ExamGecko
Search Search Login
Home Home / CompTIA / SY0-701

CompTIA SY0-701 Practice Test - Questions Answers, Page 14

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following threat actors is the most likely to be hired by a foreign government to attack critical systems located in other countries?
Which of the following is used to add extra complexity before using a one-way data transformation algorithm?
An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is the best for this scenario?
A Chief Information Security Officer wants to monitor the company's servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?
Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?
A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?
A newly identified network access vulnerability has been found in the OS of legacy loT devices. Which of the following would best mitigate this vulnerability quickly?
Which of the following involves an attempt to take advantage of database misconfigurations?
An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following social engineering techniques are being attempted? (Choose two.)
Which of the following security concepts is the best reason for permissions on a human resources fileshare to follow the principle of least privilege?

Question 131

Report
Export
Collapse

An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee internet traffic. Which of the following will help achieve these objectives?

A.
Deploying a SASE solution to remote employees
A.
Deploying a SASE solution to remote employees
Answers
B.
Building a load-balanced VPN solution with redundant internet
B.
Building a load-balanced VPN solution with redundant internet
Answers
C.
Purchasing a low-cost SD-WAN solution for VPN traffic
C.
Purchasing a low-cost SD-WAN solution for VPN traffic
Answers
D.
Using a cloud provider to create additional VPN concentrators
D.
Using a cloud provider to create additional VPN concentrators
Answers
Suggested answer: A

Explanation:

SASE stands for Secure Access Service Edge. It is a cloud-based service that combines network and security functions into a single integrated solution. SASE can help reduce traffic on the VPN and internet circuit by providing secure and optimized access to the data center and cloud applications for remote employees. SASE can also monitor and enforce security policies on the remote employee internet traffic, regardless of their location or device.SASE can offer benefits such as lower costs, improved performance, scalability, and flexibility compared to traditional VPN solutions.Reference:CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 457-4581

Question 132

Report
Export
Collapse

A company's end users are reporting that they are unable to reach external websites. After reviewing the performance data for the DNS severs, the analyst discovers that the CPU, disk, and memory usage are minimal, but the network interface is flooded with inbound traffic. Network logs show only a small number of DNS queries sent to this server. Which of the following best describes what the security analyst is seeing?

A.
Concurrent session usage
A.
Concurrent session usage
Answers
B.
Secure DNS cryptographic downgrade
B.
Secure DNS cryptographic downgrade
Answers
C.
On-path resource consumption
C.
On-path resource consumption
Answers
D.
Reflected denial of service
D.
Reflected denial of service
Answers
Suggested answer: D

Explanation:

A reflected denial of service (RDoS) attack is a type of DDoS attack that uses spoofed source IP addresses to send requests to a third-party server, which then sends responses to the victim server. The attacker exploits the difference in size between the request and the response, which can amplify the amount of traffic sent to the victim server. The attacker also hides their identity by using the victim's IP address as the source. A RDoS attack can target DNS servers by sending forged DNS queries that generate large DNS responses.This can flood the network interface of the DNS server and prevent it from serving legitimate requests from end users.Reference:CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 215-2161

Question 133

Report
Export
Collapse

A business received a small grant to migrate its infrastructure to an off-premises solution. Which of the following should be considered first?

A.
Security of cloud providers
A.
Security of cloud providers
Answers
B.
Cost of implementation
B.
Cost of implementation
Answers
C.
Ability of engineers
C.
Ability of engineers
Answers
D.
Security of architecture
D.
Security of architecture
Answers
Suggested answer: D

Explanation:

Security of architecture is the process of designing and implementing a secure infrastructure that meets the business objectives and requirements. Security of architecture should be considered first when migrating to an off-premises solution, such as cloud computing, because it can help to identify and mitigate the potential risks and challenges associated with the migration, such as data security, compliance, availability, scalability, and performance. Security of architecture is different from security of cloud providers, which is the process of evaluating and selecting a trustworthy and reliable cloud service provider that can meet the security and operational needs of the business. Security of architecture is also different from cost of implementation, which is the amount of money required to migrate and maintain the infrastructure in the cloud.Security of architecture is also different from ability of engineers, which is the level of skill and knowledge of the IT staff who are responsible for the migration and management of the cloud infrastructure.Reference:CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 3491

Question 134

Report
Export
Collapse

A company is planning a disaster recovery site and needs to ensure that a single natural disaster would not result in the complete loss of regulated backup data. Which of the following should the company consider?

A.
Geographic dispersion
A.
Geographic dispersion
Answers
B.
Platform diversity
B.
Platform diversity
Answers
C.
Hot site
C.
Hot site
Answers
D.
Load balancing
D.
Load balancing
Answers
Suggested answer: A

Explanation:

Geographic dispersion is the practice of having backup data stored in different locations that are far enough apart to minimize the risk of a single natural disaster affecting both sites. This ensures that the company can recover its regulated data in case of a disaster at the primary site. Platform diversity, hot site, and load balancing are not directly related to the protection of backup data from natural disasters.Reference:CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 449;Disaster Recovery Planning: Geographic Diversity

Question 135

Report
Export
Collapse

A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours. Which of the following is most likely occurring?

A.
A worm is propagating across the network.
A.
A worm is propagating across the network.
Answers
B.
Data is being exfiltrated.
B.
Data is being exfiltrated.
Answers
C.
A logic bomb is deleting data.
C.
A logic bomb is deleting data.
Answers
D.
Ransomware is encrypting files.
D.
Ransomware is encrypting files.
Answers
Suggested answer: B

Explanation:

Data exfiltration is a technique that attackers use to steal sensitive data from a target system or network by transmitting it through DNS queries and responses. This method is often used in advanced persistent threat (APT) attacks, in which attackers seek to persistently evade detection in the target environment. A large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours is a strong indicator of data exfiltration. A worm, a logic bomb, and ransomware would not use DNS queries to communicate with their command and control servers or perform their malicious actions.Reference:CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 487;Introduction to DNS Data Exfiltration;Identifying a DNS Exfiltration Attack That Wasn't Real --- This Time

Question 136

Report
Export
Collapse

An employee receives a text message from an unknown number claiming to be the company's Chief Executive Officer and asking the employee to purchase several gift cards. Which of the following types of attacks does this describe?

A.
Vishing
A.
Vishing
Answers
B.
Smishing
B.
Smishing
Answers
C.
Pretexting
C.
Pretexting
Answers
D.
Phishing
D.
Phishing
Answers
Suggested answer: B

Explanation:

Smishing is a type of phishing attack that uses text messages or common messaging apps to trick victims into clicking on malicious links or providing personal information. The scenario in the question describes a smishing attack that uses pretexting, which is a form of social engineering that involves impersonating someone else to gain trust or access. The unknown number claims to be the company's CEO and asks the employee to purchase gift cards, which is a common scam tactic.Vishing is a similar type of attack that uses phone calls or voicemails, while phishing is a broader term that covers any email-based attack.Reference:CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 771; Smishing vs.Phishing: Understanding the Differences2

Question 137

Report
Export
Collapse

Which of the following would help ensure a security analyst is able to accurately measure the overall risk to an organization when a new vulnerability is disclosed?

A.
A full inventory of all hardware and software
A.
A full inventory of all hardware and software
Answers
B.
Documentation of system classifications
B.
Documentation of system classifications
Answers
C.
A list of system owners and their departments
C.
A list of system owners and their departments
Answers
D.
Third-party risk assessment documentation
D.
Third-party risk assessment documentation
Answers
Suggested answer: A

Explanation:

A full inventory of all hardware and software is essential for measuring the overall risk to an organization when a new vulnerability is disclosed, because it allows the security analyst to identify which systems are affected by the vulnerability and prioritize the remediation efforts. Without a full inventory, the security analyst may miss some vulnerable systems or waste time and resources on irrelevant ones.Documentation of system classifications, a list of system owners and their departments, and third-party risk assessment documentation are all useful for risk management, but they are not sufficient to measure the impact of a new vulnerability.Reference:CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 1221; Risk Assessment and Analysis Methods: Qualitative and Quantitative3

Question 138

Report
Export
Collapse

A systems administrator is changing the password policy within an enterprise environment and wants this update implemented on all systems as quickly as possible. Which of the following operating system security measures will the administrator most likely use?

A.
Deploying PowerShell scripts
A.
Deploying PowerShell scripts
Answers
B.
Pushing GPO update
B.
Pushing GPO update
Answers
C.
Enabling PAP
C.
Enabling PAP
Answers
D.
Updating EDR profiles
D.
Updating EDR profiles
Answers
Suggested answer: B

Explanation:

A group policy object (GPO) is a mechanism for applying configuration settings to computers and users in an Active Directory domain. By pushing a GPO update, the systems administrator can quickly and uniformly enforce the new password policy across all systems in the domain. Deploying PowerShell scripts, enabling PAP, and updating EDR profiles are not the most efficient or effective ways to change the password policy within an enterprise environment.Reference:CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 115;Password Policy - Windows Security

Question 139

Report
Export
Collapse

A company is planning to set up a SIEM system and assign an analyst to review the logs on a weekly basis Which of the following types of controls is the company setting up?

A.
Corrective
A.
Corrective
Answers
B.
Preventive
B.
Preventive
Answers
C.
Detective
C.
Detective
Answers
D.
Deterrent
D.
Deterrent
Answers
Suggested answer: C

Explanation:

A detective control is a type of security control that monitors and analyzes events to detect and report on potential or actual security incidents. A SIEM system is an example of a detective control, as it collects, correlates, and analyzes security data from various sources and generates alerts for security teams. Corrective, preventive, and deterrent controls are different types of security controls that aim to restore, protect, or discourage security breaches, respectively.Reference:CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 33;What is Security Information and Event Management (SIEM)?

Question 140

Report
Export
Collapse

Visitors to a secured facility are required to check in with a photo ID and enter the facility through an access control vestibule Which of the following but describes this form of security control?

A.
Physical
A.
Physical
Answers
B.
Managerial
B.
Managerial
Answers
C.
Technical
C.
Technical
Answers
D.
Operational
D.
Operational
Answers
Suggested answer: A

Explanation:

A physical security control is a device or mechanism that prevents unauthorized access to a physical location or asset. An access control vestibule, also known as a mantrap, is a physical security control that consists of a small space with two sets of interlocking doors, such that the first set of doors must close before the second set opens. This prevents unauthorized individuals from following authorized individuals into the facility, a practice known as piggybacking or tailgating. A photo ID check is another form of physical security control that verifies the identity of visitors.Managerial, technical, and operational security controls are not directly related to physical access, but rather to policies, procedures, systems, and processes that support security objectives.Reference:CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 341; Mantrap (access control) - Wikipedia2

Total 350 questions
Go to page: of 35
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms