SY0-701 exam

A company needs to provide administrative access to internal resources while minimizing the traffic allowed through the security boundary. Which of the following methods is most secure?A . Implementing a bastion hostB . Deploying a perimeter networkC . Installing a WAFD . Utilizing single sign-onView AnswerAnswer: A Explanation: A bastion...

A security analyst is reviewing the following logs: Which of the following attacks is most likely occurring?A . Password sprayingB . Account forgeryC . Pass-t he-hashD . Brute-forceView AnswerAnswer: A Explanation: Password spraying is a type of brute force attack that tries common passwords across several accounts to find a...

Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?A . Compensating controlB . Network segmentationC . Transfer of riskD . SNMP trapsView AnswerAnswer: A Explanation: A compensating control is a security measure that is implemented...

An employee clicked a link in an email from a payment website that asked the employee to update contact information. The employee entered the log-in information but received a “page not found” error message. Which of the following types of social engineering attacks occurred?A . Brand impersonationB . PretextingC ....

A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?A . AcceptB . TransferC . MitigateD . AvoidView AnswerAnswer: B Explanation: Cyber insurance is a type of insurance that covers the financial losses and liabilities that result from cyberattacks,...

An administrator discovers that some files on a database server were recently encrypted. The administrator sees from the security logs that the data was last accessed by a domain user. Which of the following best describes the type of attack that occurred?A . Insider threatB . Social engineeringC . Watering-holeD...

A systems administrator receives the following alert from a file integrity monitoring tool: The hash of the cmd.exe file has changed. The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?A . The end...

During an investigation, an incident response team attempts to understand the source of an incident. Which of the following incident response activities describes this process?A . AnalysisB . Lessons learnedC . DetectionD . ContainmentView AnswerAnswer: A Explanation: Analysis is the incident response activity that describes the process of understanding the...

Which of the following must be considered when designing a high-availability network? (Select two).A . Ease of recoveryB . Ability to patchC . Physical isolationD . ResponsivenessE . Attack surfaceF . Extensible authenticationView AnswerAnswer: AE Explanation: A high-availability network is a network that is designed to minimize downtime and ensure...

A cyber operations team informs a security analyst about a new tactic malicious actors are using to compromise networks. SIEM alerts have not yet been configured. Which of the following best describes what the security analyst should do to identify this behavior?A . [Digital forensicsB . E-discoveryC . Incident responseD...