SY0-701 Dumps Questions – Effective Way to Get Certified

1. A systems administrator is auditing all company servers to ensure. They meet the minimum security baseline. While auditing a Linux server, the systems administrator observes the /etc/shadow file has permissions beyond the baseline recommendation.

Which of the following commands should the systems administrator use to resolve this issue?

2. Which of the following is used to quantitatively measure the criticality of a vulnerability?

3. An organization is developing a security program that conveys the responsibilities associated with the general operation of systems and software within the organization.

Which of the following documents would most likely communicate these expectations?

4. Which of the following teams combines both offensive and defensive testing techniques to protect an organization's critical systems?

5. A company is working with a vendor to perform a penetration test Which of the following includes an estimate about the number of hours required to complete the engagement?

6. Which of the following Is a common, passive reconnaissance technique employed by penetration testers in the early phases of an engagement?

7. A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering.

Which of the following teams will conduct this assessment activity?

8. While considering the organization's cloud-adoption strategy, the Chief Information Security Officer sets a goal to outsource patching of firmware, operating systems, and applications to the chosen cloud vendor.

Which of the following best meets this goal?

9. A newly appointed board member with cybersecurity knowledge wants the board of directors to receive a quarterly report detailing the number of incidents that impacted the organization. The systems administrator is creating a way to present the data to the board of directors.

Which of the following should the systems administrator use?

10. Which of the following threat actors is the most likely to use large financial resources to attack critical systems located in other countries?

11. Which of the following is die most important security concern when using legacy systems to provide production service?

12. Which of the following explains why an attacker cannot easily decrypt passwords using a rainbow table attack?

13. Which of the following vulnerabilities is associated with installing software outside of a manufacturer’s approved software repository?

14. Which of the following automation use cases would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company?

15. An external vendor recently visited a company's headquarters for a presentation. Following the visit a member of the hosting team found a file that the external vendor left behind on a server. The file contained architecture information and code snippets.

Which of the following data types best describes this file?

16. Employees in the research and development business unit receive extensive training to ensure they understand how to best protect company data.

Which of the following is the type of data these employees are most likely to use in day-to-day work activities?

17. A cybersecurity incident response team at a large company receives notification that malware is present on several corporate desktops No known Indicators of compromise have been found on the network.

Which of the following should the team do first to secure the environment?

18. A company needs to provide administrative access to internal resources while minimizing the traffic allowed through the security boundary.

Which of the following methods is most secure?

19. A company is currently utilizing usernames and passwords, and it wants to integrate an MFA method that is seamless, can Integrate easily into a user's workflow, and can utilize employee-owned devices.

Which of the following will meet these requirements?

20. Which of the following can best protect against an employee inadvertently installing malware on a company system?

21. Malware spread across a company's network after an employee visited a compromised industry blog.

Which of the following best describes this type of attack?

22. While investigating a recent security breach an analyst finds that an attacker gained access by SOL infection through a company website.

Which of the following should the analyst recommend to the website developers to prevent this from reoccurring?

23. Which of the following is the most likely to be included as an element of communication in a security awareness program?

24. Which of the following is the final step of the modem response process?

25. A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations.

Which of the following should the hosting provider consider first?

26. An organization has too many variations of a single operating system and needs to standardize the arrangement prior to pushing the system image to users.

Which of the following should the organization implement first?

27. Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?

28. A newly identified network access vulnerability has been found in the OS of legacy loT devices.

Which of the following would best mitigate this vulnerability quickly?

29. A security analyst is reviewing the following logs:





Which of the following attacks is most likely occurring?

30. An administrator notices that several users are logging in from suspicious IP addresses. After speaking with the users, the administrator determines that the employees were not logging in from those IP addresses and resets the affected users’ passwords.

Which of the following should the administrator implement to prevent this type of attack from succeeding in the future?

31. A company’s web filter is configured to scan the URL for strings and deny access when matches are found.

Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?

32. Which of the following is the most common data loss path for an air-gapped network?

33. The application development teams have been asked to answer the following questions:

• Does this application receive patches from an external source?

• Does this application contain open-source code?

• is this application accessible by external users?

• Does this application meet the corporate password standard?

Which of the following are these questions port of?

34. Which of the following would be the best way to handle a critical business application that is running on a legacy server?

35. Which of the following security concepts is accomplished when granting access after an individual has logged into a computer network?

36. A cybersecurity incident response team at a large company receives notification that malware is present on several corporate desktops No known Indicators of compromise have been found on the network.

Which of the following should the team do first to secure the environment?

37. The Chief Information Security Officer of an organization needs to ensure recovery from ransomware would likely occur within the organization's agreed-upon RPOs end RTOs.

Which of the following backup scenarios would best ensure recovery?

38. A cyber operations team informs a security analyst about a new tactic malicious actors are using to compromise networks.

SIEM alerts have not yet been configured.

Which of the following best describes what the security analyst should do to identify this behavior?

39. A security practitioner completes a vulnerability assessment on a company’s network and finds several vulnerabilities, which the operations team remediates.

Which of the following should be done next?

40. HOTSPOT

You are security administrator investigating a potential infection on a network.

Click on each host and firewall. Review all logs to determine which host originated the Infecton and then deny each remaining hosts clean or infected.

41. Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?

42. A company is implementing a vendor's security tool in the cloud. The security director does not want to manage users and passwords specific to this tool but would rather utilize the company's standard user directory.

Which of the following should the company implement?

43. Which of the following strategies should an organization use to efficiently manage and analyze multiple types of logs?

44. A company wants to verify that the software the company is deploying came from the vendor the company purchased the software from.

Which of the following is the best way for the company to confirm this information?

45. Which of the following best represents an application that does not have an on-premises requirement and is accessible from anywhere?

46. A spoofed identity was detected for a digital certificate.

Which of the following are the type of unidentified key and the certificate mat could be in use on the company domain?

47. A spoofed identity was detected for a digital certificate.

Which of the following are the type of unidentified key and the certificate mat could be in use on the company domain?

48. A company is planning to set up a SIEM system and assign an analyst to review the logs on a weekly basis.

Which of the following types of controls is the company setting up?

49. Various stakeholders are meeting to discuss their hypothetical roles and responsibilities in a specific situation, such as a security incident or major disaster.

Which of the following best describes this meeting?

50. An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC’s memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network.

Which of the following describes this type of attack?

51. A security analyst scans a company's public network and discovers a host is running a remote desktop that can be used to access the production network.

Which of the following changes should the security analyst recommend?

52. An organization has a new regulatory requirement to implement corrective controls on a financial system.

Which of the following is the most likely reason for the new requirement?

53. Which of the following phases of an incident response involves generating reports?

54. A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption.

Which of the following best describes this step?

55. Various stakeholders are meeting to discuss their hypothetical roles and responsibilities in a specific situation, such as a security incident or major disaster.

Which of the following best describes this meeting?

56. A company purchased cyber insurance to address items listed on the risk register.

Which of the following strategies does this represent?

57. A network administrator deployed a DNS logging tool that togs suspicious websites that are visited and then sends a daily report based on various weighted metrics.

Which of the following best describes the type of control the administrator put in place?

58. Which of the following is an algorithm performed to verify that data has not been modified?

59. A recent penetration test identified that an attacker could flood the MAC address table of network switches.

Which of the following would best mitigate this type of attack?

60. A vendor needs to remotely and securely transfer files from one server to another using the command line.

Which of the following protocols should be Implemented to allow for this type of access? (Select two).

61. Which of the following threat vectors is most commonly utilized by insider threat actors attempting

data exfiltration?

62. A network administrator deployed a DNS logging tool that togs suspicious websites that are visited and then sends a daily report based on various weighted metrics.

Which of the following best describes the type of control the administrator put in place?

A. Preventive

B. Deterrent

C. Corrective

D. Detective

63. Which of the following risk management strategies should an enterprise adopt first if a legacy application is critical to business operations and there are preventative controls that are not yet implemented?

64. A security analyst discovers that a large number of employee credentials had been stolen and were being sold on the dark web. The analyst investigates and discovers that some hourly employee credentials were compromised, but salaried employee credentials were not affected.

Most employees clocked in and out while they were Inside the building using one of the kiosks connected to the network. However, some clocked out and recorded their time after leaving to go home. Only those who clocked in and out while Inside the building had credentials stolen. Each of the kiosks are on different floors, and there are multiple routers, since the business segments environments for certain business functions.

Hourly employees are required to use a website called acmetimekeeping.com to clock in and out. This website is accessible from the internet.

Which of the following Is the most likely reason for this compromise?

65. A legacy device is being decommissioned and is no longer receiving updates or patches.

Which of the following describes this scenario?

66. A company prevented direct access from the database administrators’ workstations to the network segment that contains database servers.

Which of the following should a database administrator use to access the database servers?

67. Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software?

68. While troubleshooting a firewall configuration, a technician determines that a “deny any” policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable.

Which of the following actions would prevent this issue?

69. Which of the following is most likely associated with introducing vulnerabilities on a corporate network by the deployment of unapproved software?

70. A security professional discovers a folder containing an employee's personal information on the enterprise's shared drive.

Which of the following best describes the data type the security professional should use to identify organizational policies and standards concerning the storage of employees' personal information?

71. An administrator at a small business notices an increase in support calls from employees who receive a blocked page message after trying to navigate to a spoofed website.

Which of the following should the administrator do?

72. A security operations center determines that the malicious activity detected on a server is normal.

Which of the following activities describes the act of ignoring detected activity in the future?

73. A systems administrator is working on a solution with the following requirements:

• Provide a secure zone.

• Enforce a company-wide access control policy.

• Reduce the scope of threats.

Which of the following is the systems administrator setting up?

74. A software developer would like to ensure. The source code cannot be reverse engineered or debugged.

Which of the following should the developer consider?

75. The application development teams have been asked to answer the following questions:

• Does this application receive patches from an external source?

• Does this application contain open-source code?

• is this application accessible by external users?

• Does this application meet the corporate password standard?

Which of the following are these questions port of?

76. Two companies are in the process of merging. The companies need to decide how to standardize their information security programs.

Which of the following would best align the security programs?

77. A company wants to reduce the time and expense associated with code deployment.

Which of the following technologies should the company utilize?

78. A group of developers has a shared backup account to access the source code repository.

Which of the following is the best way to secure the backup account if there is an SSO failure?

79. The Chief Information Security Officer wants to put security measures in place to protect PlI. The organization needs to use its existing labeling and classification system to accomplish this goal.

Which of the following would most likely be configured to meet the requirements?

80. A security analyst needs to propose a remediation plan 'or each item in a risk register. The item with the highest priority requires employees to have separate logins for SaaS solutions and different password complexity requirements for each solution.

Which of the following implementation plans will most likely resolve this security issue?

81. Which of the following roles, according to the shared responsibility model, is responsible for securing the company’s database in an IaaS model for a cloud environment?

82. An organization wants to limit potential impact to its log-in database in the event of a breach.

Which of the following options is the security team most likely to recommend?

83. While investigating a recent security breach an analyst finds that an attacker gained access by SOL infection through a company website.

Which of the following should the analyst recommend to the website developers to prevent this from reoccurring?

84. A visitor plugs a laptop into a network jack in the lobby and is able to connect to the company's network.

Which of the following should be configured on the existing network infrastructure to best prevent this activity?

85. Which of the following types of vulnerabilities is primarily caused by improper use and management of cryptographic certificates?

86. A bank set up a new server that contains customers' Pll.

Which of the following should the bank use to make sure the sensitive data is not modified?

87. An IT manager is increasing the security capabilities of an organization after a data classification initiative determined that sensitive data could be exfiltrated from the environment.

Which of the

following solutions would mitigate the risk?

88. Which of the following is the best way to validate the integrity and availability of a disaster recovery site?

89. A client asked a security company to provide a document outlining the project, the cost, and the completion time frame.

Which of the following documents should the company provide to the client?

90. Which of the following is the stage in an investigation when forensic images are obtained?

91. Which of the following is the most effective way to protect an application server running software that is no longer supported from network threats?

92. A company is utilizing an offshore team to help support the finance department. The company wants to keep the data secure by keeping it on a company device but does not want to provide equipment to the offshore team.

Which of the following should the company implement to meet this requirement?

93. An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system.

Which of the following best describes the actions taken by the organization?

94. 1.Which of the following threat actors is the most likely to be hired by a foreign government to attack critical systems located in other countries?

95. An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits.

Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?

96. Which of the following is prevented by proper data sanitization?

97. A systems administrator set up a perimeter firewall but continues to notice suspicious connections between internal endpoints.

Which of the following should be set up in order to mitigate the threat posed by the suspicious activity?

98. Sine© a recent upgrade (o a WLAN infrastructure, several mobile users have been unable to access the internet from the lobby. The networking team performs a heat map survey of the building and finds several WAPs in the area. The WAPs are using similar frequencies with high power settings.

Which of the following installation considerations should the security team evaluate next?

99. A company wants to track modifications to the code used to build new virtual servers.

Which of the following will the company most likely deploy?

100. Which of the following is a primary security concern for a company setting up a BYOD program?

101. A business uses Wi-Fi with content filleting enabled. An employee noticed a coworker accessed a blocked sue from a work computer and repotted the issue. While Investigating the issue, a security administrator found another device providing internet access to certain employees.

Which of the following best describes the security risk?

102. Which of the following best describes why me SMS DIP authentication method is more risky to implement than the TOTP method?

103. A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users.

Which of the following would be a good use case for this task?

104. A user would like to install software and features that are not available with a smartphone's default software.

Which of the following would allow the user to install unauthorized software and enable new features?

105. A security audit of an organization revealed that most of the IT staff members have domain administrator credentials and do not change the passwords regularly.

Which of the following solutions should the security learn propose to resolve the findings in the most complete way?

106. A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system.

Which of the following would detect this behavior?

107. An organization is adopting cloud services at a rapid pace and now has multiple SaaS applications in

use. Each application has a separate log-in. so the security team wants to reduce the number of credentials each employee must maintain.

Which of the following is the first step the security team should take?

108. A company is aware of a given security risk related to a specific market segment. The business chooses not to accept responsibility and target their services to a different market segment.

Which of the following describes this risk management strategy?

109. Which of the following is the first step to take when creating an anomaly detection process?

110. Which of the following would be most useful in determining whether the long-term cost to transfer a risk is less than the impact of the risk?

111. An external vendor recently visited a company's headquarters for a presentation. Following the visit a member of the hosting team found a file that the external vendor left behind on a server. The file contained architecture information and code snippets.

Which of the following data types best describes this file?

112. Visitors to a secured facility are required to check in with a photo ID and enter the facility through an access control vestibule.

Which of the following but describes this form of security control?

113. Which of the following best describe a penetration test that resembles an actual external attach?

114. During a recent company safety stand-down, the cyber-awareness team gave a presentation on the importance of cyber hygiene. One topic the team covered was best practices for printing centers.

Which of the following describes an attack method that relates to printing centers?

115. A security analyst learns that an attack vector, used as part of a recent incident, was a well-known IoT device exploit. The analyst needs to review logs to identify the time of the initial exploit.

Which of the following logs should the analyst review first?

116. A company's online shopping website became unusable shortly after midnight on January 30, 2023.

When a security analyst reviewed the database server, the analyst noticed the following code used for backing up data:





Which of the following should the analyst do next?

117. Which of the following should be used to aggregate log data in order to create alerts and detect anomalous activity?

118. An organization plans to expand its operations internationally and needs to keep data at the new location secure. The organization wants to use the most secure architecture model possible.

Which of the following models offers the highest level of security?

119. Client files can only be accessed by employees who need to know the information and have specified roles in the company.

Which of the following best describes this security concept?

120. A security team is reviewing the findings in a report that was delivered after a third party performed a penetration test. One of the findings indicated that a web application form field is vulnerable to cross-site scripting.

Which of the following application security techniques should the security analyst recommend the developer implement to prevent this vulnerability?

121. Which of the following is the best reason to complete an audit in a banking environment?

122. A network manager wants to protect the company's VPN by implementing multifactor authentication that uses:

- Something you know

- Something you have

- Something you are

Which of the following would accomplish the manager's goal?

123. An organization would like to store customer data on a separate part of the network that is not accessible to users on the main corporate network.

Which of the following should the administrator use to accomplish this goal?

124. Which of the following can be used to identify potential attacker activities without affecting production servers?

125. A security analyst is assessing several company firewalls.

Which of the following cools would The analyst most likely use to generate custom packets to use during the assessment?