Sy0-701 4
Uploaded by
Asif RzayevSy0-701 4
Uploaded by
Asif RzayevWelcome to download the Newest 2passeasy SY0-701 dumps
https://www.2passeasy.com/dumps/SY0-701/ (0 New Questions)
Exam Questions SY0-701
CompTIA Security+ Exam
https://www.2passeasy.com/dumps/SY0-701/
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy SY0-701 dumps
https://www.2passeasy.com/dumps/SY0-701/ (0 New Questions)
NEW QUESTION 1
Employees in the research and development business unit receive extensive training to ensure they understand how to best protect company data. Which of the
following is the type of data these employees are most likely to use in day-to-day work activities?
A. Encrypted
B. Intellectual property
C. Critical
D. Data in transit
Answer: B
Explanation:
Intellectual property is a type of data that consists of ideas, inventions, designs, or other creative works that have commercial value and are protected by law.
Employees in the research and development business unit are most likely to use intellectual property data in their day-to-day work activities, as they are involved in
creating new products or services for the company. Intellectual property data needs to be protected from unauthorized use, disclosure, or theft, as it can give the
company a competitive advantage in the market. Therefore, these employees receive extensive training to ensure
they understand how to best protect this type of data. References = CompTIA Security+ SY0-701 Certification Study Guide, page 90; Professor Messer’s
CompTIA SY0-701 Security+ Training Course, video 1.2 - Security Concepts, 7:57 - 9:03.
NEW QUESTION 2
Which of the following agreement types defines the time frame in which a vendor needs to respond?
A. SOW
B. SLA
C. MOA
D. MOU
Answer: B
Explanation:
A service level agreement (SLA) is a type of agreement that defines the expectations and responsibilities between a service provider and a customer. It usually
includes the quality, availability, and performance metrics of the service, as well as the time frame in which the provider needs to respond to service requests,
incidents, or complaints. An SLA can help ensure that the customer receives the desired level of service and that the provider is accountable for meeting the
agreed-upon standards.
References:
? Security+ (Plus) Certification | CompTIA IT Certifications, under “About the exam”, bullet point 3: “Operate with an awareness of applicable regulations and
policies, including principles of governance, risk, and compliance.”
? CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 1, page 14: “Service Level Agreements (SLAs) are contracts between a service
provider and a customer that specify the level of service expected from the service provider.”
NEW QUESTION 3
Which of the following is the best reason to complete an audit in a banking environment?
A. Regulatory requirement
B. Organizational change
C. Self-assessment requirement
D. Service-level requirement
Answer: A
Explanation:
A regulatory requirement is a mandate imposed by a government or an authority that must be followed by an organization or an individual. In a banking
environment, audits are often required by regulators to ensure compliance with laws, standards, and policies related to security, privacy, and financial reporting.
Audits help to identify and correct any gaps or weaknesses in the security posture and the internal controls of the organization. References:
? Official CompTIA Security+ Study Guide (SY0-701), page 507
? Security+ (Plus) Certification | CompTIA IT Certifications 2
NEW QUESTION 4
Which of the following methods to secure credit card data is best to use when a requirement is to see only the last four numbers on a credit card?
A. Encryption
B. Hashing
C. Masking
D. Tokenization
Answer: C
Explanation:
Masking is a method to secure credit card data that involves replacing some or all of the digits with symbols, such as asterisks, dashes, or Xs, while leaving some
of the original digits visible. Masking is best to use when a requirement is to see only the last four numbers on a credit card, as it can prevent unauthorized access
to the full card number, while still allowing identification and verification of the cardholder. Masking does not alter the original data, unlike encryption, hashing, or
tokenization, which use algorithms to transform the data into different formats.
References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 2: Compliance and Operational Security, page 721. CompTIA Security+
Certification Kit: Exam SY0-701, 7th Edition, Chapter 2: Compliance and Operational Security, page 722.
NEW QUESTION 5
An engineer needs to find a solution that creates an added layer of security by preventing unauthorized access to internal company resources. Which of the
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy SY0-701 dumps
https://www.2passeasy.com/dumps/SY0-701/ (0 New Questions)
following would be the best solution?
A. RDP server
B. Jump server
C. Proxy server
D. Hypervisor
Answer: B
Explanation:
= A jump server is a server that acts as an intermediary between a user and a target system. A jump server can provide an added layer of security by preventing
unauthorized access to internal company resources. A user can connect to the jump server using a secure protocol, such as SSH, and then access the target
system from the jump server. This way, the target system is isolated from the external network and only accessible through the jump server. A jump server can
also enforce security policies, such as authentication, authorization, logging, and auditing, on the user’s connection. A jump server is also known as a bastion host
or a jump box. References = CompTIA Security+ Certification Exam Objectives, Domain 3.3: Given a scenario, implement secure network architecture concepts.
CompTIA Security+ Study Guide (SY0-701), Chapter 3: Network Architecture and Design, page 101. Other Network Appliances – SY0-601 CompTIA Security+ :
3.3, Video 3:03. CompTIA Security+ Certification Exam SY0-701 Practice Test 1, Question 2.
NEW QUESTION 6
An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP
address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal?
A. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53 Access list outbound deny 10.50.10.25/32 0.0.0.0/0 port 53
B. Access list outbound permit 0.0.0.0/0 10.50.10.25/32 port 53 Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53
C. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53Access list outbound deny 0.0.0.0/0 10.50.10.25/32 port 53
D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53
Answer: D
Explanation:
A firewall ACL (access control list) is a set of rules that determines which traffic is allowed or denied by the firewall. The rules are processed in order, from top to
bottom, until a match is found. The syntax of a firewall ACL rule is:
Access list <direction> <action> <source address> <destination address> <protocol>
<port>
To limit outbound DNS traffic originating from the internal network, the firewall ACL should allow only the device with the IP address 10.50.10.25 to send DNS
requests to any destination on port 53, and deny all other outbound traffic on port 53. The correct firewall ACL is:
Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53
The first rule permits outbound traffic from the source address 10.50.10.25/32 (a single host) to any destination address (0.0.0.0/0) on port 53 (DNS). The second
rule denies all other outbound traffic on port 532.
References: CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 4, page 175.
NEW QUESTION 7
Security controls in a data center are being reviewed to ensure data is properly protected and that human life considerations are included. Which of the following
best describes how the controls should be set up?
A. Remote access points should fail closed.
B. Logging controls should fail open.
C. Safety controls should fail open.
D. Logical security controls should fail closed.
Answer: C
Explanation:
Safety controls are security controls that are designed to protect human life and physical assets from harm or damage. Examples of safety controls include fire
alarms, sprinklers, emergency exits, backup generators, and surge protectors. Safety controls should fail open, which means that they should remain operational
or allow access when a failure or error occurs. Failing open can prevent or minimize the impact of a disaster, such as a fire, flood, earthquake, or power outage, on
human life and physical assets. For example, if a fire alarm fails, it should still trigger the sprinklers and unlock the emergency exits, rather than remain silent and
locked. Failing open can also ensure that essential services, such as healthcare, transportation, or communication, are available during a crisis. Remote access
points, logging controls, and logical security controls are other types of security controls, but they should not fail open in a data center. Remote access points are
security controls that allow users or systems to access a network or a system from a remote location, such as a VPN, a web portal, or a wireless access point.
Remote access points should fail closed, which means that they should deny access when a failure or error occurs. Failing closed can prevent unauthorized or
malicious access to the data center’s network or systems, such as by hackers, malware, or rogue devices. Logging controls are security controls that record and
monitor the activities and events that occur on a network or a system, such as user actions, system errors, security incidents, or performance metrics. Logging
controls should also fail closed, which means that they should stop or suspend the activities or events when a failure or error occurs. Failing closed can prevent
data loss, corruption, or tampering, as well as ensure compliance with regulations and standards. Logical security controls are security controls that use software
or code to protect data and systems from unauthorized or malicious access, modification, or destruction, such as encryption, authentication, authorization, or
firewall. Logical security controls should also fail closed, which means that they should block or restrict access when a failure or error occurs. Failing closed can
prevent data breaches, cyberattacks, or logical flaws, as well as ensure confidentiality, integrity, and availability of data and systems. References: CompTIA
Security+ Study Guide: Exam SY0-701, 9th Edition, page 142-143, 372-373, 376-377
NEW QUESTION 8
A security operations center determines that the malicious activity detected on a server is normal. Which of the following activities describes the act of ignoring
detected activity in the future?
A. Tuning
B. Aggregating
C. Quarantining
D. Archiving
Answer: A
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy SY0-701 dumps
https://www.2passeasy.com/dumps/SY0-701/ (0 New Questions)
Explanation:
Tuning is the activity of adjusting the configuration or parameters of a security tool or system to optimize its performance and reduce false positives or false
negatives. Tuning can help to filter out the normal or benign activity that is detected by the security tool or system, and focus on the malicious or anomalous activity
that requires further investigation or response. Tuning can also help to improve the efficiency and effectiveness of the security operations center by reducing the
workload and alert fatigue of
the analysts. Tuning is different from aggregating, which is the activity of collecting and combining data from multiple sources or sensors to provide a
comprehensive view of the security posture. Tuning is also different from quarantining, which is the activity of isolating a potentially infected or compromised device
or system from the rest of the network to prevent further damage or spread. Tuning is also different from archiving, which is the activity of storing and preserving
historical data or records for future reference or compliance. The act of ignoring detected activity in the future that is deemed normal by the security operations
center is an example of tuning, as it involves modifying the settings or rules of the security tool or system to exclude the activity from the detection scope.
Therefore, this is the best answer among the given options. References = Security Alerting and Monitoring Concepts and Tools – CompTIA Security+ SY0-701:
4.3, video at
7:00; CompTIA Security+ SY0-701 Certification Study Guide, page 191.
NEW QUESTION 9
A company prevented direct access from the database administrators’ workstations to the network segment that contains database servers. Which of the following
should a database administrator use to access the database servers?
A. Jump server
B. RADIUS
C. HSM
D. Load balancer
Answer: A
Explanation:
A jump server is a device or virtual machine that acts as an intermediary between a user’s workstation and a remote network segment. A jump server can be
used to securely access servers or devices that are not directly reachable from the user’s workstation, such as database servers. A jump server can also provide
audit logs and access control for the remote connections. A jump server is also known as a jump box or a jump host12.
RADIUS is a protocol for authentication, authorization, and accounting of network access. RADIUS is not a device or a method to access remote servers, but
rather a way to verify the identity and permissions of users or devices that request network access34. HSM is an acronym for Hardware Security Module, which is
a physical device that provides secure storage and generation of cryptographic keys. HSMs are used to protect sensitive data and applications, such as digital
signatures, encryption, and authentication. HSMs are not used to access remote servers, but rather to enhance the security of the data and applications that reside
on them5 .
A load balancer is a device or software that distributes network traffic across multiple servers or devices, based on criteria such as availability, performance, or
capacity. A load balancer can improve the scalability, reliability, and efficiency of network services, such as web servers, application servers, or database servers.
A load balancer is not used to access remote servers, but rather to optimize the delivery of the services that run on them. References =
? How to access a remote server using a jump host
? Jump server
? RADIUS
? Remote Authentication Dial-In User Service (RADIUS)
? Hardware Security Module (HSM)
? [What is an HSM?]
? [Load balancing (computing)]
? [What is Load Balancing?]
NEW QUESTION 10
A business received a small grant to migrate its infrastructure to an off-premises solution. Which of the following should be considered first?
A. Security of cloud providers
B. Cost of implementation
C. Ability of engineers
D. Security of architecture
Answer: D
Explanation:
Security of architecture is the process of designing and implementing a secure infrastructure that meets the business objectives and requirements. Security of
architecture should be considered first when migrating to an off-premises solution, such as cloud computing, because it can help to identify and mitigate the
potential risks and challenges associated with the migration, such as data security, compliance, availability, scalability, and performance. Security of architecture is
different from security of cloud providers, which is the process of evaluating and selecting a trustworthy and reliable cloud service provider that can meet the
security and operational needs of the business. Security of architecture is also different from cost of implementation, which is the amount of money required to
migrate and maintain the infrastructure in the cloud. Security of architecture is also different from ability of engineers, which is the level of skill and knowledge of
the IT staff who are responsible for the migration and management of the cloud
infrastructure. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 3491
NEW QUESTION 10
Which of the following provides the details about the terms of a test with a third-party penetration tester?
A. Rules of engagement
B. Supply chain analysis
C. Right to audit clause
D. Due diligence
Answer: A
Explanation:
Rules of engagement are the detailed guidelines and constraints regarding the execution of information security testing, such as penetration testing. They define
the scope, objectives, methods, and boundaries of the test, as well as the roles and responsibilities of the testers and the clients. Rules of engagement help to
ensure that the test is conducted in a legal, ethical, and professional manner, and that the results are accurate and reliable. Rules of engagement typically include
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy SY0-701 dumps
https://www.2passeasy.com/dumps/SY0-701/ (0 New Questions)
the following elements:
? The type and scope of the test, such as black box, white box, or gray box, and the target systems, networks, applications, or data.
? The client contact details and the communication channels for reporting issues, incidents, or emergencies during the test.
? The testing team credentials and the authorized tools and techniques that they can use.
? The sensitive data handling and encryption requirements, such as how to store, transmit, or dispose of any data obtained during the test.
? The status meeting and report schedules, formats, and recipients, as well as the confidentiality and non-disclosure agreements for the test results.
? The timeline and duration of the test, and the hours of operation and testing windows.
? The professional and ethical behavior expectations for the testers, such as avoiding unnecessary damage, disruption, or disclosure of information.
Supply chain analysis, right to audit clause, and due diligence are not related to the terms of a test with a third-party penetration tester. Supply chain analysis is the
process of evaluating the security and risk posture of the suppliers and partners in a business network. Right to audit clause is a provision in a contract that gives
one party the right to audit another party to verify their compliance with the contract terms and conditions. Due diligence is the process of identifying and
addressing the cyber risks that a potential vendor or partner brings to an organization.
References = https://www.yeahhub.com/every-penetration-tester-you-should-know-about- this-rules-of-engagement/
https://bing.com/search?q=rules+of+engagement+penetration+testing
NEW QUESTION 12
An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to
evaluate?
A. Secured zones
B. Subject role
C. Adaptive identity
D. Threat scope reduction
Answer: D
Explanation:
The data plane, also known as the forwarding plane, is the part of the network that carries user traffic and data. It is responsible for moving packets from one
device to another based on the routing and switching decisions made by the control plane. The data plane is a critical component of the Zero Trust architecture, as
it is where most of the attacks and breaches occur. Therefore, implementing Zero Trust principles within the data plane can help to improve the security and
resilience of the network.
One of the key principles of Zero Trust is to assume breach and minimize the blast radius and segment access. This means that the network should be divided into
smaller and isolated segments or zones, each with its own security policies and controls. This way, if one segment is compromised, the attacker cannot easily
move laterally to other segments and access more resources or data. This principle is also known as threat scope reduction, as it reduces the scope and impact of
a potential threat.
The other options are not as relevant for the data plane as threat scope reduction. Secured zones are a concept related to the control plane, which is the part of
the network that makes routing and switching decisions. Subject role is a concept related to the identity plane, which is the part of the network that authenticates
and authorizes users and devices. Adaptive identity is a concept related to the policy plane, which is the part of the network that defines and enforces the security
policies and rules.
References = https://bing.com/search?q=Zero+Trust+data+plane https://learn.microsoft.com/en-us/security/zero-trust/deploy/data
NEW QUESTION 15
Which of the following practices would be best to prevent an insider from introducing malicious code into a company's development process?
A. Code scanning for vulnerabilities
B. Open-source component usage
C. Quality assurance testing
D. Peer review and approval
Answer: D
Explanation:
Peer review and approval is a practice that involves having other developers or experts review the code before it is deployed or released. Peer review and
approval can help detect and prevent malicious code, errors, bugs, vulnerabilities, and poor quality in the development process. Peer review and approval can also
enforce coding standards, best practices, and compliance requirements. Peer review and approval can be done manually or with the help of tools, such as code
analysis, code review, and code
signing. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 11: Secure Application Development, page 543 2
NEW QUESTION 17
A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following
vulnerabilities is the organization addressing?
A. Cross-site scripting
B. Buffer overflow
C. Jailbreaking
D. Side loading
Answer: C
Explanation:
Jailbreaking is the process of removing the restrictions imposed by the manufacturer or carrier on a mobile device, such as an iPhone or iPad. Jailbreaking allows
users to install unauthorized applications, modify system settings, and access root privileges. However, jailbreaking also exposes the device to potential security
risks, such as malware, spyware, unauthorized access, data loss, and voided warranty. Therefore, an organization may prohibit employees from jailbreaking their
mobile devices to prevent these vulnerabilities and protect the corporate data and network. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th
Edition, Chapter 10: Mobile Device Security, page 507 2
NEW QUESTION 19
A hacker gained access to a system via a phishing attempt that was a direct result of a user clicking a suspicious link. The link laterally deployed ransomware,
which laid dormant for multiple weeks, across the network. Which of the following would have mitigated the spread?
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy SY0-701 dumps
https://www.2passeasy.com/dumps/SY0-701/ (0 New Questions)
A. IPS
B. IDS
C. WAF
D. UAT
Answer: A
Explanation:
IPS stands for intrusion prevention system, which is a network security device that monitors and blocks malicious traffic in real time. IPS is different from IDS,
which only detects and alerts on malicious traffic, but does not block it. IPS would have mitigated the spread of ransomware by preventing the hacker from
accessing the system via the phishing link, or by stopping the ransomware from communicating with its command and control server or encrypting the files.
NEW QUESTION 22
An employee clicked a link in an email from a payment website that asked the employee to update contact information. The employee entered the log-in
information but received a “page not found” error message. Which of the following types of social engineering attacks occurred?
A. Brand impersonation
B. Pretexting
C. Typosquatting
D. Phishing
Answer: D
Explanation:
Phishing is a type of social engineering attack that involves sending fraudulent emails that appear to be from legitimate sources, such as payment websites,
banks, or other trusted entities. The goal of phishing is to trick the recipients into clicking on malicious links, opening malicious attachments, or providing sensitive
information, such as log-in credentials, personal data, or financial details. In this scenario, the employee received an email from a payment website that asked the
employee to update contact information. The email contained a link that directed the employee to a fake website that mimicked the appearance of the real one.
The employee entered the log-in information, but received a “page not found” error message. This indicates that the employee fell victim to a phishing attack, and
the attacker may have captured the employee’s credentials for the payment website. References = Other Social Engineering Attacks – CompTIA Security+
SY0-701 – 2.2, CompTIA Security+: Social Engineering Techniques & Other Attack … - NICCS, [CompTIA Security+ Study Guide with over 500 Practice Test
Questions: Exam SY0-701, 9th Edition]
NEW QUESTION 24
Which of the following exercises should an organization use to improve its incident response process?
A. Tabletop
B. Replication
C. Failover
D. Recovery
Answer: A
Explanation:
A tabletop exercise is a simulated scenario that tests the organization’s incident response plan and procedures. It involves key stakeholders and decision-makers
who discuss their roles and actions in response to a hypothetical incident. It can help identify gaps, weaknesses, and improvement areas in the incident response
process. It can also enhance communication, coordination, and collaboration among the
participants. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 525 1
NEW QUESTION 29
A security consultant needs secure, remote access to a client environment. Which of the following should the security consultant most likely use to gain access?
A. EAP
B. DHCP
C. IPSec
D. NAT
Answer: C
Explanation:
IPSec is a protocol suite that provides secure communication over IP networks. IPSec can be used to create virtual private networks (VPNs) that encrypt and
authenticate the data exchanged between two or more parties. IPSec can also provide data integrity, confidentiality, replay protection, and access control. A
security consultant can use IPSec to gain secure, remote access to a client environment by establishing a VPN tunnel with the client’s network. References:
CompTIA Security+ Study Guide: Exam SY0- 701, 9th Edition, Chapter 8: Secure Protocols and Services, page 385 1
NEW QUESTION 31
After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial
Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training?
A. Insider threat
B. Email phishing
C. Social engineering
D. Executive whaling
Answer: C
Explanation:
Social engineering is the practice of manipulating people into performing actions or divulging confidential information, often by impersonating someone else or
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy SY0-701 dumps
https://www.2passeasy.com/dumps/SY0-701/ (0 New Questions)
creating a sense of urgency or trust. The suspicious caller in this scenario was trying to use social engineering to trick the user into giving away credit card
information by pretending to be the CFO and asking for a payment. The user recognized this as a potential scam and reported it to the IT help desk. The other
topics are not relevant to this
situation. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 19 1
NEW QUESTION 32
An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device.
Which of the following best describes the user’s activity?
A. Penetration testing
B. Phishing campaign
C. External audit
D. Insider threat
Answer: D
Explanation:
An insider threat is a security risk that originates from within the organization, such as an employee, contractor, or business partner, who has authorized access to
the organization’s data and systems. An insider threat can be malicious, such as stealing, leaking, or sabotaging sensitive data, or unintentional, such as falling
victim to phishing or social engineering. An insider threat can cause significant damage to the organization’s reputation, finances, operations, and legal
compliance. The user’s activity of logging in remotely after hours and copying large amounts of data to a personal device is an example of a malicious insider
threat, as it violates the organization’s security policies and compromises the confidentiality and integrity of the data. References = Insider Threats – CompTIA
Security+ SY0-701: 3.2, video at 0:00; CompTIA Security+ SY0-701 Certification Study Guide, page 133.
NEW QUESTION 36
Which of the following must be considered when designing a high-availability network? (Select two).
A. Ease of recovery
B. Ability to patch
C. Physical isolation
D. Responsiveness
E. Attack surface
F. Extensible authentication
Answer: AE
Explanation:
A high-availability network is a network that is designed to minimize downtime and ensure continuous operation of critical services and applications. To achieve
this goal, a high-availability network must consider two important factors: ease of recovery and attack surface.
Ease of recovery refers to the ability of a network to quickly restore normal functionality after a failure, disruption, or disaster. A high-availability network should
have mechanisms such as redundancy, failover, backup, and restore to ensure that any single point of failure does not cause a complete network outage. A high-
availability network should also have procedures and policies for incident response, disaster recovery, and business continuity to minimize the impact of any
network issue on the organization’s operations and reputation. Attack surface refers to the exposure of a network to potential threats and vulnerabilities. A high-
availability network should have measures such as encryption, authentication, authorization, firewall, intrusion detection and prevention, and patch management to
protect the network from unauthorized access, data breaches, malware, denial-of-service attacks, and other cyberattacks. A high-availability network should also
have processes and tools for risk assessment, threat intelligence, vulnerability scanning, and penetration testing to identify and mitigate any weaknesses or gaps
in the network security. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 4:
Architecture and Design, pages 164-1651. CompTIA Security+ Certification Kit: Exam SY0- 701, 7th Edition, Chapter 4: Architecture and Design, pages 164-1652.
NEW QUESTION 40
Which of the following would be the best ways to ensure only authorized personnel can access a secure facility? (Select two).
A. Fencing
B. Video surveillance
C. Badge access
D. Access control vestibule
E. Sign-in sheet
F. Sensor
Answer: CD
Explanation:
Badge access and access control vestibule are two of the best ways to ensure only authorized personnel can access a secure facility. Badge access requires the
personnel to present a valid and authenticated badge to a reader or scanner that grants or denies access based on predefined rules and permissions. Access
control vestibule is a physical security measure that consists of a small room or chamber with two doors, one leading to the outside and one leading to the secure
area. The personnel must enter the vestibule and wait for the first door to close and lock before the second door can be opened. This prevents tailgating or
piggybacking by unauthorized individuals. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 4, pages 197-1981
NEW QUESTION 43
A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?
A. Accept
B. Transfer
C. Mitigate
D. Avoid
Answer: B
Explanation:
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy SY0-701 dumps
https://www.2passeasy.com/dumps/SY0-701/ (0 New Questions)
Cyber insurance is a type of insurance that covers the financial losses and liabilities that result from cyberattacks, such as data breaches, ransomware, denial-of-
service, phishing, or malware. Cyber insurance can help a company recover from the costs of restoring data, repairing systems, paying ransoms, compensating
customers, or facing legal actions. Cyber insurance is one of the possible strategies that a company can use to address the items listed on the risk register. A risk
register is a document that records the identified risks, their probability, impact, and mitigation strategies for a project or an organization. The four common risk
mitigation strategies are:
? Accept: The company acknowledges the risk and decides to accept the consequences without taking any action to reduce or eliminate the risk. This strategy is
usually chosen when the risk is low or the cost of mitigation is too high.
? Transfer: The company transfers the risk to a third party, such as an insurance company, a vendor, or a partner. This strategy is usually chosen when the risk is
high or the company lacks the resources or expertise to handle the risk.
? Mitigate: The company implements controls or measures to reduce the likelihood or impact of the risk. This strategy is usually chosen when the risk is moderate
or the cost of mitigation is reasonable.
? Avoid: The company eliminates the risk by changing the scope, plan, or design of the project or the organization. This strategy is usually chosen when the risk is
unacceptable or the cost of mitigation is too high.
By purchasing cyber insurance, the company is transferring the risk to the insurance company, which will cover the financial losses and liabilities in case of a
cyberattack. Therefore, the correct answer is B. Transfer. References = CompTIA Security+ Study Guide (SY0-701), Chapter 8: Governance, Risk, and
Compliance, page 377. Professor Messer’s CompTIA SY0-701 Security+ Training Course, Section 8.1: Risk Management, video: Risk Mitigation Strategies (5:37).
NEW QUESTION 48
A company is required to use certified hardware when building networks. Which of the following best addresses the risks associated with procuring counterfeit
hardware?
A. A thorough analysis of the supply chain
B. A legally enforceable corporate acquisition policy
C. A right to audit clause in vendor contracts and SOWs
D. An in-depth penetration test of all suppliers and vendors
Answer: A
Explanation:
Counterfeit hardware is hardware that is built or modified without the authorization of the original equipment manufacturer (OEM). It can pose serious risks to
network quality, performance, safety, and reliability12. Counterfeit hardware can also contain malicious components that can compromise the security of the
network and the data that flows through it3. To address the risks associated with procuring counterfeit hardware, a company should conduct a thorough analysis of
the supply chain, which is the network of entities involved in the production, distribution, and delivery of the hardware. By analyzing the supply chain, the company
can verify the origin, authenticity, and integrity of the hardware, and identify any potential sources of counterfeit or tampered products. A thorough analysis of the
supply chain can include the following steps:
? Establishing a trusted relationship with the OEM and authorized resellers
? Requesting documentation and certification of the hardware from the OEM or authorized resellers
? Inspecting the hardware for any signs of tampering, such as mismatched labels, serial numbers, or components
? Testing the hardware for functionality, performance, and security
? Implementing a tracking system to monitor the hardware throughout its lifecycle
? Reporting any suspicious or counterfeit hardware to the OEM and law enforcement agencies References = 1: Identify Counterfeit and Pirated Products -
Cisco, 2: What Is Hardware Security? Definition, Threats, and Best Practices, 3: Beware of Counterfeit Network Equipment - TechNewsWorld, : Counterfeit
Hardware: The Threat and How to Avoid It
NEW QUESTION 49
A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations. Which of the following should the hosting provider consider
first?
A. Local data protection regulations
B. Risks from hackers residing in other countries
C. Impacts to existing contractual obligations
D. Time zone differences in log correlation
Answer: A
Explanation:
Local data protection regulations are the first thing that a cloud-hosting provider should consider before expanding its data centers to new international locations.
Data protection regulations are laws or standards that govern how personal or sensitive data is collected, stored, processed, and transferred across borders.
Different countries or regions may have different data protection regulations, such as the General Data Protection Regulation (GDPR) in the European Union, the
Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, or the California Consumer Privacy Act (CCPA) in the United States. A cloud-
hosting provider must comply with the local data protection regulations of the countries or regions where it operates or serves customers, or else it may face legal
penalties, fines, or reputational damage. Therefore, a cloud-hosting provider should research and understand the local data protection regulations of the new
international locations before expanding its data centers there. References = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam
SY0-701, 9th Edition, Chapter 7, page 269. CompTIA Security+ SY0-701 Exam Objectives, Domain 5.1, page 14.
NEW QUESTION 53
An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following
social engineering techniques are being attempted? (Choose two.)
A. Typosquatting
B. Phishing
C. Impersonation
D. Vishing
E. Smishing
F. Misinformation
Answer: BE
Explanation:
Smishing is a type of social engineering technique that uses text messages (SMS) to trick victims into revealing sensitive information, clicking malicious links, or
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy SY0-701 dumps
https://www.2passeasy.com/dumps/SY0-701/ (0 New Questions)
downloading malware. Smishing messages often appear to come from legitimate sources, such as banks, government agencies, or service providers, and use
urgent or threatening language to persuade the recipients to take action12. In this scenario, the text message that claims to be from the payroll department is an
example of smishing.
Impersonation is a type of social engineering technique that involves pretending to be someone else, such as an authority figure, a trusted person, or a colleague,
to gain the trust or cooperation of the target. Impersonation can be done through various channels, such as phone calls, emails, text messages, or in-person visits,
and can be used to obtain information, access, or money from the victim34. In this scenario, the text message that pretends to be from the payroll department is an
example of impersonation.
* A. Typosquatting is a type of cyberattack that involves registering domain names that are similar to popular or well-known websites, but with intentional spelling
errors or different extensions. Typosquatting aims to exploit the common mistakes that users make when typing web addresses, and redirect them to malicious or
fraudulent sites that may steal their information, install malware, or display ads56. Typosquatting is not related to text messages or credential verification.
* B. Phishing is a type of social engineering technique that uses fraudulent emails to trick recipients into revealing sensitive information, clicking malicious links, or
downloading malware. Phishing emails often mimic the appearance and tone of legitimate organizations, such as banks, retailers, or service providers, and use
deceptive or urgent language to persuade the recipients to take action78. Phishing is not related to text messages or credential verification.
* D. Vishing is a type of social engineering technique that uses voice calls to trick victims into revealing sensitive information, such as passwords, credit card
numbers, or bank account details. Vishing calls often appear to come from legitimate sources, such as law enforcement, government agencies, or technical
support, and use scare tactics or false promises to persuade the recipients to comply9 . Vishing is not related to text messages or credential verification.
* F. Misinformation is a type of social engineering technique that involves spreading false or misleading information to influence the beliefs, opinions, or actions of
the target. Misinformation can be used to manipulate public perception, create confusion, damage reputation, or promote an agenda . Misinformation is not related
to text messages or credential verification.
References = 1: What is Smishing? | Definition and Examples | Kaspersky 2: Smishing - Wikipedia 3: Impersonation Attacks: What Are They and How Do You
Protect Against
Them? 4: Impersonation - Wikipedia 5: What is Typosquatting? | Definition and Examples | Kaspersky 6: Typosquatting - Wikipedia 7: What is Phishing? |
Definition and Examples | Kaspersky 8: Phishing - Wikipedia 9: What is Vishing? | Definition and Examples | Kaspersky : Vishing - Wikipedia : What is
Misinformation? | Definition and Examples | Britannica : Misinformation - Wikipedia
NEW QUESTION 55
Which of the following are cases in which an engineer should recommend the decommissioning of a network device? (Select two).
A. The device has been moved from a production environment to a test environment.
B. The device is configured to use cleartext passwords.
C. The device is moved to an isolated segment on the enterprise network.
D. The device is moved to a different location in the enterprise.
E. The device's encryption level cannot meet organizational standards.
F. The device is unable to receive authorized updates.
Answer: E
Explanation:
An engineer should recommend the decommissioning of a network device when the device poses a security risk or a compliance violation to the enterprise
environment. A device that cannot meet the encryption standards or receive authorized updates is vulnerable to attacks and breaches, and may expose sensitive
data or compromise network integrity. Therefore, such a device should be removed from the network and replaced with a more secure and updated one.
References
? CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 2, Section 2.2, page 671
? CompTIA Security+ Practice Tests: Exam SY0-701, 3rd Edition, Chapter 2,
Question 16, page 512
NEW QUESTION 56
A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?
A. Testing input validation on the user input fields
B. Performing code signing on company-developed software
C. Performing static code analysis on the software
D. Ensuring secure cookies are use
Answer: B
Explanation:
Code signing is a technique that uses cryptography to verify the authenticity and integrity of the code created by the company. Code signing involves applying a
digital signature to the code using a private key that only the company possesses. The digital signature can be verified by anyone who has the corresponding
public key, which can be distributed through a trusted certificate authority. Code signing can prevent unauthorized modifications, tampering, or malware injection
into the code, and it can also assure the users that the code is from a legitimate source. References = CompTIA Security+ Study Guide with over 500 Practice Test
Questions: Exam SY0-701, 9th Edition, Chapter 2, page 74. CompTIA Security+ (SY0-701) Certification Exam Objectives, Domain 3.2, page 11. Application
Security – SY0-601 CompTIA Security+ : 3.2
NEW QUESTION 60
Which of the following involves an attempt to take advantage of database misconfigurations?
A. Buffer overflow
B. SQL injection
C. VM escape
D. Memory injection
Answer: B
Explanation:
SQL injection is a type of attack that exploits a database misconfiguration or a flaw in the application code that interacts with the database. An attacker can inject
malicious SQL statements into the user input fields or the URL parameters that are sent to the database server. These statements can then execute unauthorized
commands, such as reading, modifying, deleting, or creating data, or even taking over the database server. SQL injection can compromise the confidentiality,
integrity, and availability of the data and the system. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 215 1
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy SY0-701 dumps
https://www.2passeasy.com/dumps/SY0-701/ (0 New Questions)
NEW QUESTION 62
A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy?
A. Enumeration
B. Sanitization
C. Destruction
D. Inventory
Answer: B
Explanation:
Sanitization is the process of removing sensitive data from a storage device or a system before it is disposed of or reused. Sanitization can be done by using
software tools or hardware devices that overwrite the data with random patterns or zeros, making it unrecoverable. Sanitization is different from destruction, which
is the physical damage of the storage device to render it unusable. Sanitization is also different from enumeration, which is the identification of network resources
or devices, and inventory, which is the tracking of assets and their locations. The policy of securely wiping hard drives before sending decommissioned systems to
recycling is an example of sanitization, as it ensures that no confidential data can be retrieved from the recycled devices. References = Secure Data Destruction –
SY0-601 CompTIA Security+ : 2.7, video at 1:00; CompTIA Security+ SY0-701 Certification Study Guide, page 387.
NEW QUESTION 66
After a company was compromised, customers initiated a lawsuit. The company's attorneys have requested that the security team initiate a legal hold in response
to the lawsuit. Which of the following describes the action the security team will most likely be required to take?
A. Retain the emails between the security team and affected customers for 30 days.
B. Retain any communications related to the security breach until further notice.
C. Retain any communications between security members during the breach response.
D. Retain all emails from the company to affected customers for an indefinite period of time.
Answer: B
Explanation:
A legal hold (also known as a litigation hold) is a notification sent from an organization’s legal team to employees instructing them not to delete electronically
stored information (ESI) or discard paper documents that may be relevant to a new or imminent legal case. A legal hold is intended to preserve evidence and
prevent spoliation, which is the intentional or negligent destruction of evidence that could harm a party’s case. A legal hold can be triggered by various events,
such as a lawsuit, a regulatory investigation, or a subpoena12 In this scenario, the company’s attorneys have requested that the security team initiate a legal hold
in response to the lawsuit filed by the customers after the company was compromised. This means that the security team will most likely be required to retain any
communications related to the security breach until further notice. This could include emails, instant messages, reports, logs, memos, or any other documents that
could be relevant to the lawsuit. The security team should also inform the relevant custodians (the employees who have access to or control over the ESI) of their
preservation obligations and monitor their compliance. The security team should also document the legal hold process and its scope, as well as take steps to
protect the ESI from alteration, deletion, or loss34
References:
1: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 6: Risk Management, page 303 2: CompTIA Security+ Certification Kit: Exam SY0-701,
7th Edition, Chapter 6: Risk Management, page 305 3: Legal Hold (Litigation Hold) - The Basics of E-Discovery - Exterro 5 4: The Legal Implications and
Consequences of a Data Breach 6
NEW QUESTION 69
A security analyst scans a company's public network and discovers a host is running a remote desktop that can be used to access the production network. Which
of the following changes should the security analyst recommend?
A. Changing the remote desktop port to a non-standard number
B. Setting up a VPN and placing the jump server inside the firewall
C. Using a proxy for web connections from the remote desktop server
D. Connecting the remote server to the domain and increasing the password length
Answer: B
Explanation:
A VPN is a virtual private network that creates a secure tunnel between two or more devices over a public network. A VPN can encrypt and authenticate the data,
as well as hide the IP addresses and locations of the devices. A jump server is a server that acts as an intermediary between a user and a target server, such as a
production server. A jump server can provide an additional layer of security and access control, as well as logging and auditing capabilities. A firewall is a device or
software that filters and blocks unwanted network traffic based on predefined rules. A firewall can protect the internal network from external threats and limit the
exposure of sensitive services and ports. A security analyst should recommend setting up a VPN and placing the jump server inside the firewall to improve the
security of the remote desktop access to the production network. This way, the remote desktop service will not be exposed to the public network, and only
authorized users with VPN credentials can access the jump server and then the production
server. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 8: Secure Protocols and Services, page 382-383 1; Chapter 9: Network
Security, page 441-442 1
NEW QUESTION 73
A systems administrator receives the following alert from a file integrity monitoring tool: The hash of the cmd.exe file has changed.
The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?
A. The end user changed the file permissions.
B. A cryptographic collision was detected.
C. A snapshot of the file system was taken.
D. A rootkit was deployed.
Answer: D
Explanation:
A rootkit is a type of malware that modifies or replaces system files or processes to hide its presence and activity. A rootkit can change the hash of the cmd.exe
file, which is a command-line interpreter for Windows systems, to avoid detection by antivirus or file integrity monitoring tools. A rootkit can also grant the attacker
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy SY0-701 dumps
https://www.2passeasy.com/dumps/SY0-701/ (0 New Questions)
remote access and control over the infected system, as well as perform malicious actions such as stealing data, installing backdoors, or launching attacks on other
systems. A rootkit is one of the most difficult types of malware to remove, as it can persist even after rebooting or
reinstalling the OS. References = CompTIA Security+ Study Guide with over 500 Practice
Test Questions: Exam SY0-701, 9th Edition, Chapter 4, page 147. CompTIA Security+ SY0-701 Exam Objectives, Domain 1.2, page 9.
NEW QUESTION 78
A company’s legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-
risk countries. Which of the following is the most effective way to limit this access?
A. Data masking
B. Encryption
C. Geolocation policy
D. Data sovereignty regulation
Answer: C
Explanation:
A geolocation policy is a policy that restricts or allows access to data or resources based on the geographic location of the user or device. A geolocation policy can
be implemented using various methods, such as IP address filtering, GPS tracking, or geofencing. A geolocation policy can help the company’s legal department
to prevent unauthorized access to sensitive documents from individuals in high-risk countries12.
The other options are not effective ways to limit access based on location:
? Data masking: This is a technique of obscuring or replacing sensitive data with fictitious or anonymized data. Data masking can protect the privacy and
confidentiality of data, but it does not prevent access to data based on location3.
? Encryption: This is a process of transforming data into an unreadable format using a secret key or algorithm. Encryption can protect the integrity and
confidentiality of data, but it does not prevent access to data based on location. Encryption can also be bypassed by attackers who have the decryption key or
method4.
? Data sovereignty regulation: This is a set of laws or rules that govern the storage, processing, and transfer of data within a specific jurisdiction or country. Data
sovereignty regulation can affect the availability and compliance of data, but it does not prevent access to data based on location. Data sovereignty regulation can
also vary depending on the country or region.
References = 1: CompTIA Security+ SY0-701 Certification Study Guide, page 972: Account Policies – SY0-601 CompTIA Security+ : 3.7, video by Professor
Messer3: CompTIA Security+ SY0-701 Certification Study Guide, page 1004: CompTIA Security+ SY0-701 Certification Study Guide, page 101. : CompTIA
Security+ SY0-701 Certification Study Guide, page 102.
NEW QUESTION 82
Which of the following would be the best way to block unknown programs from executing?
A. Access control list
B. Application allow list.
C. Host-based firewall
D. DLP solution
Answer: B
Explanation:
An application allow list is a security technique that specifies which applications are permitted to run on a system or a network. An application allow list can block
unknown programs from executing by only allowing the execution of programs that are explicitly authorized and verified. An application allow list can prevent
malware, unauthorized software, or unwanted applications from running and compromising the security of the system or the network12.
The other options are not the best ways to block unknown programs from executing:
? Access control list: This is a security technique that specifies which users or groups are granted or denied access to a resource or an object. An access control
list can control the permissions and privileges of users or groups, but it does not directly block unknown programs from executing13.
? Host-based firewall: This is a security device that monitors and filters the incoming and outgoing network traffic on a single host or system. A host-based firewall
can block or allow network connections based on predefined rules, but it does not directly block unknown programs from executing1 .
? DLP solution: This is a security system that detects and prevents the unauthorized transmission or leakage of sensitive data. A DLP solution can protect the
confidentiality and integrity of data, but it does not directly block unknown programs from executing1 .
References = 1: CompTIA Security+ SY0-701 Certification Study Guide, page 972: Application Whitelisting – CompTIA Security+ SY0-701 – 3.5, video by
Professor Messer3: CompTIA Security+ SY0-701 Certification Study Guide, page 98. : CompTIA Security+ SY0-701 Certification Study Guide, page 99. :
CompTIA Security+ SY0-701 Certification Study Guide, page 100.
NEW QUESTION 85
A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee’s corporate laptop. The security analyst
has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the
analyst use as a data source?
A. Application
B. IPS/IDS
C. Network
D. Endpoint
Answer: D
Explanation:
An endpoint log is a file that contains information about the activities and events that occur on an end-user device, such as a laptop, desktop, tablet, or
smartphone. Endpoint logs can provide valuable data for security analysts, such as the processes running on the device, the network connections established, the
files accessed or modified, the user actions performed, and the applications installed or updated. Endpoint logs can also record the details of any executable files
running on the device, such as the name, path, size, hash, signature, and permissions of the executable.
An application log is a file that contains information about the events that occur within a software application, such as errors, warnings, transactions, or
performance metrics. Application logs can help developers and administrators troubleshoot issues, optimize performance, and monitor user behavior. However,
application logs may not provide enough information about the executable files running on the device, especially if they are malicious or unknown.
An IPS/IDS log is a file that contains information about the network traffic that is monitored and analyzed by an intrusion prevention system (IPS) or an intrusion
detection system (IDS). IPS/IDS logs can help security analysts identify and block potential attacks, such as exploit attempts, denial-of-service (DoS) attacks, or
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy SY0-701 dumps
https://www.2passeasy.com/dumps/SY0-701/ (0 New Questions)
malicious scans. However, IPS/IDS logs may not provide enough information about the executable files running on the device, especially if they are encrypted,
obfuscated, or use legitimate protocols.
A network log is a file that contains information about the network activity and communication that occurs between devices, such as IP addresses, ports, protocols,
packets, or bytes. Network logs can help security analysts understand the network topology, traffic patterns, and bandwidth usage. However, network logs may not
provide enough information about the executable files running on the device, especially if they are hidden, spoofed, or use proxy servers.
Therefore, the best log type to use as a data source for additional information about the executable running on the machine is the endpoint log, as it can provide
the most relevant and detailed data about the executable file and its behavior.
References = https://www.crowdstrike.com/cybersecurity-101/observability/application-log/
https://owasp.org/www-project-proactive-controls/v3/en/c9-security-logging
NEW QUESTION 87
Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer’s PII?
A. SCAP
B. Net Flow
C. Antivirus
D. DLP
Answer: D
Explanation:
DLP stands for Data Loss Prevention, which is a tool that can assist with detecting and preventing the unauthorized transmission or leakage of sensitive data,
such as a customer’s PII (Personally Identifiable Information). DLP can monitor, filter, and block data in motion (such as emails), data at rest (such as files), and
data in use (such as applications). DLP can also alert the sender, the recipient, or the administrator of the data breach, and apply remediation actions, such as
encryption, quarantine, or deletion. DLP can help an organization comply with data protection regulations, such as GDPR, HIPAA, or PCI DSS, and protect its
reputation and assets. References = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 2, page 78.
CompTIA Security+ SY0-701 Exam Objectives, Domain 2.5, page 11.
NEW QUESTION 88
An organization wants a third-party vendor to do a penetration test that targets a specific
device. The organization has provided basic information about the device. Which of the following best describes this kind of penetration test?
A. Partially known environment
B. Unknown environment
C. Integrated
D. Known environment
Answer: A
Explanation:
A partially known environment is a type of penetration test where the tester has some information about the target, such as the IP address, the operating system,
or the device type. This can help the tester focus on specific vulnerabilities and reduce the scope of the test. A partially known environment is also called a gray
box test1. References: CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 10, page 543.
NEW QUESTION 89
A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management
team. Which of the following best describes the threat actor in the CISO's report?
A. Insider threat
B. Hacktivist
C. Nation-state
D. Organized crime
Answer: D
Explanation:
Ransomware-as-a-service is a type of cybercrime where hackers sell or rent ransomware tools or services to other criminals who use them to launch attacks and
extort money from victims. This is a typical example of organized crime, which is a group of criminals who work together to conduct illegal activities for profit.
Organized crime is different from other types of threat actors, such as insider threats, hacktivists, or nation-states, who may have different motives, methods, or
targets. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 17 1
NEW QUESTION 92
Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?
A. Software as a service
B. Infrastructure as code
C. Internet of Things
D. Software-defined networking
Answer: B
Explanation:
Infrastructure as code (IaC) is a method of using code and automation to manage and provision cloud resources, such as servers, networks, storage, and
applications. IaC allows for easy deployment, scalability, consistency, and repeatability of cloud environments. IaC is also a key component of DevSecOps, which
integrates security into the development and operations processes. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 6: Cloud
and Virtualization Concepts, page 294.
NEW QUESTION 95
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy SY0-701 dumps
https://www.2passeasy.com/dumps/SY0-701/ (0 New Questions)
A systems administrator is looking for a low-cost application-hosting solution that is cloud- based. Which of the following meets these requirements?
A. Serverless framework
B. Type 1 hvpervisor
C. SD-WAN
D. SDN
Answer: A
Explanation:
A serverless framework is a cloud-based application-hosting solution that meets the requirements of low-cost and cloud-based. A serverless framework is a type
of cloud computing service that allows developers to run applications without managing or provisioning any servers. The cloud provider handles the server-side
infrastructure, such as scaling, load balancing, security, and maintenance, and charges the developer only for the resources consumed by the application. A
serverless framework enables developers to focus on the application logic and functionality, and reduces the operational costs and complexity of hosting
applications. Some examples of serverless frameworks are AWS Lambda, Azure Functions, and Google Cloud Functions.
A type 1 hypervisor, SD-WAN, and SDN are not cloud-based application-hosting solutions that meet the requirements of low-cost and cloud-based. A type 1
hypervisor is a software layer that runs directly on the hardware and creates multiple virtual machines that can run different operating systems and applications. A
type 1 hypervisor is not a cloud-based service, but a virtualization technology that can be used to create private or hybrid clouds. A type 1 hypervisor also requires
the developer to manage and provision the servers and the virtual machines, which can increase the operational costs and complexity of hosting applications.
Some examples of type 1 hypervisors are VMware ESXi, Microsoft Hyper-V, and Citrix XenServer.
SD-WAN (Software-Defined Wide Area Network) is a network architecture that uses software to dynamically route traffic across multiple WAN connections, such
as broadband, LTE, or MPLS. SD-WAN is not a cloud-based service, but a network optimization technology that can improve the performance, reliability, and
security of WAN connections. SD-WAN can be used to connect remote sites or users to cloud-based applications, but it does not host the applications itself. Some
examples of SD-WAN vendors are Cisco, VMware, and Fortinet.
SDN (Software-Defined Networking) is a network architecture that decouples the control plane from the data plane, and uses a centralized controller to
programmatically manage and configure the network devices and traffic flows. SDN is not a cloud-based service, but a network automation technology that can
enhance the scalability, flexibility, and efficiency of the network. SDN can be used to create virtual networks or network functions that can support cloud-based
applications, but it does not host the applications itself. Some examples of SDN vendors are OpenFlow, OpenDaylight, and OpenStack.
References = CompTIA Security+ SY0-701 Certification Study Guide, page 264-265; Professor Messer’s CompTIA SY0-701 Security+ Training Course, video 3.1
- Cloud and Virtualization, 7:40 - 10:00; [Serverless Framework]; [Type 1 Hypervisor]; [SD-WAN]; [SDN].
NEW QUESTION 98
Which of the following is used to validate a certificate when it is presented to a user?
A. OCSP
B. CSR
C. CA
D. CRC
Answer: A
Explanation:
OCSP stands for Online Certificate Status Protocol. It is a protocol that allows applications to check the revocation status of a certificate in real-time. It works by
sending a query to an OCSP responder, which is a server that maintains a database of revoked certificates. The OCSP responder returns a response that
indicates whether the certificate is valid, revoked, or unknown. OCSP is faster and more efficient than downloading and parsing Certificate Revocation Lists
(CRLs), which are large files that contain the serial numbers of all revoked certificates issued by a Certificate Authority (CA). References: CompTIA Security+
Study Guide: Exam SY0-701, 9th Edition, page 337 1
NEW QUESTION 100
A security administrator would like to protect data on employees’ laptops. Which of the following encryption techniques should the security administrator use?
A. Partition
B. Asymmetric
C. Full disk
D. Database
Answer: C
Explanation:
Full disk encryption (FDE) is a technique that encrypts all the data on a hard drive, including the operating system, applications, and files. FDE protects the data
from unauthorized access in case the laptop is lost, stolen, or disposed of without proper sanitization. FDE requires the user to enter a password, a PIN, a smart
card, or a biometric factor to unlock the drive and boot the system. FDE can be implemented by using software solutions, such as BitLocker, FileVault, or
VeraCrypt, or by using hardware solutions, such as self-encrypting drives (SEDs) or Trusted Platform Modules (TPMs). FDE is a recommended encryption
technique for laptops and other mobile devices that store sensitive data.
Partition encryption is a technique that encrypts only a specific partition or volume on a hard drive, leaving the rest of the drive unencrypted. Partition encryption is
less secure than FDE, as it does not protect the entire drive and may leave traces of data on unencrypted areas. Partition encryption is also less convenient than
FDE, as it requires the user to mount and unmount the encrypted partition manually.
Asymmetric encryption is a technique that uses a pair of keys, one public and one private, to encrypt and decrypt data. Asymmetric encryption is mainly used for
securing communication, such as email, web, or VPN, rather than for encrypting data at rest. Asymmetric encryption is also slower and more computationally
intensive than symmetric encryption, which is the type of encryption used by FDE and partition encryption.
Database encryption is a technique that encrypts data stored in a database, such as tables, columns, rows, or cells. Database encryption can be done at the
application level, the database level, or the file system level. Database encryption is useful for protecting data from unauthorized access by database
administrators, hackers, or malware, but it does not protect the data from physical theft or loss of the device that hosts the database. References = Data Encryption
– CompTIA Security+ SY0-401: 4.4, CompTIA Security+Cheat Sheet and PDF | Zero To Mastery, CompTIA Security+ SY0-601 Certification Course
- Cybr, Application Hardening – SY0-601 CompTIA Security+ : 3.2.
NEW QUESTION 103
A company's marketing department collects, modifies, and stores sensitive customer data. The infrastructure team is responsible for securing the data while in
transit and at rest. Which of the following data roles describes the customer?
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy SY0-701 dumps
https://www.2passeasy.com/dumps/SY0-701/ (0 New Questions)
A. Processor
B. Custodian
C. Subject
D. Owner
Answer: C
Explanation:
According to the CompTIA Security+ SY0-701 Certification Study Guide, data subjects are the individuals whose personal data is collected, processed, or stored
by an organization. Data subjects have certain rights and expectations regarding how their data is handled, such as the right to access, correct, delete, or restrict
their data. Data subjects are different from data owners, who are the individuals or entities that have the authority and responsibility to determine how data is
classified, protected, and used. Data subjects are also different from data processors, who are the individuals or entities that perform operations on data on behalf
of the data owner, such as collecting, modifying, storing, or transmitting data. Data subjects are also different from data custodians, who are the individuals or
entities that implement the security controls and procedures specified by the data owner to protect data while in transit and at rest.
ReferencesCompTIA Security+ SY0-701 Certification Study Guide, Chapter 2: Data Security, page 511
NEW QUESTION 108
A security manager created new documentation to use in response to various types of security incidents. Which of the following is the next step the manager
should take?
A. Set the maximum data retention policy.
B. Securely store the documents on an air-gapped network.
C. Review the documents' data classification policy.
D. Conduct a tabletop exercise with the team.
Answer: D
Explanation:
A tabletop exercise is a simulated scenario that tests the effectiveness of a security incident response plan. It involves gathering the relevant stakeholders and
walking through the steps of the plan, identifying any gaps or issues that need to be addressed. A tabletop exercise is a good way to validate the documentation
created by the security manager and ensure that the team is prepared for various types of security incidents. References: CompTIA Security+ Study Guide: Exam
SY0-701, 9th Edition, Chapter 6: Risk Management, page 2841. CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 6: Risk Management,
page 2842.
NEW QUESTION 110
An organization’s internet-facing website was compromised when an attacker exploited a buffer overflow. Which of the following should the organization deploy to
best protect against similar attacks in the future?
A. NGFW
B. WAF
C. TLS
D. SD-WAN
Answer: B
Explanation:
A buffer overflow is a type of software vulnerability that occurs when an application writes more data to a memory buffer than it can hold, causing the excess data
to overwrite adjacent memory locations. This can lead to unexpected behavior, such as crashes, errors, or code execution. A buffer overflow can be exploited by
an attacker to inject malicious code or commands into the application, which can compromise the security and functionality of the system. An organization’s
internet-facing website was compromised when an attacker exploited a buffer overflow. To best protect against similar attacks in the future, the organization should
deploy a web application firewall (WAF). A WAF is a type of firewall that monitors and filters the traffic between a web application and the internet. A WAF can
detect and block common web attacks, such as buffer overflows, SQL injections, cross-site scripting (XSS), and more. A WAF can also enforce security policies
and rules, such as input validation, output encoding, and encryption. A WAF can provide a layer of protection for the web application, preventing attackers from
exploiting its vulnerabilities and compromising its data. References = Buffer Overflows – CompTIA Security+ SY0-701
– 2.3, Web Application Firewalls – CompTIA Security+ SY0-701 – 2.4, [CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701,
9th Edition]
NEW QUESTION 115
An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP
address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal?
A. Access list outbound permit 0.0.0.0 0 0.0.0.0/0 port 53 Access list outbound deny 10.50.10.25 32 0.0.0.0/0 port 53
B. Access list outbound permit 0.0.0.0/0 10.50.10.25 32 port 53 Access list outbound deny 0.0.0.0 0 0.0.0.0/0 port 53
C. Access list outbound permit 0.0.0.0 0 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0 10.50.10.25 32 port 53
D. Access list outbound permit 10.50.10.25 32 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0.0.0.0.0.0/0 port 53
Answer: D
Explanation:
The correct answer is D because it allows only the device with the IP address 10.50.10.25 to send outbound DNS requests on port 53, and denies all other
devices from doing so. The other options are incorrect because they either allow all devices to send outbound DNS requests (A and C), or they allow no devices to
send outbound DNS requests (B). References = You can learn more about firewall ACLs and DNS in the following resources:
? CompTIA Security+ SY0-701 Certification Study Guide, Chapter 4: Network Security1
? Professor Messer’s CompTIA SY0-701 Security+ Training Course, Section 3.2: Firewall Rules2
? TOTAL: CompTIA Security+ Cert (SY0-701) | Udemy, Section 6: Network Security, Lecture 28: Firewall Rules3
NEW QUESTION 117
A security team is reviewing the findings in a report that was delivered after a third party performed a penetration test. One of the findings indicated that a web
application form field is vulnerable to cross-site scripting. Which of the following application security techniques should the security analyst recommend the
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy SY0-701 dumps
https://www.2passeasy.com/dumps/SY0-701/ (0 New Questions)
developer implement to prevent this vulnerability?
A. Secure cookies
B. Version control
C. Input validation
D. Code signing
Answer: C
Explanation:
Input validation is a technique that checks the user input for any malicious or unexpected data before processing it by the web application. Input validation can
prevent cross-site scripting (XSS) attacks, which exploit the vulnerability of a web application to execute malicious scripts in the browser of a victim. XSS attacks
can compromise the confidentiality, integrity, and availability of the web application and its users. Input validation can be implemented on both the client-side and
the server-side, but server-side validation is more reliable and secure. Input validation can use various methods, such as whitelisting, blacklisting, filtering,
escaping, encoding, and sanitizing the input data. References = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th
Edition, Chapter 2, page 70. CompTIA Security+ (SY0-701) Certification Exam Objectives, Domain 3.2, page 11. Application Security – SY0-601 CompTIA
Security+ : 3.2
NEW QUESTION 120
A company is discarding a classified storage array and hires an outside vendor to complete the disposal. Which of the following should the company request from
the vendor?
A. Certification
B. Inventory list
C. Classification
D. Proof of ownership
Answer: A
Explanation:
The company should request a certification from the vendor that confirms the storage array has been disposed of securely and in compliance with the company’s
policies and standards. A certification provides evidence that the vendor has followed the proper procedures and methods to destroy the classified data and
prevent unauthorized access or recovery. A certification may also include details such as the date, time, location, and method of disposal, as well as the names
and signatures of the personnel
involved. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 3, page 1441
NEW QUESTION 122
During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters,
and two special characters. Once the password is created, the company will grant the employee access to other company-owned websites based on the intranet
profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites
based on a user's intranet account? (Select two).
A. Federation
B. Identity proofing
C. Password complexity
D. Default password changes
E. Password manager
F. Open authentication
Answer: AC
Explanation:
Federation is an access management concept that allows users to authenticate once and access multiple resources or services across different domains or
organizations. Federation relies on a trusted third party that stores the user’s credentials and provides them to the requested resources or services without
exposing them. Password complexity is a security measure that requires users to create passwords that meet certain criteria, such as length, character types, and
uniqueness. Password complexity can help prevent brute-force attacks, password guessing, and credential stuffing by making passwords harder to crack or guess.
References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 308-309 and 312-313 1
NEW QUESTION 124
Which of the following roles, according to the shared responsibility model, is responsible for securing the company’s database in an IaaS model for a cloud
environment?
A. Client
B. Third-party vendor
C. Cloud provider
D. DBA
Answer: A
Explanation:
According to the shared responsibility model, the client and the cloud provider have different roles and responsibilities for securing the cloud environment,
depending on the service model. In an IaaS (Infrastructure as a Service) model, the cloud provider is responsible for securing the physical infrastructure, such as
the servers, storage, and network devices, while the client is responsible for securing the operating systems, applications, and data that run on the cloud
infrastructure. Therefore, the client is responsible for securing the company’s database in an IaaS model for a cloud environment, as the database is an
application that stores data. The client can use various security controls, such as encryption, access control, backup, and auditing, to protect the database from
unauthorized access, modification, or loss. The third-party vendor and the DBA (Database Administrator) are not roles defined by the shared responsibility model,
but they may be involved in the implementation or management of the database security. References = CompTIA Security+ SY0-701 Certification Study Guide,
page 263- 264; Professor Messer’s CompTIA SY0-701 Security+ Training Course, video 3.1 - Cloud and Virtualization, 5:00 - 7:40.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy SY0-701 dumps
https://www.2passeasy.com/dumps/SY0-701/ (0 New Questions)
NEW QUESTION 126
Which of the following is the most likely to be included as an element of communication in a security awareness program?
A. Reporting phishing attempts or other suspicious activities
B. Detecting insider threats using anomalous behavior recognition
C. Verifying information when modifying wire transfer data
D. Performing social engineering as part of third-party penetration testing
Answer: A
Explanation:
A security awareness program is a set of activities and initiatives that aim to educate and inform the users and employees of an organization about the security
policies, procedures, and best practices. A security awareness program can help to reduce the human factor in security risks, such as social engineering, phishing,
malware, data breaches, and insider threats. A security awareness program should include various elements of communication, such as newsletters, posters,
videos, webinars, quizzes, games, simulations, and feedback mechanisms, to deliver the security messages and reinforce the security culture. One of the most
likely elements of communication to be included in a security awareness program is reporting phishing attempts or other suspicious activities, as this can help to
raise the awareness of the users and employees about the common types of cyberattacks and how to respond to them. Reporting phishing attempts or other
suspicious activities can also help to alert the security team and enable them to take appropriate actions to prevent or mitigate the impact of the attacks. Therefore,
this is the best answer among the given options.
The other options are not as likely to be included as elements of communication in a security awareness program, because they are either technical or operational
tasks that are not directly related to the security awareness of the users and employees. Detecting insider threats using anomalous behavior recognition is a
technical task that involves using security tools or systems to monitor and analyze the activities and behaviors of the users and employees and identify any
deviations or anomalies that may indicate malicious or unauthorized actions. This task is usually performed by the security team or the security operations center,
and it does not require the communication or participation of the users and employees. Verifying information when modifying wire transfer data is an operational
task that involves using verification methods, such as phone calls, emails, or digital signatures, to confirm the authenticity and accuracy of the information related
to wire transfers, such as the account number, the amount, or the recipient. This task is usually performed by the financial or accounting department, and it does
not involve the security awareness of the users and employees. Performing social engineering as part of third-party penetration testing is a technical task that
involves using deception or manipulation techniques, such as phishing, vishing, or impersonation, to test the security posture and the vulnerability of the users and
employees to social engineering attacks. This task is usually performed by external security professionals or consultants, and it does not require the
communication or consent of the users and employees. Therefore, these options are not the best answer for this question. References = Security Awareness and
Training –
CompTIA Security+ SY0-701: 5.2, video at 0:00; CompTIA Security+ SY0-701 Certification Study Guide, page 263.
NEW QUESTION 129
Which of the following is used to add extra complexity before using a one-way data transformation algorithm?
A. Key stretching
B. Data masking
C. Steganography
D. Salting
Answer: D
Explanation:
Salting is the process of adding extra random data to a password or other data before applying a one-way data transformation algorithm, such as a hash function.
Salting increases the complexity and randomness of the input data, making it harder for attackers to guess or crack the original data using precomputed tables or
brute force methods. Salting also helps prevent identical passwords from producing identical hash values, which could reveal the passwords to attackers who have
access to the hashed data. Salting is commonly used to protect passwords stored in databases or transmitted over networks. References =
? Passwords technical overview
? Encryption, hashing, salting – what’s the difference?
? Salt (cryptography)
NEW QUESTION 130
A cyber operations team informs a security analyst about a new tactic malicious actors are using to compromise networks.
SIEM alerts have not yet been configured. Which of the following best describes what the security analyst should do to identify this behavior?
A. [Digital forensics
B. E-discovery
C. Incident response
D. Threat hunting
Answer: D
Explanation:
Threat hunting is the process of proactively searching for signs of malicious activity or compromise in a network, rather than waiting for alerts or indicators of
compromise (IOCs) to appear. Threat hunting can help identify new tactics, techniques, and procedures (TTPs) used by malicious actors, as well as uncover
hidden or stealthy threats that may have evaded detection by security tools. Threat hunting requires a combination of skills, tools, and methodologies, such as
hypothesis generation, data
collection and analysis, threat intelligence, and incident response. Threat hunting can also help improve the security posture of an organization by providing
feedback and recommendations for security improvements. References = CompTIA Security+ Certification Exam Objectives, Domain 4.1: Given a scenario,
analyze potential indicators of malicious activity. CompTIA Security+ Study Guide (SY0-701), Chapter 4: Threat Detection and Response, page 153. Threat
Hunting – SY0-701 CompTIA Security+ : 4.1, Video 3:18. CompTIA Security+ Certification Exam SY0-701 Practice Test 1, Question 3.
NEW QUESTION 133
Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?
A. Automation
B. Compliance checklist
C. Attestation
D. Manual audit
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy SY0-701 dumps
https://www.2passeasy.com/dumps/SY0-701/ (0 New Questions)
Answer: A
Explanation:
Automation is the best way to consistently determine on a daily basis whether security settings on servers have been modified. Automation is the process of using
software, hardware, or other tools to perform tasks that would otherwise require human intervention or manual effort. Automation can help to improve the
efficiency, accuracy, and consistency of security operations, as well as reduce human errors and costs. Automation can be used to monitor, audit, and enforce
security settings on servers, such as firewall rules, encryption keys, access controls, patch levels, and configuration files. Automation can also alert security
personnel of any changes or anomalies that may indicate a security breach or compromise12.
The other options are not the best ways to consistently determine on a daily basis whether security settings on servers have been modified:
? Compliance checklist: This is a document that lists the security requirements, standards, or best practices that an organization must follow or adhere to. A
compliance checklist can help to ensure that the security settings on servers are aligned with the organizational policies and regulations, but it does not
automatically detect or report any changes or modifications that may occur on a daily basis3.
? Attestation: This is a process of verifying or confirming the validity or accuracy of a statement, claim, or fact. Attestation can be used to provide assurance or
evidence that the security settings on servers are correct and authorized, but it does not continuously monitor or audit any changes or modifications that may occur
on a daily basis4.
? Manual audit: This is a process of examining or reviewing the security settings on servers by human inspectors or auditors. A manual audit can help to identify
and correct any security issues or discrepancies on servers, but it is time-consuming, labor-intensive, and prone to human errors. A manual audit may not be
feasible or practical to perform on a daily basis.
References = 1: CompTIA Security+ SY0-701 Certification Study Guide, page 1022: Automation and Scripting – CompTIA Security+ SY0-701 – 5.1, video by
Professor Messer3: CompTIA Security+ SY0-701 Certification Study Guide, page 974: CompTIA Security+ SY0-701 Certification Study Guide, page 98. :
CompTIA Security+ SY0-701 Certification Study Guide, page 99.
NEW QUESTION 138
An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk
software. Which of the following security techniques is the IT manager setting up?
A. Hardening
B. Employee monitoring
C. Configuration enforcement
D. Least privilege
Answer: D
Explanation:
The principle of least privilege is a security concept that limits access to resources to the minimum level needed for a user, a program, or a device to perform a
legitimate function. It is a cybersecurity best practice that protects high-value data and assets from compromise or insider threat. Least privilege can be applied to
different abstraction layers of a computing environment, such as processes, systems, or connected devices. However, it is rarely implemented in practice.
In this scenario, the IT manager is setting up the principle of least privilege by restricting access to the administrator console of the help desk software to only two
authorized users: the IT manager and the help desk lead. This way, the IT manager can prevent unauthorized or accidental changes to the software configuration,
data, or functionality by other help desk staff. The other help desk staff will only have access to the normal user interface of the software, which is sufficient for
them to perform their job functions.
The other options are not correct. Hardening is the process of securing a system by reducing its surface of vulnerability, such as by removing unnecessary
software, changing default passwords, or disabling unnecessary services. Employee monitoring is the surveillance of workers’ activity, such as by tracking web
browsing, application use, keystrokes, or screenshots. Configuration enforcement is the process of ensuring that a system adheres to a predefined set of security
settings, such as by applying a patch, a policy, or a template.
References = https://en.wikipedia.org/wiki/Principle_of_least_privilege https://en.wikipedia.org/wiki/Principle_of_least_privilege
NEW QUESTION 140
Which of the following vulnerabilities is associated with installing software outside of a manufacturer’s approved software repository?
A. Jailbreaking
B. Memory injection
C. Resource reuse
D. Side loading
Answer: D
Explanation:
Side loading is the process of installing software outside of a manufacturer’s approved software repository. This can expose the device to potential vulnerabilities,
such as malware, spyware, or unauthorized access. Side loading can also bypass security controls and policies that are enforced by the manufacturer or the
organization. Side loading is often done by users who want to access applications or features that are not available or allowed on their devices. References =
Sideloading - CompTIA Security + Video Training | Interface Technical Training, Security+ (Plus) Certification | CompTIA IT Certifications, Load Balancers –
CompTIA Security+ SY0-501 – 2.1, CompTIA Security+ SY0-601 Certification Study Guide.
NEW QUESTION 143
Which of the following security concepts is the best reason for permissions on a human resources fileshare to follow the principle of least privilege?
A. Integrity
B. Availability
C. Confidentiality
D. Non-repudiation
Answer: C
Explanation:
Confidentiality is the security concept that ensures data is protected from unauthorized access or disclosure. The principle of least privilege is a technique that
grants users or systems the minimum level of access or permissions that they need to perform their tasks, and nothing more. By applying the principle of least
privilege to a human resources fileshare, the permissions can be restricted to only those who have a legitimate need to access the sensitive data, such as HR
staff, managers, or auditors. This can prevent unauthorized users, such as hackers, employees, or contractors, from accessing, copying, modifying, or deleting the
data. Therefore, the principle of least privilege can enhance the confidentiality of the data on the fileshare. Integrity, availability, and non- repudiation are other
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy SY0-701 dumps
https://www.2passeasy.com/dumps/SY0-701/ (0 New Questions)
security concepts, but they are not the best reason for permissions on a human resources fileshare to follow the principle of least privilege. Integrity is the security
concept that ensures data is accurate and consistent, and protected from unauthorized modification or corruption. Availability is the security concept that ensures
data is accessible and usable by authorized users or systems when needed. Non-repudiation is the security concept that ensures the authenticity and
accountability of data and actions, and prevents the denial of involvement or responsibility. While these concepts are also important for data security, they are not
directly related to the level of access or permissions granted to users or systems. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page
16-17, 372-373
NEW QUESTION 145
A company's end users are reporting that they are unable to reach external websites. After reviewing the performance data for the DNS severs, the analyst
discovers that the CPU, disk, and memory usage are minimal, but the network interface is flooded with inbound traffic. Network logs show only a small number of
DNS queries sent to this server. Which of the following best describes what the security analyst is seeing?
A. Concurrent session usage
B. Secure DNS cryptographic downgrade
C. On-path resource consumption
D. Reflected denial of service
Answer: D
Explanation:
A reflected denial of service (RDoS) attack is a type of DDoS attack that uses spoofed source IP addresses to send requests to a third-party server, which then
sends responses to the victim server. The attacker exploits the difference in size between the request and the response, which can amplify the amount of traffic
sent to the victim server. The attacker also hides their identity by using the victim’s IP address as the source. A RDoS attack can target DNS servers by sending
forged DNS queries that generate large DNS responses. This can flood the network interface of the DNS server and prevent it from serving legitimate requests
from end users. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 215-216 1
NEW QUESTION 147
Several employees received a fraudulent text message from someone claiming to be the Chief Executive Officer (CEO). The message stated:
“I’m in an airport right now with no access to email. I need you to buy gift cards for employee recognition awards. Please send the gift cards to following email
address.”
Which of the following are the best responses to this situation? (Choose two).
A. Cancel current employee recognition gift cards.
B. Add a smishing exercise to the annual company training.
C. Issue a general email warning to the company.
D. Have the CEO change phone numbers.
E. Conduct a forensic investigation on the CEO's phone.
F. Implement mobile device management.
Answer: BC
Explanation:
This situation is an example of smishing, which is a type of phishing that uses text messages (SMS) to entice individuals into providing personal or sensitive
information to cybercriminals. The best responses to this situation are to add a smishing exercise to the annual company training and to issue a general email
warning to the company. A smishing exercise can help raise awareness and educate employees on how to recognize and avoid smishing attacks. An email
warning can alert employees to the fraudulent text message and remind them to verify the identity and legitimacy of any requests for information or money.
References = What Is Phishing | Cybersecurity | CompTIA, Phishing – SY0-601 CompTIA Security+ : 1.1 - Professor Messer IT Certification Training Courses
NEW QUESTION 148
An organization would like to store customer data on a separate part of the network that is not accessible to users on the main corporate network. Which of the
following should the administrator use to accomplish this goal?
A. Segmentation
B. Isolation
C. Patching
D. Encryption
Answer: A
Explanation:
Segmentation is a network design technique that divides the network into smaller and isolated segments based on logical or physical boundaries. Segmentation
can help improve network security by limiting the scope of an attack, reducing the attack surface, and enforcing access control policies. Segmentation can also
enhance network performance, scalability, and manageability. To accomplish the goal of storing customer data on a separate part of the network, the administrator
can use segmentation technologies such as subnetting, VLANs, firewalls, routers, or switches. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th
Edition, page 308-309 1
NEW QUESTION 150
After reviewing the following vulnerability scanning report:
Server:192.168.14.6
Service: Telnet
Port: 23 Protocol: TCP Status: Open Severity: High
Vulnerability: Use of an insecure network protocol
A security analyst performs the following test: nmap -p 23 192.168.14.6 —script telnet-encryption PORT STATE SERVICE REASON
23/tcp open telnet syn-ack I telnet encryption:
| _ Telnet server supports encryption
Which of the following would the security analyst conclude for this reported vulnerability?
A. It is a false positive.
B. A rescan is required.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy SY0-701 dumps
https://www.2passeasy.com/dumps/SY0-701/ (0 New Questions)
C. It is considered noise.
D. Compensating controls exist.
Answer: A
Explanation:
A false positive is a result that indicates a vulnerability or a problem when there is none. In this case, the vulnerability scanning report shows that the telnet service
on port 23 is open and uses an insecure network protocol. However, the security analyst performs a test using nmap and a script that checks for telnet encryption
support. The result shows that the telnet server supports encryption, which means that the data transmitted between the client and the server can be protected
from eavesdropping. Therefore, the reported vulnerability is a false positive and does not reflect the actual security posture of the server. The security analyst
should verify the encryption settings of the telnet server and client and ensure that they are configured properly3. References: 3: Telnet Protocol - Can You Encrypt
Telnet?
NEW QUESTION 151
An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of .ryk. Which of the
following types of infections is present on the systems?
A. Virus
B. Trojan
C. Spyware
D. Ransomware
Answer: D
Explanation:
Ransomware is a type of malware that encrypts the victim’s files and demands a ransom for the decryption key. The ransomware usually displays a message on
the infected system with instructions on how to pay the ransom and recover the files. The .ryk extension is associated with a ransomware variant called Ryuk,
which targets large organizations and demands high ransoms1.
References: CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 1, page 17.
NEW QUESTION 154
Which of the following security control types does an acceptable use policy best represent?
A. Detective
B. Compensating
C. Corrective
D. Preventive
Answer: D
Explanation:
An acceptable use policy (AUP) is a set of rules that govern how users can access and use a corporate network or the internet. The AUP helps companies
minimize their exposure to cyber security threats and limit other risks. The AUP also serves as a notice to users about what they are not allowed to do and protects
the company against misuse of their network. Users usually have to acknowledge that they understand and agree to the rules before accessing the network1.
An AUP best represents a preventive security control type, because it aims to deter or stop potential security incidents from occurring in the first place. A
preventive control is proactive and anticipates possible threats and vulnerabilities, and implements measures to prevent them from exploiting or harming the
system or the data. A preventive control can be physical, technical, or administrative in nature2.
Some examples of preventive controls are:
? Locks, fences, or guards that prevent unauthorized physical access to a facility or a device
? Firewalls, antivirus software, or encryption that prevent unauthorized logical access to a network or a system
? Policies, procedures, or training that prevent unauthorized or inappropriate actions or behaviors by users or employees
An AUP is an example of an administrative preventive control, because it defines the policies and procedures that users must follow to ensure the security and
proper use of the network and the IT resources. An AUP can prevent users from engaging in activities that could compromise the security, performance, or
availability of the network or the system, such as:
? Downloading or installing unauthorized or malicious software
? Accessing or sharing sensitive or confidential information without authorization or encryption
? Using the network or the system for personal, illegal, or unethical purposes
? Bypassing or disabling security controls or mechanisms
? Connecting unsecured or unapproved devices to the network
By enforcing an AUP, a company can prevent or reduce the likelihood of security breaches, data loss, legal liability, or reputational damage caused by user actions
or inactions3.
References = 1: How to Create an Acceptable Use Policy - CoreTech, 2: [Security Control Types: Preventive, Detective, Corrective, and Compensating], 3: Why
You Need A
Corporate Acceptable Use Policy - CompTIA
NEW QUESTION 159
A penetration tester begins an engagement by performing port and service scans against the client environment according to the rules of engagement. Which of
the following reconnaissance types is the tester performing?
A. Active
B. Passive
C. Defensive
D. Offensive
Answer: A
Explanation:
Active reconnaissance is a type of reconnaissance that involves sending packets or requests to a target and analyzing the responses. Active reconnaissance can
reveal information such as open ports, services, operating systems, and vulnerabilities. However, active reconnaissance is also more likely to be detected by the
target or its security devices, such as firewalls or intrusion detection systems. Port and service scans are examples of active reconnaissance techniques, as they
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy SY0-701 dumps
https://www.2passeasy.com/dumps/SY0-701/ (0 New Questions)
involve probing the target for specific information. References = CompTIA Security+ Certification Exam Objectives, Domain 1.1: Given a scenario, conduct
reconnaissance using appropriate techniques and tools. CompTIA Security+ Study Guide (SY0-701), Chapter 2: Reconnaissance and Intelligence Gathering, page
47. CompTIA Security+ Certification Exam SY0-701 Practice Test 1, Question 1.
NEW QUESTION 160
Which of the following is required for an organization to properly manage its restore process in the event of system failure?
A. IRP
B. DRP
C. RPO
D. SDLC
Answer: B
Explanation:
A disaster recovery plan (DRP) is a set of policies and procedures that aim to restore the normal operations of an organization in the event of a system failure,
natural disaster, or other emergency. A DRP typically includes the following elements:
? A risk assessment that identifies the potential threats and impacts to the organization’s critical assets and processes.
? A business impact analysis that prioritizes the recovery of the most essential functions and data.
? A recovery strategy that defines the roles and responsibilities of the recovery team, the resources and tools needed, and the steps to follow to restore the
system.
? A testing and maintenance plan that ensures the DRP is updated and validated regularly. A DRP is required for an organization to properly manage its restore
process in the event of system failure, as it provides a clear and structured framework for recovering from a disaster and minimizing the downtime and data loss.
References = CompTIA Security+ Study Guide (SY0-701), Chapter 7: Resilience and Recovery, page 325.
NEW QUESTION 165
HOTSPOT
Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.
INSTRUCTIONS
Not all attacks and remediation actions will be used.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy SY0-701 dumps
https://www.2passeasy.com/dumps/SY0-701/ (0 New Questions)
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Web serverBotnet Enable DDoS protectionUser RAT Implement a host-based IPS Database server Worm Change the default application passwordExecutive
KeyloggerDisable vulnerable servicesApplication Backdoor Implement 2FA using push notification
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy SY0-701 dumps
https://www.2passeasy.com/dumps/SY0-701/ (0 New Questions)
A screenshot of a computer program
Description automatically generated with low confidence
NEW QUESTION 167
A systems administrator set up a perimeter firewall but continues to notice suspicious connections between internal endpoints. Which of the following should be set
up in order to mitigate the threat posed by the suspicious activity?
A. Host-based firewall
B. Web application firewall
C. Access control list
D. Application allow list
Answer: A
Explanation:
A host-based firewall is a software application that runs on an individual endpoint and filters the incoming and outgoing network traffic based on a set of rules. A
host-based firewall can help to mitigate the threat posed by suspicious connections between internal endpoints by blocking or allowing the traffic based on the
source, destination, port, protocol, or application. A host-based firewall is different from a web application firewall, which is a type of firewall that protects web
applications from common web-based attacks, such as SQL injection, cross-site scripting, and session hijacking. A host-based firewall is also different from an
access control list, which is a list of rules that control the access to network resources, such as files, folders, printers, or routers. A host- based firewall is also
different from an application allow list, which is a list of applications that are authorized to run on an endpoint, preventing unauthorized or malicious applications
from executing. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 254
NEW QUESTION 169
......
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Welcome to download the Newest 2passeasy SY0-701 dumps
https://www.2passeasy.com/dumps/SY0-701/ (0 New Questions)
THANKS FOR TRYING THE DEMO OF OUR PRODUCT
Visit Our Site to Purchase the Full Set of Actual SY0-701 Exam Questions With Answers.
We Also Provide Practice Exam Software That Simulates Real Exam Environment And Has Many Self-Assessment Features. Order the
SY0-701 Product From:
https://www.2passeasy.com/dumps/SY0-701/
Money Back Guarantee
SY0-701 Practice Exam Features:
* SY0-701 Questions and Answers Updated Frequently
* SY0-701 Practice Questions Verified by Expert Senior Certified Staff
* SY0-701 Most Realistic Questions that Guarantee you a Pass on Your FirstTry
* SY0-701 Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com
Powered by TCPDF (www.tcpdf.org)
You might also like
- SY0-701 CompTIA Security Updated Practice QuestionsNo ratings yetSY0-701 CompTIA Security Updated Practice Questions27 pages
- Security+ (SY0-701) : Salah Al-Attar +966592994290 T.me/salahsami2002No ratings yetSecurity+ (SY0-701) : Salah Al-Attar +966592994290 T.me/salahsami2002330 pages
- CAS-005 CompTIA SecurityX Certification Exam Updated DumpsNo ratings yetCAS-005 CompTIA SecurityX Certification Exam Updated Dumps28 pages
- Pengelly J. The Official CompTIA Security+ Certification Study Guide... 2021No ratings yetPengelly J. The Official CompTIA Security+ Certification Study Guide... 20211,002 pages
- SY0-601 Exam - Free Actual Q&as, Page 1 - ExamTopicsNo ratings yetSY0-601 Exam - Free Actual Q&as, Page 1 - ExamTopics188 pages
- SY0-701 Updated Dumps - CompTIA Security+ Certification100% (3)SY0-701 Updated Dumps - CompTIA Security+ Certification34 pages
- CompTIA - SY0-701.vJun-2024.by .Davac .94q100% (1)CompTIA - SY0-701.vJun-2024.by .Davac .94q51 pages
- WWW Freecram Net Question CompTIA SY0 701 v2024!08!26 q91 A Hacker Gained Access...No ratings yetWWW Freecram Net Question CompTIA SY0 701 v2024!08!26 q91 A Hacker Gained Access...6 pages
- CompTIA - SY0-701.vAug-2024.by .Akio .107q100% (1)CompTIA - SY0-701.vAug-2024.by .Akio .107q56 pages
- Sample Questions For Comptia Sy0 701 Exam by CarneyNo ratings yetSample Questions For Comptia Sy0 701 Exam by Carney11 pages
- SY0-701 CompTIA Security+ Certification Exam Questions and Answers PDF - PDF RoomNo ratings yetSY0-701 CompTIA Security+ Certification Exam Questions and Answers PDF - PDF Room30 pages
- 220-1102 - Premium File 488 Questions & Answers. Last Update Apr 16, 2024No ratings yet220-1102 - Premium File 488 Questions & Answers. Last Update Apr 16, 2024128 pages
- WWW Freecram Net Question CompTIA SY0 701 v2024!02!06 q72 Which of The Following...No ratings yetWWW Freecram Net Question CompTIA SY0 701 v2024!02!06 q72 Which of The Following...6 pages
- CV0-004 CompTIA Cloud+ (2024) Updated DumpsNo ratings yetCV0-004 CompTIA Cloud+ (2024) Updated Dumps16 pages
- CAS-004 Updated Dumps - CompTIA Advanced Security Practitioner (CASP+) ExamNo ratings yetCAS-004 Updated Dumps - CompTIA Advanced Security Practitioner (CASP+) Exam54 pages
- CertMaster Network N10009 Module 5 - Presentation SlidesNo ratings yetCertMaster Network N10009 Module 5 - Presentation Slides48 pages
- CompTIA SY0-701 Vjan-2024 by - Koanxy 37qNo ratings yetCompTIA SY0-701 Vjan-2024 by - Koanxy 37q17 pages
- The Third-Party Incident Response Playbook 841100No ratings yetThe Third-Party Incident Response Playbook 84110019 pages
- CompTIA - CySA+ (CS0-002) Exam - Dump - 2No ratings yetCompTIA - CySA+ (CS0-002) Exam - Dump - 243 pages
- SY0-601 Exam - Free Actual Q&As, Page 1 - ExamTopicsNo ratings yetSY0-601 Exam - Free Actual Q&As, Page 1 - ExamTopics180 pages
- Ain Dumps 2023-Oct-20 by Harlan 269q VceNo ratings yetAin Dumps 2023-Oct-20 by Harlan 269q Vce43 pages
- Security+ Practice Exam 4 - 65 Questions - More PracticeNo ratings yetSecurity+ Practice Exam 4 - 65 Questions - More Practice30 pages
- Comptia 220-701: Exam Name: Comptia A+ Essentials (2009) Q & A: 511 Q&AsNo ratings yetComptia 220-701: Exam Name: Comptia A+ Essentials (2009) Q & A: 511 Q&As5 pages
- Computer and Internet Crimes: Rank Valuable InformationNo ratings yetComputer and Internet Crimes: Rank Valuable Information6 pages
- FFT - Fortifying The Enterprise Network With NGFW Lab Guide r2.07No ratings yetFFT - Fortifying The Enterprise Network With NGFW Lab Guide r2.0788 pages
- Crisis Communications A Casebook Approach 3rd Edition Routledge Communication Series Kathleen Fearn-Banks PDF DownloadNo ratings yetCrisis Communications A Casebook Approach 3rd Edition Routledge Communication Series Kathleen Fearn-Banks PDF Download76 pages
- Innovation in Sustainable Management and EntrepreneurshipNo ratings yetInnovation in Sustainable Management and Entrepreneurship714 pages
- Service Provider Management Policy Template For CIS Control 15 3 7 20No ratings yetService Provider Management Policy Template For CIS Control 15 3 7 2016 pages
- Cybersecurity Assessments For Internal SOC and MSSP SOCNo ratings yetCybersecurity Assessments For Internal SOC and MSSP SOC45 pages
- Expert Systems With Applications: Ozgur Koray Sahingoz, Ebubekir Buber, Onder Demir, Banu DiriNo ratings yetExpert Systems With Applications: Ozgur Koray Sahingoz, Ebubekir Buber, Onder Demir, Banu Diri13 pages
- Simple Purple and White Creative Studio Brand Guidelines PresentationNo ratings yetSimple Purple and White Creative Studio Brand Guidelines Presentation21 pages
- Canara - Epassbook - 2024-04-23 11:29:34.043525No ratings yetCanara - Epassbook - 2024-04-23 11:29:34.0435255 pages
- Factsheet Enterprise Endpoint Security Fortinet 2024 04No ratings yetFactsheet Enterprise Endpoint Security Fortinet 2024 041 page
- Computer & Internet Crime: KT44103 Ethics and Law in ICT Sem 1: 2021/2020No ratings yetComputer & Internet Crime: KT44103 Ethics and Law in ICT Sem 1: 2021/202029 pages
- End of Chapter - Activities - Guffey - EBC - 12e - Ch03No ratings yetEnd of Chapter - Activities - Guffey - EBC - 12e - Ch0312 pages
- Terms Every SOC - Cybersecurity Analyst Should KnowNo ratings yetTerms Every SOC - Cybersecurity Analyst Should Know10 pages
- Phishing Attacks, Techniques, Types, Examples, and MitigationNo ratings yetPhishing Attacks, Techniques, Types, Examples, and Mitigation4 pages
- CTO-TIB-20180501-01A - Phishing With DocuSignNo ratings yetCTO-TIB-20180501-01A - Phishing With DocuSign7 pages
- CompTIA Security+ SY0-701 Practice Tests: Hundreds of challenging mock exam questions aligned with the latest SY0-701 exam objectivesFrom EverandCompTIA Security+ SY0-701 Practice Tests: Hundreds of challenging mock exam questions aligned with the latest SY0-701 exam objectivesNo ratings yet
- Cisco Certified Network Professional - CyberOps The Ultimate Step-By-Step GuideFrom EverandCisco Certified Network Professional - CyberOps The Ultimate Step-By-Step GuideNo ratings yet