CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 411:

  The Cruel Information Security Officer (CISO) asks a security analyst to install an OS update to a production VM that has a 99% uptime SLA. The CISO tells me analyst the installation must be done as quickly as possible.

  Which of the following courses of action should the security analyst take first?

  A. Log in to the server and perform a health check on the VM.
  B. Install the patch Immediately.
  C. Confirm that the backup service is running.
  D. Take a snapshot of the VM.
  D. Take a snapshot of the VM.

  ---

  Explanation

  Before applying any updates or patches to a production VM, especially one with a 99% uptime SLA, it is crucial to first take a snapshot of the VM. This snapshot serves as a backup that can be quickly restored in case the update causes any issues, ensuring that the system can be returned to its previous state without violating the SLA. This step mitigates risk and is a standard best practice in change management for critical systems.

  References:

  CompTIA Security+ SY0-701 study materials, focusing on change management and backup strategies.

• Question 412:

  A security practitioner completes a vulnerability assessment on a company's network and finds several vulnerabilities, which the operations team remediates.

  Which of the following should be done next?

  A. Conduct an audit.
  B. Initiate a penetration test.
  C. Rescan the network.
  D. Submit a report.
  C. Rescan the network.

  ---

  Explanation

  After completing a vulnerability assessment and remediating the identified vulnerabilities, the next step is to rescan the network to verify that the vulnerabilities have been successfully fixed and no new vulnerabilities have been introduced. A vulnerability assessment is a process of identifying and evaluating the weaknesses and exposures in a network, system, or application that could be exploited by attackers. A vulnerability assessment typically involves using automated tools, such as scanners, to scan the network and generate a report of the findings. The report may include information such as the severity, impact, and remediation of the vulnerabilities. The operations team is responsible for applying the appropriate patches, updates, or configurations to address the vulnerabilities and reduce the risk to the network. A rescan is necessary to confirm that the remediation actions have been effective and that the network is secure. Conducting an audit, initiating a penetration test, or submitting a report are not the next steps after completing a vulnerability assessment and remediating the vulnerabilities. An audit is a process of reviewing and verifying the compliance of the network with the established policies, standards, and regulations. An audit may be performed by internal or external auditors, and it may use the results of the vulnerability assessment as part of the evidence. However, an audit is not a mandatory step after a vulnerability assessment, and it does not validate the effectiveness of the remediation actions. A penetration test is a process of simulating a real-world attack on the network to test the security defenses and identify any gaps or weaknesses. A penetration test may use the results of the vulnerability assessment as a starting point, but it goes beyond scanning and involves exploiting the vulnerabilities to gain access or cause damage. A penetration test may be performed after a vulnerability assessment, but only with the proper authorization, scope, and rules of engagement. A penetration test is not a substitute for a rescan, as it does not verify that the vulnerabilities have been fixed. Submitting a report is a step that is done after the vulnerability assessment, but before the remediation. The report is a document that summarizes the findings and recommendations of the vulnerability assessment, and it is used to communicate the results to the stakeholders and the operations team. The report may also include a follow-up plan and a timeline for the remediation actions. However, submitting a report is not the final step after the remediation, as it does not confirm that the network is secure.

  References:

  CompTIA Security+ SY0-701 Certification Study Guide, page 372- 375

  Professor Messer's CompTIA SY0-701 Security+ Training Course, video 4.1 - Vulnerability Scanning, 0:00 - 8:00.

• Question 413:

  Which of the following would best allow a company to prevent access to systems from the Internet?

  A. Containerization
  B. Virtualization
  C. SD-WAN
  D. Air-gapped
  D. Air-gapped

• Question 414:

  A security team receives reports about high latency and complete network unavailability throughout most of the office building. Flow logs from the campus switches show high traffic on TCP 445.

  Which of the following is most likely the root cause of this incident?

  A. Buffer overflow
  B. NTP amplification attack
  C. Worm
  D. Kerberoasting attack
  C. Worm

• Question 415:

  An employee receives a text message from an unrecognized number claiming to be the Chief Executive Officer and asking the employee to purchase gift cards.

  Which of the following types of attacks describes this example?

  A. Watering-hole
  B. Disinformation
  C. Phishing
  D. Impersonation
  D. Impersonation

  ---

  Explanation

  Impersonation involves an attacker pretending to be a trusted individual, such as a CEO, to trick someone into taking an action - in this case, purchasing gift cards - often seen in social engineering attacks via text or email.

• Question 416:

  A government worker secretly copies classified files that contain defense tactics information to an external drive. The government worker then gives the external drive to a corrupt organization.

  Which of the following best describes the motivation of the worker?

  A. Espionage
  B. Data exfiltration
  C. Financial gain
  D. Blackmail
  A. Espionage

• Question 417:

  An administrator wants to automate an account permissions update for a large number of accounts.

  Which of the following would best accomplish this task?

  A. Security groups
  B. Federation
  C. User provisioning
  D. Vertical scaling
  A. Security groups

• Question 418:

  An analyst is performing a vulnerability scan against the web servers exposed to the internet without a system account.

  Which of the following is most likely being performed?

  A. Non-credentialed scan
  B. Packet capture
  C. Privilege escalation
  D. System enumeration
  E. Passive scan
  A. Non-credentialed scan

• Question 419:

  Which of the following can a security director use to prioritize vulnerability patching within a company's IT environment?

  A. SOAR
  B. CVSS
  C. SIEM
  D. CVE
  B. CVSS

  ---

  Explanation

  The Common Vulnerability Scoring System (CVSS) is a standardized framework for assessing the severity of security vulnerabilities. It helps organizations prioritize vulnerability patching by providing a numerical score that reflects the potential impact and exploitability of a vulnerability. CVSS scores are used to gauge the urgency of patching vulnerabilities within a company's IT environment.

  References:

  CompTIA Security+ SY0-701 Course Content: Domain 05 Security Program Management and Oversight.

  CompTIA Security+ SY0-601 Study Guide: Chapter on Vulnerability Management.

• Question 420:

  Which of the following would be the best way to handle a critical business application that is running on a legacy server?

  A. Segmentation
  B. Isolation
  C. Hardening
  D. Decommissioning
  A. Segmentation

  ---

  Explanation

  For a critical business application that must remain on a legacy server, segmentation is the best choice. It reduces risk by placing the legacy system in a restricted network zone and limiting access to only necessary systems and traffic.

  Isolation can be too extreme if the application still needs to communicate with users or other systems, hardening may be limited on legacy platforms, and decommissioning is not practical because the application is still critical to the business.