SY0-701 Exam Dumps | A recent black-box penetration test of http://example.com discovered that external website vulnerabilities

<< Prev Question Next Question >>

Question 238/312

A recent black-box penetration test of http://example.com discovered that external website vulnerabilities exist, such as directory traversals, cross-site scripting, cross-site forgery, and insecure protocols.
You are tasked with reducing the attack space and enabling secure protocols.
INSTRUCTIONS
Part 1
Use the drop-down menus to select the appropriate technologies for each location to implement a secure and resilient web architecture. Not all technologies will be used, and technologies may be used multiple times.
Part 2
Use the drop-down menus to select the appropriate command snippets from the drop-down menus. Each command section must be filled.

Question List (312q): Question 1: A security administrator needs a method to secure data in an...; Question 2: An administrator was notified that a user logged in remotely...; Question 3: Which of the following should be used to ensure a device is ...; Question 4: An organization plans to expand its operations international...; Question 5: Which of the following architecture models ensures that crit...; Question 6: Which of the following should be used to ensure an attacker ...; Question 7: A company's legal department drafted sensitive documents in ...; Question 8: A systems administrator is redesigning now devices will perf...; Question 9: Which of the following explains why an attacker cannot easil...; Question 10: Sine a recent upgrade (o a WLAN infrastructure, several mobi...; Question 11: A security analyst learns that an attack vector, used as par...; Question 12: Which of the following organizational documents is most ofte...; Question 13: Which of the following is a primary security concern for a c...; Question 14: The physical security team at a company receives reports tha...; Question 15: Which of the following best describes why me SMS DIP authent...; Question 16: An employee used a company's billing system to issue fraudul...; Question 17: An administrator is reviewing a single server's security log...; Question 18: An enterprise is trying to limit outbound DNS traffic origin...; Question 19: Which of the following documents details how to accomplish a...; Question 20: An organization is evaluating new regulatory requirements as...; Question 21: A security team is reviewing the findings in a report that w...; Question 22: A technician is opening ports on a firewall for a new system...; Question 23: Which of the following elements of digital forensics should ...; Question 24: A company is adding a clause to its AUP that states employee...; Question 25: A company wants to verify that the software the company is d...; Question 26: Employees in the research and development business unit rece...; Question 27: Which of the following is a common data removal option for c...; Question 28: Which of the following strategies should an organization use...; Question 29: A security analyst is investigating an application server an...; Question 30: A company requires hard drives to be securely wiped before s...; Question 31: Which of the following enables the use of an input field to ...; Question 32: During a security incident, the security operations team ide...; Question 33: A company with a high-availability website is looking to har...; Question 34: Which of the following topics would most likely be included ...; Question 35: Which of the following security principles most likely requi...; Question 36: A penetration test has demonstrated that domain administrato...; Question 37: An organization is required to provide assurance that its co...; Question 38: A security engineer at a large company needs to enhance IAM ...; Question 39: An administrator must replace an expired SSL certificate. Wh...; Question 40: A company is discarding a classified storage array and hires...; Question 41: A business needs a recovery site but does not require immedi...; Question 42: A security analyst receives an alert that there was an attem...; Question 43: An organization is adopting cloud services at a rapid pace a...; 1 commentQuestion 44: A company's online shopping website became unusable shortly ...; Question 45: A company is concerned about weather events causing damage t...; Question 46: An engineer moved to another team and is unable to access th...; Question 47: Which of the following is the best way to remove personal da...; Question 48: When trying to access an internal website, an employee repor...; Question 49: A security administrator recently reset local passwords and ...; Question 50: Which of the following methods to secure credit card data is...; Question 51: Which of the following is the best mitigation for a zero-day...; Question 52: Which of the following would best explain why a security ana...; Question 53: A growing company would like to enhance the ability of its s...; Question 54: Various company stakeholders meet to discuss roles and respo...; Question 55: A security analyst receives alerts about an internal system ...; Question 56: Which of the following best describe the benefits of a micro...; Question 57: A business provides long-term cold storage services to banks...; Question 58: An organization wants a third-party vendor to do a penetrati...; Question 59: Which of the following methods to secure data is most often ...; Question 60: Which of the following data types relates to data sovereignt...; Question 61: Which of the following security control types does an accept...; Question 62: A company is expanding its threat surface program and allowi...; Question 63: An administrator implements web-filtering products but still...; Question 64: Which of the following would a systems administrator follow ...; Question 65: Which of the following considerations is the most important ...; Question 66: While troubleshooting a firewall configuration, a technician...; Question 67: Which of the following is the best way to provide secure rem...; Question 68: An employee from the accounting department logs in to the we...; Question 69: Which of the following would best allow a company to prevent...; Question 70: An accounting clerk sent money to an attacker's bank account...; Question 71: A company is working with a vendor to perform a penetration ...; Question 72: An administrator is estimating the cost associated with an a...; Question 73: Employees located off-site must have access to company resou...; Question 74: While investigating a possible incident, a security analyst ...; Question 75: A bank set up a new server that contains customers' Pll. Whi...; Question 76: An enterprise security team is researching a new security ar...; Question 77: Which of the following teams combines both offensive and def...; Question 78: An organization is building a new backup data center with co...; Question 79: A software developer wishes to implement an application secu...; Question 80: Which of the following actors attacking an organization is t...; Question 81: An IT administrator needs to ensure data retention standards...; Question 82: A company decides to purchase an insurance policy. Which of ...; Question 83: A company prevented direct access from the database administ...; Question 84: The analyst wants to move data from production to the UAT se...; Question 85: Which of the following describes the maximum allowance of ac...; Question 86: Which of the following are cases in which an engineer should...; Question 87: Which of the following techniques can be used to sanitize th...; Question 88: Which of the following describes the reason root cause analy...; Question 89: A penetration tester was able to gain unauthorized access to...; Question 90: A company has yearly engagements with a service provider. Th...; Question 91: A security engineer is implementing FDE for all laptops in a...; Question 92: Which of the following describes a security alerting and mon...; Question 93: Which of the following control types is AUP an example of?...; Question 94: A security analyst is reviewing the security of a SaaS appli...; Question 95: A security team created a document that details the order in...; Question 96: An organization needs to monitor its users' activities to pr...; Question 97: The number of tickets the help desk has been receiving has i...; Question 98: A company is experiencing issues with employees leaving the ...; Question 99: Which of the following is the most effective way to protect ...; Question 100: A company is implementing a vendor's security tool in the cl...; Question 101: Which of the following tools is best for logging and monitor...; Question 102: Which of the following would be best suited for constantly c...; Question 103: A company's web filter is configured to scan the URL for str...; Question 104: Which of the following threat actors is the most likely to b...; Question 105: An important patch for a critical application has just been ...; Question 106: A security analyst and the management team are reviewing the...; Question 107: A software development manager wants to ensure the authentic...; Question 108: An administrator is installing an SSL certificate on a new s...; Question 109: A service provider wants a cost-effective way to rapidly exp...; Question 110: Which of the following types of vulnerabilities involves att...; Question 111: Which of the following tasks is typically included in the BI...; Question 112: Which of the following exercises should an organization use ...; Question 113: Which of the following security concepts is accomplished wit...; Question 114: An organization would like to store customer data on a separ...; Question 115: A university uses two different cloud solutions for storing ...; Question 116: A security analyst identifies an incident in the network. Wh...; Question 117: A newly appointed board member with cybersecurity knowledge ...; Question 118: A security engineer is working to address the growing risks ...; Question 119: An analyst is evaluating the implementation of Zero Trust pr...; Question 120: A company is planning a disaster recovery site and needs to ...; Question 121: Which of the following describes a situation where a user is...; Question 122: A network administrator wants to ensure that network traffic...; Question 123: After a security incident, a systems administrator asks the ...; Question 124: An organization issued new laptops to all employees and want...; Question 125: A systems administrator receives an alert that a company's i...; Question 126: A malicious insider from the marketing team alters records a...; Question 127: A certificate authority needs to post information about expi...; Question 128: A systems administrator needs to provide traveling employees...; Question 129: After completing an annual external penetration test, a comp...; Question 130: Which of the following metrics impacts the backup schedule a...; Question 131: Which of the following would be the best way to test resilie...; Question 132: A financial institution would like to store its customer dat...; Question 133: Which of the following is a preventive physical security con...; Question 134: An organization failed to account for the right-to-be-forgot...; Question 135: Which of the following describes the reason for using an MDM...; Question 136: A company is aware of a given security risk related to a spe...; Question 137: The Chief Information Security Officer of an organization ne...; Question 138: Which of the following can be used to compromise a system th...; Question 139: Which of the following Is a common, passive reconnaissance t...; Question 140: A security consultant needs secure, remote access to a clien...; Question 141: An administrator has configured a quarantine subnet for all ...; Question 142: A security analyst is reviewing the following logs: (Exhibit...; Question 143: A security architect wants to prevent employees from receivi...; Question 144: Which of the following is a prerequisite for a DLP solution?...; Question 145: Which of the following actions would reduce the number of fa...; Question 146: A company's Chief Information Security Officer (CISO) wants ...; Question 147: Which of the following would most likely be deployed to obta...; Question 148: Which of the following activities should be performed first ...; Question 149: Which of the following phases of the incident response proce...; Question 150: A security officer is implementing a security awareness prog...; Question 151: A customer of a large company receives a phone call from som...; Question 152: After a recent vulnerability scan, a security engineer needs...; Question 153: An external vendor recently visited a company's headquarters...; Question 154: Company A jointly develops a product with Company B, which i...; Question 155: Which of the following is the first step to secure a newly d...; Question 156: Which of the following is the act of proving to a customer t...; Question 157: An engineer has ensured that the switches are using the late...; Question 158: A company is considering an expansion of access controls for...; Question 159: An unexpected and out-of-character email message from a Chie...; Question 160: A systems administrator is looking for a low-cost applicatio...; Question 161: A security professional discovers a folder containing an emp...; Question 162: A site reliability engineer is designing a recovery strategy...; Question 163: An administrator discovers that some files on a database ser...; Question 164: Which of the following is the first step to take when creati...; Question 165: A company is concerned with supply chain compromise of new s...; Question 166: Which of the following would be the best ways to ensure only...; Question 167: A business received a small grant to migrate its infrastruct...; Question 168: Which of the following is the best way to securely store an ...; Question 169: The Chief Information Security Officer (CISO) at a large com...; Question 170: A security analyst locates a potentially malicious video fil...; Question 171: Which of the following is required for an organization to pr...; Question 172: A new security regulation was announced that will take effec...; Question 173: Which of the following is a use of CVSS?...; Question 174: Cadets speaking a foreign language are using company phone n...; Question 175: Which of the following best explains a concern with OS-based...; Question 176: Prior to implementing a design change, the change must go th...; Question 177: A growing organization, which hosts an externally accessible...; Question 178: A bank insists all of its vendors must prevent data loss on ...; Question 179: An organization has recently decided to implement SSO. The r...; Question 180: A security analyst is creating base for the server team to f...; Question 181: Which of the following environments utilizes a subset of cus...; Question 182: Which of the following risk management strategies should an ...; Question 183: A customer reports that software the customer downloaded fro...; Question 184: A security manager is implementing MFA and patch management....; Question 185: Which of the following is the best way to validate the integ...; Question 186: Which of the following is the best way to prevent data from ...; Question 187: While updating the security awareness training, a security a...; Question 188: Which of the following is the most common data loss path for...; Question 189: A company is required to use certified hardware when buildin...; Question 190: A company is currently utilizing usernames and passwords, an...; Question 191: A systems administrator is concerned about vulnerabilities w...; Question 192: Which of the following is a social engineering attack in whi...; Question 193: Which of the following threat actors is the most likely to u...; Question 194: Select the appropriate attack and remediation from each drop...; Question 195: A database administrator is updating the company's SQL datab...; Question 196: A company wants to improve the availability of its applicati...; Question 197: Which of the following prevents unauthorized modifications t...; Question 198: Which of the following is an example of memory injection?...; Question 199: A systems administrator works for a local hospital and needs...; Question 200: A company wants to ensure secure remote access to its intern...; Question 201: An analyst discovers a suspicious item in the SQL server log...; Question 202: Which of the following is a reason why a forensic specialist...; Question 203: An organization recently started hosting a new service that ...; Question 204: A company must ensure sensitive data at rest is rendered unr...; Question 205: Which of the following is a hardware-specific vulnerability?...; Question 206: A systems administrator receives a text message from an unkn...; Question 207: A systems administrator is changing the password policy with...; Question 208: An engineer needs to find a solution that creates an added l...; Question 209: Which of the following is the most likely outcome if a large...; Question 210: Which of the following control types describes an alert from...; Question 211: A systems administrator receives the following alert from a ...; Question 212: Which of the following describes an executive team that is m...; Question 213: A company plans to secure its systems by: Preventing users f...; Question 214: An administrator wants to perform a risk assessment without ...; Question 215: Which of the following describes the reason root cause analy...; Question 216: Which of the following is a common source of unintentional c...; Question 217: Which of the following makes Infrastructure as Code (IaC) a ...; Question 218: Which of the following would be most useful in determining w...; Question 219: Which of the following should an internal auditor check for ...; Question 220: A company needs to provide administrative access to internal...; Question 221: Which of the following factors are the most important to add...; Question 222: Which of the following security controls would best guard a ...; Question 223: Which of the following should an organization use to protect...; Question 224: A company makes a change during the appropriate change windo...; Question 225: A company wants to reduce the time and expense associated wi...; Question 226: At the start of a penetration test, the tester checks OSINT ...; Question 227: A company decided to reduce the cost of its annual cyber ins...; Question 228: Which of the following agreements defines response time, esc...; Question 229: An MSSP manages firewalls for hundreds of clients. Which of ...; Question 230: You are security administrator investigating a potential inf...; Question 231: A Chief Information Security Officer would like to conduct f...; Question 232: Which of the following consequences would a retail chain mos...; Question 233: Visitors to a secured facility are required to check in with...; Question 234: A security analyst is evaluating a SaaS application that the...; Question 235: An organization is implementing a COPE mobile device managem...; Question 236: Which of the following threat vectors is most commonly utili...; Question 237: Which of the following should be deployed on an externally f...; Question 238: A recent black-box penetration test of http://example.com di...; Question 239: A U.S.-based cloud-hosting provider wants to expand its data...; Question 240: Which of the following should a systems administrator use to...; Question 241: Which of the following is a benefit of an RTO when conductin...; Question 242: Which of the following can best protect against an employee ...; Question 243: A company is utilizing an offshore team to help support the ...; Question 244: A company is changing its mobile device policy. The company ...; Question 245: Which of the following best protects sensitive data in trans...; Question 246: A systems administrator notices that the research and develo...; Question 247: A penetration tester begins an engagement by performing port...; Question 248: A security analyst is reviewing logs and discovers the follo...; Question 249: A security analyst is reviewing the following logs about a s...; Question 250: Which of the following should a systems administrator use to...; Question 251: Various company stakeholders meet to discuss roles and respo...; Question 252: An administrator assists the legal and compliance team with ...; Question 253: A security analyst finds a rogue device during a monthly aud...; Question 254: A security analyst developed a script to automate a trivial ...; Question 255: A hacker gained access to a system via a phishing attempt th...; Question 256: An external security assessment report indicates a high clic...; Question 257: An organization is struggling with scaling issues on its VPN...; Question 258: Which of the following roles, according to the shared respon...; Question 259: A company implemented an MDM policy 10 mitigate risks after ...; Question 260: Which of the following describes the difference between encr...; Question 261: Which of the following is the final step of the modem respon...; Question 262: The Chief Information Officer (CIO) asked a vendor to provid...; Question 263: A network manager wants to protect the company's VPN by impl...; Question 264: A company is in the process of migrating to cloud-based serv...; Question 265: An organization would like to calculate the time needed to r...; Question 266: A customer has a contract with a CSP and wants to identify w...; Question 267: Which of the following is a type of vulnerability that refer...; Question 268: Several customers want an organization to verify its securit...; Question 269: A company evaluates several options that would allow employe...; Question 270: Which of the following is the most relevant reason a DPO wou...; Question 271: A user is attempting to patch a critical system, but the pat...; Question 272: A security administrator needs to reduce the attack surface ...; Question 273: A security analyst wants to automate a task that shares data...; Question 274: A company processes and stores sensitive data on its own sys...; Question 275: A security operations center determines that the malicious a...; Question 276: Which of the following data types best describes an AI tool ...; Question 277: In which of the following scenarios is tokenization the best...; Question 278: The security operations center is researching an event conce...; Question 279: A security administrator is reissuing a former employee's la...; Question 280: A university employee logged on to the academic server and a...; Question 281: After multiple phishing simulations, the Chief Security Offi...; Question 282: Which of the following aspects of the data management life c...; Question 283: An accounting employee recently used software that was not a...; Question 284: A Chief Information Security Officer (CISO) wants to explici...; Question 285: A security analyst created a fake account and saved the pass...; Question 286: An administrator needs to perform server hardening before de...; Question 287: Which of the following is the most likely to be used to docu...; Question 288: A company recently decided to allow employees to work remote...; Question 289: A company purchased cyber insurance to address items listed ...; Question 290: Which of the following has been implemented when a host-base...; Question 291: A security administrator observed the following in a web ser...; Question 292: Which of the following is used to add extra complexity befor...; Question 293: A security administrator protects passwords by using hashing...; Question 294: Which of the following would best prepare a security team fo...; Question 295: Which of the following most accurately describes the order i...; Question 296: Which of the following phases of an incident response involv...; Question 297: A company's website is www. Company. com Attackers purchased...; Question 298: A user would like to install software and features that are ...; Question 299: A security engineer would like to enhance the use of automat...; Question 300: Which of the following activities is included in the post-in...; Question 301: A company is redesigning its infrastructure and wants to red...; Question 302: A security analyst wants to better understand the behavior o...; Question 303: Which of the following is a technical security control?...; Question 304: To which of the following security categories does an EDR so...; Question 305: A Chief Information Security Officer wants to monitor the co...; Question 306: Which of the following best describe why a process would req...; Question 307: Which of the following is the most likely to be included as ...; Question 308: Which of the following would a security administrator use to...; Question 309: Which of the following would be the greatest concern for a c...; Question 310: A security team receives reports about high latency and comp...; Question 311: Which of the following would be the best way to handle a cri...; Question 312: An accountant is transferring information to a bank over FTP...

Question 238/312

LEAVE A REPLY

Download PDF File