CompTIA Security+ SY0-701 Exam

Flashcards from CompTIA Security+ SY0-701 Exam dumps

What type of backup data center is the best for an organization building a new facility with cost-benefit as the primary requirement and RTO and RPO values around two days?

Cold site

An enterprise wants to limit outbound DNS traffic originating from its internal network, only allowing it from the device at 10.50.10.25. What firewall ACL will accomplish this goal?

Access list outbound permit 10.50.10.25 32 0.0.0.0/0 port 53. Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

Which tool can assist with detecting an employee who has accidentally emailed a file containing a customer's PII?

DLP (Data Loss Prevention)

What type of attack is characterized by multiple failed login attempts in a short amount of time?

Brute-force attack

Which automation use case would best enhance an organization's security posture by rapidly updating permissions when employees leave a company?

Disabling access

How can a technician BEST improve the situational and environmental awareness of existing users as they transition from remote to in-office work?

Modify the content of recurring training.

An administrator notices that several users are logging in from suspicious IP addresses and resets the affected users' passwords. What should the administrator implement to prevent this type of attack in the future?

Multifactor authentication

A company is developing a critical system for the government and storing project information on a fileshare. How should this data be classified?

Confidential and Restricted

An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period. Which of the following data policies is the administrator carrying out?

Retention

What is used to add extra complexity before using a one-way data transformation algorithm?

Salting

What factors must be considered when designing a high-availability network?

Ease of recovery and Attack Surface

During a security incident, the security operations team identified sustained network traffic from a malicious IP address 10.1.4.9. How should a security analyst create an inbound firewall rule to block the IP address from accessing the organization's network?

access-list inbound deny ig source 10.1.4.9/32 destination 0.0.0.0/0

A systems administrator is looking for a low-cost application-hosting solution that is cloud-based. Which of the following meets these requirements?

Serverless framework

An organization wants a third-party vendor to do a penetration test that targets a specific device. The organization has provided basic information about the device. Which of the following best describes this kind of penetration test?

Partially known environment

An attempt to take advantage of database misconfigurations:

SQL injection

A security manager created new documentation to use in response to various types of security incidents. Which of the following is the next step the manager should take?

Conduct a tabletop exercise with the team.

What describes the reason root cause analysis should be conducted as part of incident response?

To prevent future incidents of the same nature

Several employees received a fraudulent text message from someone claiming to be the Chief Executive Officer (CEO). The message stated: "I'm in an airport right now with no access to email. I need you to buy gift cards for employee recognition awards. Please send the gift cards to following email address." Which of the following are the best responses to this situation?

Add a smishing exercise to the annual company training and Issue a general email warning to the company

A network manager wants to protect the company's VPN by implementing multifactor authentication that uses something you know, something you have, and something you are. Which of the following would accomplish the manager's goal?

Password, authentication token, thumbprint

Which of the following agreement types defines the time frame in which a vendor needs to respond?

SLA

What must be considered when designing a high-availability network?

Ease of recovery and attack surface

Which of the following can be used to identify potential attacker activities without affecting production servers?

Honey pot

Which threat actor is the most likely to be hired by a foreign government to attack critical systems located in other countries?

Organized crime

Which exercise should an organization use to improve its incident response process?

Tabletop

A user is attempting to patch a critical system, but the patch fails to transfer. Which of the following access controls is most likely inhibiting the transfer?

Least privilege

A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users. Which of the following would be a good use case for this task?

Orchestration

A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the following best describes this step?

Capacity planning

A security practitioner completes a vulnerability assessment on a company's network and finds several vulnerabilities, which the operations team remediates. Which of the following should be done next?

Rescan the network

Which factors are the most important to address when formulating a training curriculum plan for a security awareness program?

Threat vectors based on the industry in which the organization operates and Cadence and duration of training events

During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Once the password is created, the company will grant the employee access to other company-owned websites based on the intranet profile. Which access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user's intranet account?

Federation and Password complexity

Which of the following should a security administrator adhere to when setting up a new set of firewall rules?

Change management procedure

A company's marketing department collects, modifies, and stores sensitive customer data. The infrastructure team is responsible for securing the data while in transit and at rest. Which of the following data roles describes the customer?

Subject

Which of the following is a hardware-specific vulnerability?

Firmware version

An organization's internet-facing website was compromised when an attacker exploited a buffer overflow. Which of the following should the organization deploy to BEST protect against similar attacks in the future?

WAF

According to the shared responsibility model, which role is responsible for securing the company's database in an IaaS model for a cloud environment?

Client

A business received a small grant to migrate its infrastructure to an off-premises solution. Which of the following should be considered first?

Security of architecture

A systems administrator receives the following alert from a file integrity monitoring tool: The hash of the cmd.exe file has changed. Which of the following most likely occurred?

A rootkit was deployed.

Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?

Infrastructure as code

A company needs to provide administrative access to internal resources while minimizing the traffic allowed through the security boundary. Which of the following methods is most secure?

Implementing a bastion host

Which of the following can best protect against an employee inadvertently installing malware on a company system?

Application allow list

The management team notices that new accounts that are set up manually do not always have correct access or permissions. Which of the following automation techniques should a systems administrator use to streamline account creation?

User provisioning script

A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee's corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?

Endpoint

An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. Which of the following will help achieve these objectives?

Deploying a SASE solution to remote employees

Malware spread across a company's network after an employee visited a compromised industry blog. Which of the following best describes this type of attack?

Watering-hole

Which of the following is the most likely to be included as an element of communication in a security awareness program?

Reporting phishing attempts or other suspicious activities

To limit outbound DNS traffic originating from the internal network, and only allow it from the device with the IP address 10.50.10.25. What firewall ACL will accomplish this goal?

Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

A CISO wants to raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO's report?

Organized crime

Which of the following allows for the attribution of messages to individuals?

Non-repudiation

A company's legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?

Geolocation policy

Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?

Automation

A systems administrator wants to prevent users from being able to access data based on their responsibilities. The administrator also wants to apply the required access structure via a simplified format. Which of the following should the administrator apply to the site recovery resource group?

RBAC

Which of the following is the best reason to complete an audit in a banking environment?

Regulatory requirement

Which method to secure credit card data is best to use when a requirement is to see only the last four numbers on a credit card?

Masking

A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering. Which team will conduct this assessment activity?

Red

A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?

Performing code signing on company-developed software

An employee clicked a link in an email from a payment website that asked the employee to update contact information. The employee entered the log-in information but received a "page not found" error message. Which of the following types of social engineering attacks occurred?

Phishing

After a recent ransomware attack on a company's system, an administrator reviewed the log files. Which of the following control types did the administrator use?

Detective

A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?

Jailbreaking

A company is expanding its threat surface program and allowing individuals to security test the company's internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. What best describes the program the company is setting up?

Bug bounty

A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which data classifications should be used to secure patient data?

Sensitive

What would be the best way to handle a critical business application that is running on a legacy server?

Hardening

After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training?

Social engineering

Which of the following describes the process of concealing code or text inside a graphical image?

Steganography

A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?

SSO

An organization would like to store customer data on a separate part of the network that is not accessible to users on the main corporate network. Which of the following should the administrator use to accomplish this goal?

Segmentation

Which of the following enables the use of an input field to run commands that can view or manipulate data?

SQL injection

An engineer needs to find a solution that creates an added layer of security by preventing unauthorized access to internal company resources. Which of the following would be the best solution?

Jump server

A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy?

Sanitization

A company's web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?

http://

A technician needs to apply a high-priority patch to a production system. Which of the following steps should be taken first?

Create a change control request.

The marketing department set up its own project management software without telling the appropriate departments. Which of the following describes this scenario?

Shadow IT

An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device. Which of the following best describes the user's activity?

Insider threat

A Chief Information Security Officer wants to monitor the company's servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?

Enabling full packet capture for traffic entering and exiting the servers

A security administrator is deploying a DLP solution to prevent the exfiltration of sensitive customer data. Which of the following should the administrator do first?

Apply classifications to the data

While troubleshooting a firewall configuration, a technician determines that a "deny any" policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable. Which of the following actions would prevent this issue?

Testing the policy in a non-production environment before enabling the policy in the production network

Which of the following is required for an organization to properly manage its restore process in the event of system failure?

DRP

After a company was compromised, customers initiated a lawsuit. The company's attorneys have requested that the security team initiate a legal hold in response to the lawsuit. What action will the security team be most likely required to take?

Retain any communications related to the security breach until further notice.

A healthcare organization wants to provide a web application that allows individuals to digitally report health emergencies. Which of the following is the most important consideration during development?

Availability

After a security incident, a systems administrator asks the company to buy a NAC platform. Which of the following attack surfaces is the systems administrator trying to protect?

Wired

An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?

Whaling

Which of the following is used to validate a certificate when it is presented to a user?

OCSP

A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message. Which of the following should the analyst do?

Update the EDR policies to block automatic execution of downloaded programs

Which vulnerability is associated with installing software outside of a manufacturer's approved software repository?

Side loading

A client demands at least 99.99% uptime from a service provider's hosted security services. Which of the following documents includes the information the service provider should return to the client?

SLA

After an audit, an administrator discovers all users have access to confidential data on a file server. Which of the following should the administrator use to restrict access to the data quickly?

Access control lists

A security analyst scans a company's public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend?

Setting up a VPN and placing the jump server inside the firewall

Finding: telnet service on port 23 is open and uses an insecure network protocol. Analyst confirms telnet server supports encryption. What should the security analyst conclude for this reported vulnerability?

It is a false positive.

A security engineer is implementing FDE for all laptops in an organization. What are the most important factors for the engineer to consider as part of the planning process?

Key escrow and TPM presence

A company is discarding a classified storage array and hires an outside vendor to complete the disposal. Which of the following should the company request from the vendor?

Certification

An organization is leveraging a VPN between its headquarters and a branch location. Which of the following is the VPN protecting?

Data in transit

Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?

Risk register

Which of the following is used to quantitatively measure the criticality of a vulnerability?

CVSS

During an investigation, an incident response team attempts to understand the source of an incident. Which of the following incident response activities describes this process?

Analysis

One of a company's vendors sent an analyst a security bulletin that recommends a BIOS update. Which of the following vulnerability types is being addressed by the patch?

Firmware

Which vulnerability is exploited when an attacker overwrites a register with a malicious address?

Buffer overflow

A security operations center determines that the malicious activity detected on a server is normal. Which of the following activities describes the act of ignoring detected activity in the future?

Tuning

What has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?

Compensating control

A security analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate?

Secured zones

Security controls in a data center are being reviewed to ensure data is properly protected and that human life considerations are included. How should the controls be set up?

Safety controls should fail open.

A newly identified network access vulnerability has been found in the OS of legacy loT devices. What would best mitigate this vulnerability quickly?

Segmentation