CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 661:

  A security analyst is reviewing logs and discovers the following:

  

  Which of the following should be used to best mitigate this type of attack?

  A. Input sanitization
  B. Secure cookies
  C. Static code analysis
  D. Sandboxing
  A. Input sanitization

  ---

  Explanation

  Input sanitization ensures that any user-supplied data is properly filtered and cleaned before being processed by the application. By sanitizing inputs, the system can prevent malicious command injection attempts like the one shown in the log entry.

• Question 662:

  A company suffered a critical incident where 30GB of data was exfiltrated from the corporate network.

  Which of the following actions is the most efficient way to identify where the system data was exfiltrated from and what location the attacker sent the data to?

  A. Analyze firewall and network logs for large amounts of outbound traffic to external IP addresses or domains.
  B. Analyze IPS and IDS logs to find the IP addresses used by the attacker for reconnaissance scans.
  C. Analyze endpoint and application logs to see whether file-sharing programs were running on the company systems.
  D. Analyze external vulnerability scans and automated reports to identify the systems the attacker could have exploited a remote code vulnerability.
  A. Analyze firewall and network logs for large amounts of outbound traffic to external IP addresses or domains.

  ---

  Explanation

  Firewall and network logs are the most efficient sources for identifying large outbound data transfers, as they record all traffic leaving the network. By examining these logs for significant data flows to unfamiliar or external IP addresses or domains, the security team can determine where the data was exfiltrated and potentially identify the destination of the exfiltrated data. This approach directly targets the incident's key indicators: large data transfer and external communication.

• Question 663:

  A growing company would like to enhance the ability of its security operations center to detect threats but reduce the amount of manual work required tor the security analysts.

  Which of the following would best enable the reduction in manual work?

  A. SOAR
  B. SIEM
  C. MDM
  D. DLP
  A. SOAR

  ---

  Explanation

  Security Orchestration, Automation, and Response (SOAR) systems help organizations automate repetitive security tasks, reduce manual intervention, and improve the efficiency of security operations. By integrating with various security tools, SOAR can automatically respond to incidents, helping to enhance threat detection while reducing the manual workload on security analysts.

  References:

  CompTIA Security+ SY0-701 study materials, particularly in the domain of security operations and automation technologies.

• Question 664:

  Which of the following should be used to ensure a user has the permissions needed to effectively do an assigned job role?

  A. Changing default passwords
  B. Implementing least privilege
  C. Enforcing baseline configurations
  D. Applying network segmentation
  B. Implementing least privilege

  ---

  Explanation

  The principle of least privilege ensures users are granted only the permissions necessary to perform their specific job functions, minimizing the risk of unauthorized access or actions.

• Question 665:

  A systems administrator deployed a monitoring solution that does not require installation on the endpoints that the solution is monitoring.

  Which of the following is described in this scenario?

  A. Agentless solution
  B. Client-based soon
  C. Open port
  D. File-based solution
  A. Agentless solution

• Question 666:

  A security administrator receives multiple reports about the same suspicious email.

  Which of the following is the most likely reason for the malicious email's continued delivery?

  A. Employees are flagging legitimate emails as spam.
  B. Information from reported emails is not being used to tune email filtering tools.
  C. Employees are using shadow IT solutions for email.
  D. Employees are forwarding personal emails to company email addresses.
  B. Information from reported emails is not being used to tune email filtering tools.

• Question 667:

  A company plans to secure its systems by:

  1. Preventing users from sending sensitive data over corporate email

  2. Restricting access to potentially harmful websites

  Which of the following features should the company set up? (Choose two.)

  A. DLP software
  B. DNS filtering
  C. File integrity monitoring
  D. Stateful firewall
  E. Guardrails
  F. Antivirus signatures
  A. DLP software
  B. DNS filtering

• Question 668:

  A systems administrator needs to ensure the secure communication of sensitive data within the organization's private cloud.

  Which of the following is the best choice for the administrator to implement?

  A. IPSec
  B. SHA-1
  C. RSA
  D. TGT
  A. IPSec

  ---

  Explanation

  IPSec (Internet Protocol Security) is a suite of protocols designed to secure IP communications by authenticating and encrypting each IP packet in a communication session. It is widely used for securing data transfer in networks, including private clouds, by providing confidentiality, integrity, and authenticity of data.

• Question 669:

  Which of the following provides guidelines for the management and reduction of information security risk?

  A. CIS
  B. NIST CSF
  C. ISO
  D. PCI DSS
  B. NIST CSF

• Question 670:

  Which of the following would be the best way to block unknown programs from executing?

  A. Access control list
  B. Application allow list.
  C. Host-based firewall
  D. DLP solution
  B. Application allow list.

  ---

  Explanation

  An application allow list is a security technique that specifies which applications are permitted to run on a system or a network. An application allow list can block unknown programs from executing by only allowing the execution of programs that are explicitly authorized and verified. An application allow list can prevent malware, unauthorized software, or unwanted applications from running and compromising the security of the system or the network.

  The other options are not the best ways to block unknown programs from executing: Access control list: This is a security technique that specifies which users or groups are granted or denied access to a resource or an object. An access control list can control the permissions and privileges of users or groups, but it does not directly block unknown programs from executing.

  Host-based firewall: This is a security device that monitors and filters the incoming and outgoing network traffic on a single host or system. A host-based firewall can block or allow network connections based on predefined rules, but it does not directly block unknown programs from executing.

  DLP solution: This is a security system that detects and prevents the unauthorized transmission or leakage of sensitive data. A DLP solution can protect the confidentiality and integrity of data, but it does not directly block unknown programs from executing.

  References:

  1: CompTIA Security+ SY0-701 Certification Study Guide, page 97

  2: Application Whitelisting -CompTIA Security+ SY0-701 -3.5, video by Professor Messer

  3: CompTIA Security+ SY0-701 Certification Study Guide, page 98. : CompTIA Security+ SY0-701 Certification Study Guide, page 99. : CompTIA Security+ SY0-701 Certification Study Guide, page 100.