SY0-701 exam

An organization wants a third-party vendor to do a penetration test that targets a specific device. The organization has provided basic information about the device. Which of the following best describes this kind of penetration test?A . Partially known environmentB . Unknown environmentC . IntegratedD . Known environmentView AnswerAnswer: A...

A company is expanding its threat surface program and allowing individuals to security test the company’s internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?A . Open-source intelligenceB . Bug bountyC . Red teamD...

An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate?A . Secured zonesB . Subject roleC . Adaptive identityD . Threat scope reductionView AnswerAnswer: D Explanation: The data plane, also known as the...

An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device. Which of the following best describes the user’s activity?A . Penetration testingB . Phishing campaignC . External auditD . Insider threatView AnswerAnswer: D Explanation: An insider threat is...

Which of the following is the best reason to complete an audit in a banking environment?A . Regulatory requirementB . Organizational changeC . Self-assessment requirementD . Service-level requirementView AnswerAnswer: A Explanation: A regulatory requirement is a mandate imposed by a government or an authority that must be followed by an...

Which of the following is the most likely to be included as an element of communication in a security awareness program?A . Reporting phishing attempts or other suspicious activitiesB . Detecting insider threats using anomalous behavior recognitionC . Verifying information when modifying wire transfer dataD . Performing social engineering as...

A security analyst reviews domain activity logs and notices the following: Which of the following is the best explanation for what the security analyst has discovered?A . The user jsmith's account has been locked out.B . A keylogger is installed on [smith's workstationC . An attacker is attempting to brute...

A security analyst is reviewing the following logs: Which of the following attacks is most likely occurring?A . Password sprayingB . Account forgeryC . Pass-t he-hashD . Brute-forceView AnswerAnswer: A Explanation: Password spraying is a type of brute force attack that tries common passwords across several accounts to find a...

While troubleshooting a firewall configuration, a technician determines that a “deny any” policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable. Which of the following actions would prevent this issue?A . Documenting the...

Several employees received a fraudulent text message from someone claiming to be the Chief Executive Officer (CEO). The message stated: “I’m in an airport right now with no access to email. I need you to buy gift cards for employee recognition awards. Please send the gift cards to following email...