ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-501 All Questions

View all questions & answers for the SY0-501 exam
Go to Exam

Exam SY0-501 topic 1 question 611 discussion

Actual exam question from CompTIA's SY0-501
Question #: 611
Topic #: 1
[All SY0-501 Questions]

After a security assessment was performed on the enterprise network, it was discovered that:
1. Configuration changes have been made by users without the consent of IT.
2. Network congestion has increased due to the use of social media.
3. Users are accessing file folders and network shares that are beyond the scope of their need to know.
Which of the following BEST describe the vulnerabilities that exist in this environment? (Choose two.)

  • A. Poorly trained users
  • B. Misconfigured WAP settings
  • C. Undocumented assets
  • D. Improperly configured accounts
  • E. Vulnerable business processes
Show Suggested Answer Hide Answer
Suggested Answer: AD 🗳️
by Mat_2019 at Oct. 25, 2019, 9:45 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
The_Temp
Highly Voted 5 years, 2 months ago
I chose AD as well. My reasoning is below: A) Clearly users haven't been trained not to use social media at work as network congestion has increased due to the use of social media. D) Clearly users accounts are improperly configured as they are accessing file folders and network shares that are beyond the scope of their need to know.
upvoted 23 times
The_Temp
5 years, 2 months ago
I wouldn't have said E as there's no indication that a business process is indeed vulnerable. I can see how you could infer that one is, but it isn't explicitly stated in the question.
upvoted 6 times
FNavarro
4 years, 3 months ago
If Amy the Administrative Assistant can access invoices and financial statements from accounting .... then my business process is vulnerable
upvoted 2 times
...
...
Tzu
5 years, 2 months ago
I agree with this because trained users with least privilege would’ve curtailed this.
upvoted 1 times
...
FNavarro
4 years, 3 months ago
"Configuration changes have been made by users without the consent of IT" They've been trained... They just don't care
upvoted 2 times
Heymannicerouter
4 years, 2 months ago
If accounts had been configured properly then they wouldn't be able to make config changes.
upvoted 2 times
...
...
...
Mat_2019
Highly Voted 5 years, 7 months ago
I would have said DE
upvoted 19 times
...
hy_n_bkhool
Most Recent 3 years, 10 months ago
usually social media is blocked at organizations, hence, E may be the option instead of A
upvoted 1 times
...
Funkydave
4 years, 2 months ago
D. Users are configured as admin E. On boarding or permission approval process is faulty allowing user to have wrong role
upvoted 2 times
...
leesuh
4 years, 2 months ago
A and D are the best answers but if i can choose more than two, E would absolutely be on that list. Being able to access files beyond the scope of their need to know sounds like a vulnerable business process to me.
upvoted 2 times
...
Miltduhilt
4 years, 4 months ago
Answer: D, E Explanation: Users can make configuration changes and they can access folders and shares beyond their job requirements, so their accounts are improperly configured. Social media use is virtually unchecked, so there are vulnerable business practices.
upvoted 1 times
...
babati
4 years, 10 months ago
Personnel use social media and personal email accounts in ways that bring risk to the organization—Remind the employee of the policy and inform them of how divulging too much information on social media can help attackers.
upvoted 1 times
...
nonee
4 years, 11 months ago
I would say that the question did not mention the expantion of any one usiness process so one must assume that either the persone setting up the permisions messed up or training was not done. Again we all know that we can do all the training in the world and employees will do what they can get away with but with the information giving and not wanting to point figures training sounds good to me.
upvoted 1 times
...
Mobeus
5 years, 3 months ago
i agree. The users were certainly trained well enough to modify the network configuration!
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel