CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 611:

  Which of the following is the MOST effective control against zero-day vulnerabilities?

  A. Network segmentation
  B. Patch management
  C. Intrusion prevention system
  D. Multiple vulnerability scanners
  A. Network segmentation

  ---

  Explanation

  IPS can only protect against known host and application-based attacks and exploits. IPS inspects traffic against signatures and anomalies, it does cover a broad spectrum of attack types, most of them signature-based, and signatures alone cannot protect against zero-day attacks. (www.rawcode7.medium.com) However, with network segmentation, you're able to isolate critical assets into different segments. And when a zero-day attack occurs, you're not at risk of losing all and are able to isolate the attack's effect to one segment.

• Question 612:

  An organization designs an inbound firewall with a fail-open configuration while implementing a website.

  Which of the following would the organization consider to be the highest priority?

  A. Confidentiality
  B. Non-repudiation
  C. Availability
  D. Integrity
  C. Availability

  ---

  Explanation

  A fail-open configuration prioritizes availability, ensuring that services remain accessible even if the firewall encounters an issue. This approach minimizes downtime for critical resources, such as a website, but may temporarily compromise other aspects of security like confidentiality or integrity. This configuration is often chosen when maintaining access is of utmost importance.

• Question 613:

  Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked.

  Which of the following changes would allow users to access the site?

  A. Creating a firewall rule to allow HTTPS traffic
  B. Configuring the IPS to allow shopping
  C. Tuning the DLP rule that detects credit card data
  D. Updating the categorization in the content filter
  D. Updating the categorization in the content filter

  ---

  Explanation

  A content filter is a device or software that blocks or allows access to web content based on predefined rules or categories. In this case, the new retail website is mistakenly categorized as gambling by the content filter, which prevents users from accessing it. To resolve this issue, the content filter's categorization needs to be updated to reflect the correct category of the website, such as shopping or retail. This will allow the content filter to allow access to the website instead of blocking it.

• Question 614:

  A newly identified network access vulnerability has been found in the OS of legacy loT devices.

  Which of the following would best mitigate this vulnerability quickly?

  A. Insurance
  B. Patching
  C. Segmentation
  D. Replacement
  C. Segmentation

  ---

  Explanation

  Segmentation is a technique that divides a network into smaller subnetworks or segments, each with its own security policies and controls. Segmentation can help mitigate network access vulnerabilities in legacy loT devices by isolating them from other devices and systems, reducing their attack surface and limiting the potential impact of a breach. Segmentation can also improve network performance and efficiency by reducing congestion and traffic. Patching, insurance, and replacement are other possible strategies to deal with network access vulnerabilities, but they may not be feasible or effective in the short term. Patching may not be available or compatible for legacy loT devices, insurance may not cover the costs or damages of a cyberattack, and replacement may be expensive and time-consuming.

  References:

  CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 142-143

• Question 615:

  A technician wants to improve the situational and environmental awareness of existing users as they transition from remote to in-office work.

  Which of the following is the best option?

  A. Send out periodic security reminders.
  B. Update the content of new hire documentation.
  C. Modify the content of recurring training.
  D. Implement a phishing campaign
  C. Modify the content of recurring training.

  ---

  Explanation

  Recurring training is a type of security awareness training that is conducted periodically to refresh and update the knowledge and skills of the users. Recurring training can help improve the situational and environmental awareness of existing users as they transition from remote to in-office work, as it can cover the latest threats, best practices, and policies that are relevant to their work environment. Modifying the content of recurring training can ensure that the users are aware of the current security landscape and the expectations of their roles.

  References:

  CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 5, page 232. CompTIA Security+ (SY0-701) Certification Exam Objectives, Domain 5.1, page 18.

• Question 616:

  Which vulnerability is most likely mitigated by setting up an MDM platform?

  A. TPM
  B. Buffer overflow
  C. Jailbreaking
  D. SQL injection
  C. Jailbreaking

  ---

  Explanation

  Mobile Device Management (MDM) platforms enforce security policies on mobile devices, including preventing or detecting jailbreaking, which is the act of removing manufacturer restrictions on devices. Jailbroken devices bypass security protections, allow installation of unauthorized apps, expose system files, and greatly increase risk.

  Security+ SY0-701 identifies MDM as a key defense for mobile ecosystems, providing controls such as:

  Jailbreak/root detection Remote wipe

  App allow/deny lists

  Configuration enforcement

  Encryption enforcement

  TPM (A) is hardware-based protection unrelated to MDM. Buffer overflow (B) and SQL injection (D) are software coding vulnerabilities not affected by mobile device policy enforcement.

  Thus, the correct answer is C: Jailbreaking.

• Question 617:

  Which of the following is used to improve security and overall functionality without losing critical application data?

  A. Reformatting
  B. Decommissioning
  C. Patching
  D. Encryption
  C. Patching

  ---

  Explanation

  Patching is used to improve both security and functionality by updating software to fix vulnerabilities, improve performance, or add features. This process ensures that critical application data is preserved while addressing issues that could compromise the application's security or functionality. Regular patching is a key part of maintaining a secure and efficient system.

• Question 618:

  An organization completed a project to deploy SSO across all business applications last year. Recently, the finance department selected a new cloud-based accounting software vendor.

  Which of the following should most likely be configured during the new software deployment?

  A. RADIUS
  B. SAML
  C. EAP
  D. OpenID
  B. SAML

• Question 619:

  Which of the following would most likely be used by attackers to perform credential harvesting?

  A. Social engineering
  B. Supply chain compromise
  C. Third-party software
  D. Rainbow table
  A. Social engineering

  ---

  Explanation

  Social engineering tactics, such as phishing, are commonly used by attackers to trick individuals into revealing their login credentials. By posing as a trusted entity or creating a fake login page, attackers can harvest usernames and passwords directly from unsuspecting users. This method is highly effective and frequently used for credential harvesting.

• Question 620:

  Malware spread across a company's network after an employee visited a compromised industry blog.

  Which of the following best describes this type of attack?

  A. Impersonation
  B. Disinformation
  C. Watering-hole
  D. Smishing
  C. Watering-hole

  ---

  Explanation

  A watering-hole attack is a type of cyberattack that targets groups of users by infecting websites that they commonly visit. The attackers exploit vulnerabilities to deliver a malicious payload to the organization's network. The attack aims to infect users' computers and gain access to a connected corporate network. The attackers target websites known to be popular among members of a particular organization or demographic. The attack differs from phishing and spear-phishing attacks, which typically attempt to steal data or install malware onto users' devices In this scenario, the compromised industry blog is the watering hole that the attackers used to spread malware across the company's network. The attackers likely chose this blog because they knew that the employees of the company were interested in its content and visited it frequently. The attackers may have injected malicious code into the blog or redirected the visitors to a spoofed website that hosted the malware. The malware then infected the employees' computers and propagated to the network.

  References:

  Watering Hole Attacks: Stages, Examples, Risk Factors & Defense ...