SY0-701 V1

Which of the following provides the details about the terms of a test with a third-party penetration tester?A . Rules of engagementB . Supply chain analysisC . Right to audit clauseD . Due diligenceView AnswerAnswer: A Explanation: Rules of engagement are the detailed guidelines and constraints regarding the execution of...

A company is required to use certified hardware when building networks. Which of the following best addresses the risks associated with procuring counterfeit hardware?A . A thorough analysis of the supply chainB . A legally enforceable corporate acquisition policyC . A right to audit clause in vendor contracts and SOWsD...

Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment?A . FinesB . Audit findingsC . SanctionsD . Reputation damageView AnswerAnswer: A Explanation: PCI DSS is the Payment Card Industry Data Security Standard, which is a set of security requirements...

A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy?A . EnumerationB . SanitizationC . DestructionD . InventoryView AnswerAnswer: B Explanation: Sanitization is the process of removing sensitive data from a storage device or a system before...

An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software. Which of the following security techniques is the IT manager setting up?A . HardeningB . Employee monitoringC . Configuration...

A company has begun labeling all laptops with asset inventory stickers and associating them with employee IDs. Which of the following security benefits do these actions provide? (Choose two.)A . If a security incident occurs on the device, the correct employee can be notified.B . The security team will be...

Which of the following is a hardware-specific vulnerability?A . Firmware versionB . Buffer overflowC . SQL injectionD . Cross-site scriptingView AnswerAnswer: A Explanation: Firmware is a type of software that is embedded in a hardware device, such as a router, a printer, or a BIOS chip. Firmware controls the basic...

Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?A . Risk toleranceB . Risk transferC . Risk registerD . Risk analysisView AnswerAnswer: C Explanation: A risk register is a document that records and tracks the risks associated with a project, system,...

A company’s legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?A . Data maskingB . EncryptionC . Geolocation policyD . Data sovereignty regulationView...

Which of the following security control types does an acceptable use policy best represent?A . DetectiveB . CompensatingC . CorrectiveD . PreventiveView AnswerAnswer: D Explanation: An acceptable use policy (AUP) is a set of rules that govern how users can access and use a corporate network or the internet. The...