A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message. Which of the following should the analyst do?

Update the EDR policies to block automatic execution of downloaded programs.

Place posters around the office to raise awareness of common phishing activities.

Implement email security filters to prevent phishing emails from being delivered

Update the EDR policies to block automatic execution of downloaded programs.

Create additional training for users to recognize the signs of phishing attempts.

Which of the following is the most likely to be included as an element of communication in a security awareness program?

Reporting phishing attempts or other suspicious activities

Detecting insider threats using anomalous behavior recognition

Verifying information when modifying wire transfer data

Performing social engineering as part of third-party penetration testing

A Chief Information Security Officer wants to monitor the company's servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?

Enabling full packet capture for traffic entering and exiting the servers

Logging all NetFlow traffic into a SIEM

Deploying network traffic sensors on the same subnet as the servers

Logging endpoint and OS-specific security logs

Enabling full packet capture for traffic entering and exiting the servers

Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software?

Install endpoint management software on all systems.

Configure all systems to log scheduled tasks.

Collect and monitor all traffic exiting the network.

Block traffic based on known malicious signatures.

Install endpoint management software on all systems.

After a company was compromised, customers initiated a lawsuit. The company's attorneys have requested that the security team initiate a legal hold in response to the lawsuit. Which of the following describes the action the security team will most likely be required to take?

Retain any communications related to the security breach until further notice.

Retain the emails between the security team and affected customers for 30 days.

Retain any communications related to the security breach until further notice.

Retain any communications between security members during the breach response.

Retain all emails from the company to affected customers for an indefinite period of time.

A network manager wants to protect the company's VPN by implementing multifactor authentication that uses:. Something you know. Something you have. Something you areWhich of the following would accomplish the manager's goal?

Password, authentication token, thumbprint

VPN IP address, company ID, facial structure

Password, authentication token, thumbprint

Company URL, TLS certificate, home address

A security manager created new documentation to use in response to various types of security incidents. Which of the following is the next step the manager should take?

Conduct a tabletop exercise with the team.

Set the maximum data retention policy.

Securely store the documents on an air-gapped network.

Review the documents' data classification policy.

Conduct a tabletop exercise with the team.

Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked.Which of the following changes would allow users to access the site?

Updating the categorization in the content filter

Creating a firewall rule to allow HTTPS traffic

Configuring the IPS to allow shopping

Tuning the DLP rule that detects credit card data

Updating the categorization in the content filter

CompTIA SY0-701 Practice Test 3 - Free Online Exam Prep & Questions

Question 1 / 40

During an investigation, an incident response team attempts to understand the source of an incident. Which of the following incident response activities describes this process?

Analysis

Lessons learned

Detection

Containment

Comment (0)

CompTIA SY0-701 Practice Test 3

Question

CompTIA SY0-701 Practice Tests

Practice Tests