An organization requests a third-party full-spectrum analysis of its supply chain. Which of the following would the analysis team use to meet this requirement?
Answer(s): D
Option D is correct because Illumination tools are used for comprehensive, ongoing analysis of external environments, aligning with a third-party full-spectrum supply chain assessment to reveal exposure across the ecosystem.A) Incorrect — Vulnerability scanner is automated for known weaknesses but does not provide full-spectrum, third-party supply chain analysis or external risk visibility.B) Incorrect — Penetration test simulates exploits but is typically scoped to target systems, not the broader supply chain panorama or third-party risk landscape.C) Incorrect — SCAP (Security Content Automation Protocol) is a framework for standardizing vulnerability data exchange, not the orchestration of a full-spectrum third-party supply chain analysis.
A systems administrator deployed a monitoring solution that does not require installation on the endpoints that the solution is monitoring. Which of the following is described in this scenario?
Answer(s): A
Option A is correct because an agentless solution monitors endpoints without requiring software installation, often via network protocols, log scraping, or API access. Incorrect — B: “Client-based soon” is not a valid term in security, and there is no client installed. Incorrect — C: Open port refers to network access, not the absence of endpoint agents. Incorrect — D: File-based solution implies data resides in or relies on files, not the absence of agents on endpoints.
https://www.strongdm.com/what-is/agentless-monitoring
A security analyst is reviewing the source code of an application in order to identify misconfigurations and vulnerabilities. Which of the following kinds of analysis best describes this review?
Answer(s): B
Option B is correct because static analysis reviews source code without executing it to identify misconfigurations and vulnerabilities. Incorrect — A) Dynamic analysis tests running applications to observe behavior, not static code issues. Incorrect — C) Gap analysis compares current controls to a benchmark to identify missing controls, not code review. Incorrect — D) Impact assessment evaluates the potential consequences of a threat, not the code’s configuration.
Which of the following agreement types is used to limit external discussions?
Option B is correct because a Non-Disclosure Agreement (NDA) legally restricts parties from discussing certain information with external entities, protecting confidential data.A) Incorrect — BPA stands for Business Process Agreement, not commonly used to restrict external discussions; it governs processes rather than confidentiality.C) Incorrect — SLA (Service Level Agreement) defines performance metrics and service expectations, not confidentiality restrictions.D) Incorrect — MSA (Master Service Agreement) outlines overarching terms for vendor relationships but does not specifically limit external discussions like an NDA.
A security analyst is evaluating a SaaS application that the human resources department would like to implement. The analyst requests a SOC 2 report from the SaaS vendor. Which of the following processes is the analyst most likely conducting?
Option D is correct because due diligence involves evaluating a third-party service provider’s controls and assurances (e.g., SOC 2 reports) before adoption to assess risk and suitability for the organization.A) Internal audit — incorrect because internal audits are performed by the organization itself to evaluate its own controls, not typically to assess a vendor’s external attestations.B) Penetration testing — incorrect because pen testing assesses the security of systems under test, not the vendor’s control environment documentation.C) Attestation — incorrect as a term; while SOC 2 is an attestation report, the process described aligns with due diligence activities of evaluating a vendor, not the act of producing attestations.
Which of the following is used to conceal credit card information in a database log file?
Option B is correct because masking conceals sensitive data such as credit card numbers in logs while preserving format for readability, meeting PCI DSS logging needs without exposing actual PAN. A) Tokenization replaces data with a surrogate value, not typically used for log concealment in-place and requires a token vault. C) Hashing is one-way and unsuitable for reversible concealment in logs. D) Obfuscation is vague and not a defined data-protection technique; masking is the standard method for in-place concealment in log files.
SIMULATIONA systems administrator is configuring a site-to-site VPN between two branch offices. Some of the settings have already been configured correctly. The systems administrator has been provided the following requirements as part of completing the configuration:Most secure algorithms should be selectedAll traffic should be encrypted over the VPNA secret password will be used to authenticate the two VPN concentratorsINSTRUCTIONSClick on the two VPN Concentrators to configure the appropriate settings.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
An organization recently started hosting a new service that customers access through a web portal. A security engineer needs to add to the existing security devices a new solution to protect this new service. Which of the following is the engineer most likely to deploy?
Answer(s): C
Option C is correct because a WAF (Web Application Firewall) protects a web-facing service by filtering, monitoring, and blocking malicious HTTP/HTTPS traffic at the application layer, specifically addressing web app vulnerabilities.A) Incorrect — Layer 4 firewall operates at the transport layer (TCP/UDP) and cannot adequately protect against web application-layer attacks.B) Incorrect — NGFW (next-generation firewall) adds features like intrusion prevention and TLS inspection but is not specialized for web app attacks; WAF is more targeted.D) Incorrect — UTM consolidates multiple security services, but for protecting a specific web portal, a dedicated WAF provides finer application-layer protection.
Share your comments for CompTIA SY0-701 exam with other users:
Finally got a change to write this exam and pass it! Valid and accurate!
Upload this exam please!
Thank you for providing these questions. It helped me a lot with passing my exam.
my first attempt
very explainable
i think answer of q 462 is variance analysis
hi i need see questions
best study material for exam
very interesting repository
american history 1
good level of questions
i need this dump kindly upload it
do we need c# coding to be az204 certified
excellent topics covered
are these really financial cloud questions and answers, seems these are basic admin question and answers
are these comments real
please upload the latest dumps
a company runs its workloads on premises. the company wants to forecast the cost of running a large application on aws. which aws service or tool can the company use to obtain this information? pricing calculator ... the aws pricing calculator is primarily used for estimating future costs
looks interesting
thanks! that’s amazing
the exam dumps are helping me get a solid foundation on the practical techniques and practices needed to be successful in the auditing world.
q 14 should be dmz sever1 and notepad.exe why does note pad have a 443 connection
question # 108, correct answers are business growth and risk reduction.
are these valid chfi questions
question: 162 should be dlp (b)
good exam questions
I have to say this is really close to real exam. Passed my exam with this.
good analytics question
this looks accurate
question 46, the answer should be data "virtualization" (not visualization).
its useful.
Pass this exam 3 days ago. The PDF version and the Xengine App is quite useful.
informative for me.
question 134s answer shoule be "dlp"