Summer Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > CompTIA > CompTIA Security+ > SY0-701

SY0-701 CompTIA Security+ Exam Question and Answers

Question # 4

A security analyst is investigating an alert that was produced by endpoint protection software. The analyst determines this event was a false positive triggered by an employee who attempted to download a file. Which of the following is the most likely reason the download was blocked?

A.

A misconfiguration in the endpoint protection software

B.

A zero-day vulnerability in the file

C.

A supply chain attack on the endpoint protection vendor

D.

Incorrect file permissions

Full Access
Question # 5

An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software. Which of the following security techniques is the IT manager setting up?

A.

Hardening

B.

Employee monitoring

C.

Configuration enforcement

D.

Least privilege

Full Access
Question # 6

Which of the following must be considered when designing a high-availability network? (Choose two).

A.

Ease of recovery

B.

Ability to patch

C.

Physical isolation

D.

Responsiveness

E.

Attack surface

F.

Extensible authentication

Full Access
Question # 7

Which of the following threat actors is the most likely to be hired by a foreign government to attack critical systems located in other countries?

A.

Hacktivist

B.

Whistleblower

C.

Organized crime

D.

Unskilled attacker

Full Access
Question # 8

A newly appointed board member with cybersecurity knowledge wants the board of directors to receive a quarterly report detailing the number of incidents that impacted the organization. The systems administrator is creating a way to present the data to the board of directors. Which of the following should the systems administrator use?

A.

Packet captures

B.

Vulnerability scans

C.

Metadata

D.

Dashboard

Full Access
Question # 9

A company is decommissioning its physical servers and replacing them with an architecture that will reduce the number of individual operating systems. Which of the following strategies should the company use to achieve this security requirement?

A.

Microservices

B.

Containerization

C.

Virtualization

D.

Infrastructure as code

Full Access
Question # 10

After an audit, an administrator discovers all users have access to confidential data on a file server. Which of the following should the administrator use to restrict access to the data quickly?

A.

Group Policy

B.

Content filtering

C.

Data loss prevention

D.

Access control lists

Full Access
Question # 11

After a company was compromised, customers initiated a lawsuit. The company's attorneys have requested that the security team initiate a legal hold in response to the lawsuit. Which of the following describes the action the security team will most likely be required to take?

A.

Retain the emails between the security team and affected customers for 30 days.

B.

Retain any communications related to the security breach until further notice.

C.

Retain any communications between security members during the breach response.

D.

Retain all emails from the company to affected customers for an indefinite period of time.

Full Access
Question # 12

Which of the following is themostlikely to be included as an element of communication in a security awareness program?

A.

Reporting phishing attempts or other suspicious activities

B.

Detecting insider threats using anomalous behavior recognition

C.

Verifying information when modifying wire transfer data

D.

Performing social engineering as part of third-party penetration testing

Full Access
Question # 13

A security analyst reviews domain activity logs and notices the following:

Which of the following is thebestexplanation for what the security analyst has discovered?

A.

The user jsmith's account has been locked out.

B.

A keylogger is installed on [smith's workstation

C.

An attacker is attempting to brute force ismith's account.

D.

Ransomware has been deployed in the domain.

Full Access
Question # 14

A manager receives an email that contains a link to receive a refund. After hovering over the link, the manager notices that the domain's URL points to a suspicious link. Which of the following security practices helped the manager to identify the attack?

A.

End user training

B.

Policy review

C.

URL scanning

D.

Plain text email

Full Access
Question # 15

Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software?

A.

Configure all systems to log scheduled tasks.

B.

Collect and monitor all traffic exiting the network.

C.

Block traffic based on known malicious signatures.

D.

Install endpoint management software on all systems.

Full Access
Question # 16

Which of the following scenarios describes a possible business email compromise attack?

A.

An employee receives a gift card request in an email that has an executive's name in the display field of the email.

B.

Employees who open an email attachment receive messages demanding payment in order to access files.

C.

A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account.

D.

An employee receives an email with a link to a phishing site that is designed to look like the company's email portal.

Full Access
Question # 17

Which of the following methods to secure credit card data is best to use when a requirement is to see only the last four numbers on a credit card?

A.

Encryption

B.

Hashing

C.

Masking

D.

Tokenization

Full Access
Question # 18

Which of the following teams combines both offensive and defensive testing techniques to protect an organization's critical systems?

A.

Red

B.

Blue

C.

Purple

D.

Yellow

Full Access
Question # 19

Which of the following risks can be mitigated by HTTP headers?

A.

SQLi

B.

XSS

C.

DoS

D.

SSL

Full Access
Question # 20

Which of the following factors are the most important to address when formulating a training curriculum plan for a security awareness program? (Select two).

A.

Channels by which the organization communicates with customers

B.

The reporting mechanisms for ethics violations

C.

Threat vectors based on the industry in which the organization operates

D.

Secure software development training for all personnel

E.

Cadence and duration of training events

F.

Retraining requirements for individuals who fail phishing simulations

Full Access
Question # 21

A company is working with a vendor to perform a penetration test Which of the following includes an estimate about the number of hours required to complete the engagement?

A.

SOW

B.

BPA

C.

SLA

D.

NDA

Full Access
Question # 22

Which of the following is a hardware-specific vulnerability?

A.

Firmware version

B.

Buffer overflow

C.

SQL injection

D.

Cross-site scripting

Full Access
Question # 23

An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would bemostrelevant for the analyst to evaluate?

A.

Secured zones

B.

Subject role

C.

Adaptive identity

D.

Threat scope reduction

Full Access
Question # 24

Which of the following security concepts is being followed when implementing a product that offers protection against DDoS attacks?

A.

Availability

B.

Non-repudiation

C.

Integrity

D.

Confidentiality

Full Access
Question # 25

Several employees received a fraudulent text message from someone claiming to be the Chief Executive Officer (CEO). The message stated:

“I’m in an airport right now with no access to email. I need you to buy gift cards for employee recognition awards. Please send the gift cards to following email address.”

Which of the following are thebestresponses to this situation? (Choose two).

A.

Cancel current employee recognition gift cards.

B.

Add a smishing exercise to the annual company training.

C.

Issue a general email warning to the company.

D.

Have the CEO change phone numbers.

E.

Conduct a forensic investigation on the CEO's phone.

F.

Implement mobile device management.

Full Access
Question # 26

Which of the following security controls is most likely being used when a critical legacy server is segmented into a private network?

A.

Deterrent

B.

Corrective

C.

Compensating

D.

Preventive

Full Access
Question # 27

A software developer released a new application and is distributing application files via the developer's website. Which of the following should the developer post on the website to allow users to verify the integrity of the downloaded files?

A.

Hashes

B.

Certificates

C.

Algorithms

D.

Salting

Full Access
Question # 28

A security consultant needs secure, remote access to a client environment. Which of the following should the security consultant most likely use to gain access?

A.

EAP

B.

DHCP

C.

IPSec

D.

NAT

Full Access
Question # 29

An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is thebestfor this scenario?

A.

Real-time recovery

B.

Hot

C.

Cold

D.

Warm

Full Access
Question # 30

Which of the following is the best reason to complete an audit in a banking environment?

A.

Regulatory requirement

B.

Organizational change

C.

Self-assessment requirement

D.

Service-level requirement

Full Access
Question # 31

The management team notices that new accounts that are set up manually do not always have correct access or permissions.

Which of the following automation techniques should a systems administrator use to streamline account creation?

A.

Guard rail script

B.

Ticketing workflow

C.

Escalation script

D.

User provisioning script

Full Access
Question # 32

A company’s legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is themosteffective way to limit this access?

A.

Data masking

B.

Encryption

C.

Geolocation policy

D.

Data sovereignty regulation

Full Access
Question # 33

Which of the following vulnerabilities is associated with installing software outside of a manufacturer’s approved software repository?

A.

Jailbreaking

B.

Memory injection

C.

Resource reuse

D.

Side loading

Full Access
Question # 34

While troubleshooting a firewall configuration, a technician determines that a “deny any” policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable.

Which of the following actions would prevent this issue?

A.

Documenting the new policy in a change request and submitting the request to change management

B.

Testing the policy in a non-production environment before enabling the policy in the production network

C.

Disabling any intrusion prevention signatures on the 'deny any* policy prior to enabling the new policy

D.

Including an 'allow any1 policy above the 'deny any* policy

Full Access
Question # 35

A security administrator identifies an application that is storing data using MD5. Which of the following best identifies the vulnerability likely present in the application?

A.

Cryptographic

B.

Malicious update

C.

Zero day

D.

Side loading

Full Access
Question # 36

Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked.

Which of the following changes would allow users to access the site?

A.

Creating a firewall rule to allow HTTPS traffic

B.

Configuring the IPS to allow shopping

C.

Tuning the DLP rule that detects credit card data

D.

Updating the categorization in the content filter

Full Access
Question # 37

After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training?

A.

Insider threat

B.

Email phishing

C.

Social engineering

D.

Executive whaling

Full Access
Question # 38

Which of the following security control types does an acceptable use policybestrepresent?

A.

Detective

B.

Compensating

C.

Corrective

D.

Preventive

Full Access
Question # 39

An accounting clerk sent money to an attacker's bank account after receiving fraudulent instructions to use a new account. Which of the following would most likely prevent this activity in the future?

A.

Standardizing security incident reporting

B.

Executing regular phishing campaigns

C.

Implementing insider threat detection measures

D.

Updating processes for sending wire transfers

Full Access
Question # 40

A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?

A.

SSO

B.

LEAP

C.

MFA

D.

PEAP

Full Access
Question # 41

An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period. Which of the following data policies is the administrator carrying out?

A.

Compromise

B.

Retention

C.

Analysis

D.

Transfer

E.

Inventory

Full Access
Question # 42

Which of the following describes the category of data that is most impacted when it is lost?

A.

Confidential

B.

Public

C.

Private

D.

Critical

Full Access
Question # 43

A cyber operations team informs a security analyst about a new tactic malicious actors are using to compromise networks.

SIEM alerts have not yet been configured. Which of the followingbestdescribes what the security analyst should do to identify this behavior?

A.

[Digital forensics

B.

E-discovery

C.

Incident response

D.

Threat hunting

Full Access
Question # 44

Which of the following would most likely mitigate the impact of an extended power outage on a company's environment?

A.

Hot site

B.

UPS

C.

Snapshots

D.

SOAR

Full Access
Question # 45

A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations. Which of the following should the hosting provider considerfirst?

A.

Local data protection regulations

B.

Risks from hackers residing in other countries

C.

Impacts to existing contractual obligations

D.

Time zone differences in log correlation

Full Access
Question # 46

Which of the following security concepts is accomplished with the installation of a RADIUS server?

A.

CIA

B.

AAA

C.

ACL

D.

PEM

Full Access
Question # 47

An organization recently updated its security policy to include the following statement:

Regular expressions are included in source code to remove special characters such as $, |, ;. &, `, and ? from variables set by forms in a web application.

Which of the following best explains the security technique the organization adopted by making this addition to the policy?

A.

Identify embedded keys

B.

Code debugging

C.

Input validation

D.

Static code analysis

Full Access
Question # 48

During a recent breach, employee credentials were compromised when a service desk employee issued an MFA bypass code to an attacker who called and posed as an employee. Which of the following should be used to prevent this type of incident in the future?

A.

Hardware token MFA

B.

Biometrics

C.

Identity proofing

D.

Least privilege

Full Access
Question # 49

After a recent ransomware attack on a company's system, an administrator reviewed the log files. Which of the following control types did the administrator use?

A.

Compensating

B.

Detective

C.

Preventive

D.

Corrective

Full Access
Question # 50

A company prevented direct access from the database administrators’ workstations to the network segment that contains database servers. Which of the following should a database administrator use to access the database servers?

A.

Jump server

B.

RADIUS

C.

HSM

D.

Load balancer

Full Access
Question # 51

An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee internet traffic. Which of the following will help achieve these objectives?

A.

Deploying a SASE solution to remote employees

B.

Building a load-balanced VPN solution with redundant internet

C.

Purchasing a low-cost SD-WAN solution for VPN traffic

D.

Using a cloud provider to create additional VPN concentrators

Full Access
Question # 52

Which of the following is the most common data loss path for an air-gapped network?

A.

Bastion host

B.

Unsecured Bluetooth

C.

Unpatched OS

D.

Removable devices

Full Access
Question # 53

Which of the following threat actors is themostlikely to use large financial resources to attack critical systems located in other countries?

A.

Insider

B.

Unskilled attacker

C.

Nation-state

D.

Hacktivist

Full Access
Question # 54

An organization would like to store customer data on a separate part of the network that is not accessible to users on the main corporate network. Which of the following should the administrator use to accomplish this goal?

A.

Segmentation

B.

Isolation

C.

Patching

D.

Encryption

Full Access
Question # 55

An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal?

A.

Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53

Access list outbound deny 10.50.10.25/32 0.0.0.0/0 port 53

B.

Access list outbound permit 0.0.0.0/0 10.50.10.25/32 port 53

Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

C.

Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53

Access list outbound deny 0.0.0.0/0 10.50.10.25/32 port 53

D.

Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53

Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

Full Access
Question # 56

An administrator is reviewing a single server's security logs and discovers the following;

Which of the following best describes the action captured in this log file?

A.

Brute-force attack

B.

Privilege escalation

C.

Failed password audit

D.

Forgotten password by the user

Full Access
Question # 57

A systems administrator is working on a defense-in-depth strategy and needs to restrict activity from employees after hours. Which of the following should the systems administrator implement?

A.

Role-based restrictions

B.

Attribute-based restrictions

C.

Mandatory restrictions

D.

Time-of-day restrictions

Full Access
Question # 58

Which of the following is the best way to secure an on-site data center against intrusion from an insider?

A.

Bollards

B.

Access badge

C.

Motion sensor

D.

Video surveillance

Full Access
Question # 59

Which of the following should a security administrator adhere to when setting up a new set of firewall rules?

A.

Disaster recovery plan

B.

Incident response procedure

C.

Business continuity plan

D.

Change management procedure

Full Access
Question # 60

A systems administrator is changing the password policy within an enterprise environment and wants this update implemented on all systems as quickly as possible. Which of the following operating system security measures will the administrator most likely use?

A.

Deploying PowerShell scripts

B.

Pushing GPO update

C.

Enabling PAP

D.

Updating EDR profiles

Full Access
Question # 61

In order to strengthen a password and prevent a hacker from cracking it, a random string of 36 characters was added to the password. Which of the following best describes this technique?

A.

Key stretching

B.

Tokenization

C.

Data masking

D.

Salting

Full Access
Question # 62

A security operations center determines that the malicious activity detected on a server is normal. Which of the following activities describes the act of ignoring detected activity in the future?

A.

Tuning

B.

Aggregating

C.

Quarantining

D.

Archiving

Full Access
Question # 63

Which of the following can best protect against an employee inadvertently installing malware on a company system?

A.

Host-based firewall

B.

System isolation

C.

Least privilege

D.

Application allow list

Full Access
Question # 64

A hacker gained access to a system via a phishing attempt that was a direct result of a user clicking a suspicious link. The link laterally deployed ransomware, which laid dormant for multiple weeks, across the network. Which of the following would have mitigated the spread?

A.

IPS

B.

IDS

C.

WAF

D.

UAT

Full Access
Question # 65

A business received a small grant to migrate its infrastructure to an off-premises solution. Which of the following should be considered first?

A.

Security of cloud providers

B.

Cost of implementation

C.

Ability of engineers

D.

Security of architecture

Full Access
Question # 66

A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message. Which of the following should the analyst do?

A.

Place posters around the office to raise awareness of common phishing activities.

B.

Implement email security filters to prevent phishing emails from being delivered

C.

Update the EDR policies to block automatic execution of downloaded programs.

D.

Create additional training for users to recognize the signs of phishing attempts.

Full Access