SY0-701 Exam Questions

Which of the following techniques would identify whether data has been modified in transit?

Which of the following strategies most effectively protects sensitive data at rest in a database?

Which of the following would an organization most likely use to minimize the loss of data on a file server in the event that data needs to be restored due to loss of the primary se...

Which of the following would help reduce the impact of a zero-day vulnerability in NAS installed on a large office network?

Which of the following should a security analyst use to prioritize the remediation of a vulnerability?

An IT team rolls out a new management application that uses a randomly generated MFA token that is sent to the administrator's phone. Despite this new MFA precaution, there is a se...

A security analyst reviews the following SIEM events: Which of the following best describes the observed behavior?

A company hired a security consultant to suggest a device that will protect its inbound HTTP traffic by immediately blocking security violations. Which of the following should the...

A security manager needs an automated solution that will take immediate action to protect an organization against inbound malicious traffic. Which of the following is the best solu...

A Chief Security Officer wants to change user authentication to the company wireless network. The authentication must use the LDAP database and must be centrally managed. Which of...

An administrator is creating domain profiles for each employee within the company. The administrator wants to make the process more efficient by assigning permissions based on user...

A systems administrator needs to update systems without disrupting operations. Which of the following should the systems administrator and company leadership agree on?

A company wants to improve the security of the local network by authenticating and encrypting all of the internal traffic between corporate sites. Which of the following should the...

A security analyst identifies an incident in the network. Which of the following incident response activities would the security analyst perform next?

An administrator discovers a cross-site scripting vulnerability on a company website. Which of the following will most likely remediate the issue?

A service provider wants a cost-effective way to rapidly expand from providing internet links to managing them. Which of the following methods will allow the service provider to be...

Which of the following control types describes an alert from a SIEM tool?

Which of the following attacks primarily targets insecure networks?

A penetration testing report indicated that an organization should implement controls related to database input validation. Which of the following best identifies the type of vulne...

Which of the following activities would involve members of the incident response team and other stakeholders simulating an event?

Which of the following data classifications best applies when data is intended for internal organizational use or with commercial partners?

Which of the following technologies can achieve microsegmentation?

Which of the following metrics impacts the backup schedule as part of the BIA?

A customer reports that software the customer downloaded from a public website has malware in it. However, the company that created the software denies any malware in its software...

After completing an annual external penetration test, a company receives the following guidance: - Decommission two unused web servers currently exposed to the internet. - Close 18...

Which of the following receives logs from various devices and services, and then presents alerts?

A security analyst investigates logs and notices similar data types are being sent to IP addresses with a bad reputation. Which of the following attack types does this best describ...

Which of the following describes a situation where a user is authorized before being authenticated?

An employee decides to take malicious action against an organization after being passed over for a promotion. Which of the following threats does the employee now represent?

At the start of a penetration test, the tester checks OSINT resources for information about the client environment. Which of the following types of reconnaissance is the tester per...

An administrator is estimating the cost associated with an attack that could result in the replacement of a physical server. Which of the following processes is the administrator p...

A user's system became infected when malware was downloaded and extracted. The malware is now active in the computer's volatile storage. Which of the following best describes the t...

An attacker gained access to a virtual machine and was able to access the hypervisor. Which of the following describes this attack?

An administrator learns that users are receiving large quantities of unsolicited messages. The administrator checks the content filter and sees hundreds of messages sent to multipl...

Which of the following can assist in recovering data if the decryption key is lost?

A company's antivirus solution is effective in blocking malware but often has false positives. The security team has spent a significant amount of time on investigations but cannot...

Attackers created a new domain name that looks similar to a popular file-sharing website. Which of the following threat vectors is being used?

Which of the following should a technician perform to verify the integrity of a file transferred from one device to another?

During an investigation, a security analyst discovers traffic going out to a command-and-control server. The analyst must find out if any data exfiltration has occurred. Which of t...

A company discovers that an employee was paid by a competitor to save internal business files to a thumb drive and deliver it to the competitor. Which of the following is most like...

Which of the following outlines the configuration, maintenance, and security roles between a cloud service provider and the customer?

SIMULATION 5 vulnerabilities exist, such as directory traversals, cross-site scripting, cross-site forgery, and insecure protocols. You are tasked with reducing the attack space an...

Which of the following non-production sites is an operational mirror of the primary data center and is ready for use if the primary data center experiences an outage?

Which of the following will harden access to a new database system? (Choose two.)

A few weeks after deploying additional email servers, a company begins to receive complaints from employees that messages they send are going into their recipients' spam folders. W...

SIMULATION 6 You are a security operations analyst for a healthcare provider. Your main job function is to compare current, high-fidelity threat intelligence feeds to activity occu...

A company needs to determine whether authentication weaknesses in a customer-facing web application exist. Which of the following is the best technique to use?

A systems administrator configures a new application. The next day, a security analyst reviews the logs and identifies multiple accounts that had been created overnight with admini...

An organization has been experiencing issues with deleted network share data and improperly assigned permissions. Which of the following would best help track and remediate these i...

A company expects its provider to ensure servers and networks maintain 97% uptime. Which of the following would most likely list this expectation?