CompTIA SY0-601 Practice Test - Questions Answers, Page 26

List of questions
Question 251

A security team is engaging a third-party vendor to do a penetration test of a new proprietary application prior to its release. Which of the following documents would the third-party vendor most likely be required to review and sign?
Question 252

A security practitioner is performing due diligence on a vendor that is being considered for cloud services. Which of the following should the practitioner consult for the best insight into the current security posture of the vendor?
Question 253

A company wants to enable BYOD for checking email and reviewing documents. Many of the documents contain sensitive organizational information. Which of the following should be deployed first before allowing the use of personal devices to access company data?
Question 254

A security analyst reviews web server logs and finds the following string gallerys?fileβ. ./../../../../. . / . ./etc/passwd
Which of the following attacks was performed against the web server?
Question 255

A security administrator is integrating several segments onto a single network. One of the segments, which includes legacy devices, presents a significant amount of risk to the network. Which of the following would allow users to access to the legacy devices without compromising the security of the entire network?
Question 256

Which of the following can reduce vulnerabilities by avoiding code reuse?
Question 257

A company is enhancing the security of the wireless network and needs to ensure only employees with a valid certificate can authenticate to the network. Which of the following should the company implement?
Question 258

A small, local company experienced a ransomware attack. The company has one web-facing server and a few workstations. Everything is behind an ISP firewall. A single web-facing server is set up on the router to forward all ports so that the server is viewable from the internet. The company uses an older version of third-party software to manage the website. The assets were never patched. Which of the following should be done to prevent an attack like this from happening again? (Select three).
Question 259

A security administrator performs weekly vulnerability scans on all cloud assets and provides a detailed report. Which of the following describes the administrator's activities?
Question 260

A security administrator is compiling information from all devices on the local network in order to gain better visibility into user activities. Which of the following is the best solution to meet this objective?
Question