CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 581:

  An organization is adopting cloud services at a rapid pace and now has multiple SaaS applications in use. Each application has a separate log-in, so the security team wants to reduce the number of credentials each employee must maintain.

  Which of the following is the first step the security team should take?

  A. Enable SAML
  B. Create OAuth tokens.
  C. Use password vaulting.
  D. Select an IdP
  D. Select an IdP

  ---

  Explanation

  The first step in reducing the number of credentials each employee must maintain when using multiple SaaS applications is to select an Identity Provider (IdP). An IdP provides a centralized authentication service that supports Single Sign-On (SSO), enabling users to access multiple applications with a single set of credentials. Enabling SAML would be part of the technical implementation but comes after selecting an IdP.

  OAuth tokens are used for authorization, but selecting an IdP is the first step in managing authentication.

  Password vaulting stores multiple passwords securely but doesn't reduce the need for separate logins.

• Question 582:

  Which of the following scenarios describes a possible business email compromise attack?

  A. An employee receives a gift card request in an email that has an executive's name in the display field of the email.
  B. Employees who open an email attachment receive messages demanding payment in order to access files.
  C. A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account.
  D. An employee receives an email with a link to a phishing site that is designed to look like the company's email portal.
  C. A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account.

  ---

  Explanation

  In a BEC attack, the attacker typically impersonates a high-ranking executive or authority figure within the organization and requests sensitive information or actions from employees. In this case, the HR director is requesting log-in credentials for a cloud administrator account, which is a classic example of BEC where the attacker seeks to gain access to privileged accounts through deception.

• Question 583:

  Which of the following is a common source of unintentional corporate credential leakage in cloud environments?

  A. Code repositories
  B. Dark web
  C. Threat feeds
  D. State actors
  E. Vulnerability databases
  A. Code repositories

  ---

  Explanation

  Code repositories are a common source of unintentional corporate credential leakage, especially in cloud environments. Developers may accidentally commit and push sensitive information, such as API keys, passwords, and other credentials, to public or poorly secured repositories. These credentials can then be accessed by unauthorized users, leading to security breaches. Ensuring that repositories are properly secured and that sensitive data is never committed is critical for protecting against this type of leakage.

  References:

  CompTIA Security+ SY0-701 Course Content: Domain 03 Security Architecture. CompTIA Security+ SY0-601 Study Guide: Chapter on Threats and Vulnerability Management.

• Question 584:

  A security team purchases a tool for cloud security posture management. The team is quickly overwhelmed by the number of misconfigurations that the tool detects.

  Which of the following should the security team configure to establish workflows for cloud resource security?

  A. CASB
  B. IAM
  C. SOAR
  D. XDR
  C. SOAR

• Question 585:

  Which of the following are the first steps an analyst should perform when developing a heat map? (Choose two.)

  A. Methodically walk around the office noting Wi-Fi signal strength.
  B. Log in to each access point and check the settings.
  C. Create or obtain a layout of the office.
  D. Measure cable lengths between access points.
  E. Review access logs to determine the most active devices.
  F. Remove possible impediments to radio transmissions.
  A. Methodically walk around the office noting Wi-Fi signal strength.
  C. Create or obtain a layout of the office.

  ---

  Explanation

  Methodically walk around the office noting Wi-Fi signal strength: This is essential for identifying areas with weak or strong signals and understanding the coverage gaps or interference points, which are crucial for developing an accurate heat map.

  Create or obtain a layout of the office: A layout is necessary to map the signal strength data against the physical environment, enabling proper visualization of signal coverage and pinpointing issues.

  These two steps provide the foundation for creating a meaningful heat map to analyze wireless network performance.

• Question 586:

  Which of the following most likely describes why a security engineer would configure all outbound emails to use S/MIME digital signatures?

  A. To meet compliance standards
  B. To increase delivery rates
  C. To block phishing attacks
  D. To ensure non-repudiation
  D. To ensure non-repudiation

• Question 587:

  Development team members set up multiple application environments so they can develop, test, and deploy code in a secure and reliable manner. One of the environments is configured with real data that has been obfuscated so the team can adequately assess how the code will work in production.

  Which of the following environments is set up?

  A. Quality assurance
  B. Development
  C. Sandbox
  D. Production
  C. Sandbox

• Question 588:

  An engineer wants to inspect traffic to a cluster of web servers in a cloud environment.

  Which of the following solutions should the engineer implement?

  A. CASB
  B. WAF
  C. Load balancer
  D. VPN
  B. WAF

  ---

  Explanation

  A web application firewall (WAF) is designed to inspect and filter HTTP/HTTPS traffic to web servers, providing visibility and protection at the application layer. CASB focuses on cloud service governance, a load balancer distributes traffic rather than inspecting it for security purposes, and a VPN provides secure connectivity but does not inspect web application traffic.

• Question 589:

  A security operations center determines that the malicious activity detected on a server is normal.

  Which of the following activities describes the act of ignoring detected activity in the future?

  A. Tuning
  B. Aggregating
  C. Quarantining
  D. Archiving
  A. Tuning

  ---

  Explanation

  Tuning is the activity of adjusting the configuration or parameters of a security tool or system to optimize its performance and reduce false positives or false negatives. Tuning can help to filter out the normal or benign activity that is detected by the security tool or system, and focus on the malicious or anomalous activity that requires further investigation or response. Tuning can also help to improve the efficiency and effectiveness of the security operations center by reducing the workload and alert fatigue of the analysts. Tuning is different from aggregating, which is the activity of collecting and combining data from multiple sources or sensors to provide a comprehensive view of the security posture. Tuning is also different from quarantining, which is the activity of isolating a potentially infected or compromised device or system from the rest of the network to prevent further damage or spread. Tuning is also different from archiving, which is the activity of storing and preserving historical data or records for future reference or compliance. The act of ignoring detected activity in the future that is deemed normal by the security operations center is an example of tuning, as it involves modifying the settings or rules of the security tool or system to exclude the activity from the detection scope. Therefore, this is the best answer among the given options.

  References:

  Security Alerting and Monitoring Concepts and Tools -CompTIA Security+ SY0-701: 4.3, video at 7:00

  CompTIA Security+ SY0-701 Certification Study Guide, page 191.

• Question 590:

  A security analyst is investigating an alert that was produced by endpoint protection software. The analyst determines this event was a false positive triggered by an employee who attempted to download a file.

  Which of the following is the most likely reason the download was blocked?

  A. A misconfiguration in the endpoint protection software
  B. A zero-day vulnerability in the file
  C. A supply chain attack on the endpoint protection vendor
  D. Incorrect file permissions
  A. A misconfiguration in the endpoint protection software

  ---

  Explanation

  The most likely reason the download was blocked, resulting in a false positive, is a misconfiguration in the endpoint protection software. False positives occur when legitimate actions are incorrectly identified as threats due to incorrect settings or overly aggressive rules in the security software.

  Misconfiguration in the endpoint protection software: Common cause of false positives, where legitimate activities are flagged incorrectly due to improper settings. Zero-day vulnerability: Refers to previously unknown vulnerabilities, which are less likely to be associated with a false positive. Supply chain attack: Involves compromising the software supply chain, which is a broader and more severe issue than a simple download being blocked. Incorrect file permissions: Would prevent access to files but not typically cause an alert in endpoint protection software.

  References:

  CompTIA Security+ SY0-701 Exam Objectives, Domain 4.3 - Explain various activities associated with vulnerability management (False positives).