SY0-701 exam

A security team is reviewing the findings in a report that was delivered after a third party performed a penetration test. One of the findings indicated that a web application form field is vulnerable to cross-site scripting. Which of the following application security techniques should the security analyst recommend the...

A security administrator would like to protect data on employees’ laptops. Which of the following encryption techniques should the security administrator use?A . PartitionB . AsymmetricC . Full diskD . DatabaseView AnswerAnswer: C Explanation: Full disk encryption (FDE) is a technique that encrypts all the data on a hard drive,...

50.10.25 32 port 53 D. Access list outbound permit 10.50.10.25 32 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0.0.0.0.0.0/0 port 53View AnswerAnswer: D Explanation: The correct answer is D because it allows only the device with the IP address 10.50.10.25 to send outbound DNS requests on port 53, and denies...

Which of the following is required for an organization to properly manage its restore process in the event of system failure?A . IRPB . DRPC . RPOD . SDLCView AnswerAnswer: B Explanation: A disaster recovery plan (DRP) is a set of policies and procedures that aim to restore the normal...

Which of the following provides the details about the terms of a test with a third-party penetration tester?A . Rules of engagementB . Supply chain analysisC . Right to audit clauseD . Due diligenceView AnswerAnswer: A Explanation: Rules of engagement are the detailed guidelines and constraints regarding the execution of...

A company is required to use certified hardware when building networks. Which of the following best addresses the risks associated with procuring counterfeit hardware?A . A thorough analysis of the supply chainB . A legally enforceable corporate acquisition policyC . A right to audit clause in vendor contracts and SOWsD...

Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment?A . FinesB . Audit findingsC . SanctionsD . Reputation damageView AnswerAnswer: A Explanation: PCI DSS is the Payment Card Industry Data Security Standard, which is a set of security requirements...

A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy?A . EnumerationB . SanitizationC . DestructionD . InventoryView AnswerAnswer: B Explanation: Sanitization is the process of removing sensitive data from a storage device or a system before...

An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software. Which of the following security techniques is the IT manager setting up?A . HardeningB . Employee monitoringC . Configuration...

A company has begun labeling all laptops with asset inventory stickers and associating them with employee IDs. Which of the following security benefits do these actions provide? (Choose two.)A . If a security incident occurs on the device, the correct employee can be notified.B . The security team will be...