CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 381:

  Which of the following is used to add extra complexity before using a one-way data transformation algorithm?

  A. Key stretching
  B. Data masking
  C. Steganography
  D. Salting
  D. Salting

  ---

  Explanation

  Salting is the process of adding extra random data to a password or other data before applying a one-way data transformation algorithm, such as a hash function. Salting increases the complexity and randomness of the input data, making it harder for attackers to guess or crack the original data using precomputed tables or brute force methods. Salting also helps prevent identical passwords from producing identical hash values, which could reveal the passwords to attackers who have access to the hashed data. Salting is commonly used to protect passwords stored in databases or transmitted over networks.

• Question 382:

  A security administrator is working to secure company data on corporate laptops in case the laptops are stolen.

  Which of the following solutions should the administrator consider?

  A. Disk encryption
  B. Data loss prevention
  C. Operating system hardening
  D. Boot security
  A. Disk encryption

• Question 383:

  Which of the following examples would be best mitigated by input sanitization?

  A. <script>alert ("Warning!") ,-</script>
  B. nmap - 10.11.1.130
  C. Email message: "Click this link to get your free gift card."
  D. Browser message: "Your connection is not private."
  A. <script>alert ("Warning!") ,-</script>

  ---

  Explanation

  This example of a script injection attack would be best mitigated by input sanitization. Input sanitization involves cleaning or filtering user inputs to ensure that they do not contain harmful data, such as malicious scripts. This prevents attackers from executing script-based attacks (e.g., Cross-Site Scripting or XSS). Nmap command is unrelated to input sanitization, as it is a network scanning tool. Email phishing attempts require different mitigations, such as user training. Browser warnings about insecure connections involve encryption protocols, not input validation

• Question 384:

  A company that has a large IT operation is looking to better control, standardize, and lower the time required to build new servers.

  Which of the following architectures will best achieve the company's objectives?

  A. IoT
  B. IaC
  C. IaaS
  D. ICS
  B. IaC

  ---

  Explanation

  Infrastructure as Code (IaC) is the best solution for controlling, standardizing, and speeding up the process of building new servers. IaC allows the company to define the infrastructure using code, enabling automated provisioning, configuration, and management of servers and other IT resources. This approach ensures consistency, reduces human error, and accelerates the deployment process. With IaC, the company can quickly spin up new servers in a standardized and efficient manner.

• Question 385:

  A systems administrator receives the following alert from a file integrity monitoring tool:

  The hash of the cmd.exe file has changed.

  The systems administrator checks the OS logs and notices that no patches were applied in the last two months.

  Which of the following most likely occurred?

  A. The end user changed the file permissions.
  B. A cryptographic collision was detected.
  C. A snapshot of the file system was taken.
  D. A rootkit was deployed.
  D. A rootkit was deployed.

  ---

  Explanation

  A rootkit is a type of malware that modifies or replaces system files or processes to hide its presence and activity. A rootkit can change the hash of the cmd.exe file, which is a command-line interpreter for Windows systems, to avoid detection by antivirus or file integrity monitoring tools. A rootkit can also grant the attacker remote access and control over the infected system, as well as perform malicious actions such as stealing data, installing backdoors, or launching attacks on other systems. A rootkit is one of the most difficult types of malware to remove, as it can persist even after rebooting or reinstalling the OS.

  References:

  CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 4, page 147. CompTIA Security+ SY0-701 Exam Objectives, Domain 1.2, page 9.

• Question 386:

  Which of the following should a security team use to document persistent vulnerabilities with related recommendations?

  A. Audit report
  B. Risk register
  C. Compliance report
  D. Penetration test
  B. Risk register

  ---

  Explanation

  A risk register is a document used to track and manage risks, including persistent vulnerabilities. It includes details about each vulnerability, its potential impact, the likelihood of its occurrence, and recommendations for mitigating or managing the risk. The risk register serves as a tool to prioritize and address ongoing security issues systematically.

• Question 387:

  A few weeks after deploying additional email servers, a company begins to receive complaints that messages are going into recipients' spam folders.

  Which of the following needs to be updated?

  A. CNAME
  B. SMTP
  C. DLP
  D. SPF
  D. SPF

  ---

  Explanation

  When new email servers are deployed, organizations must update their SPF (Sender Policy Framework) records to list the new servers as authorized senders. If the SPF DNS record does not include the new IP addresses, recipient mail systems cannot verify the legitimacy of the messages, causing them to be flagged as spam or rejected.

  Security+ SY0-701 identifies SPF as a key email authentication mechanism responsible for preventing: Email spoofing Unauthorized sender impersonation False spam detection Domain reputation issues

  CNAME (A) maps domain aliases but does not authenticate email. SMTP (B) is the mail protocol and does not influence spam classification. DLP (C) prevents data leakage, not spam filtering.

  Updating the SPF record resolves legitimacy issues by informing receiving mail servers that the new email servers are trusted.

  Thus, the correct answer is D: SPF.

• Question 388:

  An organization plans to expand its operations internationally and needs to keep data at the new location secure. The organization wants to use the most secure architecture model possible.

  Which of the following models offers the highest level of security?

  A. Cloud-based
  B. Peer-to-peer
  C. On-premises
  D. Hybrid
  C. On-premises

  ---

  Explanation

  Cloud-based models provide strong security with features like encryption, redundancy, and disaster recovery, making it a secure choice for international operations.

• Question 389:

  After conducting a vulnerability scan, a systems administrator notices that one of the identified vulnerabilities is not present on the systems that were scanned.

  Which of the following describes this example?

  A. False positive
  B. False negative
  C. True positive
  D. True negative
  A. False positive

  ---

  Explanation

  A false positive occurs when a vulnerability scan identifies a vulnerability that is not actually present on the systems that were scanned. This means that the scan has incorrectly flagged a system as vulnerable.

  False positive: Incorrectly identifies a vulnerability that does not exist on the scanned systems.

  False negative: Fails to identify an existing vulnerability on the system. True positive: Correctly identifies an existing vulnerability. True negative: Correctly identifies that there is no vulnerability.

  References:

  CompTIA Security+ SY0-701 Exam Objectives, Domain 4.3 - Explain various activities associated with vulnerability management (False positives and false negatives).

• Question 390:

  Prior to implementing a design change, the change must go through multiple steps to ensure that it does not cause any security issues.

  Which of the following is most likely to be one of those steps?

  A. Management review
  B. Load testing
  C. Maintenance notifications
  D. Procedure updates
  A. Management review