CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 491:

  A security analyst reviews domain activity logs and notices the following:

  

  Which of the following is the best explanation for what the security analyst has discovered?

  A. The user jsmith's account has been locked out.
  B. A keylogger is installed on [smith's workstation
  C. An attacker is attempting to brute force ismith's account.
  D. Ransomware has been deployed in the domain.
  C. An attacker is attempting to brute force ismith's account.

  ---

  Explanation

  Brute force is a type of attack that tries to guess the password or other credentials of a user account by using a large number of possible combinations. An attacker can use automated tools or scripts to perform a brute force attack and gain unauthorized access to the account. The domain activity logs show that the user ismith has failed to log in 10 times in a row within a short period of time, which is a strong indicator of a brute force attack. The logs also show that the source IP address of the failed logins is different from the usual IP address of ismith, which suggests that the attacker is using a different device or location to launch the attack. The security analyst should take immediate action to block the attacker's IP address, reset ismith's password, and notify ismith of the incident.

  References:

  14. CompTIA Security+ (SY0-701) Certification Exam Objectives, Domain 1.1, page

  2. Threat Actors and Attributes -SY0- 601 CompTIA Security+ : 1.1

• Question 492:

  A network administrator deployed a DNS logging tool that logs suspicious websites that are visited and then sends a daily report based on various weighted metrics.

  Which of the following best describes the type of control the administrator put in place?

  A. Preventive
  B. Deterrent
  C. Corrective
  D. Detective
  D. Detective

  ---

  Explanation

  The tool that the network administrator deployed is described as one that logs suspicious websites and sends a daily report based on various weighted metrics. This fits the description of a detective control. Detective controls are designed to identify and log security events or incidents after they have occurred. By analyzing these logs and generating reports, the tool helps in detecting potential security breaches, thus allowing for further investigation and response.

  References:

  Based on the CompTIA Security+ SY0-701 Resources, specifically under the domain of Security Operations, which discusses different types of security controls, including detective controls.

• Question 493:

  An administrator must replace an expired SSL certificate.

  Which of the following does the administrator need to create the new SSL certificate?

  A. CSR
  B. OCSP
  C. Key
  D. CRL
  A. CSR

  ---

  Explanation

  A Certificate Signing Request (CSR) is a request sent to a certificate authority (CA) to issue an SSL certificate. The CSR contains information like the public key, which will be part of the certificate.

  References:

  Security+ SY0-701 Course Content, Security+ SY0-601 Book.

• Question 494:

  After an audit, an administrator discovers all users have access to confidential data on a file server.

  Which of the following should the administrator use to restrict access to the data quickly?

  A. Group Policy
  B. Content filtering
  C. Data loss prevention
  D. Access control lists
  D. Access control lists

  ---

  Explanation

  Access control lists (ACLs) are rules that specify which users or groups can access which resources on a file server. They can help restrict access to confidential data by granting or denying permissions based on the identity or role of the user. In this case, the administrator can use ACLs to quickly modify the access rights of the users and prevent them from accessing the data they are not authorized to see.

  References:

  CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 308

• Question 495:

  A recent power outage halted operations at a company's only data center.

  Which of the following solutions would best prevent an event like this one in the future?

  A. Platform diversity
  B. Generator
  C. Snapshots
  D. Load balancing
  B. Generator

  ---

  Explanation

  A generator provides backup power in the event of a power outage, ensuring that critical systems remain operational. Since the company's only data center was halted due to the outage, installing a generator would help prevent downtime in the future by supplying power when the main power source fails. Other options, such as snapshots and load balancing, do not directly address power failure issues.

• Question 496:

  Which of the following is an example of a treatment strategy for a continuous risk?

  A. Email gateway to block phishing attempts
  B. Background checks for new employees
  C. Dual control requirements for wire transfers
  D. Branch protection as part of the CI/CD pipeline
  A. Email gateway to block phishing attempts

  ---

  Explanation

  A continuous risk is an ongoing threat that requires ongoing mitigation and monitoring efforts. Phishing attempts are a continuous risk to organizations as attackers frequently target users via emails. An email gateway acts as a treatment strategy by actively filtering out malicious emails, thereby reducing the likelihood of successful phishing attacks. This proactive approach addresses the ongoing nature of the threat.

• Question 497:

  A company is planning to set up a SIEM system and assign an analyst to review the logs on a weekly basis.

  Which of the following types of controls is the company setting up?

  A. Corrective
  B. Preventive
  C. Detective
  D. Deterrent
  C. Detective

  ---

  Explanation

  A detective control is a type of control that monitors and analyzes the events and activities in a system or a network, and alerts or reports when an incident or a violation occurs. A SIEM (Security Information and Event Management) system is a tool that collects, correlates, and analyzes the logs from various sources, such as firewalls, routers, servers, or applications, and provides a centralized view of the security status and incidents. An analyst who reviews the logs on a weekly basis can identify and investigate any anomalies, trends, or patterns that indicate a potential threat or a breach. A detective control can help the company to respond quickly and effectively to the incidents, and to improve its security posture and resilience.

  References:

  CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 1, page 23. CompTIA Security+ SY0-701 Exam Objectives, Domain 4.3, page 14.

• Question 498:

  A business received a small grant to migrate its infrastructure to an off-premises solution.

  Which of the following should be considered first?

  A. Security of cloud providers
  B. Cost of implementation
  C. Ability of engineers
  D. Security of architecture
  D. Security of architecture

  ---

  Explanation

  Security of architecture is the process of designing and implementing a secure infrastructure that meets the business objectives and requirements. Security of architecture should be considered first when migrating to an off-premises solution, such as cloud computing, because it can help to identify and mitigate the potential risks and challenges associated with the migration, such as data security, compliance, availability, scalability, and performance. Security of architecture is different from security of cloud providers, which is the process of evaluating and selecting a trustworthy and reliable cloud service provider that can meet the security and operational needs of the business. Security of architecture is also different from cost of implementation, which is the amount of money required to migrate and maintain the infrastructure in the cloud. Security of architecture is also different from ability of engineers, which is the level of skill and knowledge of the IT staff who are responsible for the migration and management of the cloud infrastructure.

  References:

  CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 3491

• Question 499:

  A newly appointed board member with cybersecurity knowledge wants the board of directors to receive a quarterly report detailing the number of incidents that impacted the organization. The systems administrator is creating a way to present the data to the board of directors.

  Which of the following should the systems administrator use?

  A. Packet captures
  B. Vulnerability scans
  C. Metadata
  D. Dashboard
  D. Dashboard

  ---

  Explanation

  A dashboard is a graphical user interface that provides a visual representation of key performance indicators, metrics, and trends related to security events and incidents. A dashboard can help the board of directors to understand the number and impact of incidents that affected the organization in a given period, as well as the status and effectiveness of the security controls and processes. A dashboard can also allow the board of directors to drill down into specific details or filter the data by various criteria. A packet capture is a method of capturing and analyzing the network traffic that passes through a device or a network segment. A packet capture can provide detailed information about the source, destination, protocol, and content of each packet, but it is not a suitable way to present a summary of incidents to the board of directors. A vulnerability scan is a process of identifying and assessing the weaknesses and exposures in a system or a network that could be exploited by attackers. A vulnerability scan can help the organization to prioritize and remediate the risks and improve the security posture, but it is not a relevant way to report the number of incidents that occurred in a quarter.

  Metadata is data that describes other data, such as its format, origin, structure, or context. Metadata can provide useful information about the characteristics and properties of data, but it is not a meaningful way to communicate the impact and frequency of incidents to the board of directors.

  References:

  1: CompTIA Security+ SY0-701 Certification Study Guide, page 372

  2: SIEM Dashboards -SY0-601 CompTIA Security+ : 4.

  3, video by Professor Messer3: CompTIA Security+ SY0-701 Certification Study Guide, page 346

  4: CompTIA Security+ SY0-701 Certification Study Guide, page 362. : CompTIA Security+ SY0-701 Certification Study Guide, page 97.

• Question 500:

  Which of the following should be deployed on an externally facing web server in order to establish an encrypted connection?

  A. Public key
  B. Private Key
  C. Asymmetric key
  D. Symmetric key
  A. Public key