ST0-095 - Symantec Technical Foundations: Security Solutions 1.0 (STS)

Go back to Symantec

Example Questions

A cybercriminal wants to break into an organization using a SQL injection attack. What will the cybercriminal do to start the attack? A cybercriminal wants to maintain future access to a compromised system. Which tool would the cybercriminal incorporate into malware to accomplish this? The security team of a major government agency discovers a breach involving employee data that has been leaked outside the agency. They discover that a software developer for the agency transferred employee data from a secure primary system to a secondary system, for the purpose of software development and testing. This secondary system was the target of a hacker. Which type of breach source(s) is this? A malicious insider was identified and recently terminated, and the organization wants to ensure that all company-owned hardware was returned by the employee. Which Symantec solution will help accomplish this? An employee has become disgruntled with their employer, a payroll software manufacturer, and one of the employee's friends works for a competitor. The employee copies some highly- confidential source code to a USB drive and gives the USB drive to their friend after work. Which source(s) of a breach are involved in this scenario? Which two pieces of information from a customer help to uncover a need for the Altiris IT Management Suite? (Select two.) An administrator wants to identify and monitor systems with weak or static passwords. Which Symantec solution can help collect this information? What is the Symantec Data Loss Prevention Suite? What does a cybercriminal insert into a web page to perform a cross-site scripting attack? Which type of product should a company use to identify installed software to determine licensing compliance? Which malware identification technique blocks all applications and processes from running, unless they are legitimate and appropriate software as determined by a security policy? An employee has become disgruntled with their employer, a payroll software manufacturer, and one of the employee's friends works for a competitor. The employee copies some highlyconfidential source code to a USB drive and gives the USB drive to their friend after work. Which source(s) of a breach are involved in this scenario? What are two benefits of hardware device control? (Select two.) What is the goal of a denial of service attack? What is a mandate, as defined in the Security Solutions 1.0 course? How can a security professional within an organization become viewed as a business partner to an executive? Which Symantec solution can identify and block a malicious file from being downloaded in an HTTP session? What drives consultative conversations and establishes credibility with an organization? software that discovers where valuable data is stored and prevents the inappropriate transmission of that data Which component of Symantec Security Information Manager (SSIM) helps companies determine a potential threat in real-time? According to the Symantec research shared in the Security Solutions 1.0 course, which group is the number one source of IT security attacks? Which two core processes can a workflow solution manage to help mitigate security risks? (Select two.) What is an example of fan-out remediation involving information protection incidents? What is a key benefit of integrating multiple security-related solutions? What is global reputation analysis ineffective against? What is the primary benefit of hard drive encryption? An employee's computer was recently infected by a virus due to opening an attachment received through email. Which Symantec solution could have prevented this? What are two examples of breaches caused by a well-meaning insider? (Select two.) What are the three types of scans used to identify systems? Which action can be performed when using IT asset management (ITAM) when an employee leaves the organization? How does a workflow solution work with collaborative applications? What is the ultimate enforcement level for information protection? Which statement reflects a risk-based security program? How does a denial of service attack work? Last year a company had an incident where several notebooks belonging to executives were stolen from their cars. These notebooks could have contained information that, if put into the wrong hands, would have presented a large risk. Which two solutions can reduce the risk associated with this scenario? (Select two.) Which method would a cybercriminal most likely use in a drive-by download? What are two conditions driving the need for endpoint security? (Select two.) Which WO topics did Art Gilliland state in the Security Solutions 1.0 course as areas that Symantec plans to invest in? (Select Two.) What are the benefits of security information and event management? Which two technologies can reduce the amount of spam received by an organization when deploying a message gateway protection solution? (Select two.) Which trend did Art Gilliland discuss in the Security Solutions 1.0 course as a primary driver for the security vision of Symantec? What is the most common method bots use to extract data? Which two events could potentially be seen by a network monitoring solution in the context of information protection? (Select two.) An organization has a requirement to ensure they are meeting industry best practices for securing their IT environment. Which strategy is appropriate for this organization? What are the benefits of log management? What does patch management need to accurately target computers within an environment? What are two benefits of automatically protecting confidential information? (Select two.) Which global trade does the United States Federal Bureau of Investigation (FBI) say is smaller than the global market for illegally-obtained information, according to the Security Solutions 1.0 course? Which type of attack does a cybercriminal use to convince individuals to respond with sensitive information? Malware that contains a backdoor is placed on a system that will later be used by the cybercriminal to gain access to the system. The cybercriminal was successful in which phase of the breach?