SY0-701 Practice Quiz

1. Which principle ensures that users are given only the permissions they need to perform their job?

A. Separation of duties
B. Defense in depth
C. Principle of least privilege
D. Need to know

Answer: C. The principle of least privilege limits user access to the minimum necessary to perform their role, reducing the attack surface and potential for misuse.

2. What is the primary purpose of a firewall in a network?

A. Encrypt data in transit
B. Control and filter network traffic based on policies
C. Authenticate users to the network
D. Provide DNS resolution

Answer: B. A firewall enforces security policies by allowing, blocking, or logging network traffic according to configured rules, protecting internal networks from unauthorized access.

3. Which algorithm type is commonly used to verify data integrity by producing a fixed-size string from input data?

A. Hash function
B. Symmetric encryption
C. Public key infrastructure
D. Steganography

Answer: A. Hash functions map arbitrary-sized data to fixed-size hashes, enabling integrity checks; even small input changes produce different hashes.

4. Which of the following is an example of multi-factor authentication?

A. Password only
B. PIN and password (both knowledge)
C. Fingerprint only
D. Password plus a one-time code sent to your phone

Answer: D. Multi-factor authentication requires at least two different factor types (knowledge, possession, inherence). A password (knowledge) plus a one-time code (possession) qualifies.

5. What is social engineering?

A. Writing malware to exploit software bugs
B. Manipulating people into divulging confidential information
C. Scanning networks for open ports
D. Encrypting data for secure storage

Answer: B. Social engineering attacks exploit human psychology to trick people into revealing sensitive data or performing actions that compromise security.

6. Which security control would you use to detect and alert on suspicious activity within a network?

A. Intrusion detection system (IDS)
B. Backup solution
C. Physical locks
D. Firewall

Answer: A. An IDS analyzes network traffic or host activity to detect patterns of suspicious or malicious behavior and can generate alerts for security teams.

7. What does the principle of defense in depth advocate?

A. Using a single, very strong perimeter control
B. Removing redundant controls to reduce complexity
C. Implementing multiple layers of security controls
D. Allowing all traffic within a trusted network

Answer: C. Defense in depth uses multiple overlapping security measures so that if one control fails, others still protect assets.

8. Which of the following best describes phishing?

A. Exploiting software vulnerabilities over the network
B. Fraudulent emails designed to trick recipients into giving credentials or clicking malicious links
C. Physical tampering with network devices
D. Scanning for open Wi-Fi networks

Answer: B. Phishing involves deceptive messages that trick users into revealing sensitive information or performing unsafe actions.

9. What is the main goal of encryption?

A. Protect confidentiality of data by making it unreadable without the key
B. Improve system performance
C. Authenticate users to a system
D. Replace backups

Answer: A. Encryption transforms readable data into ciphertext to prevent unauthorized parties from reading it without the proper decryption key.

10. Which practice reduces risk from outdated software?

A. Disabling logging
B. Increasing password length only
C. Using weak encryption
D. Regular patching and updates

Answer: D. Regularly applying patches and updates addresses known vulnerabilities and reduces the attack surface from outdated software.