SY0-701 exam

Which of the following security control types does an acceptable use policy best represent?A . DetectiveB . CompensatingC . CorrectiveD . PreventiveView AnswerAnswer: D Explanation: An acceptable use policy (AUP) is a set of rules that govern how users can access and use a corporate network or the internet. The...

A security administrator would like to protect data on employees’ laptops. Which of the following encryption techniques should the security administrator use?A . PartitionB . AsymmetricC . Full diskD . DatabaseView AnswerAnswer: C Explanation: Full disk encryption (FDE) is a technique that encrypts all the data on a hard drive,...

A security manager created new documentation to use in response to various types of security incidents. Which of the following is the next step the manager should take?A . Set the maximum data retention policy.B . Securely store the documents on an air-gapped network.C . Review the documents' data classification...

Which of the following vulnerabilities is exploited when an attacker overwrites a register with a malicious address?A . VM escapeB . SQL injectionC . Buffer overflowD . Race conditionView AnswerAnswer: C Explanation: A buffer overflow is a vulnerability that occurs when an application writes more data to a memory buffer...

Employees in the research and development business unit receive extensive training to ensure they understand how to best protect company data. Which of the following is the type of data these employees are most likely to use in day-to-day work activities?A . EncryptedB . Intellectual propertyC . CriticalD . Data...

A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message. Which of the following...

Which of the following allows for the attribution of messages to individuals?A . Adaptive identityB . Non-repudiationC . AuthenticationD . Access logsView AnswerAnswer: B Explanation: Non-repudiation is the ability to prove that a message or document was sent or signed by a particular person, and that the person cannot deny...

A company’s web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?A . encryption=offB . http://C . www.*.comD . :443View AnswerAnswer: B Explanation: A web filter is...

After a company was compromised, customers initiated a lawsuit. The company's attorneys have requested that the security team initiate a legal hold in response to the lawsuit. Which of the following describes the action the security team will most likely be required to take?A . Retain the emails between the...

Which of the following describes the process of concealing code or text inside a graphical image?A . Symmetric encryptionB . HashingC . Data maskingD . SteganographyView AnswerAnswer: D Explanation: Steganography is the process of hiding information within another medium, such as an image, audio, video, or text file. The hidden...