SY0-701 Exam Questions

A company wants to track modifications to the code used to build new virtual servers. Which of the following will the company most likely deploy?

Which of the following should an organization focus on the most when making decisions about vulnerability prioritization?

Company A jointly develops a product with Company B, which is located in a different country. Company A finds out that their intellectual property is being shared with unauthorized...

Which of the following most accurately describes the order in which a security engineer should implement secure baselines?

Which of the following are the best security controls for controlling on-premises access? (Select two.)

While a user reviews their email, a host gets infected by malware from an external hard drive plugged into the host. The malware steals all the user's credentials stored in the bro...

Which of the following is the best way to validate the integrity and availability of a disaster recovery site?

While conducting a business continuity tabletop exercise, the security team becomes concerned by potential impacts if a generator fails during failover. Which of the following is t...

Which of the following is a possible consequence of a VM escape?

Which of the following is prevented by proper data sanitization?

Which of the following is the best way to prevent an unauthorized user from plugging a laptop into an employee's phone network port and then using tools to scan for database server...

Which of the following describes the procedures a penetration tester must follow while conducting a test?

Which of the following is the stage in an investigation when forensic images are obtained?

A security analyst learns that an attack vector, used as part of a recent incident, was a well- known IoT device exploit. The analyst needs to review logs to identify the time of t...

A group of developers has a shared backup account to access the source code repository. Which of the following is the best way to secure the backup account if there is an SSO failu...

Which of the following threat actors would most likely deface the website of a high-profile music group?

Which of the following best describes the concept of information being stored outside of its country of origin while still being subject to the laws and requirements of the country...

Which of the following should a company use to provide proof of external network security testing?

Which of the following allows a systems administrator to tune permissions for a file?

Which of the following would a security administrator use to comply with a secure baseline during a patch update?

A systems administrator receives a text message from an unknown number claiming to be the Chief Executive Officer of the company. The message states an emergency situation requires...

A company is aware of a given security risk related to a specific market segment. The business chooses not to accept responsibility and target their services to a different market...

A company wants to improve the availability of its application with a solution that requires minimal effort in the event a server needs to be replaced or added. Which of the follow...

Which of the following types of vulnerabilities is primarily caused by improper use and management of cryptographic certificates?

A security administrator is addressing an issue with a legacy system that communicates data using an unencrypted protocol to transfer sensitive data to a third party. No software u...

Which of the following should be used to ensure a device is inaccessible to a network-connected resource?

A security engineer at a large company needs to enhance IAM to ensure that employees can only access corporate systems during their shifts. Which of the following access controls s...

Which of the following digital forensics activities would a security team perform when responding to legal requests in a pending investigation?

Which of the following would be the greatest concern for a company that is aware of the consequences of non-compliance with government regulations?

An organization has a new regulatory requirement to implement corrective controls on a financial system. Which of the following is the most likely reason for the new requirement?

Various company stakeholders meet to discuss roles and responsibilities in the event of a security breach affecting offshore offices. Which of the following is this an example of?

Which of the following is an example of a data protection strategy that uses tokenization?

Which of the following aspects of the data management life cycle is most directly impacted by local and international regulations?

An organization is developing a security program that conveys the responsibilities associated with the general operation of systems and software within the organization. Which of t...

A systems administrator creates a script that validates OS version, patch levels, and installed applications when users log in. Which of the following examples best describes the p...

Which of the following threat actors is the most likely to seek financial gain through the use of ransomware attacks?

Which of the following would a systems administrator follow when upgrading the firmware of an organization's router?

The security team has been asked to only enable host A (10.2.2.7) and host B (10.3.9.9) to the new isolated network segment (10.9.8.14) that provides access to legacy devices. Acce...

SIMULATION 2 A security analyst is creating the first draft of a network diagram for the company's new customer- facing payment application that will be hosted by a third-party clo...

A systems administrator needs to ensure the secure communication of sensitive data within the organization's private cloud. Which of the following is the best choice for the admini...

Which of the following should an internal auditor check for first when conducting an audit of the organization's risk management program?

Which of the following activities are associated with vulnerability management? (Choose two.)

An administrator wants to perform a risk assessment without using proprietary company information. Which of the following methods should the administrator use to gather information...

A systems administrator is concerned about vulnerabilities within cloud computing instances. Which of the following is most important for the administrator to consider when archite...

A database administrator is updating the company's SQL database, which stores credit card information for pending purchases. Which of the following is the best method to secure the...

Which of the following is a benefit of vendor diversity?

An employee used a company's billing system to issue fraudulent checks. The administrator is looking for evidence of other occurrences of this activity. Which of the following shou...

An organization is looking to optimize its environment and reduce the number of patches necessary for operating systems. Which of the following will best help to achieve this objec...

Which of the following is a risk of conducting a vulnerability assessment?

Which of the following techniques would attract the attention of a malicious attacker in an insider threat scenario?