1|Page
SECURITY+ SYO-701 CERTMASTER CE DOMAIN
2.0 QUESTIONS AND ANSWERS 2025
As a security consultant for a regional bank, you have
been asked to evaluate the risks associated with
employees using jailbroken or rooted smartphones under
the company's BYOD (Bring Your Own Device) policy.
What are the security risks associated with allowing
these devices to access corporate data? (Select the two
best options.) - .....ANSWER... ✔✔ A. Increased
susceptibility to malware infections
B. Bypassing corporate security policies and controls
A major online retailer experiences a sudden halt in its
services during the peak holiday shopping season. It
traces the cause back to an orchestrated distributed
denial of service (DDoS) attack, which overwhelmed the
retailer's servers with traffic, making it impossible for
legitimate users to access the site. What attack strategy
best aligns with this scenario? - .....ANSWER... ✔✔ B.
Service disruption
,2|Page
What term refers to the path an individual or group can
use to execute a data exfiltration, service disruption, or
disinformation attack?
A.System administrator access - .....ANSWER... ✔✔ B.
Threat vector
A threat actor infiltrates an organization's network and
silently extracts sensitive proprietary data without
detection. The data is considered high value on the
black market and the nefarious actor communicates to
the company that it will expose its' secrets if they do not
comply with demands. Which motivations BEST align with
this threat actor's likely objective? - .....ANSWER...
✔✔ B. Extortion
A multinational corporation has recently been targeted
by a series of sophisticated cyberattacks that disrupted
its services and caused significant financial losses. A
thorough investigation revealed that these attacks were
not random but part of an organized campaign focused
on punishing the company for speaking out against
wrongdoings of an opposing party. The nature and
scale of the attacks, along with their focus on weakening
the corporation's influence in the market, point to the
involvement of a state-sponsored entity. Which of the
following motivations BEST describes this scenario? -
.....ANSWER... ✔✔ A. Political
,3|Page
You are a security analyst at a social-media marketing
company where employees frequently share multimedia
files, including videos and audio recordings. What is the
primary security risk associated with downloading
multimedia files from unverified sources? - .....ANSWER...
✔✔ A. Execution of hidden malicious scripts
A threat actor gains physical access to an organization's
premises and attempts to perpetrate an attack on the
wired network. What specific threat associated with
unsecured networks is described in this scenario? -
.....ANSWER... ✔✔ B. Direct access
A systems administrator notices several user accounts
frequently get locked out but cannot successfully
troubleshoot the issue because the system has no log
data. Which of the following is the MOST likely
explanation for the lack of logs during these events? -
.....ANSWER... ✔✔ C. Log tampering or deletion
A company's cybersecurity team evaluates threats that
could exploit vulnerabilities in its computing
infrastructure. The team is specifically considering
threats, such as a DDoS or on-path attack, that can
directly harm the company's systems and potentially
, 4|Page
damage data or services. What type of threat does this
scenario BEST describe? - .....ANSWER... ✔✔ D.
Network attacks
A healthcare provider suddenly receives a threat from
an unknown source claiming to have obtained sensitive
patient data. The anonymous actor demands a
significant sum of Bitcoin, threatening to release the
information publicly if the provider does not make
payment. This kind of scenario BEST exemplifies which
threat motivation? - .....ANSWER... ✔✔ C. Blackmail
You are a cybersecurity analyst at a large organization
that extensively uses Instant Messaging (IM) services. The
leadership team is concerned about potential attacks
targeting the IM app. Which of the following actions can
address this concern? - .....ANSWER... ✔✔ A.
Regularly update and patch the Instant Messaging app.
A major online retailer experiences a sudden halt in its
services during the peak holiday shopping season. It
traces the cause back to an orchestrated distributed
denial of service (DDoS) attack, which overwhelmed the
retailer's servers with traffic, making it impossible for
legitimate users to access the site. What attack strategy
SECURITY+ SYO-701 CERTMASTER CE DOMAIN
2.0 QUESTIONS AND ANSWERS 2025
As a security consultant for a regional bank, you have
been asked to evaluate the risks associated with
employees using jailbroken or rooted smartphones under
the company's BYOD (Bring Your Own Device) policy.
What are the security risks associated with allowing
these devices to access corporate data? (Select the two
best options.) - .....ANSWER... ✔✔ A. Increased
susceptibility to malware infections
B. Bypassing corporate security policies and controls
A major online retailer experiences a sudden halt in its
services during the peak holiday shopping season. It
traces the cause back to an orchestrated distributed
denial of service (DDoS) attack, which overwhelmed the
retailer's servers with traffic, making it impossible for
legitimate users to access the site. What attack strategy
best aligns with this scenario? - .....ANSWER... ✔✔ B.
Service disruption
,2|Page
What term refers to the path an individual or group can
use to execute a data exfiltration, service disruption, or
disinformation attack?
A.System administrator access - .....ANSWER... ✔✔ B.
Threat vector
A threat actor infiltrates an organization's network and
silently extracts sensitive proprietary data without
detection. The data is considered high value on the
black market and the nefarious actor communicates to
the company that it will expose its' secrets if they do not
comply with demands. Which motivations BEST align with
this threat actor's likely objective? - .....ANSWER...
✔✔ B. Extortion
A multinational corporation has recently been targeted
by a series of sophisticated cyberattacks that disrupted
its services and caused significant financial losses. A
thorough investigation revealed that these attacks were
not random but part of an organized campaign focused
on punishing the company for speaking out against
wrongdoings of an opposing party. The nature and
scale of the attacks, along with their focus on weakening
the corporation's influence in the market, point to the
involvement of a state-sponsored entity. Which of the
following motivations BEST describes this scenario? -
.....ANSWER... ✔✔ A. Political
,3|Page
You are a security analyst at a social-media marketing
company where employees frequently share multimedia
files, including videos and audio recordings. What is the
primary security risk associated with downloading
multimedia files from unverified sources? - .....ANSWER...
✔✔ A. Execution of hidden malicious scripts
A threat actor gains physical access to an organization's
premises and attempts to perpetrate an attack on the
wired network. What specific threat associated with
unsecured networks is described in this scenario? -
.....ANSWER... ✔✔ B. Direct access
A systems administrator notices several user accounts
frequently get locked out but cannot successfully
troubleshoot the issue because the system has no log
data. Which of the following is the MOST likely
explanation for the lack of logs during these events? -
.....ANSWER... ✔✔ C. Log tampering or deletion
A company's cybersecurity team evaluates threats that
could exploit vulnerabilities in its computing
infrastructure. The team is specifically considering
threats, such as a DDoS or on-path attack, that can
directly harm the company's systems and potentially
, 4|Page
damage data or services. What type of threat does this
scenario BEST describe? - .....ANSWER... ✔✔ D.
Network attacks
A healthcare provider suddenly receives a threat from
an unknown source claiming to have obtained sensitive
patient data. The anonymous actor demands a
significant sum of Bitcoin, threatening to release the
information publicly if the provider does not make
payment. This kind of scenario BEST exemplifies which
threat motivation? - .....ANSWER... ✔✔ C. Blackmail
You are a cybersecurity analyst at a large organization
that extensively uses Instant Messaging (IM) services. The
leadership team is concerned about potential attacks
targeting the IM app. Which of the following actions can
address this concern? - .....ANSWER... ✔✔ A.
Regularly update and patch the Instant Messaging app.
A major online retailer experiences a sudden halt in its
services during the peak holiday shopping season. It
traces the cause back to an orchestrated distributed
denial of service (DDoS) attack, which overwhelmed the
retailer's servers with traffic, making it impossible for
legitimate users to access the site. What attack strategy
