CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 781:

  Which of the following best describes a use case for a DNS sinkhole?

  A. Attackers can see a DNS sinkhole as a highly valuable resource to identify a company's domain structure.
  B. A DNS sinkhole can be used to draw employees away from known-good websites to malicious ones owned by the attacker.
  C. A DNS sinkhole can be used to capture traffic to known-malicious domains used by attackers.
  D. A DNS sinkhole can be set up to attract potential attackers away from a company's network resources.
  C. A DNS sinkhole can be used to capture traffic to known-malicious domains used by attackers.

• Question 782:

  An administrator learns that users are receiving large quantities of unsolicited messages. The administrator checks the content filter and sees hundreds of messages sent to multiple users.

  Which of the following best describes this kind of attack?

  A. Watering hole
  B. Typosquatting
  C. Business email compromise
  D. Phishing
  D. Phishing

  ---

  Explanation

  The scenario describes a large number of unsolicited emails sent to multiple users. This is characteristic of phishing, which SY0-701 defines as mass-distributed fraudulent messages designed to trick recipients into clicking malicious links, downloading malware, or divulging sensitive information.

  Phishing campaigns typically involve:

  High volume

  Non-targeted messaging

  Use of spoofed addresses or fake content

  Delivery through email systems

  A watering-hole attack (A) compromises a legitimate website frequented by targets-not email. Typosquatting (B) relies on malicious websites with deceptive URLs. Business Email Compromise (C) involves highly targeted spear-phishing or impersonation attacks, not bulk email blasts.

  Because this incident involves "hundreds of messages" delivered to "multiple users," it clearly matches the characteristics of a phishing attack, not a sophisticated targeted attack type.

  Phishing is the most common form of social engineering and is emphasized heavily in the Security+ exam due to its frequency and effectiveness.

• Question 783:

  An organization is implementing a COPE mobile device management policy.

  Which of the following should the organization include in the COPE policy? (Choose two.)

  A. Remote wiping of the device
  B. Data encryption
  C. Requiring passwords with eight characters
  D. Data usage caps
  E. Employee data ownership
  F. Personal application store access
  A. Remote wiping of the device
  B. Data encryption

• Question 784:

  Which of the following digital forensics activities would a security team perform when responding to legal requests in a pending investigation?

  A. E-discovery
  B. User provisioning
  C. Firewall log export
  D. Root cause analysis
  A. E-discovery

• Question 785:

  A security administrator is deploying a DLP solution to prevent the exfiltration of sensitive customer data.

  Which of the following should the administrator do first?

  A. Block access to cloud storage websites.
  B. Create a rule to block outgoing email attachments.
  C. Apply classifications to the data.
  D. Remove all user permissions from shares on the file server.
  C. Apply classifications to the data.

  ---

  Explanation

  Data classification is the process of assigning labels or tags to data based on its sensitivity, value, and risk. Data classification is the first step in a data loss prevention (DLP) solution, as it helps to identify what data needs to be protected and how. By applying classifications to the data, the security administrator can define appropriate policies and rules for the DLP solution to prevent the exfiltration of sensitive customer data.

  References:

  8: Data Protection, page 323. CompTIA Security+ Practice Tests: Exam SY0-701, 3rd Edition, Chapter

  8: Data Protection, page 327.

• Question 786:

  A security analyst receives an alert from a corporate endpoint used by employees to issue visitor badges. The alert contains the following details:

  

  Which of the following best describes the indicator that triggered the alert?

  A. Blocked content
  B. Brute-force attack
  C. Concurrent session usage
  D. Account lockout
  B. Brute-force attack

  ---

  Explanation

  The activity described in the table, where multiple connection attempts are made on port 445 (used for SMB services), suggests a brute-force attack. The attacker likely used automated methods to guess credentials, causing multiple failures.

  Such attempts are a hallmark of brute-force attacks targeting shared resources.

  References:

  CompTIA Security+ SY0-701 Study Guide, Domain 4: Security Operations, Section: "Indicators of Malicious Activity".

• Question 787:

  An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification.

  Which of the following social engineering techniques are being attempted? (Choose two.)

  A. Typosquatting
  B. Phishing
  C. Impersonation
  D. Vishing
  E. Smishing
  F. Misinformation
  C. Impersonation
  E. Smishing

  ---

  Explanation

  In this scenario, where an employee receives a text message appearing to be from the payroll department asking for credential verification, the following social engineering techniques are being attempted: Impersonation

  The attacker is pretending to be a trusted entity (the payroll department) to gain the employee's trust and obtain their credentials.

  Smishing

  Smishing (SMS phishing) involves sending fraudulent text messages to trick individuals into revealing personal information, such as credentials, by clicking on a link or responding to the message.

• Question 788:

  A customer of a large company receives a phone call from someone claiming to work for the company and asking for the customer's credit card information. The customer sees the caller ID is the same as the company's main phone number.

  Which of the following attacks is the customer most likely a target of?

  A. Phishing
  B. Whaling
  C. Smishing
  D. Vishing
  D. Vishing

  ---

  Explanation

  Vishing (voice phishing) is a social engineering attack where attackers impersonate a trusted entity over the phone to obtain sensitive information, such as credit card details. In this case, the attacker spoofed the company's main phone number on the caller ID to gain the customer's trust, making it likely that the customer is the target of a vishing attack.

• Question 789:

  The Chief Information Security Officer wants to discuss options for a disaster recovery site that allows the business to resume operations as quickly as possible.

  Which of the following solutions meets this requirement?

  A. Hot site
  B. Cold site
  C. Geographic dispersion
  D. Warm site
  A. Hot site

• Question 790:

  A systems administrator notices that one of the systems critical for processing customer transactions is running an end-of-life operating system.

  Which of the following techniques would increase enterprise security?

  A. Installing HIDS on the system
  B. Placing the system in an isolated VLAN
  C. Decommissioning the system
  D. Encrypting the system's hard drive
  B. Placing the system in an isolated VLAN

  ---

  Explanation

  To enhance security for a system running an end-of-life operating system, placing the system in an isolated VLAN is the most effective approach. By isolating the system from the rest of the network, you can limit its exposure to potential threats while maintaining its functionality. This segmentation helps protect the rest of the network from any vulnerabilities in the outdated system. Installing HIDS (Host-based Intrusion Detection System) can help detect intrusions but won't mitigate the risks posed by an unsupported OS. Decommissioning may not be feasible if the system is critical. Encrypting the system's hard drive protects data at rest but doesn't address vulnerabilities from an outdated OS.