SY0-701 Exam Questions

After creating a contract for IT contractors, the human resources department changed several clauses. The contract has gone through three revisions. Which of the following processe...

The executive management team is mandating the company develop a disaster recovery plan. The cost must be kept to a minimum, and the money to fund additional internet connections i...

Which of the following teams is best suited to determine whether a company has systems that can be exploited by a potential, identified vulnerability?

A company is reviewing options to enforce user logins after several account takeovers. The following conditions must be met as part of the solution: - Allow employees to work remot...

Which of the following methods can be used to detect attackers who have successfully infiltrated a network? (Choose two.)

A company wants to ensure that the software it develops will not be tampered with after the final version is completed. Which of the following should the company most likely use?

An organization completed a project to deploy SSO across all business applications last year. Recently, the finance department selected a new cloud-based accounting software vendor...

A user, who is waiting for a flight at an airport, logs in to the airline website using the public Wi-Fi, ignores a security warning and purchases an upgraded seat. When the flight...

A network engineer deployed a redundant switch stack to increase system availability. However, the budget can only cover the cost of one ISP connection. Which of the following best...

A network team segmented a critical, end-of-life server to a VLAN that can only be reached by specific devices but cannot be reached by the perimeter network. Which of the followin...

A threat actor was able to use a username and password to log in to a stolen company mobile device. Which of the following provides the best solution to increase mobile data securi...

Which of the following best describes the risk present after controls and mitigating factors have been applied?

A software development team asked a security administrator to recommend techniques that should be used to reduce the chances of the software being reverse engineered. Which of the...

Which of the following is a possible factor for MFA?

Easy-to-guess passwords led to an account compromise. The current password policy requires at least 12 alphanumeric characters, one uppercase character, one lowercase character, a...

A user downloaded software from an online forum. After the user installed the software, the security team observed external network traffic connecting to the user's computer on an...

A utility company is designing a new platform that will host all the virtual machines used by business applications. The requirements include: - A starting baseline of 50% memory u...

Which of the following best describes a use case for a DNS sinkhole?

An incident analyst finds several image files on a hard disk. The image files may contain geolocation coordinates. Which of the following best describes the type of information the...

Which of the following most likely describes why a security engineer would configure all outbound emails to use S/MIME digital signatures?

Which of the following considerations is the most important regarding cryptography used in an IoT device?

A coffee shop owner wants to restrict internet access to only paying customers by prompting them for a receipt number. Which of the following is the best method to use given this r...

While performing digital forensics, which of the following is considered the most volatile and should have the contents collected first?

A hosting provider needs to prove that its security controls have been in place over the last six months and have sufficiently protected customer data. Which of the following would...

A city municipality lost its primary data center when a tornado hit the facility. Which of the following should the city staff use immediately after the disaster to handle essentia...

Which of the following is considered a preventive control?

A systems administrator notices that a testing system is down. While investigating, the systems administrator finds that the servers are online and accessible from any device on th...

A security team has been alerted to a flood of incoming emails that have various subject lines and are addressed to multiple email inboxes. Each email contains a URL shortener link...

A security administrator is working to secure company data on corporate laptops in case the laptops are stolen. Which of the following solutions should the administrator consider?

A company needs to keep the fewest records possible, meet compliance needs, and ensure destruction of records that are no longer needed. Which of the following best describes the p...

Which of the following is the best reason an organization should enforce a data classification policy to help protect its most sensitive information?

An analyst is performing a vulnerability scan against the web servers exposed to the internet without a system account. Which of the following is most likely being performed?

A security administrator is hardening corporate systems and applying appropriate mitigations by consulting a real-world knowledge base for adversary behavior. Which of the followin...

An architect has a request to increase the speed of data transfer using JSON requests externally. Currently, the organization uses SFTP to transfer data files. Which of the followi...

Which of the following addresses individual rights such as the right to be informed, the right of access, and the right to be forgotten?

An administrator is installing an LDAP browser tool in order to view objects in the corporate LDAP directory. Secure connections to the LDAP server are required. When the browser c...

Which of the following is the most important security concern when using legacy systems to provide production service?

A security investigation revealed that malicious software was installed on a server using a server administrator's credentials. During the investigation, the server administrator e...

A user is requesting Telnet access to manage a remote development web server. Insecure protocols are not allowed for use within any environment. Which of the following should be co...

A security administrator is working to find a cost-effective solution to implement certificates for a large number of domains and subdomains owned by the company. Which of the foll...

An auditor discovered multiple insecure ports on some servers. Other servers were found to have legacy protocols enabled. Which of the following tools did the auditor use to discov...

A security analyst received a tip that sensitive proprietary information was leaked to the public. The analyst is reviewing the PCAP and notices traffic between an internal server...

A security administrator is performing an audit on a stand-alone UNIX server, and the following message is immediately displayed: (Error 13): /etc/shadow: Permission denied. Which...

A security administrator needs to create firewall rules for the following protocols: RTP, SIP, H.323. and SRTP. Which of the following does this rule set support?

Which of the following best describes a social engineering attack that uses a targeted electronic messaging campaign aimed at a Chief Executive Officer?

During a penetration test, a flaw in the internal PKI was exploited to gain domain administrator rights using specially crafted certificates. Which of the following remediation tas...

A company wants to implement MFA. Which of the following enables the additional factor while using a smart card?

A company hired an external consultant to assist with required system upgrades to a critical business application. A systems administrator needs to secure the consultant's access w...

A newly implemented wireless network is designed so that visitors can connect to the wireless network for business activities. The legal department is concerned that visitors might...

Which of the following physical controls can be used to both detect and deter? (Choose two.)