Free Exam/Cram Practice Materials - Best Exam Practice Materials

IT Certification Guaranteed, The Easy Way!

NO.1 An employee clicked a link in an email from a payment website that asked the employee to
update contact information. The employee entered the log-in information but received a "page not
found" error message.
Which of the following types of social engineering attacks occurred?
A. Brand impersonation
B. Pretexting
C. Typosquatting
D. Phishing
Answer: D
Explanation:
Phishing is a type of social engineering attack that involves sending fraudulent emails that appear to
be from legitimate sources, such as payment websites, banks, or other trusted entities. The goal of
phishing is to trick the recipients into clicking on malicious links, opening malicious attachments, or
providing sensitive information, such as log-in credentials, personal data, or financial details. In this
scenario, the employee received an email from a payment website that asked the employee to
update contact information. The email contained a link that directed the employee to a fake website
that mimicked the appearance of the real one.
The employee entered the log-in information, but received a "page not found" error message. This
indicates that the employee fell victim to a phishing attack, and the attacker may have captured the
employee's credentials for the payment website. References = Other Social Engineering Attacks -
CompTIA Security+ SY0-701 - 2.2, CompTIA Security+: Social Engineering Techniques & Other Attack ...
- NICCS, [CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th
Edition]

NO.2 Which of the following should be used to ensure an attacker is unable to read the contents of a
mobile device's drive if the device is lost?
A. TPM
B. ECC
C. FDE
D. HSM
Answer: C
Explanation:
Full Disk Encryption (FDE) ensures that all data on the drive is encrypted, preventing unauthorized
access even if the device is lost.

NO.3 A customer has a contract with a CSP and wants to identify which controls should be
implemented in the IaaS enclave. Which of the following is most likely to contain this information?
A. Statement of work
B. Responsibility matrix
C. Service-level agreement
D. Master service agreement
Answer: B
Explanation:
A responsibility matrix clarifies the division of responsibilities between the cloud service provider

2 from Freecram.net.
Get Latest & Valid SY0-701 Exam's Question and Answers 1
https://www.freecram.net/exam/SY0-701-comptia-security-certification-exam-e15527.html
 Free Exam/Cram Practice Materials - Best Exam Practice Materials
IT Certification Guaranteed, The Easy Way!

(CSP) and the customer, ensuring that each party understands and implements their respective
security controls.
References: Security+ SY0-701 Course Content.

NO.4 A network manager wants to protect the company's VPN by implementing multifactor
authentication that uses:
. Something you know
. Something you have
. Something you are
Which of the following would accomplish the manager's goal?
A. Domain name, PKI, GeolP lookup
B. VPN IP address, company ID, facial structure
C. Password, authentication token, thumbprint
D. Company URL, TLS certificate, home address
Answer: C
Explanation:
The correct answer is C. Password, authentication token, thumbprint. This combination of
authentication factors satisfies the manager's goal of implementing multifactor authentication that
uses something you know, something you have, and something you are.
* Something you know is a type of authentication factor that relies on the user's knowledge of a
secret or personal information, such as a password, a PIN, or a security question. A password is a
common example of something you know that can be used to access a VPN12
* Something you have is a type of authentication factor that relies on the user's possession of a
physical object or device, such as a smart card, a token, or a smartphone. An authentication token is
a common example of something you have that can be used to generate a one-time password (OTP)
or a code that can be used to access a VPN12
* Something you are is a type of authentication factor that relies on the user's biometric
characteristics, such as a fingerprint, a face, or an iris. A thumbprint is a common example of
something you are that can be used to scan and verify the user's identity to access a VPN12
References:
1: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 4: Identity and Access
Management, page 177 2: CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 4:
Identity and Access Management, page 179

NO.5 A company relies on open-source software libraries to build the software used by its
customers. Which of the following vulnerability types would be the most difficult to remediate due to
the company's reliance on open- source libraries?
A. Buffer overflow
B. SQL injection
C. Cross-site scripting
D. Zero day
Answer: D
Explanation:
Zero-day vulnerabilities are unknown flaws in software, making them harder to patch, especially
when using open-source libraries without dedicated support teams.

3 from Freecram.net.
Get Latest & Valid SY0-701 Exam's Question and Answers 2
https://www.freecram.net/exam/SY0-701-comptia-security-certification-exam-e15527.html
 Free Exam/Cram Practice Materials - Best Exam Practice Materials
IT Certification Guaranteed, The Easy Way!

NO.6 A security audit of an organization revealed that most of the IT staff members have domain
administrator credentials and do not change the passwords regularly. Which of the following
solutions should the security learn propose to resolve the findings in the most complete way?
A. Creating group policies to enforce password rotation on domain administrator credentials
B. Reviewing the domain administrator group, removing all unnecessary administrators, and rotating
all passwords
C. Integrating the domain administrator's group with an IdP and requiring SSO with MFA for all acces
s
D. Securing domain administrator credentials in a PAM vault and controlling access with role-based
access control
Answer: D
Explanation:
Using a Privileged Access Management (PAM) vault to secure domain administrator credentials and
enforcing role-based access control (RBAC) is the most comprehensive solution. PAM systems help
manage and control access to privileged accounts, ensuring that only authorized personnel can
access sensitive credentials. This approach also facilitates password rotation, auditing, and ensures
that credentials are not misused or left unchanged. Integrating PAM with RBAC ensures that access is
granted based on the user's role, further enhancing security.
References =
* CompTIA Security+ SY0-701 Course Content: Domain 05 Security Program Management and
Oversight.
* CompTIA Security+ SY0-601 Study Guide: Chapter on Identity and Access Management.

NO.7 Sine a recent upgrade (o a WLAN infrastructure, several mobile users have been unable to
access the internet from the lobby. The networking team performs a heat map survey of the building
and finds several WAPs in the area. The WAPs are using similar frequencies with high power settings.
Which of the following installation considerations should the security team evaluate next?
A. Channel overlap
B. Encryption type
C. New WLAN deployment
D. WAP placement
Answer: A
Explanation:
When multiple Wireless Access Points (WAPs) are using similar frequencies with high power settings,
it can cause channel overlap, leading to interference and connectivity issues. This is likely the reason
why mobile users are unable to access the internet in the lobby. Evaluating and adjusting the channel
settings on the WAPs to avoid overlap is crucial to resolving the connectivity problems.
References = CompTIA Security+ SY0-701 study materials, particularly the domain on Wireless and
Mobile Security, which covers WLAN deployment considerations.

NO.8 Which of the following is an algorithm performed to verify that data has not been modified?
A. Hash
B. Code check
C. Encryption

4 from Freecram.net.
Get Latest & Valid SY0-701 Exam's Question and Answers 3
https://www.freecram.net/exam/SY0-701-comptia-security-certification-exam-e15527.html
 Free Exam/Cram Practice Materials - Best Exam Practice Materials
IT Certification Guaranteed, The Easy Way!

D. Checksum
Answer: A
Explanation:
A hash is an algorithm used to verify data integrity by generating a fixed-size string of characters from
input data. If even a single bit of the input data changes, the hash value will change, allowing users to
detect any modification to the data. Hashing algorithms like SHA-256 and MD5 are commonly used to
ensure data has not been altered.
References:
* CompTIA Security+ SY0-701 Course Content: Domain 6: Cryptography and PKI, which discusses the
role of hashing in verifying data integrity.

NO.9 A security administrator recently reset local passwords and the following values were recorded
in the system:

Which of the following in the security administrator most likely protecting against?
A. Account sharing
B. Weak password complexity
C. Pass-the-hash attacks
D. Password compromise
Answer: C

NO.10 A company must ensure sensitive data at rest is rendered unreadable. Which of the following
will the company most likely use?
A. Hashing
B. Tokenization
C. Encryption
D. Segmentation
Answer: C
Explanation:
Encryption is a method of transforming data in a way that makes it unreadable without a secret key
necessary to decrypt the data back into plaintext. Encryption is one of the most common and
effective ways to protect data at rest, as it prevents unauthorized access, modification, or theft of the
data. Encryption can be applied to different types of data at rest, such as block storage, object
storage, databases, archives, and so on. Hashing, tokenization, and segmentation are not methods of
rendering data at rest unreadable, but rather of protecting data in other ways. Hashing is a one-way
function that generates a fixed-length output, called a hash or digest, from an input, such that the
input cannot be recovered from the output. Hashing is used to verify the integrity and authenticity of
data, but not to encrypt it. Tokenization is a process that replaces sensitive data with non- sensitive
substitutes, called tokens, that have no meaning or value on their own. Tokenization is used to
reduce the exposure and compliance scope of sensitive data, but not to encrypt it. Segmentation is a

5 from Freecram.net.
Get Latest & Valid SY0-701 Exam's Question and Answers 4
https://www.freecram.net/exam/SY0-701-comptia-security-certification-exam-e15527.html
 Free Exam/Cram Practice Materials - Best Exam Practice Materials
IT Certification Guaranteed, The Easy Way!

technique that divides a network or a system into smaller, isolated units, called segments, that have
different levels of access and security. Segmentation is used to limit the attack surface and contain
the impact of a breach, but not to encrypt data at rest. References: CompTIA Security+ Study Guide:
Exam SY0-701, 9th Edition, pages
77-781; Protecting data at rest - Security Pillar3

NO.11 A systems administrator is looking for a low-cost application-hosting solution that is cloud-
based. Which of the following meets these requirements?
A. Serverless framework
B. Type 1 hvpervisor
C. SD-WAN
D. SDN
Answer: A
Explanation:
A serverless framework is a cloud-based application-hosting solution that meets the requirements of
low-cost and cloud-based. A serverless framework is a type of cloud computing service that allows
developers to run applications without managing or provisioning any servers. The cloud provider
handles the server-side infrastructure, such as scaling, load balancing, security, and maintenance, and
charges the developer only for the resources consumed by the application. A serverless framework
enables developers to focus on the application logic and functionality, and reduces the operational
costs and complexity of hosting applications.
Some examples of serverless frameworks are AWS Lambda, Azure Functions, and Google Cloud
Functions.
A type 1 hypervisor, SD-WAN, and SDN are not cloud-based application-hosting solutions that meet
the requirements of low-cost and cloud-based. A type 1 hypervisor is a software layer that runs
directly on the hardware and creates multiple virtual machines that can run different operating
systems and applications. A type 1 hypervisor is not a cloud-based service, but a virtualization
technology that can be used to create private or hybrid clouds. A type 1 hypervisor also requires the
developer to manage and provision the servers and the virtual machines, which can increase the
operational costs and complexity of hosting applications.
Some examples of type 1 hypervisors are VMware ESXi, Microsoft Hyper-V, and Citrix XenServer.
SD-WAN (Software-Defined Wide Area Network) is a network architecture that uses software to
dynamically route traffic across multiple WAN connections, such as broadband, LTE, or MPLS. SD-
WAN is not a cloud- based service, but a network optimization technology that can improve the
performance, reliability, and security of WAN connections. SD-WAN can be used to connect remote
sites or users to cloud-based applications, but it does not host the applications itself. Some examples
of SD-WAN vendors are Cisco, VMware, and Fortinet.
SDN (Software-Defined Networking) is a network architecture that decouples the control plane from
the data plane, and uses a centralized controller to programmatically manage and configure the
network devices and traffic flows. SDN is not a cloud-based service, but a network automation
technology that can enhance the scalability, flexibility, and efficiency of the network. SDN can be
used to create virtual networks or network functions that can support cloud-based applications, but
it does not host the applications itself. Some examples of SDN vendors are OpenFlow, OpenDaylight,
and OpenStack.
References = CompTIA Security+ SY0-701 Certification Study Guide, page 264-265; Professor Messer's
CompTIA SY0-701 Security+ Training Course, video 3.1 - Cloud and Virtualization, 7:40 - 10:00;

6 from Freecram.net.
Get Latest & Valid SY0-701 Exam's Question and Answers 5
https://www.freecram.net/exam/SY0-701-comptia-security-certification-exam-e15527.html
 Free Exam/Cram Practice Materials - Best Exam Practice Materials
IT Certification Guaranteed, The Easy Way!

[Serverless Framework]; [Type 1 Hypervisor]; [SD-WAN]; [SDN].

NO.12 A security manager is implementing MFA and patch management. Which of the following
would best describe the control type and category? (Select two).
A. Physical
B. Managerial
C. Detective
D. Administrator
E. Preventative
F. Technical
Answer: E F
Explanation:
Multi-Factor Authentication (MFA) and patch management are both examples of preventative and
technical controls. MFA prevents unauthorized access by requiring multiple forms of verification, and
patch management ensures that systems are protected against vulnerabilities by applying updates.
Both of these controls are implemented using technical methods, and they work to prevent security
incidents before they occur.
References:
* CompTIA Security+ SY0-701 Course Content: Domain 1: General Security Concepts, and Domain
4: Identity and Access Management, which cover the implementation of preventative and technical
controls.

NO.13 A recent penetration test identified that an attacker could flood the MAC address table of
network switches.
Which of the following would best mitigate this type of attack?
A. Load balancer
B. Port security
C. IPS
D. NGFW
Answer: B
Explanation:
Port security is the best mitigation technique for preventing an attacker from flooding the MAC
address table of network switches. Port security can limit the number of MAC addresses learned on a
port, preventing an attacker from overwhelming the switch's MAC table (a form of MAC flooding
attack). When the allowed number of MAC addresses is exceeded, port security can block additional
devices or trigger alerts.
* Load balancer distributes network traffic but does not address MAC flooding attacks.
* IPS (Intrusion Prevention System) detects and prevents attacks but isn't specifically designed for
MAC flooding mitigation.
* NGFW (Next-Generation Firewall) offers advanced traffic inspection but is not directly involved in
MAC table security.

NO.14 Which of the following best describe why a process would require a two-person integrity
security control?
A. To Increase the chance that the activity will be completed in half of the time the process would

7 from Freecram.net.
Get Latest & Valid SY0-701 Exam's Question and Answers 6
https://www.freecram.net/exam/SY0-701-comptia-security-certification-exam-e15527.html
 Free Exam/Cram Practice Materials - Best Exam Practice Materials
IT Certification Guaranteed, The Easy Way!

take only one user to complete

B. To permit two users from another department to observe the activity that is being performed by
an authorized user
C. To reduce the risk that the procedures are performed incorrectly or by an unauthorized user
D. To allow one person to perform the activity while being recorded on the CCTV camera
Answer: C

NO.15 Which of the following Is a common, passive reconnaissance technique employed by

penetration testers in the early phases of an engagement?
A. Open-source intelligence
B. Port scanning
C. Pivoting
D. Exploit validation
Answer: A

NO.16 Which of the following best describe why a process would require a two-person integrity
security control?
A. To Increase the chance that the activity will be completed in half of the time the process would
take only one user to complete
B. To permit two users from another department to observe the activity that is being performed by
an authorized user
C. To reduce the risk that the procedures are performed incorrectly or by an unauthorized user
D. To allow one person to perform the activity while being recorded on the CCTV camera
Answer: C
Explanation:
A two-person integrity security control is implemented to minimize the risk of errors or unauthorized
actions.
This control ensures that at least two individuals are involved in critical operations, which helps to
verify the accuracy of the process and prevents unauthorized users from acting alone. It's a security
measure commonly used in sensitive operations, like financial transactions or access to critical
systems, to ensure accountability and accuracy.
References =
* CompTIA Security+ SY0-701 Course Content: Domain 05 Security Program Management and
Oversight.
* CompTIA Security+ SY0-601 Study Guide: Chapter on Security Operations and Management.

NO.17 A vendor needs to remotely and securely transfer files from one server to another using the
command line.
Which of the following protocols should be Implemented to allow for this type of access? (Select
two).
A. SSH
B. SNMP
C. RDP
D. S/MIME

8 from Freecram.net.
Get Latest & Valid SY0-701 Exam's Question and Answers 7
https://www.freecram.net/exam/SY0-701-comptia-security-certification-exam-e15527.html
 Free Exam/Cram Practice Materials - Best Exam Practice Materials
IT Certification Guaranteed, The Easy Way!

E. SMTP
F. SFTP
Answer: A F

NO.18 An organization is leveraging a VPN between its headquarters and a branch location. Which
of the following is the VPN protecting?
A. Data in use
B. Data in transit
C. Geographic restrictions
D. Data sovereignty
Answer: B
Explanation:
Data in transit is data that is moving from one location to another, such as over a network or through
the air.
Data in transit is vulnerable to interception, modification, or theft by malicious actors. A VPN (virtual
private network) is a technology that protects data in transit by creating a secure tunnel between two
endpoints and encrypting the data that passes through it2.
References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 4, page 145.

NO.19 A company wants to get alerts when others are researching and doing reconnaissance on the
company One approach would be to host a part of the Infrastructure online with known
vulnerabilities that would appear to be company assets. Which of the following describes this
approach?
A. Watering hole
B. Bug bounty
C. DNS sinkhole
D. Honeypot
Answer: D

NO.20 A company is currently utilizing usernames and passwords, and it wants to integrate an MFA
method that is seamless, can Integrate easily into a user's workflow, and can utilize employee-owned
devices. Which of the following will meet these requirements?
A. Push notifications
B. Phone call
C. Smart card
D. Offline backup codes
Answer: A

NO.21 A security administrator needs a method to secure data in an environment that includes
some form of checks so that the administrator can track any changes. Which of the following should
the administrator set up to achieve this goal?
A. SPF
B. GPO
C. NAC

9 from Freecram.net.
Get Latest & Valid SY0-701 Exam's Question and Answers 8
https://www.freecram.net/exam/SY0-701-comptia-security-certification-exam-e15527.html
 Free Exam/Cram Practice Materials - Best Exam Practice Materials
IT Certification Guaranteed, The Easy Way!

D. FIM
Answer: D
Explanation:
FIM stands for File Integrity Monitoring, which is a method to secure data by detecting any changes
or modifications to files, directories, or registry keys. FIM can help a security administrator track any
unauthorized or malicious changes to the data, as well as verify the integrity and compliance of the
data. FIM can also alert the administrator of any potential breaches or incidents involving the data.
Some of the benefits of FIM are:
* It can prevent data tampering and corruption by verifying the checksums or hashes of the files.
* It can identify the source and time of the changes by logging the user and system actions.
* It can enforce security policies and standards by comparing the current state of the data with the
baseline or expected state.
* It can support forensic analysis and incident response by providing evidence and audit trails of the
changes.
References:
* CompTIA Security+ SY0-701 Certification Study Guide, Chapter 5: Technologies and Tools, Section
5.3: Security Tools, p. 209-210
* CompTIA Security+ SY0-701 Certification Exam Objectives, Domain 2: Technologies and Tools,
Objective 2.4: Given a scenario, analyze and interpret output from security technologies, Sub-
objective:
File integrity monitor, p. 12

NO.22 A company prevented direct access from the database administrators' workstations to the
network segment that contains database servers. Which of the following should a database
administrator use to access the database servers?
A. Jump server
B. RADIUS
C. HSM
D. Load balancer
Answer: A
Explanation:
A jump server is a device or virtual machine that acts as an intermediary between a user's
workstation and a remote network segment. A jump server can be used to securely access servers or
devices that are not directly reachable from the user's workstation, such as database servers. A jump
server can also provide audit logs and access control for the remote connections. A jump server is
also known as a jump box or a jump host12.
RADIUS is a protocol for authentication, authorization, and accounting of network access. RADIUS is
not a device or a method to access remote servers, but rather a way to verify the identity and
permissions of users or devices that request network access34.
HSM is an acronym for Hardware Security Module, which is a physical device that provides secure
storage and generation of cryptographic keys. HSMs are used to protect sensitive data and
applications, such as digital signatures, encryption, and authentication. HSMs are not used to access
remote servers, but rather to enhance the security of the data and applications that reside on them5
.
A load balancer is a device or software that distributes network traffic across multiple servers or

10 from Freecram.net.
Get Latest & Valid SY0-701 Exam's Question and Answers 9
https://www.freecram.net/exam/SY0-701-comptia-security-certification-exam-e15527.html
 Free Exam/Cram Practice Materials - Best Exam Practice Materials
IT Certification Guaranteed, The Easy Way!

devices, based on criteria such as availability, performance, or capacity. A load balancer can improve
the scalability, reliability, and efficiency of network services, such as web servers, application servers,
or database servers. A load balancer is not used to access remote servers, but rather to optimize the
delivery of the services that run on them . References =
* How to access a remote server using a jump host
* Jump server
* RADIUS
* Remote Authentication Dial-In User Service (RADIUS)
* Hardware Security Module (HSM)
* [What is an HSM?]
* [Load balancing (computing)]
* [What is Load Balancing?]

NO.23 Which of the following incident response activities ensures evidence is properly handied?
A. E-discovery
B. Chain of custody
C. Legal hold
D. Preservation
Answer: B
Explanation:
Chain of custody is the process of documenting and preserving the integrity of evidence collected
during an incident response. It involves recording the details of each person who handled the
evidence, the time and date of each transfer, and the location where the evidence was stored. Chain
of custody ensures that the evidence is admissible in legal proceedings and can be traced back to its
source. E-discovery, legal hold, and preservation are related concepts, but they do not ensure
evidence is properly handled. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th
Edition, page 487; NIST SP 800-61: 3.2. Evidence Gathering and Handling

NO.24 The security operations center is researching an event concerning a suspicious IP address A
security analyst looks at the following event logs and discovers that a significant portion of the user
accounts have experienced faded log-In attempts when authenticating from the same IP address:

Which of the following most likely describes attack that took place?
A. Spraying
B. Brute-force
C. Dictionary
D. Rainbow table
Answer: A
Explanation:
Password spraying is a type of attack where an attacker tries a small number of commonly used
passwords across a large number of accounts. The event logs showing failed login attempts for many
user accounts from the same IP address are indicative of a password spraying attack, where the

11 from Freecram.net.
Get Latest & Valid SY0-701 Exam's Question and Answers 10
https://www.freecram.net/exam/SY0-701-comptia-security-certification-exam-e15527.html
 Free Exam/Cram Practice Materials - Best Exam Practice Materials
IT Certification Guaranteed, The Easy Way!

attacker is attempting to gain access by guessing common passwords.

References = CompTIA Security+ SY0-701 study materials, particularly in the domain of identity and
access management and common attack vectors like password spraying.

NO.25 Which of the following is the most effective way to protect an application server running
software that is no longer supported from network threats?
A. Air gap
B. Barricade
C. Port security
D. Screen subnet
Answer: A
Explanation:
Air-gapping is the most effective way to protect an application server running unsupported software
from network threats. By physically isolating the server from any network connection (no wired or
wireless communication), it is protected from external cyber threats. While other options like port
security or a screened subnet can provide some level of protection, an air gap offers the highest level
of security by preventing any network-based attacks entirely.
References =
* CompTIA Security+ SY0-701 Course Content: Domain 03 Security Architecture.
* CompTIA Security+ SY0-601 Study Guide: Chapter on Secure System Design.

NO.26 Which of the following is a reason why a forensic specialist would create a plan to preserve
data after an modem and prioritize the sequence for performing forensic analysis?
A. Order of volatility
B. Preservation of event logs
C. Chain of custody
D. Compliance with legal hold
Answer: A

NO.27 A growing company would like to enhance the ability of its security operations center to
detect threats but reduce the amount of manual work required tor the security analysts. Which of
the following would best enable the reduction in manual work?
A. SOAR
B. SIEM
C. MDM
D. DLP
Answer: A

NO.28 A security analyst is assessing several company firewalls. Which of the following cools would
The analyst most likely use to generate custom packets to use during the assessment?
A. hping
B. Wireshark
C. PowerShell
D. netstat

12 from Freecram.net.
Get Latest & Valid SY0-701 Exam's Question and Answers 11
https://www.freecram.net/exam/SY0-701-comptia-security-certification-exam-e15527.html
 Free Exam/Cram Practice Materials - Best Exam Practice Materials
IT Certification Guaranteed, The Easy Way!

Answer: A

NO.29 Which of the following threat actors is the most likely to be hired by a foreign government to
attack critical systems located in other countries?
A. Hacktivist
B. Whistleblower
C. Organized crime
D. Unskilled attacker
Answer: C
Explanation:
Organized crime is a type of threat actor that is motivated by financial gain and often operates across
national borders. Organized crime groups may be hired by foreign governments to conduct
cyberattacks on critical systems located in other countries, such as power grids, military networks, or
financial institutions. Organized crime groups have the resources, skills, and connections to carry out
sophisticated and persistent attacks that can cause significant damage and disruption12. References
= 1: Threat Actors - CompTIA Security+ SY0-701
- 2.1 2: CompTIA Security+ SY0-701 Certification Study Guide

NO.30 While investigating a recent security breach an analyst finds that an attacker gained access by
SOL infection through a company website. Which of the following should the analyst recommend to
the website developers to prevent this from reoccurring?
A. Secure cookies
B. Input sanitization
C. Code signing
D. Blocklist
Answer: B

NO.31 Which of the following would be the best way to handle a critical business application that is
running on a legacy server?
A. Segmentation
B. Isolation
C. Hardening
D. Decommissioning
Answer: C
Explanation:
A legacy server is a server that is running outdated or unsupported software or hardware, which may
pose security risks and compatibility issues. A critical business application is an application that is
essential for the operation and continuity of the business, such as accounting, payroll, or inventory
management. A legacy server running a critical business application may be difficult to replace or
upgrade, but it should not be left unsecured or exposed to potential threats.
One of the best ways to handle a legacy server running a critical business application is to harden it.
Hardening is the process of applying security measures and configurations to a system to reduce its
attack surface and vulnerability. Hardening a legacy server may involve steps such as:
* Applying patches and updates to the operating system and the application, if available

13 from Freecram.net.
Get Latest & Valid SY0-701 Exam's Question and Answers 12
https://www.freecram.net/exam/SY0-701-comptia-security-certification-exam-e15527.html
 Free Exam/Cram Practice Materials - Best Exam Practice Materials
IT Certification Guaranteed, The Easy Way!

* Removing or disabling unnecessary services, features, or accounts

* Configuring firewall rules and network access control lists to restrict inbound and outbound traffic
* Enabling encryption and authentication for data transmission and storage
* Implementing logging and monitoring tools to detect and respond to anomalous or malicious
activity
* Performing regular backups and testing of the system and the application Hardening a legacy server
can help protect the critical business application from unauthorized access, modification, or
disruption, while maintaining its functionality and availability. However, hardening a legacy server is
not a permanent solution, and it may not be sufficient to address all the security issues and
challenges posed by the outdated or unsupported system. Therefore, it is advisable to plan for the
eventual decommissioning or migration of the legacy server to a more secure and modern platform,
as soon as possible.
References: CompTIA Security+ SY0-701 Certification Study Guide, Chapter 3: Architecture and
Design, Section 3.2: Secure System Design, Page 133 1; CompTIA Security+ Certification Exam
Objectives, Domain
3: Architecture and Design, Objective 3.2: Explain the importance of secure system design,
Subobjective:
Legacy systems 2

NO.32 The security team at a large global company needs to reduce the cost of storing data used for
performing investigations. Which of the following types of data should have its retention length
reduced?
A. Packet capture
B. Endpoint logs
C. OS security logs
D. Vulnerability scan
Answer: A
Explanation:
Packet capture data can be very large and may not need to be stored for extended periods compared
to other logs essential for security audits.

NO.33 A company has begun labeling all laptops with asset inventory stickers and associating them
with employee IDs. Which of the following security benefits do these actions provide? (Choose two.)
A. If a security incident occurs on the device, the correct employee can be notified.
B. The security team will be able to send user awareness training to the appropriate device.
C. Users can be mapped to their devices when configuring software MFA tokens.
D. User-based firewall policies can be correctly targeted to the appropriate laptops.
E. When conducting penetration testing, the security team will be able to target the desired laptops.
F. Company data can be accounted for when the employee leaves the organization.
Answer: A F
Explanation:
Labeling all laptops with asset inventory stickers and associating them with employee IDs can provide
several security benefits for a company. Two of these benefits are:
* A. If a security incident occurs on the device, the correct employee can be notified. An asset
inventory sticker is a label that contains a unique identifier for a laptop, such as a serial number, a

14 from Freecram.net.
Get Latest & Valid SY0-701 Exam's Question and Answers 13
https://www.freecram.net/exam/SY0-701-comptia-security-certification-exam-e15527.html
 Free Exam/Cram Practice Materials - Best Exam Practice Materials
IT Certification Guaranteed, The Easy Way!

barcode, or a QR code. By associating this identifier with an employee ID, the security team can easily
track and locate the owner of the laptop in case of a security incident, such as a malware infection, a
data breach, or a theft. This way, the security team can notify the correct employee about the
incident, and provide them with the necessary instructions or actions to take, such as changing
passwords, scanning for viruses, or reporting the loss. This can help to contain the incident, minimize
the damage, and prevent further escalation.
* F. Company data can be accounted for when the employee leaves the organization. When an
employee leaves the organization, the company needs to ensure that all the company data and
assets are returned or deleted from the employee's laptop. By labeling the laptop with an asset
inventory sticker and associating it with an employee ID, the company can easily identify and verify
the laptop that belongs to the departing employee, and perform the appropriate data backup, wipe,
or transfer procedures. This can help to protect the company data from unauthorized access,
disclosure, or misuse by the former employee or any other party.
The other options are not correct because they are not related to the security benefits of labeling
laptops with asset inventory stickers and associating them with employee IDs. B. The security team
will be able to send user awareness training to the appropriate device. User awareness training is a
type of security education that aims to improve the knowledge and behavior of users regarding
security threats and best practices. The security team can send user awareness training to the
appropriate device by using the email address, username, or IP address of the device, not the asset
inventory sticker or the employee ID. C. Users can be mapped to their devices when configuring
software MFA tokens. Software MFA tokens are a type of multi- factor authentication that uses a
software application to generate a one-time password or a push notification for verifying the identity
of a user. Users can be mapped to their devices when configuring software MFA tokens by using the
device ID, phone number, or email address of the device, not the asset inventory sticker or the
employee ID. D. User-based firewall policies can be correctly targeted to the appropriate laptops.
User- based firewall policies are a type of firewall rules that apply to specific users or groups of users,
regardless of the device or location they use to access the network. User-based firewall policies can
be correctly targeted to the appropriate laptops by using the username, domain, or certificate of the
user, not the asset inventory sticker or the employee ID. E. When conducting penetration testing, the
security team will be able to target the desired laptops. Penetration testing is a type of security
assessment that simulates a real-world attack on a network or system to identify and exploit
vulnerabilities. When conducting penetration testing, the security team will be able to target the
desired laptops by using the IP address, hostname, or MAC address of the laptop, not the asset
inventory sticker or the employee ID. References = CompTIA Security+ Study Guide (SY0-701),
Chapter 1: General Security Concepts, page 17. Professor Messer's CompTIA SY0-701 Security+
Training Course, Section 1.4: Asset Management, video: Asset Inventory (6:12).

NO.34 A company's end users are reporting that they are unable to reach external websites. After
reviewing the performance data for the DNS severs, the analyst discovers that the CPU, disk, and
memory usage are minimal, but the network interface is flooded with inbound traffic. Network logs
show only a small number of DNS queries sent to this server. Which of the following best describes
what the security analyst is seeing?
A. Concurrent session usage
B. Secure DNS cryptographic downgrade
C. On-path resource consumption
D. Reflected denial of service

15 from Freecram.net.
Get Latest & Valid SY0-701 Exam's Question and Answers 14
https://www.freecram.net/exam/SY0-701-comptia-security-certification-exam-e15527.html
 Free Exam/Cram Practice Materials - Best Exam Practice Materials
IT Certification Guaranteed, The Easy Way!

Answer: D
Explanation:
A reflected denial of service (RDoS) attack is a type of DDoS attack that uses spoofed source IP
addresses to send requests to a third-party server, which then sends responses to the victim server.
The attacker exploits the difference in size between the request and the response, which can amplify
the amount of traffic sent to the victim server. The attacker also hides their identity by using the
victim's IP address as the source. A RDoS attack can target DNS servers by sending forged DNS
queries that generate large DNS responses. This can flood the network interface of the DNS server
and prevent it from serving legitimate requests from end users. References: CompTIA Security+ Study
Guide: Exam SY0-701, 9th Edition, page 215-216 1

NO.35 Which of the following agreement types defines the time frame in which a vendor needs to
respond?
A. SOW
B. SLA
C. MOA
D. MOU
Answer: B
Explanation:
A service level agreement (SLA) is a type of agreement that defines the expectations and
responsibilities between a service provider and a customer. It usually includes the quality, availability,
and performance metrics of the service, as well as the time frame in which the provider needs to
respond to service requests, incidents, or complaints. An SLA can help ensure that the customer
receives the desired level of service and that the provider is accountable for meeting the agreed-
upon standards.
References:
* Security+ (Plus) Certification | CompTIA IT Certifications, under "About the exam", bullet point 3:
"Operate with an awareness of applicable regulations and policies, including principles of
governance, risk, and compliance."
* CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 1, page 14: "Service Level
Agreements (SLAs) are contracts between a service provider and a customer that specify the level of
service expected from the service provider."

16 from Freecram.net.
Get Latest & Valid SY0-701 Exam's Question and Answers 15
https://www.freecram.net/exam/SY0-701-comptia-security-certification-exam-e15527.html