SY0-701 Exam Questions

A penetration tester was able to gain unauthorized access to a hypervisor platform. Which of the following vulnerabilities was most likely exploited?

An attacker defaces a company's website and refuses to relinquish control until the company removes specific harmful chemicals from its products. Which of the following best descri...

A company uses a cloud-based server for file storage and wants to ensure the security of its data in transit. Which of the following should the company use to secure this type of c...

An organization found gaps in its software development environment and is implementing compensating controls to better protect its systems from external threats. Which of the follo...

Which of the following is a qualitative approach to risk analysis?

Which of the following provides resilience by hosting critical VMs within different IaaS providers while being maintained by internal application owners?

An organization keeps servers with confidential information in the same network as workstations. An attacker compromises a workstation and moves laterally to a server. Which of the...

An administrator needs to ensure all emails sent and received by a specific address are stored in a non-alterable format. Which of the following best describes this forensic concep...

A company recently purchased a new building that does not have an existing wireless or wired infrastructure. A network engineer at the company needs to determine the placement of t...

Which of the following should a systems administrator do after performing remediation activities?

An organization wants to increase an application's resiliency by configuring access to multiple servers in the organization's geographically dispersed environment. Which of the fol...

A user attempts to send an invoice to a customer. When the user follows up with the customer to see if the invoice was received, the customer informs the user that it went to the s...

A database engineer needs sample customer data for testing purposes. Which of the following can prevent unauthorized viewing or disclosure of PII?

A user sends an email that includes a digital signature for validation. Which of the following security concepts would ensure a user cannot deny they sent the email?

A company's leadership team wants to ensure employees only print business-related documents on company printers. Which of the following documents should the company add this direct...

An employee receives from a vendor a marketing communication email that includes an attachment. When the employee opens the attachment, the employee's screen displays odd text requ...

Which of the following is a technical security control?

An organization decides that most employees will work remotely. The existing VPN solution does not have adequate bandwidth, and the content filtering proxy is on premises. Which of...

Which of the following is the most likely reason a security analyst would review SIEM logs?

Which of the following would help reduce alert fatigue?

Which of the following options most efficiently maintains a system state in the event of a system failure?

During a SQL update of a database, a temporary field used as part of the update sequence was modified by an attacker before the update completed in order to allow access to the sys...

The board of a company needs to tell the leadership team which activities are too risky to undertake during business operations. Which of the following risk management strategies d...

A systems administrator wants to use a technical solution to explicitly define file permissions for the entire team. Which of the following should the administrator implement?

A company is concerned with supply chain compromise of new servers and wants to limit this risk. Which of the following should the company review first?

A security analyst receives an alert from a front-end web server connected to a database back end. The alert contains the following logs: Which of the following attacks is occurrin...

Which of the following data types relates to data sovereignty?

A penetration test reveals that users can easily access internal VLANs from the company's guest Wi-Fi. Which of the following security principles would remediate this vulnerability...

A company recently set up a system for employees to access their files remotely. However, the IT team has noticed that some employees are using personal devices to access the syste...

Which of the following security controls is a company implementing by deploying HIPS? (Choose two.)

Which of the following is the best physical security measure that prevents unauthorized vehicles from entering a data center while still allowing foot traffic?

Which of the following are the best methods for hardening end user devices? (Choose two.)

Which of the following policies outlines what employees can and cannot do on company-issued devices?

A developer receives this message when testing a new external website: This site cannot be reached. Which of the following logs would most likely help identify the root cause?

Which of the following methods to secure data is most often used to protect data in transit?

Which of the following does a user often agree to when logging in to a domain?

A Chief Information Security Officer wants to enhance security capabilities to block PH from being emailed or downloaded to unapproved external media. Which of the following soluti...

After a breach at a data processing center, an administrator receives a notification that administrative passwords were leaked online. Which of the following should be used to prev...

A systems administrator has overwritten all of the supervisor's permissions in order to perform malicious activities. Which of the following does this describe?

Which of the following would best prepare a security team for a specific incident response scenario?

Which of the following would best ensure a controlled version release of a new software application?

Several employees download a productivity program that is useful but also leaks contact information and corporate organizational structure details. Which of the following is the be...

The Chief Executive Officer has requested that a vendor conduct a penetration test without engaging the internal IT team to validate the company's investment in security tools, awa...

A user receives an aggressive text from an unknown sender who is demanding money. Which of the following attacks is this an example of?

Employees receive a text message containing a link to a web page that prompts the user to enter their ID and a work phone number. The text message appears to come from the Chief Ex...

A security engineer needs to patch an OS vulnerability that impacts all corporate laptops. Which of the following is necessary to ensure all corporate laptops are patched?

Which of the following threat vectors would a user be vulnerable to when using a smartphone to scan a two-dimensional matrix barcode?

Which of the following is most likely a security concern when installing and using low-cost IoT devices in infrastructure environments?

Which of the following are activities that should be completed during the containment and eradication phases of the incident response process? (Choose two.)

All clients who connect to the switchports are required to complete a posture analysis before accessing the internet. Which of the following should the IT team configure to help se...