SY0-701 Exam Questions

Total 355 Questions

Last Updated Exam : 16-Dec-2024

In which of the following scenarios is tokenization the best privacy technique 10 use?


A. Providing pseudo-anonymization tor social media user accounts


B. Serving as a second factor for authentication requests


C. Enabling established customers to safely store credit card Information


D. Masking personal information inside databases by segmenting data





C.
  Enabling established customers to safely store credit card Information

Explanation: Tokenization is a process that replaces sensitive data, such as credit card information, with a non-sensitive equivalent (token) that can be used in place of the actual data. This technique is particularly useful in securely storing payment information because the token can be safely stored and transmitted without exposing the original credit card number.
References = CompTIA Security+ SY0-701 Course Content: Domain 03 Security Architecture. CompTIA Security+ SY0-601 Study Guide: Chapter on Cryptography and Data Protection.

Which of the following can be used to identify potential attacker activities without affecting production servers?


A. Honey pot


B. Video surveillance


C. Zero Trust


D. Geofencing





A.
  Honey pot

Explanation: A honey pot is a system or a network that is designed to mimic a real production server and attract potential attackers. A honey pot can be used to identify the attacker’s methods, techniques, and objectives without affecting the actual production servers. A honey pot can also divert the attacker’s attention from the real targets and waste their time and resources12.
The other options are not effective ways to identify potential attacker activities without affecting production servers:
Video surveillance: This is a physical security technique that uses cameras and monitors to record and observe the activities in a certain area. Video surveillance can help to deter, detect, and investigate physical intrusions, but it does not directly identify the attacker’s activities on the network or the servers3.
Zero Trust: This is a security strategy that assumes that no user, device, or network is trustworthy by default and requires strict verification and validation for every request and transaction. Zero Trust can help to improve the security posture and reduce the attack surface of an organization, but it does not directly identify the attacker’s activities on the network or the servers4. Geofencing: This is a security technique that uses geographic location as a criterion to restrict or allow access to data or resources. Geofencing can help to protect the data sovereignty and compliance of an organization, but it does not directly identify the attacker’s activities on the network or the servers5.
References = 1: CompTIA Security+ SY0-701 Certification Study Guide, page 542: Honeypots and Deception – SY0-601 CompTIA Security+ : 2.1, video by Professor Messer3: CompTIA Security+ SY0-701 Certification Study Guide, page 974: CompTIA Security+ SY0-701 Certification Study Guide, page 985: CompTIA Security+ SY0-701 Certification Study Guide, page 99.

A company is working with a vendor to perform a penetration test Which of the following includes an estimate about the number of hours required to complete the engagement?


A. SOW


B. BPA


C. SLA


D. NDA





A.
  SOW

Explanation: A statement of work (SOW) is a document that defines the scope, objectives, deliverables, timeline, and costs of a project or service. It typically includes an estimate of the number of hours required to complete the engagement, as well as the roles and responsibilities of the parties involved. A SOW is often used for penetration testing projects to ensure that both the client and the vendor have a clear and mutual understanding of what is expected and how the work will be performed. A business partnership agreement (BPA), a service level agreement (SLA), and a non-disclosure agreement (NDA) are different types of contracts that may be related to a penetration testing project, but they do not include an estimate of the number of hours required to complete the engagement.
References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 492; What to Look For in a Penetration Testing Statement of Work?

The marketing department set up its own project management software without telling the appropriate departments. Which of the following describes this scenario?


A. Shadow IT


B. Insider threat


C. Data exfiltration


D. Service disruption





A.
  Shadow IT

Explanation: The marketing department setting up its own project management software without informing the appropriate departments is an example of Shadow IT. Shadow IT refers to the use of IT systems, devices, software, applications, and services without explicit approval from the IT department.
Shadow IT: Involves the use of unauthorized systems and applications within an organization, which can lead to security risks and compliance issues.
Insider threat: Refers to threats from individuals within the organization who may intentionally cause harm or misuse their access, but this scenario is more about unauthorized use rather than malicious intent.
Data exfiltration: Involves unauthorized transfer of data out of the organization, which is not the main issue in this scenario.
Service disruption: Refers to interruptions in service availability, which is not directly related to the marketing department's actions.
Reference: CompTIA Security+ SY0-701 Exam Objectives, Domain 2.1 - Compare and contrast common threat actors and motivations (Shadow IT).

A company is concerned about the theft of client data from decommissioned laptops. Which of the following is the most cost-effective method to decrease this risk?


A. Wiping


B. Recycling


C. Shredding


D. Deletion





A.
  Wiping

Explanation: Wiping involves securely erasing data by overwriting the hard drive, ensuring the information is unrecoverable. It is cost-effective compared to physical destruction methods like shredding.

A company is planning a disaster recovery site and needs to ensure that a single natural disaster would not result in the complete loss of regulated backup data. Which of the following should the company consider?


A. Geographic dispersion


B. Platform diversity


C. Hot site


D. Load balancing





A.
  Geographic dispersion

Explanation: Geographic dispersion is the practice of having backup data stored in different locations that are far enough apart to minimize the risk of a single natural disaster affecting both sites. This ensures that the company can recover its regulated data in case of a disaster at the primary site. Platform diversity, hot site, and load balancing are not directly related to the protection of backup data from natural disasters.
References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 449; Disaster Recovery Planning: Geographic Diversity

A company would like to provide employees with computers that do not have access to the internet in order to prevent information from being leaked to an online forum. Which of the following would be best for the systems administrator to implement?


A. Air gap


B. Jump server


C. Logical segmentation


D. Virtualization





A.
  Air gap

Explanation: To provide employees with computers that do not have access to the internet and prevent information leaks to an online forum, implementing an air gap would be the best solution. An air gap physically isolates the computer or network from any outside connections, including the internet, ensuring that data cannot be transferred to or from the system.
Air gap: A security measure that isolates a computer or network from the internet or other networks, preventing any form of electronic communication with external systems. Jump server: A secure server used to access and manage devices in a different security zone, but it does not provide isolation from the internet.
Logical segmentation: Segregates networks using software or network configurations, but it does not guarantee complete isolation from the internet. Virtualization: Creates virtual instances of systems, which can be isolated, but does not inherently prevent internet access without additional configurations.
Reference: CompTIA Security+ SY0-701 Exam Objectives, Domain 2.5 - Explain the purpose of mitigation techniques used to secure the enterprise (Air gap).

A security analyst is reviewing the following logs:



Which of the following attacks is most likely occurring?


A. Password spraying


B. Account forgery


C. Pass-t he-hash


D. Brute-force





A.
  Password spraying

Explanation: Password spraying is a type of brute force attack that tries common passwords across several accounts to find a match. It is a mass trial-and-error approach that can bypass account lockout protocols. It can give hackers access to personal or business accounts and information. It is not a targeted attack, but a high-volume attack tactic that uses a dictionary or a list of popular or weak passwords12.
The logs show that the attacker is using the same password ("password123") to attempt to log in to different accounts ("admin", "user1", "user2", etc.) on the same web server. This is a typical pattern of password spraying, as the attacker is hoping that at least one of the accounts has a weak password that matches the one they are trying. The attacker is also using a tool called Hydra, which is one of the most popular brute force tools, often used in cracking passwords for network authentication3.
Account forgery is not the correct answer, because it involves creating fake accounts or credentials to impersonate legitimate users or entities. There is no evidence of account forgery in the logs, as the attacker is not creating any new accounts or using forged credentials. Pass-the-hash is not the correct answer, because it involves stealing a hashed user credential and using it to create a new authenticated session on the same network. Pass- the-hash does not require the attacker to know or crack the password, as they use the stored version of the password to initiate a new session4. The logs show that the attacker is using plain text passwords, not hashes, to try to log in to the web server.
Brute-force is not the correct answer, because it is a broader term that encompasses different types of attacks that involve trying different variations of symbols or words until the correct password is found. Password spraying is a specific type of brute force attack that uses a single common password against multiple accounts5. The logs show that the attacker is using password spraying, not brute force in general, to try to gain access to the web server.
References = 1: Password spraying: An overview of password spraying attacks … - Norton,
2: Security: Credential Stuffing vs. Password Spraying - Baeldung,
3: Brute Force Attack: A definition + 6 types to know | Norton,
4: What is a Pass- the-Hash Attack? - CrowdStrike,
5: What is a Brute Force Attack? | Definition, Types & How It Works - Fortinet

A systems administrator would like to deploy a change to a production system. Which of the following must the administrator submit to demonstrate that the system can be restored to a working state in the event of a performance issue?


A. Backout plan


B. Impact analysis


C. Test procedure


D. Approval procedure





A.
  Backout plan

Explanation: To demonstrate that the system can be restored to a working state in the event of a performance issue after deploying a change, the systems administrator must submit a backout plan. A backout plan outlines the steps to revert the system to its previous state if the new deployment causes problems.
Backout plan: Provides detailed steps to revert changes and restore the system to its previous state in case of issues, ensuring minimal disruption and quick recovery.
Impact analysis: Evaluates the potential effects of a change but does not provide steps to revert changes.
Test procedure: Details the steps for testing the change but does not address restoring the system to a previous state.
Approval procedure: Involves obtaining permissions for the change but does not ensure system recovery in case of issues.
Reference: CompTIA Security+ SY0-701 Exam Objectives, Domain 1.3 - Explain the importance of change management processes (Backout plan).

Which of the following scenarios describes a possible business email compromise attack?


A. An employee receives a gift card request in an email that has an executive's name in the display field of the email.


B. Employees who open an email attachment receive messages demanding payment in order to access files.


C. A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account.


D. An employee receives an email with a link to a phishing site that is designed to look like the company's email portal.





A.
  An employee receives a gift card request in an email that has an executive's name in the display field of the email.

Explanation: A business email compromise (BEC) attack is a type of phishing attack that targets employees who have access to company funds or sensitive information. The attacker impersonates a trusted person, such as an executive, a vendor, or a client, and requests a fraudulent payment, a wire transfer, or confidential data. The attacker often uses social engineering techniques, such as urgency, pressure, or familiarity, to convince the victim to comply with the request12.
In this scenario, option A describes a possible BEC attack, where an employee receives a gift card request in an email that has an executive’s name in the display field of the email. The email may look like it is coming from the executive, but the actual email address may be spoofed or compromised. The attacker may claim that the gift cards are needed for a business purpose, such as rewarding employees or clients, and ask the employee to purchase them and send the codes. This is a common tactic used by BEC attackers to steal money from unsuspecting victims34.
Option B describes a possible ransomware attack, where malicious software encrypts the files on a device and demands a ransom for the decryption key. Option C describes a possible credential harvesting attack, where an attacker tries to obtain the login information of a privileged account by posing as a legitimate authority. Option D describes a possible phishing attack, where an attacker tries to lure the victim to a fake website that mimics the company’s email portal and capture their credentials. These are all types of cyberattacks, but they are not examples of BEC attacks.
References = 1: Business Email Compromise - CompTIA Security+ SY0-701 - 2.2 2: CompTIA Security+ SY0-701 Certification Study Guide 3: Business Email Compromise: The 12 Billion Dollar Scam 4: TOTAL: CompTIA Security+ Cert (SY0-701) | Udemy


Page 5 out of 36 Pages
Previous