• Home
  • Articles
  • Prepare for the Actual CompTIA Security+ SY0-701 Exam Practice Materials Collection [Q98-Q120]

Prepare for the Actual CompTIA Security+ SY0-701 Exam Practice Materials Collection [Q98-Q120]

Share

Prepare for the Actual CompTIA Security+ SY0-701 Exam Practice Materials Collection

CompTIA Security+ Certified Official Practice Test SY0-701 - Feb-2025

NEW QUESTION # 98
A company is concerned about weather events causing damage to the server room and downtime. Which of the following should the company consider?

  • A. Clustering servers
  • B. Off-site backups
  • C. Geographic dispersion
  • D. Load balancers

Answer: C

Explanation:
Geographic dispersion is a strategy that involves distributing the servers or data centers across different geographic locations. Geographic dispersion can help the company to mitigate the risk of weather events causing damage to the server room and downtime, as well as improve the availability, performance, and resilience of the network. Geographic dispersion can also enhance the disaster recovery and business continuity capabilities of the company, as it can provide backup and failover options in case of a regional outage or disruption12.
The other options are not the best ways to address the company's concern:
Clustering servers: This is a technique that involves grouping multiple servers together to act as a single system. Clustering servers can help to improve the performance, scalability, and fault tolerance of the network, but it does not protect the servers from physical damage or downtime caused by weather events, especially if the servers are located in the same room or building3.
Load balancers: These are devices or software that distribute the network traffic or workload among multiple servers or resources. Load balancers can help to optimize the utilization,efficiency, and reliability of the network, but they do not prevent the servers from being damaged or disrupted by weather events, especially if the servers are located in the same room or building4.
Off-site backups: These are copies of data or files that are stored in a different location than the original source. Off-site backups can help to protect the data from being lost or corrupted by weather events, but they do not prevent the servers from being damaged or disrupted by weather events, nor do they ensure the availability or continuity of the network services.
References = 1: CompTIA Security+ SY0-701 Certification Study Guide, page 972: High Availability - CompTIA Security+ SY0-701 - 3.4, video by Professor Messer3: CompTIA Security+ SY0-701 CertificationStudy Guide, page 984: CompTIA Security+ SY0-701 Certification Study Guide, page 99. :
CompTIA Security+ SY0-701 Certification Study Guide, page 100.


NEW QUESTION # 99
A security investigation revealed that malicious software was installed on a server using a server administrator's credentials. During the investigation, the server administrator explained that Telnet was regularly used to log in. Which of the following most likely occurred?

  • A. A packet capture tool was used to steal the password.
  • B. A remote-access Trojan was used to install the malware.
  • C. A dictionary attack was used to log in as the server administrator.
  • D. A spraying attack was used to determine which credentials to use.

Answer: A

Explanation:
Telnet transmits data, including credentials, in plaintext, making it vulnerable to interception. A packet capture tool could easily capture the login credentials being transmitted, allowing an attacker to gain unauthorized access to the server.


NEW QUESTION # 100
The CIRT is reviewing an incident that involved a human resources recruiter exfiltration sensitive company data. The CIRT found that the recruiter was able to use HTTP over port 53 to upload documents to a web server. Which of the following security infrastructure devices could have identified and blocked this activity?

  • A. SD-WAN utilizing IPSec
  • B. NGFW utilizing application inspection
  • C. WAF utilizing SSL decryption
  • D. UTM utilizing a threat feed

Answer: B

Explanation:
An NGFW (Next-Generation Firewall) utilizing application inspection could have identified and blocked the unusual use of HTTP over port 53. Application inspection allows NGFWs to analyze traffic at the application layer, identifying and blocking suspicious or non-standard protocol usage, such as HTTP traffic on DNS port
53.
* NGFW utilizing application inspection: Inspects traffic at the application layer and can block non- standard protocol usage, such as HTTP over port 53.
* WAF utilizing SSL decryption: Focuses on protecting web applications and decrypting SSL traffic but may not detect the use of HTTP over port 53.
* UTM utilizing a threat feed: Provides comprehensive security but may not focus specifically on application layer inspection.
* SD-WAN utilizing IPSec: Enhances secure WAN connections but is not primarily designed to inspect and block specific application traffic.


NEW QUESTION # 101
Which of the following describes a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system?

  • A. SIEM
  • B. SNMP
  • C. IDS
  • D. DLP

Answer: A

Explanation:
Explanation
SIEM stands for Security Information and Event Management. It is a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system. SIEM can analyze the collected data, correlate events, generate alerts, and provide reports and dashboards. SIEM can also integrate with other security tools and support compliance requirements. SIEM helps organizations to detect and respond to cyber threats, improve security posture, and reduce operational costs. References:
CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 10: Monitoring and Auditing, page
393. CompTIA Security+ Practice Tests: Exam SY0-701, 3rd Edition, Chapter 10: Monitoring and Auditing, page 397.


NEW QUESTION # 102
Company A jointly develops a product with Company B, which is located in a different country. Company A finds out that their intellectual property is being shared with unauthorized companies. Which of the following has been breached?

  • A. MOA
  • B. SLA
  • C. AUP
  • D. SOW

Answer: A

Explanation:
Detailed Explanation:A Memorandum of Agreement (MOA) outlines terms of cooperation, including restrictions on sharing intellectual property. A breach indicates the terms of the agreement were violated, compromising confidentiality or usage terms. Reference: CompTIA Security+ SY0-701 Study Guide, Domain 5: Security Program Management, Section: "Third-Party Risk Management".


NEW QUESTION # 103
Which of the following threat actors is themostlikely to use large financial resources to attack critical systems located in other countries?

  • A. Hacktivist
  • B. Unskilled attacker
  • C. Insider
  • D. Nation-state

Answer: D

Explanation:
A nation-state is a threat actor that is sponsored by a government or a political entity to conduct cyberattacks against other countries or organizations. Nation-states have large financial resources, advanced technical skills, and strategic objectives that may target critical systems such as military, energy, or infrastructure. Nation-states are often motivated by espionage, sabotage, or warfare12. References = 1:
CompTIA Security+ SY0-701 Certification Study Guide, page 542: Threat Actors - CompTIA Security+ SY0-701 - 2.1, video by Professor Messer.


NEW QUESTION # 104
You are security administrator investigating a potential infection on a network.
Click on each host and firewall. Review all logs to determine which host originated the Infecton and then deny each remaining hosts clean or infected.

Answer:

Explanation:

Explanation:
Based on the logs, it seems that the host that originated the infection is 192.168.10.22. This host has a suspicious process named svchost.exe running on port 443, which is unusual for a Windows service. It also has a large number of outbound connections to different IP addresses on port 443, indicating that it is part of a botnet.
The firewall log shows that this host has been communicating with 10.10.9.18, which is another infected host on the engineering network. This host also has a suspicious process named svchost.exe running on port 443, and a large number of outbound connections to different IP addresses on port 443.
The other hosts on the R&D network (192.168.10.37 and 192.168.10.41) are clean, as they do not have any suspicious processes or connections.


NEW QUESTION # 105
After a company was compromised, customers initiated a lawsuit. The company's attorneys have requested that the security team initiate a legal hold in response to the lawsuit. Which of the following describes the action the security team will most likely be required to take?

  • A. Retain all emails from the company to affected customers for an indefinite period of time.
  • B. Retain any communications related to the security breach until further notice.
  • C. Retain any communications between security members during the breach response.
  • D. Retain the emails between the security team and affected customers for 30 days.

Answer: B

Explanation:
A legal hold (also known as a litigation hold) is a notification sent from an organization's legal team to employees instructing them not to delete electronically stored information (ESI) or discard paper documents that may be relevant to a new or imminent legal case. A legal hold is intended to preserve evidence and prevent spoliation, which is the intentional or negligent destruction of evidence that could harm a party's case. A legal hold can be triggered by various events, such as a lawsuit, a regulatory investigation, or a subpoena12 In this scenario, the company's attorneys have requested that the security team initiate a legal hold in response to the lawsuit filed by the customers after the company wascompromised. This means that the security team will most likely be required to retain any communications related to the security breach until further notice.
This could include emails, instant messages, reports, logs, memos, or any other documents that could be relevant to the lawsuit. The security team should also inform the relevant custodians (the employees who have access to or control over the ESI) of their preservation obligations and monitor their compliance. The security team should also document the legal hold process and its scope, as well as take steps to protect the ESI from alteration, deletion, or loss34 References:
1: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 6: Risk Management, page 303 2:
CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 6: Risk Management, page 305 3:
Legal Hold (Litigation Hold) - The Basics of E-Discovery - Exterro 5 4: The Legal Implications and Consequences of a Data Breach 6


NEW QUESTION # 106
An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate?

  • A. Adaptive identity
  • B. Threat scope reduction
  • C. Secured zones
  • D. Subject role

Answer: C

Explanation:
Secured zones are a key component of the Zero Trust data plane, which is the layer where data is stored, processed, and transmitted. Secured zones are logical or physical segments of the network that isolate data and resources based on their sensitivity and risk. Secured zones enforce granular policies and controls to prevent unauthorized access and lateral movement within the network1.


NEW QUESTION # 107
Which of the following agreement types defines the time frame in which a vendor needs to respond?

  • A. MOA
  • B. MOU
  • C. SOW
  • D. SLA

Answer: D

Explanation:
A service level agreement (SLA) is a type of agreement that defines the expectations and responsibilities between a service provider and a customer. It usually includes the quality, availability, and performance metrics of the service, as well as the time frame in which the provider needs to respond to service requests, incidents, or complaints. An SLA can help ensure that the customer receives the desired level of service and that the provider is accountable for meeting the agreed-upon standards.
References:
* Security+ (Plus) Certification | CompTIA IT Certifications, under "About the exam", bullet point 3:
* "Operate with an awareness of applicable regulations and policies, including principles of governance, risk, and compliance."
* CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 1, page 14: "Service Level Agreements (SLAs) are contracts between a service provider and a customer that specify the level of service expected from the service provider."


NEW QUESTION # 108
Which of the following is the best reason to complete an audit in a banking environment?

  • A. Organizational change
  • B. Regulatory requirement
  • C. Self-assessment requirement
  • D. Service-level requirement

Answer: B

Explanation:
Explanation
A regulatory requirement is a mandate imposed by a government or an authority that must be followed by an organization or an individual. In a banking environment, audits are often required by regulators to ensure compliance with laws, standards, and policies related to security, privacy, and financial reporting. Audits help to identify and correct any gaps or weaknesses in the security posture and the internal controls of the organization.
References:
Official CompTIA Security+ Study Guide (SY0-701), page 507
Security+ (Plus) Certification | CompTIA IT Certifications 2


NEW QUESTION # 109
Which of the following provides the details about the terms of a test with a third-party penetration tester?

  • A. Due diligence
  • B. Supply chain analysis
  • C. Rules of engagement
  • D. Right to audit clause

Answer: C

Explanation:
Rules of engagement are the detailed guidelines and constraints regarding the execution of information security testing, such as penetration testing. They define the scope, objectives, methods, and boundaries of the test, as well as the roles and responsibilities of the testers and the clients. Rules of engagement help to ensure that the test is conducted in a legal, ethical, and professional manner, and that the results are accurate and reliable. Rules of engagement typically include the following elements:
The type and scope of the test, such as black box, white box, or gray box, and the target systems, networks, applications, or data.
The client contact details and the communication channels for reporting issues, incidents, or emergencies during the test.
The testing team credentials and the authorized tools and techniques that they can use.
The sensitive data handling and encryption requirements, such as how to store, transmit, or dispose of any data obtained during the test.
The status meeting and report schedules, formats, and recipients, as well as the confidentiality and non-disclosure agreements for the test results.
The timeline and duration of the test, and the hours of operation and testing windows.
The professional and ethical behavior expectations for the testers, such as avoiding unnecessary damage, disruption, or disclosure of information.
Supply chain analysis, right to audit clause, and due diligence are not related to the terms of a test with a third-party penetration tester. Supply chain analysis is the process of evaluating the security and risk posture of the suppliers and partners in a business network. Right to audit clause is a provision in a contract that gives one party the right to audit another party to verify their compliance with the contract terms and conditions. Due diligence is the process of identifying and addressing the cyber risks that a potential vendor or partner brings to an organization.
Reference = https://www.yeahhub.com/every-penetration-tester-you-should-know-about-this-rules-of-engagement/
https://bing.com/search?q=rules+of+engagement+penetration+testing


NEW QUESTION # 110
A security administrator is addressing an issue with a legacy system that communicates data using an unencrypted protocol to transfer sensitive data to a third party. No software updates that use an encrypted protocol are available, so a compensating control is needed. Which of the following are the most appropriate for the administrator to suggest? (Select two.)

  • A. Tokenization
  • B. Segmentation
  • C. Data masking
  • D. Cryptographic downgrade
  • E. Patch installation
  • F. SSH tunneling

Answer: B,F

Explanation:
Detailed Explanation:SSH tunneling can secure the unencrypted protocol by encapsulating traffic in an encrypted tunnel. Segmentation isolates the legacy system, reducing the risk of unauthorized access.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 2: Threats, Section: "Compensating Controls for Legacy Systems".


NEW QUESTION # 111
Which of the following is the most likely to be included as an element of communication in a security awareness program?

  • A. Detecting insider threats using anomalous behavior recognition
  • B. Reporting phishing attempts or other suspicious activities
  • C. Performing social engineering as part of third-party penetration testing
  • D. Verifying information when modifying wire transfer data

Answer: B

Explanation:
A security awareness program is a set of activities and initiatives that aim to educate and inform the users and employees of an organization about the security policies, procedures, and best practices. A security awareness program can help to reduce the human factor in security risks, such as social engineering, phishing, malware, data breaches, and insider threats. A security awareness program should include various elements of communication, such as newsletters, posters, videos, webinars, quizzes, games, simulations, and feedback mechanisms, to deliver the security messages and reinforce the security culture. One of the most likely elements of communication to be included in a security awareness program is reporting phishing attempts or other suspicious activities, as this can help to raise the awareness of the users and employees about the common types of cyberattacks and how to respond to them. Reporting phishing attempts or other suspicious activities can also help to alert the security team and enable them to take appropriate actions to prevent or mitigate the impact of the attacks. Therefore, this is the best answer among the given options.
The other options are not as likely to be included as elements of communication in a security awareness program, because they are either technical or operational tasks that are not directly related to the security awareness of the users and employees. Detecting insider threats using anomalous behavior recognition is a technical task that involves using security tools or systems to monitor and analyze the activities and behaviors of the users and employees and identify any deviations or anomalies that may indicate malicious or unauthorized actions. This task is usually performed by the security team or the security operations center, and it does not require the communication or participation of the users and employees. Verifying information when modifying wire transfer data is an operational task that involves using verification methods, such as phone calls, emails, or digital signatures, to confirm the authenticity and accuracy of the information related to wire transfers, such as the account number, the amount, or the recipient. This task is usually performed by the financial or accounting department, and it does not involve the security awareness of the users and employees. Performing social engineering as part of third-party penetration testing is a technical task that involves using deception or manipulation techniques, such as phishing, vishing, or impersonation, to test the security posture and the vulnerability of the users and employees to social engineering attacks. This task is usually performed by external security professionals or consultants, and it does not require the communication or consent of the users and employees. Therefore, these options are not the best answer for this question. Reference = Security Awareness and Training - CompTIA Security+ SY0-701: 5.2, video at 0:00; CompTIA Security+ SY0-701 Certification Study Guide, page 263.


NEW QUESTION # 112
The Chief Information Security Officer (CISO) has determined the company is non-compliant with local data privacy regulations. The CISO needs to justify the budget request for more resources.
Which of the following should the CISO present to the board as the direct consequence of non- compliance?

  • A. Sanctions
  • B. Contractual implications
  • C. Fines
  • D. Reputational damage

Answer: C


NEW QUESTION # 113
After a security incident, a systems administrator asks the company to buy a NAC platform. Which of the following attack surfaces is the systems administrator trying to protect?

  • A. Wired
  • B. SCADA
  • C. NFC
  • D. Bluetooth

Answer: A

Explanation:
A NAC (network access control) platform is a technology that enforces security policies on devices that attempt to access a network. A NAC platform can verify the identity, role, and compliance of the devices, and grant or deny access based on predefined rules. A NAC platform can protect both wired and wireless networks, but in this scenario, the systems administrator is trying to protect the wired attack surface, which is the set of vulnerabilities that can be exploited through a physical connection to the network12.


NEW QUESTION # 114
An auditor discovered multiple insecure ports on some servers. Other servers were found to have legacy protocols enabled. Which of the following tools did the auditor use to discover these issues?

  • A. curl
  • B. netcat
  • C. Wireshark
  • D. Nessus

Answer: D

Explanation:
Nessus is a vulnerability scanner that can identify insecure ports, legacy protocols, and other security issues on servers. It is designed to detect vulnerabilities and misconfigurations in systems.


NEW QUESTION # 115
A security analyst is reviewing the following logs:

Which of the following attacks is most likely occurring?

  • A. Pass-t he-hash
  • B. Brute-force
  • C. Account forgery
  • D. Password spraying

Answer: D

Explanation:
Password spraying is a type of brute force attack that tries common passwords across several accounts to find a match. It is a mass trial-and-error approach that can bypass account lockout protocols. It can give hackers access to personal or business accounts and information. It is not a targeted attack, but a high-volume attack tactic that uses a dictionary or a list of popular or weak passwords12.
The logs show that the attacker is using the same password ("password123") to attempt to log in to different accounts ("admin", "user1", "user2", etc.) on the same web server. This is a typical pattern of password spraying, as the attacker is hoping that at least one of the accounts has a weak password that matches the one they are trying. The attacker is also using a tool called Hydra, which is one of the most popular brute force tools, often used in cracking passwords for network authentication3.
Account forgery is not the correct answer, because it involves creating fake accounts or credentials to impersonate legitimate users or entities. There is no evidence of account forgery in the logs, as the attacker is not creating any new accounts or using forged credentials.
Pass-the-hash is not the correct answer, because it involves stealing a hashed user credential and using it to create a new authenticated session on the same network. Pass-the-hash does not require the attacker to know or crack the password, as they use the stored version of the password to initiate a new session4. The logs show that the attacker is using plain text passwords, not hashes, to try to log in to the web server.
Brute-force is not the correct answer, because it is a broader term that encompasses different types of attacks that involve trying different variations of symbols or words until the correct password is found. Password spraying is a specific type of brute force attack that uses a single common password against multiple accounts5. The logs show that the attacker is using password spraying, not brute force in general, to try to gain access to the web server. References = 1: Password spraying: An overview of password spraying attacks ... - Norton, 2: Security: Credential Stuffing vs. Password Spraying - Baeldung, 3: Brute Force Attack: A definition + 6 types to know | Norton, 4: What is a Pass-the-Hash Attack? - CrowdStrike, 5: What is a Brute Force Attack? | Definition, Types & How It Works - Fortinet


NEW QUESTION # 116
An engineer needs to find a solution that creates an added layer of security by preventing unauthorized access to internal company resources. Which of the following would be thebestsolution?

  • A. Proxy server
  • B. Jump server
  • C. Hypervisor
  • D. RDP server

Answer: B

Explanation:
= A jump server is a server that acts as an intermediary between a user and a target system. A jump server can provide an added layer of security by preventing unauthorized access to internal company resources. A user can connect to the jump server using a secure protocol, such as SSH, and then access the target system from the jump server. This way, the target system is isolated from the external network and only accessible through the jump server. A jump server can also enforce security policies, such as authentication, authorization, logging, and auditing, on the user's connection. A jump server is also known as a bastion host or a jump box. References = CompTIA Security+ Certification Exam Objectives, Domain 3.3: Given a scenario, implement secure network architecture concepts. CompTIA Security+ Study Guide(SY0-701), Chapter 3:
Network Architecture and Design, page 101. Other Network Appliances - SY0-601 CompTIA Security+ : 3.3, Video 3:03. CompTIA Security+ Certification Exam SY0-701 Practice Test 1, Question 2.


NEW QUESTION # 117
A company wants to track modifications to the code used to build new virtual servers. Which of the following will the company most likely deploy?

  • A. Collaboration platform
  • B. Version control tool
  • C. Change management ticketing system
  • D. Behavioral analyzer

Answer: B

Explanation:
Detailed Explanation:A version control tool, such as Git, tracks changes made to code, maintains history, and allows developers to manage and revert to earlier versions when needed. This ensures accountability and control over modifications. Reference: CompTIA Security+ SY0-701 Study Guide, Domain 3: Security Architecture, Section: "Version Control and Documentation".


NEW QUESTION # 118
Which of the following risk management strategies should an enterprise adopt first if a legacy application is critical to business operations and there are preventative controls that are not yet implemented?

  • A. Transfer
  • B. Avoid
  • C. Mitigate
  • D. Accept

Answer: C

Explanation:
Mitigate is the risk management strategy that involves reducing the likelihood or impact of a risk. If a legacy application is critical to business operations and there are preventative controls that are not yet implemented, the enterprise should adopt the mitigate strategy first to address the existing vulnerabilities and gaps in the application. This could involve applying patches, updates, or configuration changes to the application, or adding additional layers of security controls around the application. Accept, transfer, and avoid are other risk management strategies, but they are not the best options for this scenario. Accept means acknowledging the risk and accepting the consequences without taking any action. Transfer means shifting the risk to a third party, such as an insurance company or a vendor. Avoid means eliminating the risk by removing the source or changing the process. These strategies may not be feasible or desirable for a legacy application that is critical to business operations and has no preventative controls in place. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 1221; A Risk-Based Framework for Legacy System Migration and Deprecation2


NEW QUESTION # 119
Which of the following vulnerabilities is exploited when an attacker overwrites a register with a malicious address?

  • A. Race condition
  • B. VM escape
  • C. Buffer overflow
  • D. SQL injection

Answer: C


NEW QUESTION # 120
......

Ace CompTIA SY0-701 Certification with Actual Questions Feb 15, 2025 Updated: https://vce4exams.practicevce.com/CompTIA/SY0-701-practice-exam-dumps.html

Related Articles

more
CompTIA SY0-701 Certification Practice Exam