CompTIA SY0-601 Practice Test - Questions Answers, Page 53

List of questions
Question 521

A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO's report?
Question 522

Which of the following is used to quantitatively measure the criticality of a vulnerability?
Question 523

The most recent vulnerability scan flagged the domain controller with a critical vulnerability. The systems administrator researched the vulnerability and discovered the domain controller does not run the associated application with the vulnerability. Which of the following steps should the administrator take next?
Question 524

An organization wants to ensure that proprietary information is not inadvertently exposed during facility tours. Which of the following would the organization implement to mitigate this risk?
Question 525

A security analyst is creating baselines for the server team to follow when hardening new devices for deployment. Which of the following best describes what the analyst is creating?
Question 526

An internet company has created a new collaboration application. To expand the user base, the company wants to implement an option that allows users to log in to the application with the credentials of her popular websites. Which of the following should the company implement?
Question 527

The application development teams have been asked to answer the following questions:
Does this application receive patches from an external source?
Does this application contain open-source code?
Is this application accessible by external users?
Does this application meet the corporate password standard?
Which of the following are these questions part of?
Question 528

Historically, a company has had issues with users plugging in personally owned removable media devices into corporate computers. As a result, the threat of malware incidents is almost constant. Which of the following would best help prevent the malware from being installed on the computers?
Question 529

A security analyst is reviewing the output of a web server log and notices a particular account is attempting to transfer large amounts of money:
GET http://yourbank.com/transfer.do?acctnum=08764 6959 &amount=500000 HTTP/1.1
GET http://yourbank.com/transfer.do?acctnum=087646958 &amount=5000000 HTTP/1.1
GET http://yourbank.com/transfer.do?acctnum=-087646958 &amount=1000000 HTTP/1.1
GET http://yourbank.com/transfer.do?acctnum=087646953&amount=500 HTTP/1.1
Which of the following types of attacks is most likely being conducted?
Question 530

A security architect at a large, multinational organization is concerned about the complexities and overhead of managing multiple encryption keys securely in a multicioud provider environment. The security architect is looking for a solution with reduced latency to allow the incorporation of the organization's existing keys and to maintain consistent, centralized control and management regardless of the data location. Which of the following would best meet the architect's objectives?
Question