CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 851:

  Which of the following exercises should an organization use to improve its incident response process?

  A. Tabletop
  B. Replication
  C. Failover
  D. Recovery
  A. Tabletop

  ---

  Explanation

  A tabletop exercise is a simulated scenario that tests the organization's incident response plan and procedures. It involves key stakeholders and decision-makers who discuss their roles and actions in response to a hypothetical incident. It can help identify gaps, weaknesses, and improvement areas in the incident response process. It can also enhance communication, coordination, and collaboration among the participants.

  References:

  CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 525

• Question 852:

  An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC's memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network.

  Which of the following describes this type of attack?

  A. Privilege escalation
  B. Buffer overflow
  C. SQL injection
  D. Pass-the-hash
  D. Pass-the-hash

  ---

  Explanation

  The scenario describes an attacker who obtained credentials from a compromised system's memory and used them without cracking to move laterally within the network. This technique is known as a "pass-the-hash" attack, where the attacker captures hashed credentials (e.g., NTLM hashes) and uses them to authenticate and gain access to other systems without needing to know the plaintext password. This is a common attack method in environments where weak security practices or outdated protocols are in use.

  References:

  CompTIA Security+ SY0-701 Course Content: The course discusses credential-based attacks like pass-the-hash, emphasizing their impact and the importance of protecting credential stores.

• Question 853:

  The analyst wants to move data from production to the UAT server for testing the latest release.

  Which of the following strategies to protect data should the analyst use?

  A. Data masking
  B. Data tokenization
  C. Data obfuscation
  D. Data encryption
  A. Data masking

• Question 854:

  A company discovered its data was advertised for sale on the dark web. During the initial investigation, the company determined the data was proprietary data.

  Which of the following is the next step the company should take?

  A. Identify the attacker's entry methods.
  B. Report the breach to the local authorities.
  C. Notify the applicable parties of the breach.
  D. Implement vulnerability scanning of the company's systems.
  A. Identify the attacker's entry methods.

  ---

  Explanation

  The next step after discovering proprietary data on the dark web is to identify the attacker's entry methods. Understanding how the attacker gained access to the data is critical for closing any security gaps and preventing further breaches.

  This step involves investigating vulnerabilities or misconfigurations that allowed the data to be accessed and exfiltrated, which will inform subsequent remediation actions.

• Question 855:

  Which of the following concepts protects sensitive information from unauthorized disclosure?

  A. Integrity
  B. Availability
  C. Authentication
  D. Confidentiality
  D. Confidentiality

  ---

  Explanation

  The best answer is D. Confidentiality. In the CIA triad, confidentiality means protecting information from unauthorized disclosure. It ensures that only authorized users, systems, or processes can view sensitive data. The other choices are different security concepts:

  A. Integrity means protecting data from unauthorized modification or destruction.

  B. Availability means ensuring systems and data are accessible when needed.

  C. Authentication means verifying the identity of a user, device, or process. Since the question specifically asks about protecting sensitive information from unauthorized disclosure, confidentiality is the correct answer.

• Question 856:

  Which of the following is a preventive physical security control?

  A. Video surveillance system
  B. Bollards
  C. Alarm system
  D. Motion sensors
  B. Bollards

  ---

  Explanation

  Bollards are physical barriers that prevent unauthorized vehicle access to certain areas, helping to protect a facility by physically blocking entry. Unlike detection-focused controls like video surveillance, alarms, and motion sensors, bollards serve as a proactive, preventive measure by stopping threats before they can reach the facility.

• Question 857:

  An accountant is transferring information to a bank over FTP.

  Which of the following mitigations should the accountant use to protect the confidentiality of the data?

  A. Tokenization
  B. Data masking
  C. Encryption
  D. Obfuscation
  C. Encryption

  ---

  Explanation

  Encrypting the data ensures that it remains confidential and protected from unauthorized access during transfer. Standard FTP does not provide secure transmission, so adding encryption--such as using FTPS (FTP Secure) or SFTP (SSH File Transfer Protocol)--will safeguard the data by making it unreadable to anyone intercepting the transfer.

• Question 858:

  Which of the following should a systems administrator use to decrease the company's hardware attack surface?

  A. Replication
  B. Isolation
  C. Centralization
  D. Virtualization
  B. Isolation

• Question 859:

  While performing digital forensics, which of the following is considered the most volatile and should have the contents collected first?

  A. Hard drive
  B. RAM
  C. SSD
  D. Temporary files
  B. RAM

• Question 860:

  Which of the following control types is focused primarily on reducing risk before an incident occurs?

  A. Preventive
  B. Deterrent
  C. Corrective
  D. Detective
  A. Preventive

  ---

  Explanation

  "Preventive controls act before an event, preventing it from advancing". Deterrent - "acts to discourage the attacker by reducing the likelhood of success from the perspective of the attacker".