SY0-701 Final Assessment
A large financial institution recently adopted a Bring Your Own Device (BYOD) policy. It understands the cost and flexibility advantages of this approach but is concerned about the potential security implications. Specifically, the institution wants to ensure that its sensitive data remains protected even when accessed from or stored on employees' personal devices. What would be the MOST effective strategy to safeguard data in this context?
Deploy a Mobile Device Management (MDM) solution
Which of the following descriptions is true about fail-open and fail-closed configurations for security devices in the event of a failure?
Fail-open means that network or host access is preserved, if possible, while fail-closed means that access is blocked or that the system enters the most secure state available.
A multinational organization is planning to expand its services to various locations across the globe. The organization requires a flexible IT infrastructure that can easily adapt to rapid business growth but also maintain data security and meet different legal and regulatory requirements. Which of the following architecture models would be MOST suitable for this organization?
Cloud model
The cybersecurity team of a company notices suspicious activities on its network. Some computers have increased memory usage and are sending out network requests repeatedly to random IP ranges. No one observed an intervention when these activities started. Based on the provided details, what type of malicious activity is MOST likely happening in this scenario?
Computer worm outbreak
A company plans to expand its existing network, which currently employs a basic star topology, by adding hundreds more devices. What is a potential drawback of this plan?
The network performance can be negatively impacted due to large broadcast domains
Considering common threat vectors and attack surfaces, which statement BEST describes the primary risk, from a cybersecurity perspective, with using unsupported systems and applications?
Unsupported systems no longer receive vendor updates or patches, making their attack surfaces more susceptible to known exploits.
At a healthcare technology company, a cybersecurity alert flagged an unusual pattern of data traffic from one of its key database servers. Initial analysis indicates a potential data breach that is not yet conclusively confirmed. The server contains sensitive patient data. If confirmed, it could have severe legal and reputational implications for the company. What steps should the incident response team take to better understand the situation?
Conduct a detailed analysis of the alert using threat intelligence and incident response playbooks
An organization considers a new third-party vendor to provide critical technology solutions. It is nearing the final stages of the vendor selection process and wants to ensure a robust assessment of the vendor's security practices and risk management capabilities. Provided approval is granted, which method would be MOST suitable for the organization to gain an in-depth understanding of the vendor's security controls, identify potential vulnerabilities in its systems, and validate the effectiveness of its security measures?
Conduct a penetration test
After an extensive security audit, a medium-sized corporation discovers several of its company laptops contain malware. The malware is most likely the result of the use of unauthorized USB storage devices. The chief information security officer (CISO) wants to prevent similar incidents in the future. Which of the following options would best mitigate this risk?
Deploy port control software and restrict the use of USB storage devices
An organization recently experienced a security breach due to the actions of an employee who engaged in an activity that posed a risk to the company's information systems. The employee downloaded unverified software onto the company device, resulting in a malware infection. Following this incident, the company plans to implement a policy to prevent similar occurrences in the future. Which of the following policies is MOST suitable for addressing this specific issue?
Acceptable use policy (AUP)
An IT architect of a medium-sized e-commerce business is planning to optimize their system's capacity and lower operating costs. As part of this, the architect is considering a clustering solution for the servers, with the key objective being maximum capacity and seamless customer experience. Which type of clustering setup would BEST meet the needs of this e-commerce business?
Active/Active Clustering
A cybersecurity analyst notices that a certain rule in the Security Information and Event Management (SIEM) system is generating a high volume of dashboard notifications, making it difficult for the team to manage. Which action would be MOST effective in dealing with this issue?
Adjust the parameters of the rule or lower the alert level
A large corporation with employees spread across different locations wants to enhance its endpoint security. The corporation has had an increase in cybersecurity threats, and its existing antivirus solutions do not seem to be effective against advanced persistent threats. Which of the following mitigation techniques would provide the BEST protection for this situation?
Advanced Endpoint Protection with EDR
An organization receives large amounts of diverse data sources during cybersecurity incidents and needs a more efficient tool. Dealing with system memory, log files, network traffic, and endpoint security data has proven to be chaotic. What primary function would a Security Information and Event Management (SIEM) tool serve in this scenario?
Aggregating and correlating data from multiple sources to enable efficient analysis and reporting
An organization's systems and networks are made of various exploitable components and entry points. The organization also faces a cybersecurity threat from a group located outside the organization with extensive funding and highly skilled members capable of creating advanced exploit techniques, but no internal access. Considering the potential vulnerabilities in systems and networks, and based on these attributes, which of the following BEST describes the threat actor and the primary attack surface they might target?
An external threat actor with high capability and high resources
A company has recently deployed a new mobile application for its employees. During a security audit, observations show some employees downloaded the application from third-party app stores, not the official ones. Additionally, the IT department found that a few employees are using older versions of the operating system on their devices. What vulnerabilities are likely to emerge in this scenario? (Select the two best options.)
Application-level vulnerability and operating system-level vulnerability
A financial institution receives a significant software update. What is the optimal approach to handle this situation in a change management program?
Assess impact, test, get approval, apply update
Which of the following is an essential component of a well-structured asset management process within an organization's cybersecurity operations?
Asset identification and naming conventions
An organization is planning to secure its data in all its states: at rest, in transit, and in use. This includes large volumes of data that it continuously transfers over the network. Which of the following schemes is the BEST approach to achieve this while maintaining efficiency and security?
Asymmetric and symmetric encryption
A newly launched online store wants to secure transactions between the store and customers using a pair of public and private keys. Which cryptographic technique would BEST meet these requirements?
Asymmetric encryption
An organization has just completed an assessment of all the points where a threat actor might exploit a vulnerability in the network. This analysis includes its computer systems, network ports, applications, and user interactions. What is the term for this collection of potential points of exploitation?
Attack surface
Given the complexities and benefits of secure protocols, which statement BEST guides the chief information security officer's (CISO) approach to implementing them?
Balancing security, performance, and cost
A multinational firm headquartered in San Francisco, California, serves customers from various countries, including European Union countries. The company collects, processes, and stores substantial amounts of personal data. With which of the following legal regulations must the company's governance committee ensure compliance?
Both General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA)
An organization observes employees leaving sensitive documents on their desks, thereby exposing sensitive data in the work area. To stop unauthorized staff or guests from accessing this information, the organization decides to introduce a new policy. Which policy would resolve this issue?
Clean desk policy
A company has implemented a zone-based security topology with different levels of trust and access control requirements for hosts within its network perimeter. The company has various zones, including a low-privilege zone for printers, an enterprise local area network (LAN) for client devices, a guest zone, and a zone for public-facing servers. Which of the following statements about the inter-zone traffic is correct?
Client devices on the enterprise LAN can initiate authorized requests to other zones but cannot accept new connection requests.
A company has recently suffered a data breach due to an attacker gaining unauthorized access to its system via an unsecured network interface on one of its machines. To prevent similar incidents in the future, what steps should the company take as part of its endpoint hardening strategy?
Explicitly disable unused network interfaces
A company's IT department has noticed irregularities in network usage and resource allocation. Which tool would be MOST beneficial in collecting the metadata and statistics from the network traffic?
Flow collector
An organization in the healthcare sector notices an increase in ransomware attacks in their industry. How should it adjust its vulnerability analysis strategy?
Focus on vulnerabilities linked to data breaches and regulatory penalties
Which of the following mitigation techniques refers to the process of protecting all information on a hard drive, including the programs responsible for booting an operating system?
Full-disk Encryption
Which of the following BEST describes the purpose of fundamental security concepts in the cybersecurity profession?
Fundamental security concepts are building blocks that form the foundation of understanding and implementing security in a business environment.
A multinational company discovered its existing cybersecurity policies were no longer adequate due to evolving cybersecurity threats and updated industry regulations. The board of directors, comprising high-ranking executives, decided to review and revise the policies. Who should the company involve in this process?
Governance committee
Which, usually small-organization, threat actor uses cyber weapons to promote political agendas and perform service disruption attacks?
Hacktivist group
What type of data is information that can easily be understood and interpreted without additional processing or translation?
Human-readable data
A large multinational company adopts a new standard to enhance its information security management system. The company operates across different regions, so the chosen standard must be internationally recognized. The company wants the standard to provide a comprehensive framework to ensure adequate and proportionate security controls. Which of the following standards would be MOST suitable for the company's needs?
ISO/IEC 27001
A cybersecurity team has discovered an unauthorized alteration in the endpoint configuration of several workstations within the organization, resulting in a malware infection. As part of the response strategy, the team must select a specific mitigation technique to prevent similar incidents in the future. Which of the following is the MOST suitable approach to undertake?
Implement a stricter Group Policy
An organization stores its sensitive data on physical storage devices. It wants to bolster security measures due to a rise in industrial espionage and the risk of physical theft of these devices. Which of the following encryption strategies would be the MOST effective for the organization to choose?
Incorporate self-encrypting drives (SEDs) into its storage infrastructure
An organization validates its security controls, processes, and adherence to industry standards and wants an unbiased evaluation to instill confidence among stakeholders. Which method should it employ for this purpose?
Independent third-party audit
An organization has decommissioned several laptops used for handling sensitive data. Which of the following should be the primary step to ensure data security and compliance with regulations before repurposing or disposing of these devices?
Initiating a secure data destruction process
A tech company employs the Single Loss Expectancy (SLE) and Annualized Loss Expectancy (ALE) models for quantitative assessment and uses subjective judgment for qualitative analysis. They use a "heat map" or "traffic light" impact matrix to represent the severity of the risk, its likelihood, cost of controls, etc. What is the primary benefit of the company's approach of combining both quantitative and qualitative risk assessment methods?
It provides both numerical data for precision and subjective judgment for situations in which precise data is unavailable.
The company's system has recently detected suspicious network activity, signaling a possible cybersecurity incident. The incident response team has assembled, and after going through the detection and analysis phases, the containment phase of the incident response process has started. In this phase, what is the primary objective?
Limiting the scope and magnitude of the incident
An organization's automated scanner has just flagged a vulnerability with the identifier CVE-2023-0150. What are some initial steps the organization should take to understand and potentially address this vulnerability?
Look up the identifier in the Vulnerability Database and assess the vulnerability.
A manufacturing organization identifies its server maintenance and repair process as a mission-essential function. The company experienced three server failures in the last year, each failure taking approximately six hours to repair and restore operations. A standard operational year is usually assumed to be 8,760 hours (24*365). Given the company's performance metrics and assuming operations run all day and every day, what are the annual MTBF and MTTR for the organization's server maintenance and repair process?
MTBF: 2,920 hours/failure, MTTR: 6 hours
A cybersecurity team at an organization prepares to carry out an assessment that aims to mimic potential attackers' tactics, techniques, and procedures (TTPs) to identify vulnerabilities and weaknesses in the organization's digital systems. What type of penetration test is the team about to conduct?
Offensive penetration testing
An organization recently hired a new employee who passed all the necessary background checks and completed the recruitment process successfully. The organization wants to ensure that the new employee's integration into the company is as smooth and secure as possible. Which of the following procedures would be MOST appropriate to apply in this situation?
Onboarding
An employee at a company frequently recycles old passwords when prompted for a password change. What feature of a password policy can prevent this?
Password history
A large multinational corporation recently suffered a significant data breach. The organization had established an Incident Response Plan (IRP) that primarily consisted of a team of skilled cybersecurity analysts. However, the data breach escalated rapidly, and the company found itself in the headlines, which caused serious damage to its reputation. What key elements were likely missing from the company's Incident Response Plan?
Proper stakeholder management and a comprehensive communication plan
A software company designs a new feature for its product involving the creation and storage of new algorithms and methods that give the product a competitive advantage. The company wants to appropriately classify this information within its data management system. What would be the MOST fitting classification for this data?
Proprietary
A company is considering moving its applications and data to the cloud. The company handles sensitive data and wants to maintain control over the security of its applications and data. It is considering using an infrastructure-as-a-service (IaaS) model. Which of the following is a key responsibility the company will need to manage in an IaaS model?
Protection of operating systems when deployed
Given the importance of automation and orchestration related to secure operations, a newly hired IT employee creates, modifies, and deletes user accounts and access rights across the company's IT systems. Due to the significant number of users and the heightened need for security, this task proves to be time-consuming and error-prone. Which automation capability can not only improve the efficiency and consistency of this task but also ensure secure operations?
Provisioning
An organization prepares to store and handle a data type that includes sensitive personal information, such as healthcare records and social security numbers. This data is subject to specific laws and regulations concerning its protection and use. What category does this data type fall under?
Regulated data
An IT security analyst at a mid-sized company has observed unusual network activity on a workstation over the past few days. This workstation has initiated frequent and unsolicited communications with an unknown external IP address. Further investigation reveals the presence of unauthorized software on the workstation, which seems to be actively transmitting sensitive system data to this external address and possibly receiving commands or files in return without any visible signs or knowledge of the user. Given these specific behaviors, what type of malware is MOST likely responsible for these activities?
Remote Access Trojan (RAT)
A mid-sized tech company has started experiencing regular system slowdowns and data traffic abnormalities. However, its current intrusion detection system (IDS) has generated no alerts. The IT department relies heavily on the IDS for potential threats and does not actively monitor system metrics or logs. Which statement is MOST likely true about the situation?
The company is facing a new type of threat not recognized by the IDS.
Which of the following accurately reflects the responsibilities of a data processor under data protection laws such as the General Data Protection Regulation (GDPR)?
The data processor processes personal data on behalf of the data controller.
In the context of information security, an organization discovers a zero-day vulnerability in its database software. At the same time, a known hacking group has expressed intentions to target entities using this specific software. Which of the following BEST describes this situation's relation to vulnerability, threat, and risk?
The organization increases its risk of a security breach due to the threat and vulnerability.
A large organization is planning to move its operations to the cloud and is considering different cloud deployment models. The organization wants to achieve a balance of cost, security, flexibility, and control over its data and applications and is considering a hybrid cloud model but has concerns about the security implications. Which of the following is a potential security challenge the organization should consider when using a hybrid cloud model?
The organization may struggle with managing multiple cloud environments and enforcing consistent security policies.
A large technology firm adopts the National Institute of Standards and Technology (NIST) Cybersecurity Framework to improve its security posture. The company has hired an external security consultant to conduct a gap analysis to identify areas in which the firm deviates from the recommended framework controls. What is the MOST accurate description of this process?
The review and comparison of the company's security systems against NIST Cybersecurity Framework
A major software vendor becomes aware of a new zero-day vulnerability in one of its products due to an anonymous tip. The vulnerability could potentially allow unauthorized access to sensitive data stored in the software. The vendor is currently creating a patch to address the issue. Which of the following BEST describes the current risk to the software users and the appropriate response from the software vendor?
The risk to the users is significant, and the vendor should quietly create a patch without informing the users until it is ready.
A software development company recognizes that some of its employees are vulnerable to phishing attacks. To address this, the company plans to set up a training program. What factors should the company primarily consider while defining such training programs?
The roles performed by the employees
A newly appointed Information Security Officer at a startup company is improving IT security. The current IT environment lacks standardized security configurations, and various operating systems, applications, and network devices are in use. The officer decides to implement secure baseline configurations but also wants to ensure the chosen approach can adapt to evolving threats and handle the diversity in the company's IT environment. What is the MOST appropriate approach to achieve these goals?
Use the Center for Internet Security (CIS) Benchmarks and couple it with the use of a configuration management tool.
An organization wants to ensure the security of its sensitive data stored on the company's physical drives, with varying levels of access for different users. Which of the following encryption methods would BEST suit this requirement?
A combination of volume and file encryption
A cybersecurity analyst for a medium-sized company needs to perform a vulnerability scan that provides an in-depth analysis of potential weaknesses in the company's system, including misconfigured applications and security settings. The analyst is considering using a credentialed or non-credentialed scan. Which type of scan is MOST appropriate for this situation?
A credentialed scan provides login rights for a more thorough analysis of potential vulnerabilities.
An employee at a company is having difficulty remembering a complex password and is looking for a more secure and memorable alternative. What type of credential would be the BEST recommendation?
A device-specific PIN with any characters and length
Which of the following describes the placement and role of a firewall in a network with a defense-in-depth strategy?
A firewall is typically at the network border and serves as a preventive control to enforce access rules for ingress and egress traffic.
Which of the following is a correct interpretation of data sovereignty?
A jurisdiction can restrict or prevent processing and storage of data on systems that do not physically reside within that jurisdiction.
A company has been experiencing issues with operator fatigue within the cybersecurity team, leading to decreased alertness and cognitive function. Considering different strategies to help combat this issue, how can automation and orchestration assist in addressing operator fatigue in security operations?
By automating routine tasks, allowing cybersecurity personnel to focus on more complex, strategic issues
In an IT environment, automation and scripting play a critical role in managing services and access. How does automation assist security analysts in their daily tasks?
By enabling and disabling services, modifying access rights, and maintaining the lifecycle of IT resources
Which of the following threat actors is MOST likely to exploit unsecured networks using default credentials for financial gains?
Cybercriminals
A cybersecurity analyst uses a Security Information and Event Management (SIEM) tool to monitor network activity in a large organization. During a shift, the analyst receives multiple alerts indicating the same user account is experiencing multiple login failures. They received the alert only after multiple login failures occurred within an hour. Which of the following correlation rules likely triggered this alert?
Error.LoginFailure > 3 AND LoginFailure.User AND Duration < 1 hour
In the context of a global manufacturing firm transitioning to a remote work arrangement due to a crisis, which aspect is the MOST critical to ensure business continuity?
Developing robust remote work plans with appropriate technologies
A company wants to establish a secure communication channel with its remote employees. The company aims to ensure that the individuals communicating are who they claim to be to avoid any potential on-path attacks. Which system can help the company meet its objectives?
Digital certificates managed by a Certificate Authority (CA)
A newly established organization has decided to implement Virtual LANs (VLANs) for segmenting workstation computer hosts from Voice over Internet Protocol (VoIP) handsets. The organization is using two VLANs that map to two subnets: 10.1.32.0/24 for workstation computers and 10.1.40.0/24 for VoIP handsets. In this setup, what could be a potential security advantage?
Enhanced control over communication between VLANs.
In the event of a confirmed ransomware attack on a server containing valuable intellectual property, what should be the immediate next step?
Isolate the affected server from the rest of the network by disabling its network access
A lead architect is designing a new security system for a multinational corporation. The Chief Executive Officer (CEO) emphasizes that the continuity of business operations is a top priority. Why would incorporating resilience and recovery into the security architecture be vital in this scenario?
It ensures system functionality during and after disruptions.
Two businesses establish a new vendor relationship. Before proceeding with formal contractual agreements, the organizations want to mutually outline their intentions, shared goals, and general terms of cooperation. Which of the following agreements would BEST suit this initial stage?
Memorandum of Understanding (MOU)
The network administrator of an educational institution is upgrading an existing wireless network. The campus has various buildings, each having multiple floors, and the aim is to ensure consistent Wi-Fi coverage across the entire campus. To achieve this, a site survey and heat map creation will guide the placement and configuration of wireless access points (WAPs). Which of the following would MOST accurately represent the correct actions based on the survey results?
Place WAPs in areas indicated weak in the heat map and increase transmit power to the highest in all devices, while avoiding unnecessary overlap.
A group of hackers, exploiting vulnerabilities in a certain organization's online platforms and using spear-phishing techniques, launches a series of attacks disrupting the organization's services. These attack vectors target both software flaws and human elements of the organization. Driven by disdain for the organization's practices, their primary objective is to raise awareness and bring about changes in the organization's conduct. Based on this information, what is the primary motivation of these threat actors?
Political change
A cybersecurity analyst for a large organization is enhancing the company's security posture. The analyst notices increased alerts related to a particular known exploit in the company's server software. The company's intrusion detection system (IDS) uses a predefined set of rules, provided by security personnel, to identify events that are unacceptable. What type of detection method is the company using in this scenario?
Signature-based detection
A technology company identifies a potential risk in the form of data breaches due to vulnerabilities in its e-commerce application. The company has assessed that the likelihood of occurrence is high, and the impact could be significant, leading to loss of customer trust and potential legal liabilities. The company has assigned a team to manage this risk and to implement necessary security measures to mitigate it. Which of the following is the BEST description of the role this team is performing?
Risk owners
A technology company experiences several security vulnerabilities with its online application, leading to customer complaints and legal threats. In response, the board of directors decides to outsource the maintenance and associated liabilities of the application to a third party. Which risk management strategy is the company primarily implementing?
Risk transference
At a medium-scale software development firm, significant modifications to several critical applications employees use daily are on the horizon. Considering the principles of change management, what should the primary focus be during the implementation phase of these changes?
Scheduling service restarts during non-business hours to minimize application downtime
The network administrator of a company receives an email notification about an unusual email activity. Multiple employees received an email with an attached file having an odd double extension: .docx and .hta. The email system's security feature flagged the email as potentially harmful. Based on the provided details, what type of virus is MOST likely involved in this scenario?
Script virus
A multinational corporation is sending sensitive data to various regional offices securely. What is an optimal cryptographic method to employ in this situation?
Symmetric encryption for data and asymmetric for key exchange
Under the General Data Protection Regulation (GDPR), how soon must an organization report a breach of personal data?
Within 72 hours of becoming aware of the breach
A software engineer discovers a flaw in one of its products that could allow nefarious attackers to gain unauthorized access to the system on which it is running. What vulnerability signifies that developers must immediately fix the problem or widespread damage could ensue before a patch is available.
Zero-day