CompTIA SY0-601 Practice Test - Questions Answers, Page 26

A security practitioner is performing due diligence on a vendor that is being considered for cloud services. Which of the following should the practitioner consult for the best insight into the current security posture of the vendor?

A company wants to enable BYOD for checking email and reviewing documents. Many of the documents contain sensitive organizational information. Which of the following should be deployed first before allowing the use of personal devices to access company data?

A security analyst reviews web server logs and finds the following string gallerys?file—. ./../../../../. . / . ./etc/passwd

Which of the following attacks was performed against the web server?

A security administrator is integrating several segments onto a single network. One of the segments, which includes legacy devices, presents a significant amount of risk to the network. Which of the following would allow users to access to the legacy devices without compromising the security of the entire network?

Which of the following can reduce vulnerabilities by avoiding code reuse?

A company is enhancing the security of the wireless network and needs to ensure only employees with a valid certificate can authenticate to the network. Which of the following should the company implement?

A small, local company experienced a ransomware attack. The company has one web-facing server and a few workstations. Everything is behind an ISP firewall. A single web-facing server is set up on the router to forward all ports so that the server is viewable from the internet. The company uses an older version of third-party software to manage the website. The assets were never patched. Which of the following should be done to prevent an attack like this from happening again? (Select three).

A security administrator performs weekly vulnerability scans on all cloud assets and provides a detailed report. Which of the following describes the administrator's activities?

A security administrator is compiling information from all devices on the local network in order to gain better visibility into user activities. Which of the following is the best solution to meet this objective?