A security administrator performs weekly vulnerability scans on all cloud assets and provides a detailed report. Which of the following describes the administrator’s activities?
There is a different version of this question which seems mire accurate
A security administrator performs weekly vulnerability scans on all cloud assets and provides a detailed report. Which of the following describes the administrator's activities?
A. Continuous deployment
B. Continuous integration
C. Continuous validation
D. Continuous monitoring
In this case, answer is D
The administrator’s activities of performing weekly vulnerability scans on all cloud assets and providing a detailed report can be described as the actions of a D. Data processor. A data processor is responsible for processing data on behalf of a data controller. In this case, the security administrator is processing data related to the vulnerability scans and generating reports to provide information about the security of the cloud assets.
I have to go with B. C & D are roles not activities as the question states.
Continuous integration involves regularly integrating and testing code changes in an automated and systematic manner. In the context of security, this can include activities such as regular vulnerability scanning and reporting to ensure that cloud assets remain secure and up-to-date.
These are NOT activities.
C. Data owners
D. Data processor
Unfortunately, the best of the worst is B (continuous integration)
Note for the author of this question - stop the "continuous" idiocy
C. Data owners
They're all wrong.
Which one is the LEAST wrong.
Data Owner is the least wrong answer.
Data Owner – collects/creates the data.
legally responsible and accountable for protecting it and educating others about how to protect the data.
Nothing to do with Software development, so both "continuous integration" & "continuous development" are wrong.
The sys admin is running vulnerability scans against cloud assets.
This is not software development.
It's not a data processors.
The sys admin in this question is not "processing data". They are just running vulnerability scans on assets. That's not at all like "processing data".
It's also not doing anything on behalf of a data controller.
Going with B. Per professor messer notes security+ notes:
"Continuous integration (CI) • Code is constantly written –And merged into the central repository many times a day • So many chances for security problems –Security should be a concern from the beginning • Basic set of security checks during development –Documented security baselines as the bare minimum • Large-scale security analysis during the testing phase –Significant problems will have already been covered"
B. Continuous integration
Continuous integration (CI) is a software development practice where code changes are frequently integrated into a shared repository, and automated tests and builds are performed to ensure that new code does not introduce vulnerabilities or errors. In this context, the security administrator is regularly conducting vulnerability scans on cloud assets as part of a continuous integration process to identify and address security issues promptly.
I changed my mind, answer D
D. Data processor - Traditionally, this term refers to an entity that processes data on behalf of a data controller, especially in the context of data privacy and GDPR. However, in a broader context, if the data processor is tasked with managing and ensuring the security of that data, it could involve vulnerability scanning.
A. Continuous deployment - This pertains to the consistent and automated deployment of code into production. It's not related to security vulnerability scans.
B. Continuous integration - This is about merging all developers' working copies to a shared mainline several times a day. While CI does involve running tests to ensure code integrity, it doesn't necessarily refer to "weekly vulnerability scans on cloud assets."
C. Data owners - These are individuals or entities that have legal ownership and responsibility for data. They're not necessarily responsible for weekly vulnerability scans.
I would hope the question is like how BI1024 has shown with the alternative version, otherwise if this strange question pops up will go with D. The scans and report have to do with data storage which is something the data processor would do.
"Data Processor: The data processor operates on behalf of the data controller, ensuring that the collection, storage, and analysis of data is done in accordance with regulations (GDPR Article 30)."
-Security+ SY0-601 Certification Guide Second Edition by Ian Neil
How can data processor be an activity? I will go with B, this This process aligns with the principles of continuous integration by consistently and systematically identifying potential vulnerabilities in the cloud assets.
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Bl1024
Highly Voted 2Â years agoComPCertOn
1Â year, 7Â months agofouserd
Highly Voted 2Â years, 1Â month agoKelvinYau
Most Recent 7Â months, 2Â weeks agodbdbfb0
1Â year, 3Â months agoMF757
1Â year, 4Â months agoMortG7
1Â year, 5Â months agoganymede
1Â year, 6Â months agocyberPunk28
1Â year, 6Â months agoskuba_steve
1Â year, 7Â months ago[Removed]
1Â year, 8Â months agoJT4
1Â year, 9Â months agoexcelchips11
1Â year, 9Â months ago[Removed]
1Â year, 10Â months ago[Removed]
1Â year, 10Â months agoGamsje
1Â year, 11Â months agoLeonardSnart
1Â year, 12Â months agoXabovion
2Â years, 1Â month agoGamsje
1Â year, 11Â months agoApplebeesWaiter1122
2Â years, 1Â month ago