ExamGecko
Search Search Login
Home Home / CompTIA / SY0-701

CompTIA SY0-701 Practice Test - Questions Answers, Page 27

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following threat actors is the most likely to be hired by a foreign government to attack critical systems located in other countries?
Which of the following is used to add extra complexity before using a one-way data transformation algorithm?
An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is the best for this scenario?
A Chief Information Security Officer wants to monitor the company's servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?
Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?
A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?
A newly identified network access vulnerability has been found in the OS of legacy loT devices. Which of the following would best mitigate this vulnerability quickly?
Which of the following involves an attempt to take advantage of database misconfigurations?
An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following social engineering techniques are being attempted? (Choose two.)
Which of the following security concepts is the best reason for permissions on a human resources fileshare to follow the principle of least privilege?

Question 261

Report
Export
Collapse

The Chief Information Security Officer wants to put security measures in place to protect PlI. The organization needs to use its existing labeling and classification system to accomplish this goal. Which of the following would most likely be configured to meet the requirements?

A.
Tokenization
A.
Tokenization
Answers
B.
S/MIME
B.
S/MIME
Answers
C.
DLP
C.
DLP
Answers
D.
MFA
D.
MFA
Answers
Suggested answer: C

Explanation:

Data Loss Prevention (DLP) systems are typically configured to protect sensitive data such as Personally Identifiable Information (PII) within an organization. DLP tools enforce policies that monitor, detect, and block the unauthorized transmission of sensitive data. By leveraging the organization's existing labeling and classification system, DLP solutions can identify and protect data based on its classification, ensuring that PII is appropriately secured according to organizational policies.

Reference =

CompTIA Security+ SY0-701 Course Content: Domain 03 Security Architecture.

CompTIA Security+ SY0-601 Study Guide: Chapter on Network Security and DLP.

Question 262

Report
Export
Collapse

An analyst is reviewing an incident in which a user clicked on a link in a phishing email. Which of the following log sources would the analyst utilize to determine whether the connection was successful?

A.
Network
A.
Network
Answers
B.
System
B.
System
Answers
C.
Application
C.
Application
Answers
D.
Authentication
D.
Authentication
Answers
Suggested answer: A

Explanation:

To determine whether the connection was successful after a user clicked on a link in a phishing email, the most relevant log source to analyze would be the network logs. These logs would provide information on outbound and inbound traffic, allowing the analyst to see if the user's system connected to the remote server specified in the phishing link. Network logs can include details such as IP addresses, domains accessed, and the success or failure of connections, which are crucial for understanding the impact of the phishing attempt.

Reference =

CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations.

CompTIA Security+ SY0-601 Study Guide: Chapter on Incident Response.

Question 263

Report
Export
Collapse

The Cruel Information Security Officer (CISO) asks a security analyst to install an OS update to a production VM that has a 99% uptime SL

A.
The CISO tells me analyst the installation must be done as quickly as possible. Which of the following courses of action should the security analyst take first?
A.
The CISO tells me analyst the installation must be done as quickly as possible. Which of the following courses of action should the security analyst take first?
Answers
B.
Log in to the server and perform a health check on the VM.
B.
Log in to the server and perform a health check on the VM.
Answers
C.
Install the patch Immediately.
C.
Install the patch Immediately.
Answers
D.
Confirm that the backup service is running.
D.
Confirm that the backup service is running.
Answers
E.
Take a snapshot of the VM.
E.
Take a snapshot of the VM.
Answers
Suggested answer: D

Explanation:

Before applying any updates or patches to a production VM, especially one with a 99% uptime SLA, it is crucial to first take a snapshot of the VM. This snapshot serves as a backup that can be quickly restored in case the update causes any issues, ensuring that the system can be returned to its previous state without violating the SLA. This step mitigates risk and is a standard best practice in change management for critical systems.

Reference = CompTIA Security+ SY0-701 study materials, focusing on change management and backup strategies.

Question 264

Report
Export
Collapse

Sine a recent upgrade (o a WLAN infrastructure, several mobile users have been unable to access the internet from the lobby. The networking team performs a heat map survey of the building and finds several WAPs in the are a. The WAPs are using similar frequencies with high power settings. Which of the following installation considerations should the security team evaluate next?

A.
Channel overlap
A.
Channel overlap
Answers
B.
Encryption type
B.
Encryption type
Answers
C.
New WLAN deployment
C.
New WLAN deployment
Answers
D.
WAP placement
D.
WAP placement
Answers
Suggested answer: A

Explanation:

When multiple Wireless Access Points (WAPs) are using similar frequencies with high power settings, it can cause channel overlap, leading to interference and connectivity issues. This is likely the reason why mobile users are unable to access the internet in the lobby. Evaluating and adjusting the channel settings on the WAPs to avoid overlap is crucial to resolving the connectivity problems.

Reference = CompTIA Security+ SY0-701 study materials, particularly the domain on Wireless and Mobile Security, which covers WLAN deployment considerations.

Question 265

Report
Export
Collapse

An employee in the accounting department receives an email containing a demand for payment tot services performed by a vendor However, the vendor is not in the vendor management database. Which of the following in this scenario an example of?

A.
Pretexting
A.
Pretexting
Answers
B.
Impersonation
B.
Impersonation
Answers
C.
Ransomware
C.
Ransomware
Answers
D.
Invoice scam
D.
Invoice scam
Answers
Suggested answer: D

Explanation:

The scenario describes an instance where an employee receives a fraudulent invoice from a vendor that is not recognized in the company's vendor management system. This is a classic example of an invoice scam, where attackers attempt to trick organizations into making payments for fake or non-existent services. These scams often rely on social engineering tactics to bypass financial controls.

Reference = CompTIA Security+ SY0-701 study materials, particularly in the context of social engineering attacks and common scams.

Question 266

Report
Export
Collapse

While considering the organization's cloud-adoption strategy, the Chief Information Security Officer sets a goal to outsource patching of firmware, operating systems, and applications to the chosen cloud vendor. Which of the following best meets this goal?

A.
Community cloud
A.
Community cloud
Answers
B.
PaaS
B.
PaaS
Answers
C.
Containerization
C.
Containerization
Answers
D.
Private cloud
D.
Private cloud
Answers
E.
SaaS
E.
SaaS
Answers
F.
laaS
F.
laaS
Answers
Suggested answer: E

Explanation:

Software as a Service (SaaS) is the cloud model that best meets the goal of outsourcing the management, including patching, of firmware, operating systems, and applications to the cloud vendor. In a SaaS environment, the cloud provider is responsible for maintaining and updating the entire software stack, allowing the organization to focus on using the software rather than managing its infrastructure.

Reference = CompTIA Security+ SY0-701 study materials, particularly the domains related to cloud security models.

Question 267

Report
Export
Collapse

A security analyst is assessing several company firewalls. Which of the following cools would The analyst most likely use to generate custom packets to use during the assessment?

A.
hping
A.
hping
Answers
B.
Wireshark
B.
Wireshark
Answers
C.
PowerShell
C.
PowerShell
Answers
D.
netstat
D.
netstat
Answers
Suggested answer: A

Explanation:

Monitoring outbound traffic is essential for detecting unauthorized data exfiltration from a system. A new vulnerability that allows malware to move data unauthorizedly would typically attempt to send this data out of the network. By monitoring outbound traffic, security tools can detect unusual data transfers, trigger alerts, and help prevent the exfiltration of sensitive information.

Reference =

CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations.

CompTIA Security+ SY0-601 Study Guide: Chapter on Threat Detection and Response.

Question 268

Report
Export
Collapse

A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system. Which of the following would detect this behavior?

A.
Implementing encryption
A.
Implementing encryption
Answers
B.
Monitoring outbound traffic
B.
Monitoring outbound traffic
Answers
C.
Using default settings
C.
Using default settings
Answers
D.
Closing all open ports
D.
Closing all open ports
Answers
Suggested answer: B

Explanation:

Monitoring outbound traffic is essential for detecting unauthorized data exfiltration from a system. A new vulnerability that allows malware to move data unauthorizedly would typically attempt to send this data out of the network. By monitoring outbound traffic, security tools can detect unusual data transfers, trigger alerts, and help prevent the exfiltration of sensitive information.

Reference =

CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations.

CompTIA Security+ SY0-601 Study Guide: Chapter on Threat Detection and Response.

Question 269

Report
Export
Collapse

Which of the following can a security director use to prioritize vulnerability patching within a company's IT environment?

A.
SOAR
A.
SOAR
Answers
B.
CVSS
B.
CVSS
Answers
C.
SIEM
C.
SIEM
Answers
D.
CVE
D.
CVE
Answers
Suggested answer: B

Explanation:

The Common Vulnerability Scoring System (CVSS) is a standardized framework for assessing the severity of security vulnerabilities. It helps organizations prioritize vulnerability patching by providing a numerical score that reflects the potential impact and exploitability of a vulnerability. CVSS scores are used to gauge the urgency of patching vulnerabilities within a company's IT environment.

Reference =

CompTIA Security+ SY0-701 Course Content: Domain 05 Security Program Management and Oversight.

CompTIA Security+ SY0-601 Study Guide: Chapter on Vulnerability Management.

Question 270

Report
Export
Collapse

Which of the following is the most effective way to protect an application server running software that is no longer supported from network threats?

A.
Air gap
A.
Air gap
Answers
B.
Barricade
B.
Barricade
Answers
C.
Port security
C.
Port security
Answers
D.
Screen subnet
D.
Screen subnet
Answers
Suggested answer: A

Explanation:

Air-gapping is the most effective way to protect an application server running unsupported software from network threats. By physically isolating the server from any network connection (no wired or wireless communication), it is protected from external cyber threats. While other options like port security or a screened subnet can provide some level of protection, an air gap offers the highest level of security by preventing any network-based attacks entirely.

Reference =

CompTIA Security+ SY0-701 Course Content: Domain 03 Security Architecture.

CompTIA Security+ SY0-601 Study Guide: Chapter on Secure System Design.

Total 350 questions
Go to page: of 35
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms