CompTIA SY0-601 Practice Test - Questions Answers, Page 53

Which of the following is used to quantitatively measure the criticality of a vulnerability?

The most recent vulnerability scan flagged the domain controller with a critical vulnerability. The systems administrator researched the vulnerability and discovered the domain controller does not run the associated application with the vulnerability. Which of the following steps should the administrator take next?

An organization wants to ensure that proprietary information is not inadvertently exposed during facility tours. Which of the following would the organization implement to mitigate this risk?

A security analyst is creating baselines for the server team to follow when hardening new devices for deployment. Which of the following best describes what the analyst is creating?

An internet company has created a new collaboration application. To expand the user base, the company wants to implement an option that allows users to log in to the application with the credentials of her popular websites. Which of the following should the company implement?

The application development teams have been asked to answer the following questions:

Does this application receive patches from an external source?

Does this application contain open-source code?

Is this application accessible by external users?

Does this application meet the corporate password standard?

Which of the following are these questions part of?

Historically, a company has had issues with users plugging in personally owned removable media devices into corporate computers. As a result, the threat of malware incidents is almost constant. Which of the following would best help prevent the malware from being installed on the computers?

A security analyst is reviewing the output of a web server log and notices a particular account is attempting to transfer large amounts of money:

GET http://yourbank.com/transfer.do?acctnum=08764 6959 &amount=500000 HTTP/1.1

GET http://yourbank.com/transfer.do?acctnum=087646958 &amount=5000000 HTTP/1.1

GET http://yourbank.com/transfer.do?acctnum=-087646958 &amount=1000000 HTTP/1.1

GET http://yourbank.com/transfer.do?acctnum=087646953&amount=500 HTTP/1.1

Which of the following types of attacks is most likely being conducted?

A security architect at a large, multinational organization is concerned about the complexities and overhead of managing multiple encryption keys securely in a multicioud provider environment. The security architect is looking for a solution with reduced latency to allow the incorporation of the organization's existing keys and to maintain consistent, centralized control and management regardless of the data location. Which of the following would best meet the architect's objectives?