SYO-701 Practice C

1

Classify the following traffic flows as ALLOWED or BLOCKED through the firewall:

1

Match the device to the description. Some device types will not be used.

1

Match the attack type to the characteristic:

1

Match the cryptography technology to the description:

1

Add the most applicable security technologies to the following scenarios:

1

A finance company is legally required to maintain seven years of tax records for all of their customers. Which of the following would be the BEST way to implement this requirement?

1

A system administrator is designing a data center for an insurance company’s new public cloud and would like to automatically rotate encryption keys on a regular basis. Which of the following would provide this functionality?

1

A newly installed IPS is flagging a legitimate corporate application as malicious network traffic. Which of the following would be the BEST way to resolve this issue?

1

A security administrator has identified an internally developed application which allows modification of SQL queries through the web-based frontend. Which of the following changes would resolve this vulnerability?

1

A system administrator is implementing a fingerprint scanner to provide access to the data center. Which of the following authentication technologies would be associated with this access?

1

The IT department of a transportation company maintains an on-site inventory of chassis-based network switch interface cards. If a failure occurs, the on-site technician can replace the interface card and have the system running again in sixty minutes. Which of the following BEST describes this recovery metric?

1

A company maintains a server farm in a large data center. These servers are used internally and are not accessible from outside of the data center. The security team has discovered a group of servers was breached before the latest security patches were applied. Breach attempts were not logged on any other servers. Which of these threat actors would be MOST likely involved in this breach?

1

An organization has received a vulnerability scan report of their Internet-facing web servers. The report shows the servers have multiple Sun Java Runtime Environment (JRE) vulnerabilities, but the server administrator has verified that JRE is not installed. Which of the following would be the BEST way to handle this report?

1

A user downloaded and installed a utility for compressing and decompressing files. Immediately after installing the utility, the user’s overall workstation performance degraded and it now takes twice as much time to perform any tasks on the computer. Which of the following is the BEST description of this malware infection?

1

Which of the following is the process for replacing sensitive data with a non-sensitive and functional placeholder?

1

A security administrator has installed a new firewall to protect a web server VLAN. The application owner requires all web server sessions communicate over an encrypted channel. Which rule should the security administrator add to the firewall rulebase?

1

Which of these would be used to provide multi-factor authentication?

1

A company's network team has been asked to build an IPsec tunnel to a new business partner. Which of the following security risks would be the MOST important to consider?

1

A company's human resources team maintains a list of all employees participating in the corporate savings plan. A third-party financial company uses this information to manage stock investments for the employees. Which of the following would describe this financial company?

1

A technology company is manufacturing a military-grade radar tracking system designed to identify any nearby unmanned aerial vehicles (UAVs). The UAV detector must be able to instantly identify and react to a vehicle without delay. Which of the following would BEST describe this tracking system?

1

An administrator is writing a script to convert an email message to a help desk ticket and assign the ticket to the correct department. Which of the following should be administrator use to complete this script?

1

A security administrator would like a report showing how many attackers are attempting to use a known vulnerability to gain access to a corporate web server. Which of the following should be used to gather this information?

1

During a ransomware outbreak, an organization was forced to rebuild database servers from known good backup systems. In which of the following incident response phases were these database servers brought back online?

1

A security administrator is installing a web server with a newly built operating system. Which of the following would be the best way to harden this OS?

1

A network IPS has created this log entry: Frame 4: 937 bytes on wire (7496 bits), 937 bytes captured Ethernet II, Src: HewlettP_82:d8:31, Dst: Cisco_a1:b0:d1 Internet Protocol Version 4, Src: 172.16.22.7, Dst: 10.8.122.244 Transmission Control Protocol, Src Port: 3863, Dst Port: 1433 Application Data: SELECT * FROM users WHERE username='x' or 'x'='x' AND password='x' or 'x'='x' Which of the following would describe this log entry?

1

An incident response team would like to validate their disaster recovery plans without making any changes to the infrastructure. Which of the following would be the best course of action?

1

A system administrator has installed a new firewall between the corporate user network and the data center network. When the firewall is turned on with the default settings, users complain the application in the data center is no longer working. Which of the following would be the BEST way to correct this application issue?

1

Which of these would be used to provide HA for a web-based database application?

1

Each year, a certain number of laptops are lost or stolen and must be replaced by the company. Which of the following would describe the total cost the company spends each year on laptop replacements?

1

A network administrator is viewing a log file from a web server: https://www.example.com/?s=/Index/think/ app/invokefunction&function=call_user_func_ array&vars[0]=md5&vars[1][0]=__HelloThinkPHP Which of the following would be the BEST way to prevent this attack?

1

Sam would like to send an email to Jack and have Jack verify that Sam was the sender of the email. Which of these should Sam use to provide this verification?

1

The contract of a long-term temporary employee is ending. Which of these would be the MOST important part of the off-boarding process?

1

A cybersecurity analyst has been asked to respond to a denial of service attack against a web server, and the analyst has collected the log files and data from the server. Which of the following would allow a future analyst to verify the data as original and unaltered?

1

A security administrator is reviewing authentication logs. The logs show a large number of accounts with at least three failed authentication attempts during the previous week. Which of the following would BEST explain this report data?

1

A security administrator has been asked to block all browsing to casino gaming websites. Which of the following would be the BEST way to implement this requirement?

1

A company is experiencing downtime and outages when application patches and updates are deployed during the week. Which of the following would help to resolve these issues?

1

A company is implementing a series of steps to follow when responding to a security event. Which of the following would provide this set of processes and procedures?

1

A transportation company maintains a scheduling application and a database in a virtualized cloud-based environment. Which of the following would be the BEST way to backup these services?

1

In an environment using discretionary access controls, which of these would control the rights and permissions associated with a file or directory?

1

A security administrator has installed a network-based DLP solution to determine if file transfers contain PII. Which of the following describes the data during the file transfer?

1

A medical imaging company would like to connect all remote locations together with high speed network links. The network connections must maintain high throughput rates and must always be available during working hours. In which of the following should these requirements be enforced with the network provider?

1

A company is implementing a security awareness program for their user community. Which of the following should be included for additional user guidance and training?

1

A security administrator is preparing a phishing email as part of a periodic employee security awareness campaign. The email is spoofed to appear as an unknown third-party and asks employees to immediately click a link or their state licensing will be revoked. Which of the following should be the expected response from the users?

1

A security administrator would like to minimize the number of certificate status checks made by web site clients to the certificate authority. Which of the following would be the BEST option for this requirement?

1

A company is concerned their EDR solution will not be able to stop more advanced ransomware variants. Technicians have created a backup and restore utility to get most systems up and running less than an hour after an attack. What type of security control is associated with this restore process?

1

To upgrade an internal application, the development team provides the operations team with instructions for backing up, patching the application, and reverting the patch if needed. The operations team schedules a date for the upgrade, informs the business divisions, and tests the upgrade process after completion. Which of the following describes this process?

1

A company is implementing a public file-storage and cloud-based sharing service, and would like users to authenticate with an existing account on a trusted third-party web site. Which of the following should the company implement?

1

A system administrator is viewing this output from a file integrity monitoring report: 15:43:01 - Repairing corrupted file C:\Windows\System32\kernel32.dll 15:43:03 - Repairing corrupted file C:\Windows\System32\netapi32.dll 15:43:07 - Repairing corrupted file C:\Windows\System32\user32.dll 15:43:43 - Repair complete Which of the following malware types is the MOST likely cause of this output?

1

What type of vulnerability would be associated with this log information? GET http://example.com/show.asp?view=../../Windows/ system.ini HTTP/1.1

1

A developer has created an application to store password information in a database. Which of the following BEST describes a way of protecting these credentials by adding random data to the password?

1

Which of the following processes provides ongoing building and testing of newly written code?

1

Which of the following BEST describes a responsibility matrix?

1

A security administrator is implementing an authentication system for the company. Which of the following would be the best choice for validating login credentials for all usernames and passwords in the authentication system?

1

A technician is reviewing this information from an IPS log: MAIN_IPS: 22June2023 09:02:50 reject 10.1.111.7 Alert: HTTP Suspicious Webdav OPTIONS Method Request; Host: Server Severity: medium; Performance Impact:3; Category: info-leak; Packet capture; disable Proto:tcp; dst:192.168.11.1; src:10.1.111.7 Which of the following can be associated with this log information? (Select TWO)

1

A company has contracted with a third-party to provide penetration testing services. The service includes a port scan of each externally-facing device. This is an example of:

1

An access point in a corporate headquarters office has the following configuration: IP address: 10.1.10.1 Subnet mask: 255.255.255.0 DHCPv4 Server: Enabled SSID: Wireless Wireless Mode: 802.11n Security Mode: WEP-PSK Frequency band: 2.4 GHz Software revision: 2.1 MAC Address: 60:3D:26:71:FF:AA IPv4 Firewall: Enabled Which of the following would apply to this configuration?

1

An attacker has gained access to an application through the use of packet captures. Which of the following would be MOST likely used by the attacker?

1

A company is receiving complaints of slowness and disconnections to their Internet-facing web server. A network administrator monitors the Internet link and finds excessive bandwidth utilization from thousands of different IP addresses. Which of the following would be the MOST likely reason for these performance issues?

1

A company has created an itemized list of tasks to be completed by a third-party service provider. After the services are complete, this document will be used to validate the completion of the services. Which of the following would describe this agreement type?

1

A company is deploying a series of internal applications to different cloud providers. Which of the following connection types should be deployed for this configuration?

1

A company is updating components within the control plane of their zero-trust implementation. Which of the following would be part of this update?

1

Which of the following malware types would cause a workstation to participate in a DDoS?

1

Which of these are used to force the preservation of data for later use in court?

1

A company would like to automatically monitor and report on any movement occurring in an open field at the data center. Which of the following would be the BEST choice for this task?

1

A company is releasing a new product, and part of the release includes the installation of load balancers to the public web site. Which of the following would best describe this process?

1

A system administrator would like to prove an email message was sent by a specific person. Which of the following describes the verification of this message source?

1

A security administrator has created a policy to alert if a user modifies the hosts file on their system. Which of the following behaviors does this policy address?

1

A company has identified a web server data breach resulting in the theft of financial records from 150 million customers. A security update to the company’s web server software was available for two months prior to the breach. Which of the following would have prevented this breach from occurring?

1

During the onboarding process, the IT department requires a list of software applications associated with the new employee's job functions. Which of the following would describe the use of this information?

1

A system administrator has identified an unexpected username on a database server, and the user has been transferring database files to an external server over the company’s Internet connection. The administrator then performed these tasks: • Physically disconnected the Ethernet cable on the database server • Disabled the unknown account • Configured a firewall rule to prevent file transfers from the server Which of the following would BEST describe this part of the incident response process?

1

Which of the following would be the MOST effective use of asymmetric encryption?

1

Each salesperson in a company receives a laptop with applications and data to support their sales efforts. The IT manager would like to prevent third-parties from gaining access to this information if the laptop is stolen. Which of the following would be the BEST way to protect this data?

1

A security administrator has compiled a list of all information stored and managed by an organization. Which of the following would best describe this list?

1

A security administrator would like to monitor all outbound Internet connections for malicious software. Which of the following would provide this functionality?

1

What type of security control would be associated with corporate security policies?

1

Which of the following would be the MOST significant security concern when protecting against organized crime?

1

An application team has been provided with a hardened version of Linux to use with a new application installation, and this includes installing a web service and the application code on the server. Which of the following would BEST protect the application from attacks?

1

A system administrator has configured MAC filtering on their corporate access point, but access logs show unauthorized users accessing the network. Which of the following should the administrator configure to prevent future unauthorized use?

1

A system administrator has been tasked with performing an application upgrade, but the upgrade has been delayed due to a different scheduled installation of an outdated device driver. Which of the following issues would best describe this change management delay?

1

During an initial network connection, a supplicant communicates to an authenticator, which then sends an authentication request to an Active Directory database. Which of the following would BEST describe this authentication technology?

1

A security researcher has been notified of a potential hardware vulnerability. Which of the following should the researcher evaluate as a potential security issue?

1

Visitors to a corporate data center must enter through the main doors of the building. Which of the following security controls would be the BEST choice to successfully guide people to the front door? (Select TWO)

1

A company's employees are required to authenticate each time a file share, printer, or SAN imaging system is accessed. Which of the following should be used to minimize the number of employee authentication requests?

1

A company has recently moved from one accounting system to another, and the new system includes integration with many other divisions of the organization. Which of the following would ensure that the correct access has been provided to the proper employees in each division?

1

An attacker has circumvented a web-based application to send commands directly to a database. Which of the following would describe this attack type?

1

A group of business partners is using blockchain technology to monitor and track raw materials and parts as they are transferred between companies. Where would a partner find these tracking details?

1

A network technician at a bank has noticed a significant decrease in traffic to the bank's public website. After additional investigation, the technician finds that users are being directed to a web site which looks similar to the bank's site but is not under the bank's control. Flushing the local DNS cache and changing the DNS entry does not have any effect. Which of the following has most likely occurred?

1

A company runs two separate applications in their data center. The security administrator has been tasked with preventing all communication between these applications. Which of the following would be the BEST way to implement this security requirement?

1

A receptionist at a manufacturing company recently received an email from the CEO asking for a copy of the internal corporate employee directory. It was later determined that the email address was not sent from the CEO and the domain associated with the email address was not a corporate domain name. What type of training could help identify this type of attack in the future?

1

SYO-701 Practice C

Classify the following traffic flows as ALLOWED or BLOCKED through the firewall:

Match the device to the description. Some device types will not be used.

Match the attack type to the characteristic:

Match the cryptography technology to the description:

Add the most applicable security technologies to the following scenarios:

A finance company is legally required to maintain seven years of tax records for all of their customers. Which of the following would be the BEST way to implement this requirement?

A system administrator is designing a data center for an insurance company’s new public cloud and would like to automatically rotate encryption keys on a regular basis. Which of the following would provide this functionality?

A newly installed IPS is flagging a legitimate corporate application as malicious network traffic. Which of the following would be the BEST way to resolve this issue?

A security administrator has identified an internally developed application which allows modification of SQL queries through the web-based frontend. Which of the following changes would resolve this vulnerability?

A system administrator is implementing a fingerprint scanner to provide access to the data center. Which of the following authentication technologies would be associated with this access?

Which of the following is the process for replacing sensitive data with a non-sensitive and functional placeholder?

A security administrator has installed a new firewall to protect a web server VLAN. The application owner requires all web server sessions communicate over an encrypted channel. Which rule should the security administrator add to the firewall rulebase?

Which of these would be used to provide multi-factor authentication?

A company's network team has been asked to build an IPsec tunnel to a new business partner. Which of the following security risks would be the MOST important to consider?

A company's human resources team maintains a list of all employees participating in the corporate savings plan. A third-party financial company uses this information to manage stock investments for the employees. Which of the following would describe this financial company?

A technology company is manufacturing a military-grade radar tracking system designed to identify any nearby unmanned aerial vehicles (UAVs). The UAV detector must be able to instantly identify and react to a vehicle without delay. Which of the following would BEST describe this tracking system?

An administrator is writing a script to convert an email message to a help desk ticket and assign the ticket to the correct department. Which of the following should be administrator use to complete this script?

A security administrator would like a report showing how many attackers are attempting to use a known vulnerability to gain access to a corporate web server. Which of the following should be used to gather this information?

During a ransomware outbreak, an organization was forced to rebuild database servers from known good backup systems. In which of the following incident response phases were these database servers brought back online?

A security administrator is installing a web server with a newly built operating system. Which of the following would be the best way to harden this OS?

An incident response team would like to validate their disaster recovery plans without making any changes to the infrastructure. Which of the following would be the best course of action?

Which of these would be used to provide HA for a web-based database application?

Each year, a certain number of laptops are lost or stolen and must be replaced by the company. Which of the following would describe the total cost the company spends each year on laptop replacements?

A network administrator is viewing a log file from a web server: https://www.example.com/?s=/Index/think/ app/invokefunction&function=call_user_func_ array&vars[0]=md5&vars[1][0]=__HelloThinkPHP Which of the following would be the BEST way to prevent this attack?

Sam would like to send an email to Jack and have Jack verify that Sam was the sender of the email. Which of these should Sam use to provide this verification?

The contract of a long-term temporary employee is ending. Which of these would be the MOST important part of the off-boarding process?

A cybersecurity analyst has been asked to respond to a denial of service attack against a web server, and the analyst has collected the log files and data from the server. Which of the following would allow a future analyst to verify the data as original and unaltered?

A security administrator is reviewing authentication logs. The logs show a large number of accounts with at least three failed authentication attempts during the previous week. Which of the following would BEST explain this report data?

A security administrator has been asked to block all browsing to casino gaming websites. Which of the following would be the BEST way to implement this requirement?

A company is experiencing downtime and outages when application patches and updates are deployed during the week. Which of the following would help to resolve these issues?

A company is implementing a series of steps to follow when responding to a security event. Which of the following would provide this set of processes and procedures?

A transportation company maintains a scheduling application and a database in a virtualized cloud-based environment. Which of the following would be the BEST way to backup these services?

In an environment using discretionary access controls, which of these would control the rights and permissions associated with a file or directory?

A security administrator has installed a network-based DLP solution to determine if file transfers contain PII. Which of the following describes the data during the file transfer?

A company is implementing a security awareness program for their user community. Which of the following should be included for additional user guidance and training?

A security administrator would like to minimize the number of certificate status checks made by web site clients to the certificate authority. Which of the following would be the BEST option for this requirement?

A company is concerned their EDR solution will not be able to stop more advanced ransomware variants. Technicians have created a backup and restore utility to get most systems up and running less than an hour after an attack. What type of security control is associated with this restore process?

A company is implementing a public file-storage and cloud-based sharing service, and would like users to authenticate with an existing account on a trusted third-party web site. Which of the following should the company implement?

What type of vulnerability would be associated with this log information? GET http://example.com/show.asp?view=../../Windows/ system.ini HTTP/1.1

A developer has created an application to store password information in a database. Which of the following BEST describes a way of protecting these credentials by adding random data to the password?

Which of the following processes provides ongoing building and testing of newly written code?

Which of the following BEST describes a responsibility matrix?

A security administrator is implementing an authentication system for the company. Which of the following would be the best choice for validating login credentials for all usernames and passwords in the authentication system?

A company has contracted with a third-party to provide penetration testing services. The service includes a port scan of each externally-facing device. This is an example of:

An attacker has gained access to an application through the use of packet captures. Which of the following would be MOST likely used by the attacker?

A company has created an itemized list of tasks to be completed by a third-party service provider. After the services are complete, this document will be used to validate the completion of the services. Which of the following would describe this agreement type?

A company is deploying a series of internal applications to different cloud providers. Which of the following connection types should be deployed for this configuration?

A company is updating components within the control plane of their zero-trust implementation. Which of the following would be part of this update?

Which of the following malware types would cause a workstation to participate in a DDoS?

Which of these are used to force the preservation of data for later use in court?

A company would like to automatically monitor and report on any movement occurring in an open field at the data center. Which of the following would be the BEST choice for this task?

A company is releasing a new product, and part of the release includes the installation of load balancers to the public web site. Which of the following would best describe this process?

A system administrator would like to prove an email message was sent by a specific person. Which of the following describes the verification of this message source?

A security administrator has created a policy to alert if a user modifies the hosts file on their system. Which of the following behaviors does this policy address?

During the onboarding process, the IT department requires a list of software applications associated with the new employee's job functions. Which of the following would describe the use of this information?

Which of the following would be the MOST effective use of asymmetric encryption?

Each salesperson in a company receives a laptop with applications and data to support their sales efforts. The IT manager would like to prevent third-parties from gaining access to this information if the laptop is stolen. Which of the following would be the BEST way to protect this data?

A security administrator has compiled a list of all information stored and managed by an organization. Which of the following would best describe this list?

A security administrator would like to monitor all outbound Internet connections for malicious software. Which of the following would provide this functionality?

What type of security control would be associated with corporate security policies?

Which of the following would be the MOST significant security concern when protecting against organized crime?

An application team has been provided with a hardened version of Linux to use with a new application installation, and this includes installing a web service and the application code on the server. Which of the following would BEST protect the application from attacks?

A system administrator has configured MAC filtering on their corporate access point, but access logs show unauthorized users accessing the network. Which of the following should the administrator configure to prevent future unauthorized use?

A system administrator has been tasked with performing an application upgrade, but the upgrade has been delayed due to a different scheduled installation of an outdated device driver. Which of the following issues would best describe this change management delay?

During an initial network connection, a supplicant communicates to an authenticator, which then sends an authentication request to an Active Directory database. Which of the following would BEST describe this authentication technology?

A security researcher has been notified of a potential hardware vulnerability. Which of the following should the researcher evaluate as a potential security issue?

Visitors to a corporate data center must enter through the main doors of the building. Which of the following security controls would be the BEST choice to successfully guide people to the front door? (Select TWO)

A company's employees are required to authenticate each time a file share, printer, or SAN imaging system is accessed. Which of the following should be used to minimize the number of employee authentication requests?

A company has recently moved from one accounting system to another, and the new system includes integration with many other divisions of the organization. Which of the following would ensure that the correct access has been provided to the proper employees in each division?

An attacker has circumvented a web-based application to send commands directly to a database. Which of the following would describe this attack type?

A group of business partners is using blockchain technology to monitor and track raw materials and parts as they are transferred between companies. Where would a partner find these tracking details?

A company runs two separate applications in their data center. The security administrator has been tasked with preventing all communication between these applications. Which of the following would be the BEST way to implement this security requirement?

Which of the following deployment models would a company follow if they require individuals to use their personal phones for work purposes?

Classify the following traffic flows as ALLOWED or BLOCKED through the firewall:

Match the device to the description. Some device types will not be used.

Match the attack type to the characteristic:

Match the cryptography technology to the description:

Add the most applicable security technologies to the following scenarios: