ST0-095 - Symantec Technical Foundations: Security Solutions 1.0 (STS)
Go back to Symantec
A cybercriminal wants to break into an organization using a SQL injection attack. What will the cybercriminal do to start the attack?
locate a user input field on the company's web page
A cybercriminal wants to maintain future access to a compromised system. Which tool would the cybercriminal incorporate into malware to accomplish this?
The security team of a major government agency discovers a breach involving employee data that has been leaked outside the agency. They discover that a software developer for the agency transferred employee data from a secure primary system to a secondary system, for the purpose of software development and testing. This secondary system was the target of a hacker. Which type of breach source(s) is this?
cybercriminal and well-meaning insider
A malicious insider was identified and recently terminated, and the organization wants to ensure that all company-owned hardware was returned by the employee. Which Symantec solution will help accomplish this?
Altiris IT Management Suite
An employee has become disgruntled with their employer, a payroll software manufacturer, and one of the employee's friends works for a competitor. The employee copies some highly- confidential source code to a USB drive and gives the USB drive to their friend after work. Which source(s) of a breach are involved in this scenario?
malicious insider only
Which two pieces of information from a customer help to uncover a need for the Altiris IT Management Suite? (Select two.)
whether the customer is planning to migrate to Windows 7
whether the customer needs to prioritize and quickly deploy patches
An administrator wants to identify and monitor systems with weak or static passwords. Which Symantec solution can help collect this information?
Control Compliance Suite
What is the Symantec Data Loss Prevention Suite?
software that identifies viruses on a system and prevents the virus from destroying valuable data
What does a cybercriminal insert into a web page to perform a cross-site scripting attack?
client side scripts
Which type of product should a company use to identify installed software to determine licensing compliance?
Which malware identification technique blocks all applications and processes from running, unless they are legitimate and appropriate software as determined by a security policy?
An employee has become disgruntled with their employer, a payroll software manufacturer, and one of the employee's friends works for a competitor. The employee copies some highlyconfidential source code to a USB drive and gives the USB drive to their friend after work. Which source(s) of a breach are involved in this scenario?
malicious insider only
What are two benefits of hardware device control? (Select two.)
prevents propagation of malicious code
reduces the risk of confidential data loss
What is the goal of a denial of service attack?
to exploit a weakness in the TCP/IP stack
What is a mandate, as defined in the Security Solutions 1.0 course?
an internal or external set of requirements
How can a security professional within an organization become viewed as a business partner to an executive?
by articulating risk in terms of financial value
Which Symantec solution can identify and block a malicious file from being downloaded in an HTTP session?
What drives consultative conversations and establishes credibility with an organization?
providing industry insight
software that discovers where valuable data is stored and prevents the inappropriate transmission of that data
how employees back up data on their laptops and cell phones
Which component of Symantec Security Information Manager (SSIM) helps companies determine a potential threat in real-time?
According to the Symantec research shared in the Security Solutions 1.0 course, which group is the number one source of IT security attacks?
Which two core processes can a workflow solution manage to help mitigate security risks? (Select two.)
What is an example of fan-out remediation involving information protection incidents?
Incidents go to a core incident response team and then to an escalation team.
What is a key benefit of integrating multiple security-related solutions?
consolidates critical data from separate security solutions
What is global reputation analysis ineffective against?
small targeted spam attacks
What is the primary benefit of hard drive encryption?
provides non-repudiation for the transmission of data through email
An employee's computer was recently infected by a virus due to opening an attachment received through email. Which Symantec solution could have prevented this?
What are two examples of breaches caused by a well-meaning insider? (Select two.)
emailing a confidential file to the wrong Outlook recipient by mistake
leaving an unencrypted laptop at an airport security checkpoint
What are the three types of scans used to identify systems?
port, network, and vulnerability
Which action can be performed when using IT asset management (ITAM) when an employee leaves the organization?
extract software licenses from their laptop for re-purposing
How does a workflow solution work with collaborative applications?
It streamlines tasks and connects independent business applications.
What is the ultimate enforcement level for information protection?
prevention and protection
Which statement reflects a risk-based security program?
We are in the process of identifying the business impact related to our PCI environment.
How does a denial of service attack work?
It prevents a legitimate user from using a system or service.
Last year a company had an incident where several notebooks belonging to executives were stolen from their cars. These notebooks could have contained information that, if put into the wrong hands, would have presented a large risk. Which two solutions can reduce the risk associated with this scenario? (Select two.)
Data Loss Prevention
Which method would a cybercriminal most likely use in a drive-by download?
cross-site request forgery
What are two conditions driving the need for endpoint security? (Select two.)
Network perimeters are frequently ill-defined and provide multiple access points.
Mobile computers and removable devices allow for rapid propagation of threats.
Which WO topics did Art Gilliland state in the Security Solutions 1.0 course as areas that Symantec plans to invest in? (Select Two.)
cross-product management and reporting
What are the benefits of security information and event management?
quickly identifying security breaches and reducing vulnerabilities
Which two technologies can reduce the amount of spam received by an organization when deploying a message gateway protection solution? (Select two.)
Which trend did Art Gilliland discuss in the Security Solutions 1.0 course as a primary driver for the security vision of Symantec?
complexity of the infrastructure
What is the most common method bots use to extract data?
Which two events could potentially be seen by a network monitoring solution in the context of information protection? (Select two.)
a hacker exfiltrating data out of an organization
a malicious insider emailing data out of an organization
An organization has a requirement to ensure they are meeting industry best practices for securing their IT environment. Which strategy is appropriate for this organization?
What are the benefits of log management?
root cause analysis and regulatory compliance
What does patch management need to accurately target computers within an environment?
an accurate up-to-date inventory
What are two benefits of automatically protecting confidential information? (Select two.)
assuring enforcement of data protection policies
preventing the loss of intellectual property
Which global trade does the United States Federal Bureau of Investigation (FBI) say is smaller than the global market for illegally-obtained information, according to the Security Solutions 1.0 course?
illegal drug trade
Which type of attack does a cybercriminal use to convince individuals to respond with sensitive information?
Malware that contains a backdoor is placed on a system that will later be used by the cybercriminal to gain access to the system. The cybercriminal was successful in which phase of the breach?