Which of the following topics would most likely be included within an organization's SDLC?
Answer(s): D
Option D is correct because SDLC (Software Development Life Cycle) includes requirements and controls for software safety and reliability, such as branch protection to enforce protected code branches in version control, aligning with secure development practices. A) Service-level agreements pertain to operational performance expectations, not SDLC development controls. B) Information security policy is overarching governance, not a specific SDLC topic. C) Penetration testing methodology is part of security testing phases, but not a fundamental SDLC control like branch protection. Therefore D is the best fit; others are peripheral to typical SDLC content.
Which of the following control types is AUP an example of?
Option D is correct because an Acceptable Use Policy (AUP) governs user behavior and operational procedures, which are classified as operational controls that implement day-to-day security practices. A) Incorrect — Physical controls manage tangible assets (fences, locks) not user conduct. B) Incorrect — Managerial controls relate to governance, risk management, and policies at an organizational level, but AUPs are executed in daily operations. C) Incorrect — Technical controls deploys technology (firewalls, IDS); AUPs do not rely on technical enforcement.
An organization is adopting cloud services at a rapid pace and now has multiple SaaS applications in use. Each application has a separate log-in, so the security team wants to reduce the number of credentials each employee must maintain. Which of the following is the first step the security team should take?
Option D is correct because selecting an Identity Provider (IdP) enables centralized authentication and supports single sign-on across multiple SaaS applications, reducing credential management for users. A) Enable SAML: SAML is a protocol used by an IdP; enabling it is part of using an IdP but not the initial step itself. B) Create OAuth tokens: OAuth tokens are for delegated access, not the foundational step to unify logins. C) Use password vaulting: Password vaulting helps store credentials but does not provide SSO or centralized authentication across SaaS apps. INSUFFICIENT_KNOWLEDGE
A company's online shopping website became unusable shortly after midnight on January 30, 2023. When a security analyst reviewed the database server, the analyst noticed the following code used for backing up data:Which of the following should the analyst do next?
Answer(s): B
Option B is correct because reviewing WAF logs for evidence of command injection helps identify a web app attack that could compromise server databases and disrupt service.A) Incorrect — Terminated DBAs would be unlikely to directly cause an immediate outage; the scenario focuses on attacker techniques, not personnel.C) Incorrect — Malware scan may be useful, but the specific clue points to input-based exploitation visible in WAF logs rather than generic malware presence.D) Incorrect — Ransomware notes would indicate extortion but are not the primary indicator of a live command-injection attack affecting backups and uptime.
Which of the following would be the best way to test resiliency in the event of a primary power failure?
Option D is correct because production failover directly tests operational continuity by switching to an alternate power or site, validating real-world recovery and SLA compliance. A) Parallel processing tests throughput, not resiliency to power loss. B) Tabletop exercise is discussion-based and lacks real system failover validation. C) Simulation testing models scenarios but may not involve actual failover of systems and power sources. D) Production failover is the only approach that proves systems remain available during a primary power loss.
Which of the following would be the most appropriate way to protect data in transit?
Answer(s): C
Option C is correct because TLS 1.3 provides strong encryption and integrity protections for data in transit with modern cryptographic suites and reduced attack surface. A) Incorrect — SHA-256 is a hashing algorithm, not used for protecting data in transit. B) Incorrect — SSL 3.0 is deprecated and vulnerable; not suitable for protecting data in transit. D) Incorrect — AES-256 is a symmetric encryption algorithm, but alone it does not specify protection for data in transit or provide the complete TLS protocol protections.
Which of the following is a common, passive reconnaissance technique employed by penetration testers in the early phases of an engagement?
Answer(s): A
Option A is correct because open-source intelligence (OSINT) is a passive reconnaissance method used in early engagement to gather information from publicly available sources without directly interacting with the target’s systems. Incorrect — B: Port scanning is an active discovery technique that probes a target’s ports and services. Incorrect — C: Pivoting is an exploitation activity after initial access to move laterally. Incorrect — D: Exploit validation involves testing specific vulnerabilities to confirm they can be exploited, typically during later stages.
Which of the following threat actors is the most likely to seek financial gain through the use of ransomware attacks?
Organized crime groups are primarily motivated by financial gain. Ransomware attacks are a popular tool for these groups because they can encrypt a victim's data and demand a ransom payment (often in cryptocurrency) to restore access. This form of attack can yield a high financial return if victims choose to pay.
Share your comments for CompTIA SY0-701 exam with other users:
seems good..
took the test last week, i did have about 15 - 20 word for word from this site on the test. (only was able to cram 600 of the questions from this site so maybe more were there i didnt review) had 4 labs, bgp, lacp, vrf with tunnels and actually had to skip a lab due to time. lots of automation syntax questions.
no comments
nice questions bring out the best in you.
really helpful
question #50 and question #81 are exactly the same questions, azure site recovery provides________for virtual machines. the first says that it is fault tolerance is the answer and second says disater recovery. from my research, it says it should be disaster recovery. can anybody explain to me why? thank you
iam thankful for these exam dumps questions, i would not have passed without this exam dumps.
some of the answers seem to be inaccurate. q10 for example shouldnt it be an m custom column?
are the question real or fake?
thank you for providing such assistance.
nice questions
my 3rd purcahse from this site. these exam dumps are helpful. very helpful.
found it good
excellent material
very helpfull
well explained.
i need the pdf, please.
a good source for exam preparation
i need ielts general training audio guide questions
please make this content available
content is good
latest dumps please
aside from pdf the test engine software is helpful. the interface is user-friendly and intuitive, making it easy to navigate and find the questions.
questions and options are correct, but the answers are wrong sometimes. so please check twice or refer some other platform for the right answer
90% of questions was there but i failed the exam, i marked the answers as per the guide but looks like they are not accurate , if not i would have passed the exam given that i saw about 45 of 50 questions from dump
answer to this question "what administrative safeguards should be implemented to protect the collected data while in use by manasa and her product management team? " it should be (c) for the following reasons: this administrative safeguard involves controlling access to collected data by ensuring that only individuals who need the data for their job responsibilities have access to it. this helps minimize the risk of unauthorized access and potential misuse of sensitive information. while other options such as (a) documenting data flows and (b) conducting a privacy impact assessment (pia) are important steps in data protection, implementing a "need to know" access policy directly addresses the issue of protecting data while in use by limiting access to those who require it for legitimate purposes. (d) is not directly related to safeguarding data during use; it focuses on data transfers and location.
password lockout being the correct answer for question 37 does not make sense. it should be geofencing.
for question 4, the righr answer is :recover automatically from failures
question number 4s answer is 3, option c. i
very good questions
i am confused about the answers to the questions. are the answers correct?
very usefull
need certification.