CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 541:

  Which of the following teams combines both offensive and defensive testing techniques to protect an organization's critical systems?

  A. Red
  B. Blue
  C. Purple
  D. Yellow
  C. Purple

  ---

  Explanation

  Purple is the team that combines both offensive and defensive testing techniques to protect an organization's critical systems. Purple is not a separate team, but rather a collaboration between the red team and the blue team. The red team is the offensive team that simulates attacks and exploits vulnerabilities in the organization's systems. The blue team is the defensive team that monitors and protects the organization's systems from real and simulated threats. The purple team exists to ensure and maximize the effectiveness of the red and blue teams by integrating the defensive tactics and controls from the blue team with the threats and vulnerabilities found by the red team into a single narrative that improves the overall security posture of the organization. Red, blue, and yellow are other types of teams involved in security testing, but they do not combine both offensive and defensive techniques. The yellow team is the team that builds software solutions, scripts, and other programs that the blue team uses in the security testing.

  References:

  CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 1331

  Penetration Testing: Understanding Red, Blue, & Purple Teams3

• Question 542:

  Which of the following actions best addresses a vulnerability found on a company's web server?

  A. Patching
  B. Segmentation
  C. Decommissioning
  D. Monitoring
  A. Patching

• Question 543:

  An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee internet traffic.

  Which of the following will help achieve these objectives?

  A. Deploying a SASE solution to remote employees
  B. Building a load-balanced VPN solution with redundant internet
  C. Purchasing a low-cost SD-WAN solution for VPN traffic
  D. Using a cloud provider to create additional VPN concentrators
  A. Deploying a SASE solution to remote employees

  ---

  Explanation

  SASE stands for Secure Access Service Edge. It is a cloud-based service that combines network and security functions into a single integrated solution. SASE can help reduce traffic on the VPN and internet circuit by providing secure and optimized access to the data center and cloud applications for remote employees. SASE can also monitor and enforce security policies on the remote employee internet traffic, regardless of their location or device. SASE can offer benefits such as lower costs, improved performance, scalability, and flexibility compared to traditional VPN solutions.

  References:

  CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 457-458

• Question 544:

  Which of the following is a use of CVSS?

  A. To determine the cost associated with patching systems
  B. To identify unused ports and services that should be closed
  C. To analyze code for defects that could be exploited
  D. To prioritize the remediation of vulnerabilities
  D. To prioritize the remediation of vulnerabilities

• Question 545:

  A security analyst has determined that a security breach would have a financial impact of $15,000 and is expected to occur twice within a three-year period.

  Which of the following is the ALE for this risk?

  A. $7,500
  B. $10,000
  C. $15,000
  D. $30,000
  B. $10,000

  ---

  Explanation

  The Annualized Loss Expectancy (ALE) is calculated by multiplying the Single Loss Expectancy (SLE) by the Annualized Rate of Occurrence (ARO). In this case:

  1. SLE (Single Loss Expectancy) = $15,000

  2. ARO (Annualized Rate of Occurrence) = 2 occurrences / 3 years = 0.67 per year

• Question 546:

  An organization experienced a security breach that allowed an attacker to send fraudulent wire transfers from a hardened PC exclusively to the attacker's bank through remote connections. A security analyst is creating a timeline of events and has found a different PC on the network containing malware. Upon reviewing the command history, the analyst finds the following:

  PS>.

  \mimikatz.exe "sekurlsa::pth /user:localadmin /domain:corp-domain.com/ntlm:B4B9B02E1F29A3CF193EAB28C8D617D3F327 Which of the following best describes how the attacker gained access to the hardened PC?

  A. The attacker created fileless malware that was hosted by the banking platform.
  B. The attacker performed a pass-the-hash attack using a shared support account.
  C. The attacker utilized living-off-the-land binaries to evade endpoint detection and response software.
  D. The attacker socially engineered the accountant into performing bad transfers.
  B. The attacker performed a pass-the-hash attack using a shared support account.

• Question 547:

  An unexpected and out-of-character email message from a Chief Executive Officer's corporate account asked an employee to provide financial information and to change the recipient's contact number.

  Which of the following attack vectors is most likely being used?

  A. Business email compromise
  B. Phishing
  C. Brand impersonation
  D. Pretexting
  A. Business email compromise

  ---

  Explanation

  Business Email Compromise (BEC) is a targeted phishing attack in which attackers impersonate executives or high-ranking officials (such as a CEO) to manipulate employees into transferring money or providing sensitive data. Since the request is coming from the CEO's corporate email (possibly spoofed or compromised), this is a classic example of BEC.

  Phishing (B) is a broader term but typically involves mass fraudulent emails rather than targeted executive impersonation.

  Brand impersonation (C) involves faking a company's identity (e.g., fake PayPal emails).

  Pretexting (D) involves social engineering tactics but does not necessarily involve email compromise.

  References:

  CompTIA Security+ SY0-701 Official Study Guide, Threats, Vulnerabilities, and Mitigations domain.

• Question 548:

  Which of the following consequences would a retail chain most likely face from customers in the event the retailer is non-compliant with PCI DSS?

  A. Contractual impacts
  B. Sanctions
  C. Fines
  D. Reputational damage
  D. Reputational damage

  ---

  Explanation

  While fines, sanctions, and contractual impacts are possible outcomes from regulatory bodies or payment processors, reputational damage is the primary consequence directly impacting customers. If customers learn that the retailer failed to protect their payment information, their trust in the brand may erode, potentially leading to a loss of business and harm to the retailer's reputation.

• Question 549:

  A company wants to implement MFA.

  Which of the following enables the additional factor while using a smart card?

  A. PIN
  B. Hardware token
  C. User ID
  D. SMS
  A. PIN

• Question 550:

  An employee receives a text message from an unknown number claiming to be the company's Chief Executive Officer and asking the employee to purchase several gift cards.

  Which of the following types of attacks does this describe?

  A. Vishing
  B. Smishing
  C. Pretexting
  D. Phishing
  B. Smishing

  ---

  Explanation

  Smishing is a type of phishing attack that uses text messages or common messaging apps to trick victims into clicking on malicious links or providing personal information. The scenario in the question describes a smishing attack that uses pretexting, which is a form of social engineering that involves impersonating someone else to gain trust or access. The unknown number claims to be the company's CEO and asks the employee to purchase gift cards, which is a common scam tactic. Vishing is a similar type of attack that uses phone calls or voicemails, while phishing is a broader term that covers any email-based attack.

  References:

  CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 77

  Smishing vs. Phishing: Understanding the Differences