SY0-601 Exam QuestionsBrowse all questions from this exam
Go to Exam

SY0-601 Exam - Question 295

The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, including during a pandemic or crisis. However, the CEO is concerned that some staff members may take advantage of the flexibility and work from high-risk countries while on holiday or outsource work to a third-party organization in another country. The Chief Information Officer (CIO) believes the company can implement some basic controls to mitigate the majority of the risk. Which of the following would be BEST to mitigate the CEO's concerns? (Choose two.)

Show Answer
Correct Answer: ACE

To mitigate the CEO's concerns effectively, both geolocation and certificates should be implemented. Geolocation can restrict access based on the physical location of the employees, ensuring they do not work from high-risk countries. Certificates can authenticate devices, ensuring that only authorized devices can connect to the company's network, which helps to prevent employees from outsourcing work to third-party organizations.

Discussion

17 comments
Sign in to comment
560examOptions: AB
Dec 4, 2022

The correct answer is AB imo. Geolocation , Time of day restriction.

[Removed]
Dec 4, 2022

I agree with AB

demianUYOptions: AC
Oct 17, 2023

Most people chose AB, but I believe that is incorrect. The question presents TWO issues to address: 1) Ensuring that employees do not work from a high-risk country while on vacation. 2) Preventing employees from outsourcing their work. The Geolocation answer addresses the first concern of the CISO, which is to prevent employees from working from other countries or high-risk countries. The other chosen answer (time of day restrictions) does not address the second concern of the CISO. Therefore, among the remaining answers, the only one that seems to address that concern is certificate-based authentication, which would allow only authorized devices with the installed certificate to work and connect to the company, preventing a third party from doing so.

klinkklonk
Jan 24, 2024

Geolocation prevents high risk countries and outsourcing. The CEO wants work done only during business hours also. So it's AB

LinkinTheStinkin
Feb 9, 2024

It's A & B ... "work from home anytime during business hours,"

RobDocOptions: AC
Jan 4, 2024

I think is A and C A) Geolocation: this would help in restricting access based on the physical location. C) Certificates: This can help mitigate the risk of unauthorized access, especially from third-party organizations. How does "Time of day restriction" address the concern of preventing employees from outsourcing work to a third-party organization?

bb6a612
May 10, 2024

I thought so too, but it states that the third-party is located in another country, so that falls under geolocation.

ApplebeesWaiter1122Options: AB
Jul 1, 2023

A. Geolocation: Implementing geolocation controls can help restrict access based on the physical location of the users. By defining approved locations or blocking high-risk countries, the organization can ensure that remote work is limited to authorized regions. B. Time-of-day restrictions: Enforcing time-of-day restrictions can limit remote access to specific business hours or predefined timeframes. This control ensures that employees cannot work from any location outside of designated working hours.

sarah2023
Aug 26, 2023

Isn't this the defenition of Geofencing though?

Afel_Null
Oct 8, 2023

Geolocating is just determining location via GPS. Geofencing is actively blocking access based on GPS. Geotagging is adding geographical information to other data. Geofencing would be better, but we don't have that as an answer.

ballap
Jan 26, 2024

If Geolocating is just "determining a location" it isn"t a security measure is it. We can"t just use this coz geofencing isn't there. If anyone can explain how geolocation is a security measure, please explain

user82Options: BF
Apr 23, 2023

Chatgpt says B and F. When I pressed further it said A could also be an answer but the best two answers are B and F.

maynasOptions: BF
Aug 5, 2023

answers are B and F. B. Time-of-day restrictions: Implementing time-of-day restrictions would allow the organization to define specific business hours during which staff members are allowed to work from home. Outside of these hours, remote access could be limited or restricted entirely, reducing the likelihood of staff members working from high-risk countries during non-business hours or while on holiday. F. Role-based access controls: Role-based access controls (RBAC) would help the organization control and limit the activities that staff members can perform based on their roles and responsibilities. By defining appropriate access rights and permissions for each role, the CEO can ensure that staff members do not have the ability to outsource work to third-party organizations or perform tasks that are beyond their designated responsibilities.

shaneo007Options: AF
Jan 11, 2024

Answer A. Geolocation F. Role-based access controls

workhardOptions: AB
Apr 15, 2023

I agree that AB is the answer. The reason why I chose B (Time-of-day restrictions) is that the CEO would like people to work from home anytime DURING BUSINESS HOURS, which makes sense because having people connecting to the corporate network 24/7 could create the need for more security monitoring and become expensive for the company if they dont need people working outside business hours.

AmesCB
Aug 2, 2023

your selections do not address the fact that they can outsource work to a third-party organization in another country. what if the third party org works within their business hours?

Afel_Null
Oct 8, 2023

That's what geolocation is for. The only other option is access control, but how exactly is it going to stop someone from sending data to other firm to work on it, then send results? You'd need to use thin-clients, or VDI with restricted access.

MyBJ
Aug 3, 2023

Answer is C & E. The risks are "...work from high-risk countries while on holiday or outsource work to a third-party organization in another country." The first issue will be addressed by Geotagging and the outsourcing risk will definitely be prevented by validating the certificates.

sujon_londonOptions: AB
Aug 24, 2023

These two are priority basis over others

Teleco0997Options: AB
Nov 18, 2023

this question is also a few pages before a bit differently worded agreed it is A and B

TheExileOptions: AC
Dec 16, 2023

Geolocation will prevent users from operating inside high risk countries and certificates will prevent the outsourcing of work to 3rd party organizations.

klinkklonkOptions: AB
Jan 24, 2024

Geolocation to stop outsourcing. Time ODR as the CEO only wants people working during business hours.

6809276Options: AC
Feb 23, 2024

AC because the CEO allow "anytime of day" which eliminate time of day restriction.

64d2259
Mar 26, 2024

" anytime during business hours" Business hours are not the same depending on your time zome

_deleteme_Options: AC
Feb 26, 2024

Key words "high risk country" and "Outsource work to a 3rd party". Geolocation covers the high risk country and would also include the time and day of the country. Certificates takes care of making sure the work is not outsourced because it binds to the users ID.

NetworkTester1235Options: AB
Apr 15, 2024

AB. Reasoning: The CEO wants staff to be able to work from home "anytime during business hours", and away from "high-risk countries". Time of day restriction fits with B, Geolocation fits with the location.

MALEKMALAHIOptions: AC
Jul 12, 2024

Geolocation can prevent employees from working from high-risk countries or unauthorized locations. Certificates can authenticate the employee's device, ensuring that only approved devices (and thereby, presumably, employees) can access company systems. This helps mitigate the risk of employees outsourcing work to third-party organizations in other countries.