Free Access to CompTIA.SY0-601.v2022-10-06.q140 with Valid Practice Test (Page 25)

Question 116

A Chief Information Security Officer (CISO) is concerned about the organization's ability to continue business operations in the event of a prolonged DDoS attack on its local datacenter that consumes database resources.
Which of the following will the CISO MOST likely recommend to mitigate this risk?

A.Upgrade the bandwidth available into the datacenter.
B.Implement a hot-site failover location.
C.Switch to a complete SaaS offering to customers.
D.Implement a challenge response test on all end-user queries.

Question 117

Which of the following must be in place before implementing a BCP?

A.SLA
B.AUP
C.NDA
D.BIA

Correct Answer: D

To create an effective business continuity plan, a firm should take these five steps:
Step 1: Risk Assessment
This phase includes:
Evaluation of the company's risks and exposures
Assessment of the potential impact of various business disruption scenarios Determination of the most likely threat scenarios Assessment of telecommunication recovery options and communication plans Prioritization of findings and development of a roadmap Step 2: Business Impact Analysis (BIA) During this phase we collect information on:
Recovery assumptions, including Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO) Critical business processes and workflows as well as the supporting production applications Interdependencies, both internal and external Critical staff including backups, skill sets, primary and secondary contacts Future endeavors that may impact recovery Special circumstances Pro tip: Compiling your BIA into a master list can be helpful from a wholistic standpoint, as well as helpful in identifying pain points throughout the organization.
Step 3: Business Continuity Plan Development
This phase includes:
Obtaining executive sign-off of Business Impact Analysis Synthesizing the Risk Assessment and BIA findings to create an actionable and thorough plan Developing department, division and site level plans Reviewing plan with key stakeholders to finalize and distribute Step 4: Strategy and Plan Development Validate that the recovery times that you have stated in your plan are obtainable and meet the objectives that are stated in the BIA. They should easily be available and readily accessible to staff, especially if and when a disaster were to happen. In the development phase, it's important to incorporate many perspectives from various staff and all departments to help map the overall company feel and organizational focus. Once the plan is developed, we recommend that you have an executive or management team review and sign off on the overall plan.
Step 5: Plan Testing & Maintenance
The final critical element of a business continuity plan is to ensure that it is tested and maintained on a regular basis. This includes:
Conducting periodic table top and simulation exercises to ensure key stakeholders are comfortable with the plan steps Executing bi-annual plan reviews Performing annual Business Impact Assessments

Question 118

A penetration tester successfully gained access to a company's network The investigating analyst determines malicious traffic connected through the WAP despite filtering rules being in place. Logging in to the connected switch, the analyst sees the following m the ARP table:

Which of the following did Ihe penetration tester MOST likely use?

A.Man in the middle
B.Evil twin
C.ARP poisoning
D.MAC cloning

Question 119

The Chief Information Security Officer (CISO) has decided to reorganize security staff to concentrate on incident response and to outsource outbound Internet URL categorization and filtering to an outside company.
Additionally, the CISO would like this solution to provide the same protections even when a company laptop or mobile device is away from a home office. Which of the following should the CISO choose?

A.CASB
B.Next-generation SWG
C.NGFW
D.Web-application firewall

Question 120

When implementing automation with loT devices, which of the following should be considered FIRST to keep the network secure?

A.Communication protocols
B.Z-Wave compatibility
C.Zigbee configuration
D.Network range

Question 116

Question 117

Question 118

Question 119

Question 120

Download PDF File