ExamGecko
Search Search Login
Home Home / CompTIA / SY0-701

CompTIA SY0-701 Practice Test - Questions Answers, Page 26

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following threat actors is the most likely to be hired by a foreign government to attack critical systems located in other countries?
Which of the following is used to add extra complexity before using a one-way data transformation algorithm?
An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is the best for this scenario?
A Chief Information Security Officer wants to monitor the company's servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?
Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?
A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?
A newly identified network access vulnerability has been found in the OS of legacy loT devices. Which of the following would best mitigate this vulnerability quickly?
Which of the following involves an attempt to take advantage of database misconfigurations?
An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following social engineering techniques are being attempted? (Choose two.)
Which of the following security concepts is the best reason for permissions on a human resources fileshare to follow the principle of least privilege?

Question 251

Report
Export
Collapse

A security manager is implementing MFA and patch management. Which of the following would best describe the control type and category? (Select two).

A.
Physical
A.
Physical
Answers
B.
Managerial
B.
Managerial
Answers
C.
Detective
C.
Detective
Answers
D.
Administrator
D.
Administrator
Answers
E.
Preventative
E.
Preventative
Answers
F.
Technical
F.
Technical
Answers
Suggested answer: E, F

Explanation:

Multi-Factor Authentication (MFA) and patch management are both examples of preventative and technical controls. MFA prevents unauthorized access by requiring multiple forms of verification, and patch management ensures that systems are protected against vulnerabilities by applying updates. Both of these controls are implemented using technical methods, and they work to prevent security incidents before they occur.

CompTIA Security+ SY0-701 Course Content: Domain 1: General Security Concepts, and Domain 4: Identity and Access Management, which cover the implementation of preventative and technical controls.

Question 252

Report
Export
Collapse

An organization implemented cloud-managed IP cameras to monitor building entry points and sensitive areas. The service provider enables direct TCP/IP connection to stream live video footage from each camera. The organization wants to ensure this stream is encrypted and authenticated. Which of the following protocols should be implemented to best meet this objective?

A.
SSH
A.
SSH
Answers
B.
SRTP
B.
SRTP
Answers
C.
S/MIME
C.
S/MIME
Answers
D.
PPTP
D.
PPTP
Answers
Suggested answer: B

Explanation:

Secure Real-Time Transport Protocol (SRTP) is a security protocol used to encrypt and authenticate the streaming of audio and video over IP networks. It ensures that the video streams from the IP cameras are both encrypted to prevent unauthorized access and authenticated to verify the integrity of the stream, making it the ideal choice for securing video surveillance.

CompTIA Security+ SY0-701 Course Content: Domain 3: Security Architecture, which includes secure communication protocols like SRTP for protecting data in transit.

Question 253

Report
Export
Collapse

A security analyst discovers that a large number of employee credentials had been stolen and were being sold on the dark web. The analyst investigates and discovers that some hourly employee credentials were compromised, but salaried employee credentials were not affected.

Most employees clocked in and out while they were Inside the building using one of the kiosks connected to the network. However, some clocked out and recorded their time after leaving to go home. Only those who clocked in and out while Inside the building had credentials stolen. Each of the kiosks are on different floors, and there are multiple routers, since the business segments environments for certain business functions.

Hourly employees are required to use a website called acmetimekeeping.com to clock in and out. This website is accessible from the internet. Which of the following Is the most likely reason for this compromise?

A.
A brute-force attack was used against the time-keeping website to scan for common passwords.
A.
A brute-force attack was used against the time-keeping website to scan for common passwords.
Answers
B.
A malicious actor compromised the time-keeping website with malicious code using an unpatched vulnerability on the site, stealing the credentials.
B.
A malicious actor compromised the time-keeping website with malicious code using an unpatched vulnerability on the site, stealing the credentials.
Answers
C.
The internal DNS servers were poisoned and were redirecting acmetimkeeping.com to malicious domain that intercepted the credentials and then passed them through to the real site
C.
The internal DNS servers were poisoned and were redirecting acmetimkeeping.com to malicious domain that intercepted the credentials and then passed them through to the real site
Answers
D.
ARP poisoning affected the machines in the building and caused the kiosks lo send a copy of all the submitted credentials to a machine. machine.
D.
ARP poisoning affected the machines in the building and caused the kiosks lo send a copy of all the submitted credentials to a machine. machine.
Answers
Suggested answer: B

Explanation:

The scenario suggests that only the employees who used the kiosks inside the building had their credentials compromised. Since the time-keeping website is accessible from the internet, it is possible that a malicious actor exploited an unpatched vulnerability in the site, allowing them to inject malicious code that captured the credentials of those who logged in from the kiosks. This is a common attack vector for stealing credentials from web applications.

Reference =

CompTIA Security+ SY0-701 Course Content: The course discusses web application vulnerabilities and how attackers can exploit them to steal credentials.

Question 254

Report
Export
Collapse

A business uses Wi-Fi with content filleting enabled. An employee noticed a coworker accessed a blocked sue from a work computer and repotted the issue. While Investigating the issue, a security administrator found another device providing internet access to certain employees. Which of the following best describes the security risk?

A.
The host-based security agent Is not running on all computers.
A.
The host-based security agent Is not running on all computers.
Answers
B.
A rogue access point Is allowing users to bypass controls.
B.
A rogue access point Is allowing users to bypass controls.
Answers
C.
Employees who have certain credentials are using a hidden SSID.
C.
Employees who have certain credentials are using a hidden SSID.
Answers
D.
A valid access point is being jammed to limit availability.
D.
A valid access point is being jammed to limit availability.
Answers
Suggested answer: B

Explanation:

The presence of another device providing internet access that bypasses the content filtering system indicates the existence of a rogue access point. Rogue access points are unauthorized devices that can create a backdoor into the network, allowing users to bypass security controls like content filtering. This presents a significant security risk as it can expose the network to unauthorized access and potential data breaches.

Reference =

CompTIA Security+ SY0-701 Course Content: Rogue access points are highlighted as a major security risk, allowing unauthorized access to the network and bypassing security measures.

Question 255

Report
Export
Collapse

Which of the following is most likely associated with introducing vulnerabilities on a corporate network by the deployment of unapproved software?

A.
Hacktivists
A.
Hacktivists
Answers
B.
Script kiddies
B.
Script kiddies
Answers
C.
Competitors
C.
Competitors
Answers
D.
Shadow IT
D.
Shadow IT
Answers
Suggested answer: D

Explanation:

Shadow IT refers to the use of information technology systems, devices, software, applications, and services without explicit IT department approval. This is the most likely cause of introducing vulnerabilities on a corporate network by deploying unapproved software, as such software may not have been vetted for security compliance, increasing the risk of vulnerabilities.

Reference =

CompTIA Security+ SY0-701 Course Content: The concept of Shadow IT is discussed as a significant risk due to the introduction of unapproved and potentially vulnerable software into the corporate network.

Question 256

Report
Export
Collapse

Two companies are in the process of merging. The companies need to decide how to standardize their information security programs. Which of the following would best align the security programs?

A.
Shared deployment of CIS baselines
A.
Shared deployment of CIS baselines
Answers
B.
Joint cybersecurity best practices
B.
Joint cybersecurity best practices
Answers
C.
Both companies following the same CSF
C.
Both companies following the same CSF
Answers
D.
Assessment of controls in a vulnerability report
D.
Assessment of controls in a vulnerability report
Answers
Suggested answer: C

Explanation:

A Cybersecurity Framework (CSF) provides a structured approach to standardizing and aligning security programs across different organizations. By both companies adopting the same CSF, they can ensure that their security measures, policies, and practices are consistent, which is essential during a merger when aligning two different security programs.

Reference =

CompTIA Security+ SY0-701 Course Content: The course discusses the importance of adopting standardized cybersecurity frameworks (CSF) for aligning security programs during mergers and acquisitions.

Question 257

Report
Export
Collapse

A network administrator deployed a DNS logging tool that togs suspicious websites that are visited and then sends a daily report based on various weighted metrics. Which of the following best describes the type of control the administrator put in place?

A.
Preventive
A.
Preventive
Answers
B.
Deterrent
B.
Deterrent
Answers
C.
Corrective
C.
Corrective
Answers
D.
Detective
D.
Detective
Answers
Suggested answer: D

Explanation:

The tool that the network administrator deployed is described as one that logs suspicious websites and sends a daily report based on various weighted metrics. This fits the description of a detective control. Detective controls are designed to identify and log security events or incidents after they have occurred. By analyzing these logs and generating reports, the tool helps in detecting potential security breaches, thus allowing for further investigation and response.

Reference = Based on the CompTIA Security+ SY0-701 Resources, specifically under the domain of Security Operations, which discusses different types of security controls, including detective controls.

Question 258

Report
Export
Collapse

Which of the following is best used to detect fraud by assigning employees to different roles?

A.
Least privilege
A.
Least privilege
Answers
B.
Mandatory vacation
B.
Mandatory vacation
Answers
C.
Separation of duties
C.
Separation of duties
Answers
D.
Job rotation
D.
Job rotation
Answers
Suggested answer: D

Explanation:

Job rotation is a strategy used in organizations to detect and prevent fraud by periodically assigning employees to different roles within the organization. This approach helps ensure that no single employee has exclusive control over a specific process or set of tasks for an extended period, thereby reducing the opportunity for fraudulent activities to go unnoticed. By rotating roles, organizations can uncover irregularities and discrepancies that might have been concealed by an employee who had prolonged access to sensitive functions. Job rotation also promotes cross-training, which can enhance the organization's overall resilience and flexibility.

Reference =

CompTIA Security+ SY0-701 Course Content: Domain 05 Security Program Management and Oversight.

CompTIA Security+ SY0-601 Study Guide: Chapter on Risk Management and Compliance.

Question 259

Report
Export
Collapse

A systems administrate wants to implement a backup solution. the solution needs to allow recovery of the entire system, including the operating system, in case of a disaster. Which of the following backup types should the administrator consider?

A.
Incremental
A.
Incremental
Answers
B.
Storage area network
B.
Storage area network
Answers
C.
Differential
C.
Differential
Answers
D.
Image
D.
Image
Answers
Suggested answer: D

Explanation:

An image backup, also known as a full system backup, captures the entire contents of a system, including the operating system, applications, settings, and all data. This type of backup allows for a complete recovery of the system in case of a disaster, as it includes everything needed to restore the system to its previous state. This makes it the ideal choice for a systems administrator who needs to ensure the ability to recover the entire system, including the OS.

Reference = CompTIA Security+ SY0-701 study materials, domain on Security Operations.

Question 260

Report
Export
Collapse

A spoofed identity was detected for a digital certificate. Which of the following are the type of unidentified key and the certificate mat could be in use on the company domain?

A.
Private key and root certificate
A.
Private key and root certificate
Answers
B.
Public key and expired certificate
B.
Public key and expired certificate
Answers
C.
Private key and self-signed certificate
C.
Private key and self-signed certificate
Answers
D.
Public key and wildcard certificate
D.
Public key and wildcard certificate
Answers
Suggested answer: C

Explanation:

A self-signed certificate is a certificate that is signed by its own private key rather than by a trusted certificate authority (CA). This means that the authenticity of the certificate relies solely on the issuer's own authority. If a spoofed identity was detected, it could indicate that a private key associated with a self-signed certificate was compromised. Self-signed certificates are often used internally within organizations, but they carry higher risks since they are not validated by a third-party CA, making them more susceptible to spoofing.

Reference = CompTIA Security+ SY0-701 study materials, particularly the domains discussing Public Key Infrastructure (PKI) and certificate management.

Total 350 questions
Go to page: of 35
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms