SY0-701 Exam Questions

A company wants to protect a specialized legacy platform that controls the physical flow of gas inside of pipes. Which of the following environments does the company need to secure...

Which of the following would a security analyst need to consider when prioritizing remediation efforts against known vulnerabilities?

A company receives an alert that a network device vendor, which is widely used in the enterprise, has been banned by the government. Which of the following will the company's gener...

A security analyst receives an alert from a web server that contains the following logs: Which of the following attacks is being attempted?

An organization knows its single loss expectancy. Which of the following does the organization need in order to determine its annualized loss expectancy?

A Chief Security Officer signs off on a request to allow inbound SMB and RDP from the internet to a single VLAN. Which of the following is the most likely explanation for this acti...

Which of the following vulnerabilities would likely be mitigated by setting up an MDM platform?

During a routine audit, an analyst discovers that a department at a high school uses a simulation program that was not properly vetted before deployment. Which of the following thr...

A new employee can select a particular make and model of an employee workstation from a preapproved list. Which of the following is this an example of?

Which of the following technologies must be used in an organization that intends to automate infrastructure deployment?

A company has experienced a large data breach. The external investigators want to make sure that any evidence related to the breach is preserved. Which of the following incident re...

Which of the following technologies assists in passively verifying the expired status of a dig tal certificate?

A technician is setting up a public-facing web server and needs to ensure traffic is secure. Which of the following steps should the technician take to begin this process?

A school administrator wants to limit access to certain web pages to ensure that only age- appropriate material is available to students. Which of the following tools would best me...

Which of the following is an internal audit team's function within risk management?

A software engineer is developing a new business application and needs to check for errors and security flaws before the software engineer compiles and sends it for testing. Which...

Which of the following should be used to prevent changes to system-level data?

Which of the following best describes why a company would erase a newly purchased device and install its own image with an operating system and applications?

Which of the following factors must a systems administrator take into consideration first when reviewing options to remediate a vulnerability on an end-of-life software system in p...

Which of the following metrics are used to calculate the risk rating in a matrix format? (Choose two.)

An analyst wants to move data from production to the UAT server to test the latest release. Which of the following strategies to protect data should the analyst use?

A company wants to restrict uploads to a popular file-sharing website but allow downloads from the same website. Which of the following technologies would best accomplish this goal...

Which of the following cryptographic solutions best protects the confidentiality and integrity of data?

A security analyst is concerned malicious actors are lurking in an environment but has not received any alerts regarding suspicious activity. Which of the following should the anal...

A software engineer is downloading a third-party application from a public repository and wants to ensure the application has not been maliciously altered. Which of the following t...

Which of the following risk management strategies describes applying a compensating control to a device rather than patching?

Which of the following technologies assists in passively verifying the expired status of a digital certificate?

Which of the following security measures should database servers containing passwords utilize? (Choose two.)

Remote users report that they are unable to log in to the VPN. The help desk confirms that each employee has a stable internet connection and correct permissions for VPN use but al...

Which of the following are examples of operational controls that would be appropriate to implement in an environment where financial processing activities occur? (Choose two.)

A penetration tester gained access to a server room by dressing as an engineer from a known third-party vendor. Which of the following types of penetration tests was performed?

The help desk receives multiple calls indicating that machines are running slowly when running enterprise applications. The help desk notes that the affected machines are out of co...

An organization needs to block certain information from view. Which of the following should the organization use to accomplish this task?

A company phone with proprietary data used by an employee has been stolen. Which of the following can be used to remotely wipe the device?

Visitors to a company's facilities are connecting to the company's corporate network Wi-Fi and open network ports. Which of the following should the security engineer implement to...

A Chief Information Security Officer has decided that purchasing insurance when the ALE of expected incidents exceeds $1 million is the most cost-effective approach. Which of the f...

Which of the following vulnerabilities would a nation-state attacker most likely exploit?

Car vandalism repeatedly occurs near a specific part of a company's ungated facility. Which of the following would provide the best physical deterrent? (Choose two.)

An organization with multiple geographic locations has invested in various internet circuits at each location, including MPLS, 4G/5G, broadband, and dial-up. An architect is config...

A Chief Information Officer wants to ensure that network devices cannot connect to the public internet and the local network to directly perform firmware updates. The IT team must...

Which of the following scenarios will proper application of the least privilege principle prevent?

Drag and Drop Question A security engineer is setting up passwordless authentication for the first time. INSTRUCTIONS Drag and drop the MINIMUM set of commands to set this up and v...

While troubleshooting an internal resource's poor performance for an end user, a network engineer performs a traceroute on the end device and receives the following output: The eng...

The management team wants to assess the cybersecurity team's readiness to respond to a threat scenario. Which of the following will adequately assess and formalize a response withi...

A network administrator deploys an FDE solution on all end user workstations. Which of the following data protection strategies does this describe?

A network security analyst monitors the network's IDS. which has flagged unusual activity. The IDS has detected multiple login attempts to a database server within a short period....

A company performs a risk assessment on the information security program each year. Which of the following best describes this risk assessment?

Which of the following threat actors will most likely use multiple zero-day vulnerabilities to target government research organizations to steal IPs?

While accessing a banking website, a user notices that the cursor keeps disappearing and there seems to be a lag when entering login information. Which of the following best descri...

Which of the following will best ensure a controlled version release of a new software application?