Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam SY0-601 topic 1 question 596 discussion

Actual exam question from CompTIA's SY0-601
Question #: 596
Topic #: 1
[All SY0-601 Questions]

A security engineer is hardening existing solutions to reduce application vulnerabilities. Which of the following solutions should the engineer implement FIRST? (Choose two.)

  • A. Auto-update
  • B. HTTP headers
  • C. Secure cookies
  • D. Third-party updates
  • E. Full disk encryption
  • F. Sandboxing
  • G. Hardware encryption
Show Suggested Answer Hide Answer
Suggested Answer: AF 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
NetTech
Highly Voted 10 months, 3 weeks ago
Selected Answer: AF
The scenario doesn't specify a web application. I just assumed a locally ran application so I chose A&F. Poorly worded question.
upvoted 18 times
Yomzie
5 months, 1 week ago
It's A & D. Hardening existing applications will derive no benefits whatsoever, from "Sandboxing." However, aside enabling Auto-Updates of their applications, they might also want to safeguard 3rd-Party Solutions (CRM, ERP, Web-based solutions, etc) by ensuring they are regularly patched/updated. Every other options would be "chasing shadows."
upvoted 7 times
jkalfo
11 hours, 47 minutes ago
Ok so i wasnt the only one thinking this way by how the question is worded. Im not understanding what sandboxing has to do with hardening the vulnerabilities right now when it could be as easy as updating and auto updating. idk maybe im wrong though
upvoted 1 times
...
...
...
ApplebeesWaiter1122
Highly Voted 11 months, 3 weeks ago
Selected Answer: BC
B. HTTP headers: Configuring secure HTTP headers can help protect against various web application vulnerabilities, such as cross-site scripting (XSS), clickjacking, and certain types of information leakage. C. Secure cookies: Ensuring that cookies are secure and properly configured helps prevent various attacks like session hijacking and cookie tampering.
upvoted 10 times
sujon_london
9 months, 3 weeks ago
If it were web then B n C could be answer. But it’s not the case here. It’s general context reduce application vulnerabilities
upvoted 5 times
BD69
3 months, 1 week ago
auto-update does not reduce application vulnerabilities, per se. They can actually increase vulnerabilities in many cases. Also, updates can be for new features and, in the enterprise environment, auto-updating can destabilize many systems (making the less secure), why you should test thoroughly before doing so. Sandboxing doesn't actually fix vulnerabilities in apps nor does it harden them, it merely mitigates them (the apps, themselves, are still vulnerable).
upvoted 2 times
...
...
ccnaexam28
11 months, 2 weeks ago
makes sense if we are assuming this is about a WEB application which is not specified in the question.
upvoted 10 times
...
...
SUZII
Most Recent 2 months, 1 week ago
Selected Answer: AF
https://checklist.gg/templates/software-hardening-checklist
upvoted 2 times
...
russian
2 months, 1 week ago
Selected Answer: AB
A. Auto-update B. HTTP headers Auto-update ensures that software remains up-to-date with the latest security patches, addressing known vulnerabilities promptly. Configuring HTTP headers properly enhances web application security by mitigating common web-based attacks. These proactive measures can significantly reduce the attack surface and strengthen the overall security posture of the applications.
upvoted 1 times
...
ps1hacker
2 months, 4 weeks ago
Selected Answer: AD
Going a bit against the grain and saying A&D. Since it asks what should be done first. Sandboxing or HTTP stuff is nice in certain cases, but if your software isn't patched then that's the number one way it will become vulnerable. Whether it's first party or third party.
upvoted 2 times
...
_deleteme_
3 months ago
AF- Auto-update ensures that all software has the latest security patches, minimizing security risks. Sandboxing is a security mechanism for separating running programs, often used to execute untested codes, preventing software vulnerabilities from spreading across the system
upvoted 1 times
...
BD69
3 months, 1 week ago
Selected Answer: BC
Auto-update is not hardening, so it's out. B & C are application hardening methods (for web apps including intranet apps - which is extremely common today) D is not hardening, per se - (one bad update can weaken a system - ask Microsoft) E & G are not application hardening, either (they protect data at rest, not really the application) F is a hardening technique for an entire system - not really just an application
upvoted 1 times
glenndexter
1 month, 4 weeks ago
who told you auto-update is not a hardening technique? I would advise you to read more before posting, unless you are really sure, as this is causing so much confusion.. https://checklist.gg/templates/software-hardening-checklist
upvoted 1 times
...
...
francuza
4 months ago
sandboxing for testing new patches or updates and auto update after sandboxing result
upvoted 1 times
xihjr
3 months, 1 week ago
sandboxing is used for containment/isolation. for example, a web browser can be run in a sandbox to mitigate attacks through the browser (i.e. malvertising, drive-by downloads, browser zero-days, etc). IOS employ sandboxing for all its running apps. sandboxing can be used for testing but it's not the sole purpose
upvoted 1 times
BD69
3 months, 1 week ago
sandboxing doesn't technically reduce application vulnerabilities, it merely mitigates risk. The apps, themselves, are still vulnerable.
upvoted 1 times
...
...
...
slapster
4 months, 2 weeks ago
Selected Answer: BC
As usual, we are stuck in uncertainty due to the poor wording of the question and are forced to make an inference. Personally, I like BC over AD. I think generally, CompTIA teaches us to be wary of auto-update policies in enterprise environments, and instead preaches the use of patch management suites. I think this can be attributed to auto-updates having the potential to cause compatibility, performance, and availability issues. I'm using similar reasoning to be wary of third-party updates -- patch management can help vet/schedule those updates so they are implemented seamlessly. Therefore, I'm more comfortable making the inference of web application security, resulting in my decision to select BC.
upvoted 3 times
...
Grahamtb
5 months ago
Selected Answer: BC
So with this question, all other options are things that are good security measures. A) A good Security Practice but not hardening. D) Same as A. E) a protective measure F) limits an applications “reach” so it doesn’t access other parts of the system. G) same as e. I could be wrong, but just based on the way the question was worded, and it is worded horribly, the only two that I could think would apply in this situation is B and C.
upvoted 1 times
BD69
3 months, 1 week ago
I picked B & C because they are specific to actual application hardening, not mitigating attack surface (sandboxing is not app hardening, but network hardening & risk mitigation)
upvoted 1 times
...
...
ganymede
5 months ago
Selected Answer: AD
A. Auto-update D. Third-party updates I've done some research on the top system hardening actions to take first. Multiple sources are saying that these are the most important things. -- Auto OS updates -- Keep third party software on the system patched.
upvoted 7 times
...
AceVander
7 months, 1 week ago
Since the question says "existing solutions" it makes me think this is in reference to third party software which could also be accessed via a web application. Based on the "existing solutions" I would use A.) Auto-update. F.) Sandboxing - I would consider this something I would do "FIRST" to mitigate application related vulnerabilities; especially if there is a third-party application with unpatchable vulnerabilities.
upvoted 1 times
...
fryderyk
8 months, 1 week ago
The question seems to lack any meaningful context. What type of application is it? What is the environment? Some folks here assume a web app, but I would not be so sure.
upvoted 4 times
...
Cisco103
9 months, 2 weeks ago
Selected Answer: AF
seem like all answer last 20Q before and after this Q is right, why this is wrong ?
upvoted 3 times
...
32d799a
9 months, 2 weeks ago
Selected Answer: AC
A. Auto-update: Implementing auto-updates ensures that your applications are always running the most recent and secure versions C. Secure cookies: Many web applications use cookies to maintain session state and store user-specific information. If these cookies are compromised, it could lead to session hijacking or unauthorized access.
upvoted 1 times
...
addcomptia
9 months, 2 weeks ago
who has written exam
upvoted 1 times
...
sujon_london
9 months, 3 weeks ago
Selected Answer: AF
In a general context where the goal is to reduce application vulnerabilities, it’s reasonable to prioritize measures that address common software vulnerabilities and protect against potential threats. Sandboxing often takes priority because it directly mitigates application-related vulnerabilities and helps prevent malicious code or actions within an application from affecting the broader system. Full disk encryption, while important for data security, primarily addresses data-at-rest protection.While valuable, it doesn’t directly reduce application vulnerabilities So, when the goal is to reduce application vulnerabilities, prioritizing sandboxing over full disk encryption makes more sense.
upvoted 3 times
sujon_london
9 months, 3 weeks ago
Most of us here arguing based on web based application security or general context of app security at first instance. Indeed in question clearly said reduce app vulnerabilities. Not web applications just needs bit more scrutiny
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
ex Want to SAVE BIG on Certification Exam Prep?
close
ex Unlock All Exams with ExamTopics Pro 75% Off
  • arrow Choose From 1000+ Exams
  • arrow Access to 10 Exams per Month
  • arrow PDF Format Available
  • arrow Inline Discussions
  • arrow No Captcha/Robot Checks
Limited Time Offer
Ends in