ExamGecko
Search Search Login
Home Home / CompTIA / SY0-701

CompTIA SY0-701 Practice Test - Questions Answers, Page 16

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following threat actors is the most likely to be hired by a foreign government to attack critical systems located in other countries?
Which of the following is used to add extra complexity before using a one-way data transformation algorithm?
An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is the best for this scenario?
A Chief Information Security Officer wants to monitor the company's servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?
Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?
A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?
A newly identified network access vulnerability has been found in the OS of legacy loT devices. Which of the following would best mitigate this vulnerability quickly?
Which of the following involves an attempt to take advantage of database misconfigurations?
An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following social engineering techniques are being attempted? (Choose two.)
Which of the following security concepts is the best reason for permissions on a human resources fileshare to follow the principle of least privilege?

Question 151

Report
Export
Collapse

A company is working with a vendor to perform a penetration test Which of the following includes an estimate about the number of hours required to complete the engagement?

A.
SOW
A.
SOW
Answers
B.
BPA
B.
BPA
Answers
C.
SLA
C.
SLA
Answers
D.
NDA
D.
NDA
Answers
Suggested answer: A

Explanation:

A statement of work (SOW) is a document that defines the scope, objectives, deliverables, timeline, and costs of a project or service. It typically includes an estimate of the number of hours required to complete the engagement, as well as the roles and responsibilities of the parties involved. A SOW is often used for penetration testing projects to ensure that both the client and the vendor have a clear and mutual understanding of what is expected and how the work will be performed. A business partnership agreement (BPA), a service level agreement (SLA), and a non-disclosure agreement (NDA) are different types of contracts that may be related to a penetration testing project, but they do not include an estimate of the number of hours required to complete the engagement.Reference:CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 492;What to Look For in a Penetration Testing Statement of Work?

Question 152

Report
Export
Collapse

The local administrator account for a company's VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have most likely prevented this from happening'?

A.
Using least privilege
A.
Using least privilege
Answers
B.
Changing the default password
B.
Changing the default password
Answers
C.
Assigning individual user IDs
C.
Assigning individual user IDs
Answers
D.
Reviewing logs more frequently
D.
Reviewing logs more frequently
Answers
Suggested answer: B

Explanation:

Changing the default password for the local administrator account on a VPN appliance is a basic security measure that would have most likely prevented the unexpected login to the remote management interface. Default passwords are often easy to guess or publicly available, and attackers can use them to gain unauthorized access to devices and systems. Changing the default password to a strong and unique one reduces the risk of brute-force attacks and credential theft. Using least privilege, assigning individual user IDs, and reviewing logs more frequently are also good security practices, but they are not as effective as changing the default password in preventing the unexpected login.Reference:CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 116;Local Admin Accounts - Security Risks and Best Practices (Part 1)


Question 153

Report
Export
Collapse

Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?

A.
Software as a service
A.
Software as a service
Answers
B.
Infrastructure as code
B.
Infrastructure as code
Answers
C.
Internet of Things
C.
Internet of Things
Answers
D.
Software-defined networking
D.
Software-defined networking
Answers
Suggested answer: B

Explanation:

Infrastructure as code (IaC) is a method of using code and automation to manage and provision cloud resources, such as servers, networks, storage, and applications. IaC allows for easy deployment, scalability, consistency, and repeatability of cloud environments. IaC is also a key component of DevSecOps, which integrates security into the development and operations processes.Reference:CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 6: Cloud and Virtualization Concepts, page 294.

Question 154

Report
Export
Collapse

An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits. Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?

A.
ACL
A.
ACL
Answers
B.
DLP
B.
DLP
Answers
C.
IDS
C.
IDS
Answers
D.
IPS
D.
IPS
Answers
Suggested answer: D

Explanation:

An intrusion prevention system (IPS) is a security device that monitors network traffic and blocks or modifies malicious packets based on predefined rules or signatures. An IPS can prevent attacks that exploit known vulnerabilities in older browser versions by detecting and dropping the malicious packets before they reach the target system. An IPS can also perform other functions, such as rate limiting, encryption, or redirection.Reference:CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 3: Securing Networks, page 132.

Question 155

Report
Export
Collapse

During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Once the password is created, the company will grant the employee access to other company-owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user's intranet account? (Select two).

A.
Federation
A.
Federation
Answers
B.
Identity proofing
B.
Identity proofing
Answers
C.
Password complexity
C.
Password complexity
Answers
D.
Default password changes
D.
Default password changes
Answers
E.
Password manager
E.
Password manager
Answers
F.
Open authentication
F.
Open authentication
Answers
Suggested answer: A, C

Explanation:

Federation is an access management concept that allows users to authenticate once and access multiple resources or services across different domains or organizations. Federation relies on a trusted third party that stores the user's credentials and provides them to the requested resources or services without exposing them. Password complexity is a security measure that requires users to create passwords that meet certain criteria, such as length, character types, and uniqueness.Password complexity can help prevent brute-force attacks, password guessing, and credential stuffing by making passwords harder to crack or guess.Reference:CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 308-309 and 312-3131

Question 156

Report
Export
Collapse

A company currently uses passwords for logging in to company-owned devices and wants to add a second authentication factor Per corporate policy, users are not allowed to have smartphones at their desks Which of the following would meet these requirements?

A.
Smart card
A.
Smart card
Answers
B.
PIN code
B.
PIN code
Answers
C.
Knowledge-based question
C.
Knowledge-based question
Answers
D.
Secret key
D.
Secret key
Answers
Suggested answer: A

Explanation:

A smart card is a physical device that contains an embedded integrated circuit chip that can store and process data. A smart card can be used as a second authentication factor, in addition to a password, to verify the identity of a user who wants to log in to company-owned devices. A smart card requires a smart card reader to access the data on the chip, which adds an extra layer of security. A smart card meets the requirements of the company because it does not involve a smartphone or any other device that is not allowed at the desks

Question 157

Report
Export
Collapse

A security analyst receives a SIEM alert that someone logged in to the app admin test account, which is only used for the early detection of attacks. The security analyst then reviews the following application log:

Which of the following can the security analyst conclude?

A.
A replay attack is being conducted against the application.
A.
A replay attack is being conducted against the application.
Answers
B.
An injection attack is being conducted against a user authentication system.
B.
An injection attack is being conducted against a user authentication system.
Answers
C.
A service account password may have been changed, resulting in continuous failed logins within the application.
C.
A service account password may have been changed, resulting in continuous failed logins within the application.
Answers
D.
A credentialed vulnerability scanner attack is testing several CVEs against the application.
D.
A credentialed vulnerability scanner attack is testing several CVEs against the application.
Answers
Suggested answer: A

Explanation:

A replay attack is a type of network attack where an attacker captures and retransmits a valid data transmission, such as a login request, to gain unauthorized access or impersonate a legitimate user.

In this case, the attacker may have captured the credentials of the app admin test account and used them to log in to the application. The application log shows multiple failed login attempts from different IP addresses, which indicates a replay attack.

Question 158

Report
Export
Collapse

An organization is having difficulty correlating events from its individual AV. EDR. DLP. SWG. WAF, MDM. HIPS, and CASB systems. Which of the following is the best way to improve the situation?

A.
Remove expensive systems that generate few alerts.
A.
Remove expensive systems that generate few alerts.
Answers
B.
Modify the systems to alert only on critical issues.
B.
Modify the systems to alert only on critical issues.
Answers
C.
Utilize a SIEM to centralize logs and dashboards.
C.
Utilize a SIEM to centralize logs and dashboards.
Answers
D.
Implement a new syslog/NetFlow appliance.
D.
Implement a new syslog/NetFlow appliance.
Answers
Suggested answer: C

Explanation:

A SIEM (Security Information and Event Management) is a system that collects, analyzes, and correlates data from multiple sources, such as AV (antivirus), EDR (endpoint detection and response), DLP (data loss prevention), SWG (secure web gateway), WAF (web application firewall), MDM (mobile device management), HIPS (host intrusion prevention system), and CASB (cloud access security broker). A SIEM can help improve the situation by providing a centralized view of the security posture, alerts, and incidents across the organization.

Question 159

Report
Export
Collapse

An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?

A.
Smishing
A.
Smishing
Answers
B.
Disinformation
B.
Disinformation
Answers
C.
Impersonating
C.
Impersonating
Most voted
Answers (1)
Most voted
D.
Whaling
D.
Whaling
Answers
Suggested answer: D

Explanation:

Whaling is a type of phishing attack that targets high-profile individuals, such as executives, celebrities, or politicians. The attacker impersonates someone with authority or influence and tries to trick the victim into performing an action, such as transferring money, revealing sensitive information, or clicking on a malicious link.Whaling is also called CEO fraud or business email compromise2.

Question 160

Report
Export
Collapse

An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate?

A.
Secured zones
A.
Secured zones
Answers
B.
Subject role
B.
Subject role
Answers
C.
Adaptive identity
C.
Adaptive identity
Answers
D.
Threat scope reduction
D.
Threat scope reduction
Answers
Suggested answer: A

Explanation:

Secured zones are a key component of the Zero Trust data plane, which is the layer where data is stored, processed, and transmitted. Secured zones are logical or physical segments of the network that isolate data and resources based on their sensitivity and risk.Secured zones enforce granular policies and controls to prevent unauthorized access and lateral movement within the network1.

Total 350 questions
Go to page: of 35
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms