SY0-701: CompTIA Security+ 2023

Q41. A newly identified network access vulnerability has been found in the OS of legacy IoT devices. Which of the following would best mitigate this vulnerability quickly?

A. Insurance
B. Patching
C. Segmentation
D. Replacement

Hint answer: C

Q42. A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?

A. Cross-site scripting
B. Buffer overflow
C. Jailbreaking
D. Side loading

Hint answer: C

Q43. A security team is reviewing the findings in a report that was delivered after a third party performed a penetration test. One of the findings indicated that a web application form field is vulnerable to cross-site scripting. Which of the following application security techniques should the security analyst recommend the developer implement to prevent this vulnerability?

A. Secure cookies
B. Version control
C. Input validation
D. Code signing

Hint answer: C

Q44. Which of the following security control types does an acceptable use policy best represent?

A. Detective
B. Compensating
C. Corrective
D. Preventive

Hint answer: D

Q45. Which of the following threat actors is the most likely to be hired by a foreign government to attack critical systems located in other countries?

A. Hacktivist
B. Whistleblower
C. Organized crime
D. Unskilled attacker

Hint answer: C

Q46. HOTSPOT –
You are a security administrator investigating a potential infection on a network.

INSTRUCTIONS –
Click on each host and firewall. Review all logs to determine which host originated the infection and then identify if each remaining host is clean or infected.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Q47. Which of the following must be considered when designing a high-availability network? (Choose two).

A. Ease of recovery
B. Ability to patch
C. Physical isolation
D. Responsiveness
E. Attack surface
F. Extensible authentication

Hint answer: A D

Q48. An organization would like to calculate the time needed to resolve a hardware issue with a server. Which of the following risk management processes describes this example?

A. Recovery point objective
B. Mean time between failures
C. Recovery time objective
D. Mean time to repair

Hint answer: D

Q49. A systems administrator is advised that an external web server is not functioning property. The administrator reviews the following firewall logs containing traffic going to the web server:

Which of the following attacks is likely occurring?

A. DDoS
B. Directory traversal
C. Brute-force
D. HTTPS downgrade

Hint answer: A

Q50. An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of .ryk. Which of the following types of infections is present on the systems?

A. Virus
B. Trojan
C. Spyware
D. Ransomware

Hint answer: D

Q51. A software developer released a new application and is distributing application files via the developer’s website. Which of the following should the developer post on the website to allow users to verify the integrity of the downloaded files?

A. Hashes
B. Certificates
C. Algorithms
D. Salting

Hint answer: A

Q52. An administrator has identified and fingerprinted specific files that will generate an alert if an attempt is made to email these files outside of the organization. Which of the following best describes the tool the administrator is using?

A. DLP
B. SNMP traps
C. SCAP
D. IPS

Hint answer: A

Q53. An enterprise is working with a third party and needs to allow access between the internal networks of both parties for a secure file migration. The solution needs to ensure encryption is applied to all traffic that is traversing the networks. Which of the following solutions should most likely be implemented?

A. EAP
B. IPSec
C. SD-WAN
D. TLS

Hint answer: B

Q54. The CIRT is reviewing an incident that involved a human resources recruiter exfiltrating sensitive company data. The CIRT found that the recruiter was able to use HTTP over port 53 to upload documents to a web server. Which of the following security infrastructure devices could have identified and blocked this activity?

A. WAF utilizing SSL decryption
B. NGFW utilizing application inspection
C. UTM utilizing a threat feed
D. SD-WAN utilizing IPSec

Hint answer: B

Q55. Which of the following describes effective change management procedures?

A. Approving the change after a successful deployment
B. Having a backout plan when a patch fails
C. Using a spreadsheet for tracking changes
D. Using an automatic change control bypass for security updates

Hint answer: B

Q56. Which of the following most impacts an administrator’s ability to address CVEs discovered on a server?

A. Rescanning requirements
B. Patch availability
C. Organizational impact
D. Risk tolerance

Hint answer: B

Q57. Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked. Which of the following changes would allow users to access the site?

A. Creating a firewall rule to allow HTTPS traffic
B. Configuring the IPS to allow shopping
C. Tuning the DLP rule that detects credit card data
D. Updating the categorization in the content filter

Hint answer: D

Q58. A bank set up a new server that contains customers’ PII. Which of the following should the bank use to make sure the sensitive data is not modified?

A. Full disk encryption
B. Network access control
C. File integrity monitoring
D. User behavior analytics

Hint answer: C

Q59. A company is redesigning its infrastructure and wants to reduce the number of physical servers in use. Which of the following architectures is best suited for this goal?

A. Serverless
B. Segmentation
C. Virtualization
D. Microservices

Hint answer: C

Q60. A systems administrator would like to deploy a change to a production system. Which of the following must the administrator submit to demonstrate that the system can be restored to a working state in the event of a performance issue?

A. Backout plan
B. Impact analysis
C. Test procedure
D. Approval procedure

Hint answer: A

Q61. A visitor plugs a laptop into a network jack in the lobby and is able to connect to the company’s network. Which of the following should be configured on the existing network infrastructure to best prevent this activity?

A. Port security
B. Web application firewall
C. Transport layer security
D. Virtual private network

Hint answer: A

Q62. During a penetration test, a vendor attempts to enter an unauthorized area using an access badge. Which of the following types of tests does this represent?

A. Defensive
B. Passive
C. Offensive
D. Physical

Hint answer: D

Q63. An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Choose two.)

A. Application
B. Authentication
C. DHCP
D. Network
E. Firewall
F. Database

Hint answer: D E

Q64. A company is experiencing a web services outage on the public network. The services are up and available but inaccessible. The network logs show a sudden increase in network traffic that is causing the outage. Which of the following attacks is the organization experiencing?

A. ARP poisoning
B. Brute force
C. Buffer overflow
D. DDoS

Hint answer: D

Q65. In order to strengthen a password and prevent a hacker from cracking it, a random string of 36 characters was added to the password. Which of the following best describes this technique?

A. Key stretching
B. Tokenization
C. Data masking
D. Salting

Hint answer: D

Q66. Which of the following would be most useful in determining whether the long-term cost to transfer a risk is less than the impact of the risk?

A. ARO
B. RTO
C. RPO
D. ALE
E. SLE

Hint answer: D

Q67. A systems administrator is changing the password policy within an enterprise environment and wants this update implemented on all systems as quickly as possible. Which of the following operating system security measures will the administrator most likely use?

A. Deploying PowerShell scripts
B. Pushing GPO update
C. Enabling PAP
D. Updating EDR profiles

Hint answer: B

Q68. An engineer moved to another team and is unable to access the new team’s shared folders while still being able to access the shared folders from the former team. After opening a ticket, the engineer discovers that the account was never moved to the new group. Which of the following access controls is most likely causing the lack of access?

A. Role-based
B. Discretionary
C. Time of day
D. Least privilege

Hint answer: A

Q69. Which of the following is the best way to secure an on-site data center against intrusion from an insider?

A. Bollards
B. Access badge
C. Motion sensor
D. Video surveillance

Hint answer: B

Q70. An organization is leveraging a VPN between its headquarters and a branch location. Which of the following is the VPN protecting?

A. Data in use
B. Data in transit
C. Geographic restrictions
D. Data sovereignty

Hint answer: B

Q71. Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software?

A. Configure all systems to log scheduled tasks.
B. Collect and monitor all traffic exiting the network.
C. Block traffic based on known malicious signatures.
D. Install endpoint management software on all systems

Hint answer: D

Q72. Which of the following is used to quantitatively measure the criticality of a vulnerability?

A. CVE
B. CVSS
C. CIA
D. CERT

Hint answer: B

Q73. One of a company’s vendors sent an analyst a security bulletin that recommends a BIOS update. Which of the following vulnerability types is being addressed by the patch?

A. Virtualization
B. Firmware
C. Application
D. Operating system

Hint answer: B

Q74. Which of the following involves an attempt to take advantage of database misconfigurations?

A. Buffer overflow
B. SQL injection
C. VM escape
D. Memory injection

Hint answer: B

Q75. A systems administrator is working on a solution with the following requirements:
• Provide a secure zone.
• Enforce a company-wide access control policy.
• Reduce the scope of threats.
Which of the following is the systems administrator setting up?

A. Zero Trust
B. AAA
C. Non-repudiation
D. CIA

Hint answer: A

Q76. A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?

A. Default credentials
B. Non-segmented network
C. Supply chain vendor
D. Vulnerable software

Hint answer: D

Q77. A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours. Which of the following is most likely occurring?

A. A worm is propagating across the network.
B. Data is being exfiltrated.
C. A logic bomb is deleting data.
D. Ransomware is encrypting files.

Hint answer: B

Q78. Which of the following describes the maximum allowance of accepted risk?

A. Risk indicator
B. Risk level
C. Risk score
D. Risk threshold

Hint answer: D

Q79. A company’s marketing department collects, modifies, and stores sensitive customer data. The infrastructure team is responsible for securing the data while in transit and at rest. Which of the following data roles describes the customer?

A. Processor
B. Custodian
C. Subject
D. Owner

Hint answer: C

Q80. A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users. Which of the following would be a good use case for this task?

A. Off-the-shelf software
B. Orchestration
C. Baseline
D. Policy enforcement

Hint answer: B