• Home
  • Articles
  • [Q65-Q85] Try SY0-701 Free Now! Real Exam Question Answers Updated [Nov 05, 2024]

[Q65-Q85] Try SY0-701 Free Now! Real Exam Question Answers Updated [Nov 05, 2024]

Share

Try SY0-701 Free Now! Real Exam Question Answers Updated [Nov 05, 2024]

Get Ready to Pass the SY0-701 exam with CompTIA Latest Practice Exam 

NEW QUESTION # 65
During the onboarding process, an employee needs to create a password for an intranet account.
The password must include ten characters, numbers, and letters, and two special characters.
Once the password is created, the company will grant the employee access to other company- owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user's intranet account? (Select two).

  • A. Password manager
  • B. Open authentication
  • C. Federation
  • D. Password complexity
  • E. Identity proofing
  • F. Default password changes

Answer: C,D

Explanation:
Federation is an access management concept that allows users to authenticate once and access multiple resources or services across different domains or organizations. Federation relies on a trusted third party that stores the user's credentials and provides them to the requested resources or services without exposing them. Password complexity is a security measure that requires users to create passwords that meet certain criteria, such as length, character types, and uniqueness. Password complexity can help prevent brute-force attacks, password guessing, and credential stuffing by making passwords harder to crack or guess.


NEW QUESTION # 66
A systems administrator set up a perimeter firewall but continues to notice suspicious connections between internal endpoints. Which of the following should be set up in order to mitigate the threat posed by the suspicious activity?

  • A. Access control list
  • B. Application allow list
  • C. Web application firewall
  • D. Host-based firewall

Answer: D

Explanation:
A host-based firewall is a software application that runs on an individual endpoint and filters the incoming and outgoing network traffic based on a set of rules. A host-based firewall can help to mitigate the threat posed by suspicious connections between internal endpoints by blocking or allowing the traffic based on the source, destination, port, protocol, or application. A host-based firewall is different from a web application firewall, which is a type of firewall that protects web applications from common web-based attacks, such as SQL injection, cross-site scripting, and session hijacking. A host-based firewall is also different from an access control list, which is a list of rules that control the access to network resources, such as files, folders, printers, or routers. A host-based firewall is also different from an application allow list, which is a list of applications that are authorized to run on an endpoint, preventing unauthorized or malicious applications from executing.


NEW QUESTION # 67
Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment?

  • A. Sanctions
  • B. Reputation damage
  • C. Audit findings
  • D. Fines

Answer: D


NEW QUESTION # 68
A bank insists all of its vendors must prevent data loss on stolen laptops. Which of the following strategies is the bank requiring?

  • A. Encryption at rest
  • B. Data classification
  • C. Masking
  • D. Permission restrictions

Answer: A

Explanation:
Encryption at rest is a strategy that protects data stored on a device, such as a laptop, by converting it into an unreadable format that can only be accessed with a decryption key or password. Encryption at rest can prevent data loss on stolen laptops by preventing unauthorized access to the data, even if the device is physically compromised. Encryption at rest can also help comply with data privacy regulations and standards that require data protection. Masking, data classification, and permission restrictions are other strategies that can help protect data, but they may not be sufficient or applicable for data stored on laptops. Masking is a technique that obscures sensitive data elements, such as credit card numbers, with random characters or symbols, but it is usually used for data in transit or in use, not at rest. Data classification is a process that assigns labels to data based on its sensitivity and business impact, but it does not protect the data itself. Permission restrictions are rules that define who can access, modify, or delete data, but they may not prevent unauthorized access if the laptop is stolen and the security controls are bypassed. References: CompTIA Security+ Study Guide:
Exam SY0-701, 9th Edition, page 17-18, 372-373


NEW QUESTION # 69
A company needs to provide administrative access to internal resources while minimizing the traffic allowed through the security boundary. Which of the following methods is most secure?

  • A. Implementing a bastion host
  • B. Installing a WAF
  • C. Deploying a perimeter network
  • D. Utilizing single sign-on

Answer: A

Explanation:
A bastion host is a special-purpose server that is designed to withstand attacks and provide secure access to internal resources. A bastion host is usually placed on the edge of a network, acting as a gateway or proxy to the internal network. A bastion host can be configured to allow only certain types of traffic, such as SSH or HTTP, and block all other traffic. A bastion host can also run security software such as firewalls, intrusion detection systems, and antivirus programs to monitor and filter incoming and outgoing traffic. A bastion host can provide administrative access to internal resources by requiring strong authentication and encryption, and by logging all activities for auditing purposes12.
A bastion host is the most secure method among the given options because it minimizes the traffic allowed through the security boundary and provides a single point of control and defense. A bastion host can also isolate the internal network from direct exposure to the internet or other untrusted networks, reducing the attack surface and the risk of compromise3.
Deploying a perimeter network is not the correct answer, because a perimeter network is a network segment that separates the internal network from the external network. A perimeter network usually hosts public-facing services such as web servers, email servers, or DNS servers that need to be accessible from the internet. A perimeter network does not provide administrative access to internal resources, but rather protects them from unauthorized access. A perimeter network can also increase the complexity and cost of network management and security4.
Installing a WAF is not the correct answer, because a WAF is a security tool that protects web applications from common web-based attacks by monitoring, filtering, and blocking HTTP traffic. A WAF can prevent attacks such as cross-site scripting, SQL injection, or file inclusion, among others. A WAF does not provide administrative access to internal resources, but rather protects them from web application vulnerabilities. A WAF is also not a comprehensive solution for network security, as it only operates at the application layer and does not protect against other types of attacks or threats5.
Utilizing single sign-on is not the correct answer, because single sign-on is a method of authentication that allows users to access multiple sites, services, or applications with one username and password. Single sign-on can simplify the sign-in process for users and reduce the number of passwords they have to remember and manage. Single sign-on does not provide administrative access to internal resources, but rather enables access to various resources that the user is authorized to use. Single sign-on can also introduce security risks if the user's credentials are compromised or if the single sign-on provider is breached6. Reference = 1: Bastion host - Wikipedia, 2: 14 Best Practices to Secure SSH Bastion Host - goteleport.com, 3: The Importance Of Bastion Hosts In Network Security, 4: What is the network perimeter? | Cloudflare, 5: What is a WAF? | Web Application Firewall explained, 6: [What is single sign-on (SSO)? - Definition from WhatIs.com]


NEW QUESTION # 70
You are security administrator investigating a potential infection on a network.
Click on each host and firewall. Review all logs to determine which host originated the Infecton and then deny each remaining hosts clean or infected.






Answer:

Explanation:

Explanation:

Based on the logs, it seems that the host that originated the infection is 192.168.10.22. This host has a suspicious process named svchost.exe running on port 443, which is unusual for a Windows service. It also has a large number of outbound connections to different IP addresses on port 443, indicating that it is part of a botnet.
The firewall log shows that this host has been communicating with 10.10.9.18, which is another infected host on the engineering network. This host also has a suspicious process named svchost.exe running on port 443, and a large number of outbound connections to different IP addresses on port 443.
The other hosts on the R&D network (192.168.10.37 and 192.168.10.41) are clean, as they do not have any suspicious processes or connections.


NEW QUESTION # 71
A healthcare organization wants to provide a web application that allows individuals to digitally report health emergencies.
Which of the following is the most important consideration during development?

  • A. Cost
  • B. Ease of deployment
  • C. Scalability
  • D. Availability

Answer: D

Explanation:
Availability is the ability of a system or service to be accessible and usable when needed. For a web application that allows individuals to digitally report health emergencies, availability is the most important consideration during development, because any downtime or delay could have serious consequences for the health and safety of the users. The web application should be designed to handle high traffic, prevent denial-of-service attacks, and have backup and recovery plans in case of failures2.


NEW QUESTION # 72
A user is attempting to patch a critical system, but the patch fails to transfer. Which of the following access controls is most likely inhibiting the transfer?

  • A. Role-based
  • B. Time of day
  • C. Attribute-based
  • D. Least privilege

Answer: D

Explanation:
The least privilege principle states that users and processes should only have the minimum level of access required to perform their tasks. This helps to prevent unauthorized or unnecessary actions that could compromise security. In this case, the patch transfer might be failing because the user or process does not have the appropriate permissions to access the critical system or the network resources needed for the transfer. Applying the least privilege principle can help to avoid this issue by granting the user or process the necessary access rights for the patching activity. References: CompTIA Security+ Study Guide: Exam SY0-
701, 9th Edition, page 931


NEW QUESTION # 73
department is not using the company VPN when accessing various company-related services and systems. Which of the following scenarios describes this activity?

  • A. Espionage
  • B. Shadow IT
  • C. Data exfiltration
  • D. Nation-state attack

Answer: B

Explanation:
The activity described, where a department is not using the company VPN when accessing various company-related services and systems, is an example of Shadow IT. Shadow IT refers to the use of IT systems, devices, software, applications, and services without explicit IT department approval.
Espionage: Involves spying to gather confidential information, not simply bypassing the VPN.
Data exfiltration: Refers to unauthorized transfer of data, which might involve not using a VPN but is more specific to the act of transferring data out of the organization.
Nation-state attack: Involves attacks sponsored by nation-states, which is not indicated in the scenario.
Shadow IT: Use of unauthorized systems and services, which aligns with bypassing the company VPN.


NEW QUESTION # 74
A company is expanding its threat surface program and allowing individuals to security test the company's internet-facing application. The company will compensate researchers based on the vulnerabilities discovered.
Which of the following best describes the program the company is setting up?

  • A. Bug bounty
  • B. Penetration testing
  • C. Red team
  • D. Open-source intelligence

Answer: A

Explanation:
Explanation
A bug bounty is a program that rewards security researchers for finding and reporting vulnerabilities in an application or system. Bug bounties are often used by companies to improve their security posture and incentivize ethical hacking. A bug bounty program typically defines the scope, rules, and compensation for the researchers. References = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 1, page 10. CompTIA Security+ (SY0-701) Certification Exam Objectives, Domain 1.1, page 2.


NEW QUESTION # 75
Which of the following is used to add extra complexity before using a one-way data transformation algorithm?

  • A. Data masking
  • B. Steganography
  • C. Salting
  • D. Key stretching

Answer: C

Explanation:
Salting is the process of adding extra random data to a password or other data before applying a one-way data transformation algorithm, such as a hash function. Salting increases the complexity and randomness of the input data, making it harder for attackers to guess or crack the original data using precomputed tables or brute force methods. Salting also helps prevent identical passwords from producing identical hash values, which could reveal the passwords to attackers who have access to the hashed data. Salting is commonly used to protect passwords stored in databases or transmitted over networks. Reference = Passwords technical overview Encryption, hashing, salting - what's the difference?
Salt (cryptography)


NEW QUESTION # 76
Which of the following vulnerabilities is associated with installing software outside of a manufacturer's approved software repository?

  • A. Memory injection
  • B. Side loading
  • C. Jailbreaking
  • D. Resource reuse

Answer: B

Explanation:
Explanation
Side loading is the process of installing software outside of a manufacturer's approved software repository.
This can expose the device to potential vulnerabilities, such as malware, spyware, or unauthorized access. Side loading can also bypass security controls and policies that are enforced by the manufacturer or the organization. Side loading is often done by users who want to access applications or features that are not available or allowed on their devices. References = Sideloading - CompTIA Security + Video Training | Interface Technical Training, Security+ (Plus) Certification | CompTIA IT Certifications, Load Balancers - CompTIA Security+ SY0-501 - 2.1, CompTIA Security+ SY0-601 Certification Study Guide.


NEW QUESTION # 77
A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system.
Which of the following would detect this behavior?

  • A. Using default settings
  • B. Monitoring outbound traffic
  • C. Closing all open ports
  • D. Implementing encryption

Answer: B

Explanation:
Monitoring outbound traffic is essential for detecting unauthorized data exfiltration from a system. A new vulnerability that allows malware to move data unauthorizedly would typically attempt to send this data out of the network. By monitoring outbound traffic, security tools can detect unusual data transfers, trigger alerts, and help prevent the exfiltration of sensitive information.
References =
* CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations.
* CompTIA Security+ SY0-601 Study Guide: Chapter on Threat Detection and Response.


NEW QUESTION # 78
Which of the following would help ensure a security analyst is able to accurately measure the overall risk to an organization when a new vulnerability is disclosed?

  • A. A full inventory of all hardware and software
  • B. Documentation of system classifications
  • C. A list of system owners and their departments
  • D. Third-party risk assessment documentation

Answer: A

Explanation:
A full inventory of all hardware and software is essential for measuring the overall risk to an organization when a new vulnerability is disclosed, because it allows the security analyst to identify which systems are affected by the vulnerability and prioritize the remediation efforts. Without a full inventory, the security analyst may miss some vulnerable systems or waste time and resources on irrelevant ones. Documentation of system classifications, a list of system owners and their departments, and third-party risk assessment documentation are all useful for risk management, but they are not sufficient to measure the impact of a new vulnerability. Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 1221; Risk Assessment and Analysis Methods: Qualitative and Quantitative3


NEW QUESTION # 79
Which of the following would be used to detect an employee who is emailing a customer list to a personal account before leaving the company?

  • A. FIM
  • B. EDR
  • C. DLP
  • D. IDS

Answer: C

Explanation:
To detect an employee who is emailing a customer list to a personal account before leaving the company, a Data Loss Prevention (DLP) system would be used. DLP systems are designed to detect and prevent unauthorized transmission of sensitive data.
DLP (Data Loss Prevention): Monitors and controls data transfers to ensure sensitive information is not sent to unauthorized recipients.
FIM (File Integrity Monitoring): Monitors changes to files to detect unauthorized modifications.
IDS (Intrusion Detection System): Monitors network traffic for suspicious activity but does not specifically prevent data leakage.
EDR (Endpoint Detection and Response): Monitors and responds to threats on endpoints but is not specifically focused on data leakage.


NEW QUESTION # 80
Which of the following practices would be best to prevent an insider from introducing malicious code into a company's development process?

  • A. Open-source component usage
  • B. Quality assurance testing
  • C. Code scanning for vulnerabilities
  • D. Peer review and approval

Answer: D

Explanation:
Explanation
Peer review and approval is a practice that involves having other developers or experts review the code before it is deployed or released. Peer review and approval can help detect and prevent malicious code, errors, bugs, vulnerabilities, and poor quality in the development process. Peer review and approval can also enforce coding standards, best practices, and compliance requirements. Peer review and approval can be done manually or with the help of tools, such as code analysis, code review, and code signing. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 11: Secure Application Development, page 543 2


NEW QUESTION # 81
An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following social engineering techniques are being attempted? (Choose two.)

  • A. Vishing
  • B. Typosquatting
  • C. Phishing
  • D. Misinformation
  • E. Impersonation
  • F. Smishing

Answer: E,F


NEW QUESTION # 82
Which of the following exercises should an organization use to improve its incident response process?

  • A. Failover
  • B. Replication
  • C. Recovery
  • D. Tabletop

Answer: D

Explanation:
A tabletop exercise is a simulated scenario that tests the organization's incident response plan and procedures. It involves key stakeholders and decision-makers who discuss their roles and actions in response to a hypothetical incident. It can help identify gaps, weaknesses, and improvement areas in the incident response process. It can also enhance communication, coordination, and collaboration among the participants.


NEW QUESTION # 83
Which of the following can best protect against an employee inadvertently installing malware on a company system?

  • A. Least privilege
  • B. Application allow list
  • C. System isolation
  • D. Host-based firewall

Answer: B

Explanation:
An application allow list is a security technique that specifies which applications are authorized to run on a system and blocks all other applications. An application allow list can best protect against an employee inadvertently installing malware on a company system because it prevents the execution of any unauthorized or malicious software, such as viruses, worms, trojans, ransomware, or spyware. An application allow list can also reduce the attack surface and improve the performance of the system. Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 11: Secure Application Development, page 551 1


NEW QUESTION # 84
A client demands at least 99.99% uptime from a service provider's hosted security services. Which of the following documents includes the information the service provider should return to the client?

  • A. MOU
  • B. SLA
  • C. SOW
  • D. MOA

Answer: B

Explanation:
Explanation
A service level agreement (SLA) is a document that defines the level of service expected by a customer from a service provider, indicating the metrics by which that service is measured, and the remedies or penalties, if any, should the agreed-upon levels not be achieved. An SLA can specify the minimum uptime or availability of a service, such as 99.99%, and the consequences for failing to meet that standard. A memorandum of agreement (MOA), a statement of work (SOW), and a memorandum of understanding (MOU) are other types of documents that can be used to establish a relationship between parties, but they do not typically include the details of service levels and performance metrics that an SLA does. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 16-17


NEW QUESTION # 85
......

Pass Your Next SY0-701 Certification Exam Easily & Hassle Free: https://measureup.preppdf.com/CompTIA/SY0-701-prepaway-exam-dumps.html

Related Articles

more
CompTIA SY0-701 Certification Practice Exam