19 days ago

Like D

UpVote
0
DownVote
0
Reply
Reply
Report
Up
1
Down
User
Robert Fox

Edited 19 days ago

Voted D

D correct

Reply
Reply
Report
Up
1
Down
User
pedro blanco

Edited 19 days ago

Voted D

D.Enabling full packet capture for traffic e....

Reply
Reply
Report
User
Cao Trung Kiên

Edited 19 days ago

D correct

UpVote
1
DownVote
0
Reply
Reply
Report
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms