CompTIA SY0-701 Practice Test - Questions Answers, Page 41

Which of the following activities should be performed first to compile a list of vulnerabilities in an environment?

A company with a high-availability website is looking to harden its controls at any cost. The company wants to ensure that the site is secure by finding any possible issues. Which of the following would most likely achieve this goal?

The internal audit team determines a software application is no longer in scope for external reporting requirements. Which of the following will confirm management's perspective that the application is no longer applicable?

Which of the following is a benefit of an RTO when conducting a business impact analysis?

A company has yearly engagements with a service provider. The general terms and conditions are the same for all engagements. The company wants to simplify the process and revisit the general terms every three years. Which of the following documents would provide the best way to set the general terms?

An organization is evaluating new regulatory requirements associated with the implementation of corrective controls on a group of interconnected financial systems. Which of the following is the most likely reason for the new requirement?

A security analyst is prioritizing vulnerability scan results using a risk-based approach. Which of the following is the most efficient resource for the analyst to use?

Which of the following is an example of memory injection?

A security administrator needs to reduce the attack surface in the company's data centers. Which of the following should the security administrator do to complete this task?