Which of the following topics would most likely be included within an organization's SDLC?
Answer(s): D
Option D is correct because SDLC (Software Development Life Cycle) includes requirements and controls for software safety and reliability, such as branch protection to enforce protected code branches in version control, aligning with secure development practices. A) Service-level agreements pertain to operational performance expectations, not SDLC development controls. B) Information security policy is overarching governance, not a specific SDLC topic. C) Penetration testing methodology is part of security testing phases, but not a fundamental SDLC control like branch protection. Therefore D is the best fit; others are peripheral to typical SDLC content.
Which of the following control types is AUP an example of?
Option D is correct because an Acceptable Use Policy (AUP) governs user behavior and operational procedures, which are classified as operational controls that implement day-to-day security practices. A) Incorrect — Physical controls manage tangible assets (fences, locks) not user conduct. B) Incorrect — Managerial controls relate to governance, risk management, and policies at an organizational level, but AUPs are executed in daily operations. C) Incorrect — Technical controls deploys technology (firewalls, IDS); AUPs do not rely on technical enforcement.
An organization is adopting cloud services at a rapid pace and now has multiple SaaS applications in use. Each application has a separate log-in, so the security team wants to reduce the number of credentials each employee must maintain. Which of the following is the first step the security team should take?
Option D is correct because selecting an Identity Provider (IdP) enables centralized authentication and supports single sign-on across multiple SaaS applications, reducing credential management for users. A) Enable SAML: SAML is a protocol used by an IdP; enabling it is part of using an IdP but not the initial step itself. B) Create OAuth tokens: OAuth tokens are for delegated access, not the foundational step to unify logins. C) Use password vaulting: Password vaulting helps store credentials but does not provide SSO or centralized authentication across SaaS apps. INSUFFICIENT_KNOWLEDGE
A company's online shopping website became unusable shortly after midnight on January 30, 2023. When a security analyst reviewed the database server, the analyst noticed the following code used for backing up data:Which of the following should the analyst do next?
Answer(s): B
Option B is correct because reviewing WAF logs for evidence of command injection helps identify a web app attack that could compromise server databases and disrupt service.A) Incorrect — Terminated DBAs would be unlikely to directly cause an immediate outage; the scenario focuses on attacker techniques, not personnel.C) Incorrect — Malware scan may be useful, but the specific clue points to input-based exploitation visible in WAF logs rather than generic malware presence.D) Incorrect — Ransomware notes would indicate extortion but are not the primary indicator of a live command-injection attack affecting backups and uptime.
Which of the following would be the best way to test resiliency in the event of a primary power failure?
Option D is correct because production failover directly tests operational continuity by switching to an alternate power or site, validating real-world recovery and SLA compliance. A) Parallel processing tests throughput, not resiliency to power loss. B) Tabletop exercise is discussion-based and lacks real system failover validation. C) Simulation testing models scenarios but may not involve actual failover of systems and power sources. D) Production failover is the only approach that proves systems remain available during a primary power loss.
Which of the following would be the most appropriate way to protect data in transit?
Answer(s): C
Option C is correct because TLS 1.3 provides strong encryption and integrity protections for data in transit with modern cryptographic suites and reduced attack surface. A) Incorrect — SHA-256 is a hashing algorithm, not used for protecting data in transit. B) Incorrect — SSL 3.0 is deprecated and vulnerable; not suitable for protecting data in transit. D) Incorrect — AES-256 is a symmetric encryption algorithm, but alone it does not specify protection for data in transit or provide the complete TLS protocol protections.
Which of the following is a common, passive reconnaissance technique employed by penetration testers in the early phases of an engagement?
Answer(s): A
Option A is correct because open-source intelligence (OSINT) is a passive reconnaissance method used in early engagement to gather information from publicly available sources without directly interacting with the target’s systems. Incorrect — B: Port scanning is an active discovery technique that probes a target’s ports and services. Incorrect — C: Pivoting is an exploitation activity after initial access to move laterally. Incorrect — D: Exploit validation involves testing specific vulnerabilities to confirm they can be exploited, typically during later stages.
Which of the following threat actors is the most likely to seek financial gain through the use of ransomware attacks?
Organized crime groups are primarily motivated by financial gain. Ransomware attacks are a popular tool for these groups because they can encrypt a victim's data and demand a ransom payment (often in cryptocurrency) to restore access. This form of attack can yield a high financial return if victims choose to pay.
Share your comments for CompTIA SY0-701 exam with other users:
fantastic assessments
i find the xengine test engine simulator to be more fun than reading from pdf.
nice document
thank you for making the questions and answers intractive and selectable.
answers are correct?
can i belive this dump
great site to practice for sitecore exam
good for students
nice practice dumps
nokia 4a0-114 dumps
great content and wonderful to have the answers with explanation
for question #118, the answer is option c. the screen shot is showing the drop down, but the answer is marked incorrectly please update . thanks for sharing such nice questions.
the correct answer for the question 29 is d.
question no 22: correct answers: bc, 1 per session 1 per page 1 per component always
these are pretty useful
awesome
yes please upload
great job whoever put this together, for the greater good! thanks!
just started to view all questions for the exam
helpful material
hope for the best
will post exam has finished
really correct and good analyze!
excellent thanks a lot
will post once pass the cka exam
good content
q:32 answer has to be option c
nice questions
i really like the support team in this website. they are fast in communication and very helpful.
a good contemporary exam review
q23, its an array, isnt it? starts with [ and end with ]. its an array of objects, not object.
cool very helpfull
i just passed. this exam dumps is the same one from prepaway and examcollection. it has all the real test questions.
is this a valid prince2 practitioner dumps?