SY0-701 exam

A client asked a security company to provide a document outlining the project, the cost, and the completion time frame. Which of the following documents should the company provide to the client?A . MSAB . SLAC . BPAD . SOWView AnswerAnswer: D Explanation: An ISOW is a document that outlines...

A company is required to use certified hardware when building networks. Which of the following best addresses the risks associated with procuring counterfeit hardware?A . A thorough analysis of the supply chainB . A legally enforceable corporate acquisition policyC . A right to audit clause in vendor contracts and SOWsD...

A company is expanding its threat surface program and allowing individuals to security test the company’s internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?A . Open-source intelligenceB . Bug bountyC . Red teamD...

A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee’s corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst...

Which of the following is a hardware-specific vulnerability?A . Firmware versionB . Buffer overflowC . SQL injectionD . Cross-site scriptingView AnswerAnswer: A Explanation: Firmware is a type of software that is embedded in a hardware device, such as a router, a printer, or a BIOS chip. Firmware controls the basic...

An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device. Which of the following best describes the user’s activity?A . Penetration testingB . Phishing campaignC . External auditD . Insider threatView AnswerAnswer: D Explanation: An insider threat is...

An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate?A . Secured zonesB . Subject roleC . Adaptive identityD . Threat scope reductionView AnswerAnswer: D Explanation: The data plane, also known as the...

Which of the following scenarios describes a possible business email compromise attack?A . An employee receives a gift card request in an email that has an executive's name in the display field of the email.B . Employees who open an email attachment receive messages demanding payment in order to access...

A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?A . Testing input validation on the user input fieldsB . Performing code signing on company-developed softwareC . Performing static code analysis on the softwareD ....

Which of the following can be used to identify potential attacker activities without affecting production servers?A . Honey potB . Video surveillanceC . Zero TrustD . GeofencingView AnswerAnswer: A Explanation: A honey pot is a system or a network that is designed to mimic a real production server and attract...