CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 481:

  Which of the following best describe a penetration test that resembles an actual external attack?

  A. Known environment
  B. Partially known environment
  C. Bug bounty
  D. Unknown environment
  D. Unknown environment

  ---

  Explanation

  An unknown environment in penetration testing, also known as a black-box test, simulates an actual external attack where the tester has no prior knowledge of the system. This type of penetration test is designed to mimic real-world attack scenarios, where an attacker has little to no information about the target environment. The tester must rely on various reconnaissance and attack techniques to uncover vulnerabilities, much like a real-world attacker would. This approach helps organizations understand their security posture from an external perspective, providing insights into how their defenses would hold up against a true outsider threat.

  References:

  CompTIA Security+ SY0-701 Course Content: The course highlights the importance of understanding different penetration testing environments, including black-box testing, which aligns with the "unknown environment" in the provided answer.

  CompTIA Security+ SY0-601 Study Guide: The guide details penetration testing methodologies, including black-box testing, which is crucial for simulating real external attacks.

• Question 482:

  Which of the following phases of an incident response involves generating reports?

  A. Recovery
  B. Preparation
  C. Lessons learned
  D. Containment
  C. Lessons learned

  ---

  Explanation

  The lessons learned phase of an incident response process involves reviewing the incident and generating reports. This phase helps identify what went well, what needs improvement, and what changes should be made to prevent future incidents. Documentation and reporting are essential parts of this phase to ensure that the findings are recorded and used for future planning. Recovery focuses on restoring services and normal operations. Preparation involves creating plans and policies for potential incidents, not reporting.

  Containment deals with isolating and mitigating the effects of the incident, not generating reports.

• Question 483:

  HOTSPOT

  Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.

  INSTRUCTIONS

  Not all attacks and remediation actions will be used.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  

  Explanation

  Web serverBotnet Enable DDoS protectionUser RAT Implement a host-based IPS Database server Worm Change the default application passwordExecutive KeyloggerDisable vulnerable servicesApplication Backdoor Implement 2FA

  using push notification.

  

• Question 484:

  Digital signatures use asymmetric encryption. This means the message is encrypted with:

  A. the sender's private key and decrypted with the sender's public key
  B. the sender's public key and decrypted with the sender's private key
  C. the sender's private key and decrypted with the recipient's public key.
  D. the sender's public key and decrypted with the recipient's private key
  A. the sender's private key and decrypted with the sender's public key

  ---

  Explanation

  There are 2 general ways to use asymetric algorithm. 1 - For communication between 2 hosts: If bob sends a message to Alice, bob uses Alice's public key to encrypt the message, and Alice uses her private key to decrypt the message. 2 - For digital signature/Authentication: If ALice need to authenticate Bob, BOB uses his private key to sign the message, and Alice uses the public key of bob to decrypt the message. This process help to make sure the signature is owned by Bob.

  On this example, A is totally correct.

• Question 485:

  A systems administrator needs to provide traveling employees with a tool that will protect company devices regardless of where they are working.

  Which of the following should the administrator implement?

  A. Isolation
  B. Segmentation
  C. ACL
  D. HIPS
  D. HIPS

• Question 486:

  Which of the following is the most important security concern when using legacy systems to provide production service?

  A. Instability
  B. Lack of vendor support
  C. Loss of availability
  D. Use of insecure protocols
  B. Lack of vendor support

  ---

  Explanation

  The most important security concern when using legacy systems is the lack of vendor support. Without support from the vendor, systems may not receive critical security patches and updates, leaving them vulnerable to exploitation. This lack of support can result in increased risk of security breaches, as vulnerabilities discovered in the software may never be addressed.

  References:

  CompTIA Security+ SY0-701 study materials, particularly in the context of risk management and the challenges posed by legacy systems.

• Question 487:

  A systems administrator set up a perimeter firewall but continues to notice suspicious connections between internal endpoints.

  Which of the following should be set up in order to mitigate the threat posed by the suspicious activity?

  A. Host-based firewall
  B. Web application firewall
  C. Access control list
  D. Application allow list
  A. Host-based firewall

  ---

  Explanation

  A host-based firewall is a software application that runs on an individual endpoint and filters the incoming and outgoing network traffic based on a set of rules. A host-based firewall can help to mitigate the threat posed by suspicious connections between internal endpoints by blocking or allowing the traffic based on the source, destination, port, protocol, or application. A host-based firewall is different from a web application firewall, which is a type of firewall that protects web applications from common web-based attacks, such as SQL injection, cross-site scripting, and session hijacking. A host-based firewall is also different from an access control list, which is a list of rules that control the access to network resources, such as files, folders, printers, or routers. A host-based firewall is also different from an application allow list, which is a list of applications that are authorized to run on an endpoint, preventing unauthorized or malicious applications from executing.

  References:

  CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 254

• Question 488:

  An external security assessment report indicates a high click rate on suspicious emails. The Chief Intelligence Security Officer (CISO) must reduce this behavior.

  Which of the following should the CISO do first?

  A. Update the acceptable use policy.
  B. Deploy a password management solution.
  C. Issue warning letters to affected users.
  D. Implement a phishing awareness campaign.
  D. Implement a phishing awareness campaign.

• Question 489:

  Which of the following should a systems administrator set up to increase the resilience of an application by splitting the traffic between two identical sites?

  A. Load balancing
  B. Geographic disruption
  C. Failover
  D. Parallel processing
  A. Load balancing

  ---

  Explanation

  To increase the resilience of an application by splitting the traffic between two identical sites, a systems administrator should set up load balancing. Load balancing distributes network or application traffic across multiple servers or sites, ensuring no single server becomes overwhelmed and enhancing the availability and reliability of applications. Load balancing: Distributes traffic across multiple servers to ensure high availability and reliability. It helps in managing the load efficiently and can prevent server overloads.

  Geographic disruption: Not a standard term related to resilience. This might imply the use of geographically distributed sites but isn't the precise solution described.

  Failover: Refers to switching to a standby server or system when the primary one fails. It doesn't inherently split traffic but rather takes over when a failure occurs. Parallel processing: Refers to the simultaneous processing of tasks, not specifically related to load balancing web traffic.

  References:

  CompTIA Security+ SY0-701 Exam Objectives, Domain 4.4 - Security operations (Enhancing security capabilities: load balancing).

• Question 490:

  Which of the following best represents an application that does not have an on-premises requirement and is accessible from anywhere?

  A. Pass
  B. Hybrid cloud
  C. Private cloud
  D. IaaS
  E. SaaS
  E. SaaS

  ---

  Explanation

  Software as a Service (SaaS) represents an application that is hosted in the cloud and accessible via the internet from anywhere, with no requirement for on-premises infrastructure. SaaS applications are managed by a third-party provider, allowing users to access them through a web browser, making them highly scalable and flexible for remote access.

  References:

  CompTIA Security+ SY0-701 Course Content: Domain 3: Security Architecture, where cloud service models such as SaaS are discussed, highlighting their accessibility and lack of on-premises requirements.