Free SY0-701 Exam Braindumps

- (Exam Topic 2)
An employee's company email is configured with conditional access and requires that MFA is enabled and used. An example of MFA is a phone call and:

1. A. a push notification
2. B. a password.
3. C. an SMS message.
4. D. an authentication application.

Correct Answer: D
An authentication application can generate one-time passwords or QR codes that are time-based and unique to each user and device. It does not rely on network connectivity or SMS delivery, which can be intercepted or delayed. It also does not require the user to respond to a push notification, which can be accidentally approved or ignored.

- (Exam Topic 2)
A security administrator recently used an internal CA to issue a certificate to a public application. A user tries to reach the application but receives a message stating, “Your connection is not private." Which of the following is the best way to fix this issue?

1. A. Ignore the warning and continue to use the application normally.
2. B. Install the certificate on each endpoint that needs to use the application.
3. C. Send the new certificate to the users to install on their browsers.
4. D. Send a CSR to a known CA and install the signed certificate on the application's server.

Correct Answer: D
A certificate issued by an internal CA is not trusted by default by external users or applications. Therefore, when a user tries to reach the application that uses an internal CA certificate, they will receive a warning message that their connection is not private1. The best way to fix this issue is to use a certificate signed by a well-known public CA that is trusted by most browsers and operating systems1. To do this, the security administrator needs to send a certificate signing request (CSR) to a public CA and install the signed certificate on the application’s server2. The other options are not recommended or feasible. Ignoring the warning and continuing to use the application normally is insecure and exposes the user to potential man-in-the-middle attacks3. Installing the certificate on each endpoint that needs to use the application is impractical and cumbersome, especially if there are many users or devices involved3. Sending the new certificate to the users to install on their browsers is also inconvenient and may not work for some browsers or devices3.
References: 1:
https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-create-self-signed-certificate 2:
https://learn.microsoft.com/en-us/azure/application-gateway/mutual-authentication-certificate-management 3: https://serverfault.com/questions/1106443/should-i-use-a-public-or-a-internal-ca-for-client-certificate-mtls

- (Exam Topic 2)
A company wants the ability to restrict web access and monitor the websites that employees visit, Which Of the following would best meet these requirements?

1. A. Internet Proxy
2. B. VPN
3. C. WAF
4. D. Firewall

Correct Answer: A
An internet proxy is a server that acts as an intermediary between a client and a destination server on the internet. It can restrict web access and monitor the websites that employees visit by filtering the requests and responses based on predefined rules and policies, and logging the traffic and activities for auditing purposes

- (Exam Topic 2)
During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Once the password is created, the ‘company will grant the employee access to other company-owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user's intranet account? (Select two).

1. A. Federation
2. B. Identity proofing
3. C. Password complexity
4. D. Default password changes
5. E. Password manager
6. F. Open authentication

Correct Answer: AF
Federation is an access management concept that allows users to authenticate once and access multiple applications or services that trust the same identity provider. Open authentication is a standard protocol that enables federation by allowing users to use their existing credentials from one service to access another service. The company is most likely using federation and open authentication to safeguard intranet accounts and grant access to multiple sites based on a user’s intranet account. For example, the company could use an identity provider such as Azure AD or Keycloak to manage the user identities and credentials for the intranet account, and then use open authentication to allow the users to access other company-owned websites without having to log in again. References:
https://www.keycloak.org/
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/whatis-fed

- (Exam Topic 2)
A backup operator wants to perform a backup to enhance the RTO and RPO in a highly time- and
storage-efficient way that has no impact on production systems. Which of the following backup types should the operator use?

1. A. Tape
2. B. Full
3. C. Image
4. D. Snapshot

Correct Answer: D
A snapshot backup is a type of backup that captures the state of a system at a point in time. It is highly time- and storage-efficient because it only records the changes made to the system since the last backup. It also has no impact on production systems because it does not require them to be offline or paused during the backup process. References: https://www.comptia.org/blog/what-is-a-snapshot-backup