What Verified SY0-701 Sample Question Is

NEW QUESTION 1

A store receives reports that shoppers’ credit card information is being stolen. Upon further analysis, those same shoppers also withdrew money from an ATM in that store.
The attackers are using the targeted shoppers’ credit card information to make online purchases. Which of the following attacks is the MOST probable cause?

• A. Identity theft
• B. RFID cloning
• C. Shoulder surfing
• D. Card skimming

Answer: D

Explanation:
The attackers are using card skimming to steal shoppers' credit card information, which they use to make online purchases. References:
CompTIA Security+ Study Guide Exam SY0-601, Chapter 5

NEW QUESTION 2

Which of the following identifies the point in time when an organization will recover data in the event of an outage?

• A. SLA
• B. RPO
• C. MTBF
• D. ARO

Answer: B

Explanation:
Detailed
Recovery Point Objective (RPO) is the maximum duration of time that an organization can tolerate data loss in the event of an outage. It identifies the point in time when data recovery must begin, and any data loss beyond that point is considered unacceptable.
Reference: CompTIA Security+ Certification Guide, Exam SY0-601 by Mike Chapple and David Seidl, Chapter-7: Incident Response and Recovery, Objective 7.2: Compare and contrast business continuity and disaster recovery concepts, pp. 349-350.

NEW QUESTION 3

A cyber security administrator is using iptables as an enterprise firewall. The administrator created some rules, but the network now seems to be unresponsive. All connections are being dropped by the firewall Which of the following would be the best option to remove the rules?

• A. # iptables -t mangle -X
• B. # iptables -F
• C. # iptables -2
• D. # iptables -P INPUT -j DROP

Answer: B

Explanation:
iptables is a command-line tool that allows an administrator to configure firewall rules for a Linux system. The -F option flushes or deletes all the existing rules in the selected chain or in all chains if none is given. It can be used to remove the rules that caused the network to be unresponsive and restore the default firewall behavior.

NEW QUESTION 4

A security administrator wants to implement a program that tests a user's ability to recognize attacks over the organization's email system Which of the following would be BEST suited for this task?

• A. Social media analysis
• B. Annual information security training
• C. Gamification
• D. Phishing campaign

Answer: D

Explanation:
A phishing campaign is a simulated attack that tests a user's ability to recognize attacks over the organization's email system. Phishing campaigns can be used to train users on how to identify and report suspicious emails.
References: CompTIA Security+ Study Guide, Exam SY0-601, 4th Edition, Chapter 2: Technologies and Tools, pp. 85-86.

NEW QUESTION 5

A desktop support technician recently installed a new document-scanning software program on a computer. However, when the end user tried to launch the program, it did not respond. Which of the following is MOST likely the cause?

• A. A new firewall rule is needed to access the application.
• B. The system was quarantined for missing software updates.
• C. The software was not added to the application whitelist.
• D. The system was isolated from the network due to infected software

Answer: C

Explanation:
The most likely cause of the document-scanning software program not responding when launched by the end user is that the software was not added to the application whitelist. An application whitelist is a list of approved software applications that are allowed to run on a system. If the software is not on the whitelist, it may be blocked from running by the system's security policies. Adding the software to the whitelist should resolve the issue and allow the program to run. References: https://www.techopedia.com/definition/31541/application-whitelisting

NEW QUESTION 6

An organization recently acquired an ISO 27001 certification. Which of the following would MOST likely be considered a benefit of this certification?

• A. It allows for the sharing of digital forensics data across organizations
• B. It provides insurance in case of a data breach
• C. It provides complimentary training and certification resources to IT security staff.
• D. It certifies the organization can work with foreign entities that require a security clearance
• E. It assures customers that the organization meets security standards

Answer: E

Explanation:
ISO 27001 is an international standard that outlines the requirements for an Information Security Management System (ISMS). It provides a framework for managing and protecting sensitive information using risk management processes. Acquiring an ISO 27001 certification assures customers that the organization meets security standards and follows best practices for information security management. It helps to build customer trust and confidence in the organization's ability to protect their sensitive information. References: CompTIA Security+ Certification Exam Objectives, Exam Domain 1.0: Attacks, Threats, and Vulnerabilities, 1.2 Given a scenario, analyze indicators of compromise and determine the type of malware, p. 7

NEW QUESTION 7

A security team suspects that the cause of recent power consumption overloads is the unauthorized use of empty power outlets in the network rack. Which of the following options will mitigate this issue without compromising the number of outlets available?

• A. Adding a new UPS dedicated to the rack
• B. Installing a managed PDU
• C. Using only a dual power supplies unit
• D. Increasing power generator capacity

Answer: B

Explanation:
Installing a managed PDU is the most appropriate option to mitigate the issue without compromising the number of outlets available. A managed Power Distribution Unit (PDU) helps monitor, manage, and control power consumption at the rack level. By installing a managed PDU, the security team will have greater visibility into power usage in the network rack, and they can identify and eliminate unauthorized devices that consume excessive power from empty outlets.
https://www.comptia.org/training/books/security-sy0-601-study-guide

NEW QUESTION 8

An organization wants to integrate its incident response processes into a workflow with automated decision points and actions based on predefined playbooks. Which of the following should the organization implement?

• A. SIEM
• B. SOAR
• C. EDR
• D. CASB

Answer: B

Explanation:
Security Orchestration, Automation, and Response (SOAR) should be implemented to integrate incident response processes into a workflow with automated decision points and actions based on predefined playbooks. References: CompTIA Security+ Study Guide, Exam SY0-601, Chapter 9

NEW QUESTION 9

An employee used a corporate mobile device during a vacation Multiple contacts were modified in the device vacation Which of the following method did attacker to insert the contacts without having 'Physical access to device?

• A. Jamming
• B. BluJacking
• C. Disassoaatm
• D. Evil twin

Answer: B

Explanation:
bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers. Bluejacking does not involve device hijacking, despite what the
name implies. In this context, a human might say that the best answer to the question is B. BluJacking, because it is a method that can insert contacts without having physical access to the device.

NEW QUESTION 10

After segmenting the network, the network manager wants to control the traffic between the segments. Which of the following should the manager use to control the network traffic?

• A. A DMZ
• B. A VPN a
• C. A VLAN
• D. An ACL

Answer: D

Explanation:
After segmenting the network, a network manager can use an access control list (ACL) to control the traffic between the segments. An ACL is a set of rules that permit or deny traffic based on its characteristics, such as the source and destination IP addresses, protocol type, and port number. References: CompTIA Security+ Certification Guide, Exam SY0-501

NEW QUESTION 11

A security engineer is installing a WAF to protect the company's website from malicious web requests over SSL. Which of the following is needed to meet the objective?

• A. A reverse proxy
• B. A decryption certificate
• C. A spill-tunnel VPN
• D. Load-balanced servers

Answer: B

Explanation:
A Web Application Firewall (WAF) is a security solution that protects web applications from various types of attacks such as SQL injection, cross-site scripting (XSS), and others. It is typically deployed in front of web servers to inspect incoming traffic and filter out malicious requests.
To protect the company’s website from malicious web requests over SSL, a decryption certificate is needed to decrypt the SSL traffic before it reaches the WAF. This allows the WAF to inspect the traffic and filter out malicious requests.

NEW QUESTION 12

A data cento has experienced an increase in under-voltage events Mowing electrical grid maintenance outside the facility These events are leading to occasional losses of system availability Which of the following would be the most cost-effective solution for the data center 10 implement''

• A. Uninterruptible power supplies with battery backup
• B. Managed power distribution units lo track these events
• C. A generator to ensure consistent, normalized power delivery
• D. Dual power supplies to distribute the load more evenly

Answer: A

Explanation:
Uninterruptible power supplies with battery backup would be the most cost-effective solution for the data center to implement to prevent under-voltage events following electrical grid maintenance outside the facility. An uninterruptible power supply (UPS) is a device that provides emergency power to a load when the main power source fails or drops below an acceptable level. A UPS with battery backup can help prevent under-voltage events by switching to battery power when it detects a voltage drop or outage in the main power source. A UPS with battery backup can also protect the data center equipment from power surges or spikes.
References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.apc.com/us/en/faqs/FA158852/

NEW QUESTION 13

A security investigation revealed mat malicious software was installed on a server using a server administrator credentials. During the investigation the server administrator explained that Telnet was regularly used to log in. Which of the blowing most likely occurred?

• A. A spraying attack was used to determine which credentials to use
• B. A packet capture tool was used to steal the password
• C. A remote-access Trojan was used to install the malware
• D. A directory attack was used to log in as the server administrator

Answer: B

Explanation:
Telnet is an insecure protocol that transmits data in cleartext over the network. This means that anyone who can intercept the network traffic can read the data, including the username and password of the server administrator. A packet capture tool is a software or hardware device that can capture and analyze network packets. An attacker can use a packet capture tool to steal the password and use it to install malicious software on the server. References: https://www.comptia.org/content/guides/what-is-network-security

NEW QUESTION 14

A security manager is attempting to meet multiple security objectives in the next fiscal year. The security manager has proposed the purchase of the following four items:
Vendor A:
1- Firewall
1-12 switch Vendor B: 1- Firewall
1-12 switch
Which of the following security objectives is the security manager attempting to meet? (Select two).

• A. Simplified patch management
• B. Scalability
• C. Zero-day attack tolerance
• D. Multipath
• E. Replication
• F. Redundancy

Answer: EF

Explanation:
* F. Redundancy is a security objective that aims to ensure availability and resilience of systems and data by having backup or alternative components or resources that can take over in case of a failure. By purchasing two firewalls and two switches from different vendors, the security manager is creating redundancy for the network devices and reducing the single point of failure risk. E. Replication is a security objective that aims to ensure integrity and availability of data by creating copies or duplicates of the data across different locations or devices. By purchasing two firewalls and two switches from different vendors, the security manager is enabling replication of the network traffic and data across different paths and devices. References: 1
CompTIA Security+ Certification Exam Objectives, page 9, Domain 2.0: Architecture and Design, Objective 2.3:
Summarize secure application development, deployment, and automation concepts 2
CompTIA Security+ Certification Exam Objectives, page 11, Domain 2.0: Architecture and Design, Objective 2.5: Explain the importance of physical security controls 3
CompTIA Security+ Certification Exam Objectives, page 13,
Domain 3.0: Implementation, Objective 3.2: Implement secure protocols

NEW QUESTION 15

An internet company has created a new collaboration application. To expand the user base, the company wants to implement an option that allows users to log in to the application with the
credentials of her popular websites. Which of the following should the company implement?

• A. SSO
• B. CHAP
• C. 802.1X
• D. OpenlD

Answer: A

Explanation:
SSO stands for Single Sign-On, which is a technology that allows users to log in to multiple websites using a single set of credentials, such as a username and password or a digital certificate. SSO eliminates the need for users to create and remember multiple accounts and passwords for different websites, and simplifies the authentication process. SSO also enhances security by reducing the risk of password reuse, phishing, and identity theft.
An internet company that has created a new collaboration application can implement SSO to allow users to log in to the application with the credentials of other popular websites, such as Google, Facebook, or Twitter. This way, users do not have to create a new account for the application, and can use their existing accounts from other websites that they trust and use frequently. This can increase the user base and the convenience of the application.
Some examples of SSO technologies are OpenID, OAuth, and SAML. These technologies provide different ways of establishing trust and exchanging information between the websites that act as identity providers (IDPs) and the websites that act as relying parties (RPs). The IDPs are the websites that authenticate the users and provide their credentials or attributes to the RPs. The RPs are the websites that accept the users’ credentials or attributes from the IDPs and grant them access to their services.

NEW QUESTION 16

An IT manager is estimating the mobile device budget for the upcoming year. Over the last five years, the number of devices that were replaced due to loss, damage, or theft steadily increased by 10%. Which of the following would best describe the estimated number of devices to be replaced next year?

• A. SLA
• B. ARO
• C. RPO
• D. SLE

Answer: B

Explanation:
ARO stands for annualized rate of occurrence, which is a metric that estimates how often a threat event will occur within a year. ARO can help an IT manager estimate the mobile device budget for the upcoming year by multiplying the number of devices replaced in the previous year by the percentage increase of replacement over the last five years. For example, if 100 devices were replaced in the previous year and the replacement rate increased by 10% each year for the last five years, then the estimated number of devices to be replaced next year is 100 x (1 + 0.1)^5 = 161.
References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.techopedia.com/definition/24866/annualized-rate-of-occurrence-aro

NEW QUESTION 17

A company recently experienced an attack during which 5 main website was directed to the atack-er’s web server, allowing the attacker to harvest credentials from unsuspecting customers. Which of the following should the company Implement to prevent this type of attack from occurring in the future?

• A. IPSec
• B. SSL/TLS
• C. DNSSEC
• D. S/MIME

Answer: C

Explanation:
The attack described in the question is known as a DNS hijacking attack. In this type of attack, an attacker modifies the DNS records of a domain name to redirect traffic to their own server. This allows them to intercept traffic and steal sensitive information such as user credentials.
To prevent this type of attack from occurring in the future, the company should implement C. DNSSEC.
DNSSEC (Domain Name System Security Extensions) is a security protocol that adds digital signatures to DNS records. This ensures that DNS records are not modified during transit and prevents DNS hijacking attacks.

NEW QUESTION 18
......