Medium SY0-701 practice questions
Applied — put a concept to work in a realistic situation. 133 medium questions available — no sign-up, always free.
A security analyst reviews authentication logs and discovers that a user account successfully logged in from New York at 09:00 AM EST and then from Tokyo at 09:45 AM EST on the same day. The account shows no other anomalies, and the user is currently on vacation. Which indicator of malicious activity is MOST likely present?
A company owns a data center server valued at $80,000. A risk analyst determines that a flood would destroy 25% of the asset's value, and historical data indicates such a flood occurs approximately once every four years at this location. What is the annualized loss expectancy (ALE) that should be recorded in the risk register?
A manufacturing company has experienced repeated incidents where employees inadvertently install unapproved software downloaded from the internet, some of which was later found to contain malware. Management wants to ensure that only explicitly approved executables can run on company workstations, regardless of what a user attempts to launch. Which mitigation technique BEST meets this requirement?
A security auditor requires that department managers periodically review a report listing every user in their group and the permissions each user holds, confirming that the access is still appropriate for each employee's current job role. Which identity and access management activity does this describe?
A healthcare organization wants to grant access to patient records based on multiple dynamic conditions simultaneously: the user's department, the time of day, the sensitivity classification of the record, and whether the user is connecting from a corporate-managed device. Access decisions must evaluate all of these attributes together for each request. Which access control model best meets this requirement?
A publicly traded company's board of directors wants to establish a group that provides independent oversight of the organization's internal controls, financial reporting integrity, and the results of internal audits. This group must operate separately from day-to-day management to avoid conflicts of interest. Which governance structure best meets this requirement?
A cloud engineering team uses infrastructure-as-code to let developers self-provision resources. Management is concerned that developers could accidentally spin up publicly accessible storage buckets or oversized virtual machines that violate company standards. The security team wants an automated mechanism that automatically rejects or corrects any provisioning request that does not conform to approved configuration policies, without requiring manual review of each request. Which automation use case BEST addresses this requirement?
A company's customers report receiving emails that appear to come from the company, complete with its logo, colors, and branding. The emails direct users to a website that closely mimics the company's real login portal to harvest credentials. Which threat vector best describes this activity?
A financial services company is conducting a business impact analysis for its transaction database. Management states that the business can tolerate losing no more than 15 minutes of transaction data if a failure occurs. Which BIA metric does this 15-minute requirement define, and what should it drive?
A financial services company owns a database server valued at $200,000. A risk analyst determines that a ransomware attack would render 40% of the asset's value unusable, and historical data indicates such an attack is likely to occur twice per year. Which value should the analyst record in the risk register as the annualized loss expectancy (ALE) for this scenario?
A financial services company owns a database server valued at $200,000. A risk analyst estimates that a ransomware event would destroy 25% of the asset's value each time it occurs, and historical data suggests such an event happens about twice per year. The security manager needs the annualized loss expectancy (ALE) to justify a proposed backup investment. What is the correct ALE?
A security analyst is conducting a quantitative risk analysis for a database server that stores customer payment information. The server is valued at $45,000, and a successful ransomware attack would result in 60% loss of the asset's value. Historical data indicates that ransomware attacks targeting similar systems in the organization occur approximately 3 times per year. What is the Annualized Loss Expectancy (ALE) for this risk?
A company's financial analysis reveals that a critical database server has an asset value of $120,000. Historical data shows this server experiences a catastrophic failure approximately once every four years. When such failures occur, the company typically loses 40% of the server's value due to data recovery costs, business interruption, and partial hardware replacement. What is the Annualized Loss Expectancy (ALE) for this risk?
A security administrator needs to implement a certificate validation method that provides real-time revocation status checks with minimal overhead. The solution must allow clients to query the status of a single certificate without downloading large files. Which protocol should be implemented?
A systems administrator needs to obtain a publicly trusted TLS certificate from a third-party certificate authority for a new web server. The administrator has already generated a key pair on the server. What must the administrator submit to the CA to begin the issuance process?
A security analyst seizes a laptop suspected of being used in a data theft incident. The organization anticipates the case may go to court. To ensure the digital evidence remains admissible, which action should the analyst prioritize when handling the laptop's storage drive?
A software company distributes desktop applications to customers over the internet. Users have reported warnings that the installer's publisher cannot be verified, and the security team is concerned that attackers could distribute tampered versions of the software. Which application security technique should the company implement to allow customers to confirm the software originated from the company and has not been altered?
A regional manufacturing company must establish a disaster recovery location to satisfy a new business continuity requirement. Management has stated that budget is the primary constraint, the company can tolerate a recovery time of several days, and the site only needs to provide space, power, and network connectivity without pre-installed hardware or live data replication. Which recovery site type best fits these requirements?
A company runs a legacy payment application on an outdated operating system that cannot be patched to remediate a known critical vulnerability. Business requirements prevent decommissioning the system for another 18 months. To reduce risk in the interim, the security team places the server on an isolated network segment behind a dedicated firewall with strict access rules and enhanced logging. Which type of security control does this MOST accurately describe?
A hospital runs a legacy application on an unsupported operating system that can no longer receive security patches. Management refuses to decommission the system because it is critical to patient scheduling. To reduce risk, the security team isolates the server on a dedicated VLAN and places a next-generation firewall in front of it to inspect all traffic. Which type of security control BEST describes this approach?
A security analyst reviewing authentication logs notices that a user account shows login activity from New York at 9:00 AM EST and from Singapore at 9:15 AM EST on the same day. The account has not logged out between these sessions. Which indicator of malicious activity is MOST likely present?
A security analyst reviews authentication logs and discovers that a user account from the finance department is currently logged in from two different locations: one session from the corporate office in New York at 2:15 PM EST, and another session from an IP address in Romania at 2:17 PM EST. Both sessions are actively accessing financial records. What type of indicator of malicious activity is MOST clearly demonstrated?
A payment processing company needs to store customer credit card information for recurring billing purposes while minimizing the risk of exposing sensitive cardholder data. The security team wants to replace the actual credit card numbers with randomly generated values that can be mapped back to the original data only through a secure lookup service. Which cryptographic solution should be implemented?
A web application security analyst reviews logs after users report unexpected pop-up windows appearing when they visit a company forum page. Investigation shows that a submitted forum comment contained the string <script>alert(document.cookie)</script>, which now executes in the browser of every visitor who views that comment thread. Which type of attack does this indicate?
A healthcare organization stores patient records in a database on physical servers in their data center. The Chief Information Security Officer (CISO) is concerned about unauthorized access to sensitive patient information if storage media is physically stolen or improperly disposed of. Which cryptographic solution should be implemented to protect this data?