ST0-095 ST0-095 Symantec Technical Foundations Security Exam Set 2

An administrator wants to identify and monitor systems with weak or static passwords. Which Symantec solution can help collect this information?


Options are :

  • Critical System Protection
  • Control Compliance Suite (Correct)
  • Endpoint Protection
  • Data Loss Prevention

Answer : Control Compliance Suite

An employee's laptop was recently stolen, but their IT security department is confident that information on the hard drive will remain protected from being viewed. Which Symantec solution has IT deployed on the laptop?


Options are :

  • Data Loss Prevention
  • Critical System Protection
  • Endpoint Protection
  • Endpoint Encryption (Correct)

Answer : Endpoint Encryption

What is the name of the Symantec solution designed to develop and enforce IT policies?


Options are :

  • Security Information Manager
  • Control Compliance Suite (Correct)
  • IT Policy Suite
  • Security Compliance Manager

Answer : Control Compliance Suite

What is the Symantec Data Loss Prevention Suite?


Options are :

  • software that identifies viruses on a system and prevents the virus from destroying valuable data (Correct)
  • software that discovers where valuable data is stored and prevents the inappropriate transmission of that data
  • software that backs up valuable data on a regular basis and restores it from backup in the event of data loss
  • software that hardens the configuration of a critical server to prevent the theft of valuable data

Answer : software that identifies viruses on a system and prevents the virus from destroying valuable data

A cybercriminal is trying to get a foothold into an organization by exploiting a weakness in their web servers. What is the most common website vulnerability that can be used by cybercriminals?


Options are :

  • default credentials (Correct)
  • excessive directory access rights
  • open shares
  • limited user accounts

Answer : default credentials

What is the most common method bots use to extract data?


Options are :

  • RSS
  • FTP (Correct)
  • IRC
  • P2P

Answer : FTP

During a discussion with a customer, it is identified that they need better awareness of their hardware and software inventory. For example, they have a security policy to disallow DVD burners in their endpoints, yet they are lacking centralized inventory and reporting software to see if any endpoints have a DVD burner. Which Symantec suite is the most appropriate for this customer?


Options are :

  • IT Management Suite (Correct)
  • Data Loss Prevention Suite
  • Control Compliance Suite
  • Protection Suite

Answer : IT Management Suite

An employee has become disgruntled with their employer, a payroll software manufacturer, and one of the employee's friends works for a competitor. The employee copies some highly-confidential source code to a USB drive and gives the USB drive to their friend after work. Which source(s) of a breach are involved in this scenario?


Options are :

  • well-meaning insider and malicious insider
  • malicious insider only (Correct)
  • malicious insider and organized criminal
  • organized criminal only

Answer : malicious insider only

Which method did the MetaFisher bot use to extract data from a system?


Options are :

  • IRC
  • RSS
  • FTP (Correct)
  • peer to peer

Answer : FTP

A malicious insider was identified and recently terminated, and the organization wants to ensure that all company-owned hardware was returned by the employee. Which Symantec solution will help accomplish this?


Options are :

  • Critical System Protection
  • Endpoint Encryption
  • Altiris IT Management Suite (Correct)
  • Data Loss Prevention

Answer : Altiris IT Management Suite

Which global trade does the United States Federal Bureau of Investigation (FBI) say is smaller than the global market for illegally-obtained information, according to the Security Solutions 1.0 course?


Options are :

  • money laundering trade
  • human trafficking trade
  • arms trafficking trade
  • illegal drug trade (Correct)

Answer : illegal drug trade

What is the cybercriminal hoping to accomplish during the incursion phase?


Options are :

  • obtain authorized access to data or a system
  • gain unauthorized access to data or a system (Correct)
  • use a sniffer to capture data
  • perform scans to identify targets in the environment

Answer : gain unauthorized access to data or a system

A cybercriminal wants to break into an organization using a SQL injection attack. What will the cybercriminal do to start the attack?


Options are :

  • use SQL slammer malware
  • enter a command at a user prompt
  • locate a user input field on the company's web page (Correct)
  • gain administrative access to the database

Answer : locate a user input field on the company's web page

The security team of a major government agency discovers a breach involving employee data that has been leaked outside the agency. They discover that a software developer for the agency transferred employee data from a secure primary system to a secondary system, for the purpose of software development and testing. This secondary system was the target of a hacker. Which type of breach source(s) is this?


Options are :

  • cybercriminal only
  • cybercriminal and well-meaning insider (Correct)
  • malicious insider and cybercriminal
  • well-meaning insider only

Answer : cybercriminal and well-meaning insider

According to the Symantec research shared in the Security Solutions 1.0 course, which group is the number one source of IT security attacks?


Options are :

  • organized criminals (Correct)
  • corporate competitors
  • well-meaning insiders
  • malicious insiders

Answer : organized criminals

Why would a cybercriminal avoid using a trojan if they were trying to infect a lot of systems?


Options are :

  • End-users are aware of clicking on non-trusted executables.
  • Trojans only infect one system at a time. (Correct)
  • Trojans rarely carry payloads.
  • Trojans are easily caught by antivirus products.

Answer : Trojans only infect one system at a time.

Malware that contains a backdoor is placed on a system that will later be used by the cybercriminal to gain access to the system. The cybercriminal was successful in which phase of the breach?


Options are :

  • discovery
  • exfiltration
  • capture
  • incursion (Correct)

Answer : incursion

A cybercriminal wants to maintain future access to a compromised system. Which tool would the cybercriminal incorporate into malware to accomplish this?


Options are :

  • backdoor (Correct)
  • keylogger
  • rootkit
  • screen scraper

Answer : backdoor

Which Symantec solution informs an administrator that a particular server has excessive file system rights?


Options are :

  • Altiris IT Management Suite
  • Control Compliance Suite (Correct)
  • Security Information Manager
  • Endpoint Encryption

Answer : Control Compliance Suite

Which method would a cybercriminal most likely use in a drive-by download?


Options are :

  • spam with an attachment
  • SQL injection
  • whaling with a link to click on
  • cross-site request forgery (Correct)

Answer : cross-site request forgery

Which type of attack does a cybercriminal use to convince individuals to respond with sensitive information?


Options are :

  • malware
  • phishing
  • cross-scripting
  • spam (Correct)

Answer : spam

An end-user has mistakenly copied sensitive data into an email and attempted to send it outside the company. The email is quarantined, and the user's immediate manager receives a notification detailing the policy violation. An additional notification is sent to IT Security, and an investigation is initiated. What does this scenario describe?


Options are :

  • employee behavior modification
  • incident response workflow (Correct)
  • sensitive data identification
  • centralized compliance reporting

Answer : incident response workflow

Which statement reflects a risk-based security program?


Options are :

  • We are in the process of identifying the systems impacted by PCI regulations.
  • We are in the process of identifying the appropriate controls related to our PCI environment.
  • We are in the process of identifying the business impact related to our PCI environment. (Correct)
  • We are in the process of identifying the effectiveness of the security in our PCI environment.

Answer : We are in the process of identifying the business impact related to our PCI environment.

Which two core processes can a workflow solution manage to help mitigate security risks? (Select two.)


Options are :

  • risk assessment control
  • access control
  • server management
  • escalation management (Correct)
  • change control (Correct)

Answer : escalation management change control

What are the deployment phases of an information protection solution?


Options are :

  • workflow, quarantine, remediation, and compliance
  • baseline, remediation, notification, and prevention (Correct)
  • endpoint, network, storage, and protection
  • blocking, workflow, policies, and detection

Answer : baseline, remediation, notification, and prevention

What is the primary benefit of network intrusion prevention on the host?


Options are :

  • blocks access to unauthorized or potentially dangerous websites
  • blocks threats before any files are written to the hard drive (Correct)
  • prevents protected systems from accessing unprotected resources
  • prevents unprotected systems from accessing protected resources

Answer : blocks threats before any files are written to the hard drive

What are two conditions driving the need for endpoint security? (Select two.)


Options are :

  • Network firewalls are unable to allow, deny, or manipulate data traffic.
  • Spam email makes up 87% of all email traffic coming into an organization.
  • Mobile computers and removable devices allow for rapid propagation of threats. (Correct)
  • Network perimeters are frequently ill-defined and provide multiple access points. (Correct)
  • The severity of traditional network-based threats have been on the decline

Answer : Mobile computers and removable devices allow for rapid propagation of threats. Network perimeters are frequently ill-defined and provide multiple access points.

What are two benefits of automatically protecting confidential information? (Select two.)


Options are :

  • assuring enforcement of data protection policies (Correct)
  • gaining an inventory of sensitive data for IT audits
  • measuring employees' understanding of data security policies
  • preventing the loss of intellectual property (Correct)
  • preventing malware from entering an organization

Answer : assuring enforcement of data protection policies preventing the loss of intellectual property

What is the primary goal when creating a security policy?


Options are :

  • to protect information (Correct)
  • to ensure systems have updated patches
  • to report on system configuration
  • to assist in the compliance process

Answer : to protect information

How does patch management enhance security within an environment?


Options are :

  • It identifies and remediates software and operating system vulnerabilities. (Correct)
  • It provides change management to the environment when vulnerabilities exist.
  • It tracks assets and determines if changes have occurred on those assets.
  • It performs an inventory scan of a computer to collect hardware information.

Answer : It identifies and remediates software and operating system vulnerabilities.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions