CompTIA SY0-601 Practice Test - Questions Answers, Page 39

A web application firewall (WAF) is a solution that inspects traffic to a cluster of web servers in a cloud environment and protects them from common web-based attacks, such as SQL injection, crosssite

scripting, and denial-of-service1. A WAF can be deployed as a cloud service or as a virtual appliance in front of the web servers. A load balancer is a solution that distributes traffic among multiple web servers in a cloud environment and improves their performance, availability, and

scalability2. A load balancer can also perform health checks on the web servers and route traffic only to the healthy ones. The other options are not relevant to this scenario. A CASB is a cloud access

security broker, which is a solution that monitors and controls the use of cloud services by an

organization’s users3. A VPN is a virtual private network, which is a solution that creates a secure and

encrypted connection between two networks or devices over the internet. TLS is Transport Layer

Security, which is a protocol that provides encryption and authentication for data transmitted over a

network. DAST is dynamic application security testing, which is a method of testing web applications

for vulnerabilities by simulating attacks on them.

Reference: 1: https://www.imperva.com/learn/application-security/what-is-a-web-applicationfirewall-waf/ 2:

https://www.imperva.com/learn/application-security/load-balancing/ 3:

https://www.imperva.com/learn/application-security/cloud-access-security-broker-casb/ :

https://www.imperva.com/learn/application-security/vpn-virtual-private-network/ :

https://www.imperva.com/learn/application-security/transport-layer-security-tls/ :

https://www.imperva.com/learn/application-security/dynamic-application-security-testing-dast/ :

https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-bestpractices/plan-for-traffic-inspection

: https://docs.microsoft.com/en-us/azure/private-link/inspecttraffic-with-azure-firewall

: https://docs.microsoft.com/en-us/azure/architecture/examplescenario/gateway/application-gateway-before-azure-firewall

A snapshot backup is a type of backup that captures the state of a system at a point in time. It is highly time- and storage-efficient because it only records the changes made to the system since the last backup. It also has no impact on production systems because it does not require them to be

offline or paused during the backup process. Reference: https://www.comptia.org/blog/what-is-asnapshot-backup

Least privilege is a security principle that states that users and processes should only have the minimum level of access and permissions required to perform their tasks. This reduces the risk of insider threats by limiting the potential damage that a malicious or compromised user or process can

cause to the system or data. Reference: https://www.comptia.org/blog/what-is-least-privilege

Correlation dashboards are tools that allow security analysts to monitor and analyze multiple sources of data and events in real time. They can help identify patterns, trends, anomalies, and threats by correlating different types of data and events, such as network traffic, logs, alerts, and incidents.

Correlation dashboards can help investigate network flooding by showing the source, destination, volume, and type of malicious packets and their impact on the network performance and availability.

Reference: https://www.comptia.org/blog/what-is-a-correlation-dashboard

Acceptance is a risk management strategy that involves acknowledging the existence and potential impact of a risk, but deciding not to take any action to reduce or eliminate it. This strategy is usually adopted when the cost of implementing controls outweighs the benefit of mitigating the risk, or when the risk is deemed acceptable or unavoidable. In this case, the organization decided not to put controls in place because of the high cost compared to the potential fine, which means they accepted the risk. Reference: https://www.comptia.org/blog/what-is-risk-acceptance

The correct order of evidence from most to least volatile in forensic analysis is based on how quickly the evidence can be lost or altered if not collected or preserved properly. CPU cache is the most volatile type of evidence because it is stored in a small amount of memory on the processor and can be overwritten or erased very quickly. Memory is the next most volatile type of evidence because it is stored in RAM and can be lost when the system is powered off or rebooted. Temporary filesystems are less volatile than memory because they are stored on disk, but they can still be deleted or overwritten by other processes or users. Disk is the least volatile type of evidence because it is stored on permanent storage devices and can be recovered even after deletion or formatting, unless overwritten by new data. Reference: https://www.comptia.org/blog/what-is-volatility-in-digitalforensics

Surveillance systems are constantly scanned by internet bots and have the highest risk of attack in the case of the default configurations because they are often connected to the internet and use weak or default passwords that can be easily guessed or cracked by malicious bots. Internet bots are

software applications that run automated tasks over the internet, usually with the intent to imitate human activity or exploit vulnerabilities. Some bots are used for legitimate purposes, such as web crawling or indexing, but others are used for malicious purposes, such as spamming, phishing,

denial-of-service attacks, or credential stuffing. Security misconfigurations are one of the most common gaps that criminal hackers look to exploit. Therefore, it is important to secure the configuration of surveillance systems by changing the default passwords, updating the firmware,

disabling unnecessary services, and enabling encryption and authentication.

https://www.cctvcameraworld.com/setup-ip-camera-system-on-network/

SSH key is a pair of cryptographic keys that can be used for authentication and encryption when connecting to a remote Linux server via SSH protocol. SSH key authentication does not require a password and is more secure than password-based authentication. SSH key authentication also does

not require additional software installation on the client or the server, as SSH is a built-in feature of most Linux distributions. A business partner can generate an SSH key pair on their own computer and send the public key to the company, who can then add it to the authorized_keys file on the Linux

server. This way, the business partner can access the Linux server without entering a password or installing any software

Resource policies are cloud features that allow and deny access to specific features in order to increase data security. Resource policies are rules or statements that define what actions can be performed on a particular resource by which entities under what conditions. Resource policies can

be attached to cloud resources such as virtual machines, storage accounts, databases, or functions.

Resource policies can help enforce security best practices, compliance requirements, and cost management. Resource policies can also help implement the principle of least privilege, which grants users only the minimum level of access they need to perform their tasks.