CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 921:

  Which of the following describes the understanding between a company and a client about what will be provided and the accepted time needed to provide the company with the resources?

  A. SLA
  B. MOU
  C. MOA
  D. BPA
  A. SLA

  ---

  Explanation

  A Service Level Agreement (SLA) is a formal document between a service provider and a client that defines the expected level of service, including what resources will be provided and the agreed-upon time frames. It typically includes metrics to evaluate performance, uptime guarantees, and response times. MOU (Memorandum of Understanding) and MOA (Memorandum of Agreement) are less formal and may not specify the exact level of service. BPA (Business Partners Agreement) focuses more on the long-term relationship between partners.

• Question 922:

  A company installed cameras and added signs to alert visitors that they are being recorded.

  Which of the following controls did the company implement? (Choose two.)

  A. Directive
  B. Deterrent
  C. Preventive
  D. Detective
  E. Corrective
  F. Technical
  A. Directive
  B. Deterrent

  ---

  Explanation

  Directive: The signs serve as a directive control by informing and guiding people about the surveillance measures in place.

  Deterrent: Both the cameras and signs act as deterrents by discouraging unauthorized or undesirable behavior due to the awareness of surveillance.

• Question 923:

  A cyber operations team informs a security analyst about a new tactic malicious actors are using to compromise networks.

  SIEM alerts have not yet been configured.

  Which of the following best describes what the security analyst should do to identify this behavior?

  A. Digital forensics
  B. E-discovery
  C. Incident response
  D. Threat hunting
  D. Threat hunting

  ---

  Explanation

  Threat hunting is the process of proactively searching for signs of malicious activity or compromise in a network, rather than waiting for alerts or indicators of compromise (IOCs) to appear. Threat hunting can help identify new tactics, techniques, and procedures (TTPs) used by malicious actors, as well as uncover hidden or stealthy threats that may have evaded detection by security tools. Threat hunting requires a combination of skills, tools, and methodologies, such as hypothesis generation, data collection and analysis, threat intelligence, and incident response. Threat hunting can also help improve the security posture of an organization by providing feedback and recommendations for security improvements.

  References:

  CompTIA Security+ Certification Exam Objectives, Domain 4.1: Given a scenario, analyze potential indicators of malicious activity. CompTIA Security+ Study Guide (SY0-701), Chapter 4: Threat Detection and Response, page 153. Threat Hunting -SY0-701 CompTIA Security+ : 4.1, Video 3:18. CompTIA Security+ Certification Exam SY0-701 Practice Test 1, Question3.

• Question 924:

  While reviewing logs, a security administrator identifies the following code:

  <script>function (send_info)</script>

  Which of the following best describes the vulnerability being exploited?

  A. XSS
  B. SQLi
  C. DDoS
  D. CSRF
  A. XSS

  ---

  Explanation

  The <script> tags in the code suggest a Cross-Site Scripting (XSS) attack, where malicious scripts are injected into web pages viewed by other users. XSS vulnerabilities allow attackers to execute scripts in the context of a user's browser, which can lead to data theft, session hijacking, and other malicious actions.

• Question 925:

  A security analyst locates a potentially malicious video file on a server and needs to identify both the creation date and the file's creator.

  Which of the following actions would most likely give the security analyst the information required?

  A. Obtain the file's SHA-256 hash.
  B. Use hexdump on the file's contents.
  C. Check endpoint logs.
  D. Query the file's metadata.
  D. Query the file's metadata.

  ---

  Explanation

  Metadata is data that describes other data, such as its format, origin, creation date, author, and other attributes. Video files, like other types of files, can contain metadata that can provide useful information for forensic analysis. For example, metadata can reveal the camera model, location, date and time, and software used to create or edit the video file. To query the file's metadata, a security analyst can use various tools, such as MediaInfo, ffprobe or hexdump, to extract and display the metadata from the video file. By querying the file's metadata, the security analyst can most likely identify both the creation date and the file's creator, as well as other relevant information. Obtaining the file's SHA-256 hash, checking endpoint logs, or using hexdump on the file's contents are other possible actions, but they are not the most appropriate to answer the question. The file's SHA-256 hash is a cryptographic value that can be used to verify the integrity or uniqueness of the file, but it does not reveal any information about the file's creation date or creator. Checking endpoint logs can provide some clues about the file's origin or activity, but it may not be reliable or accurate, especially if the logs are tampered with or incomplete. Using hexdump on the file's contents can show the raw binary data of the file, but it may not be easy or feasible to interpret the metadata from the hex output, especially if the file is large or encrypted.

  References:

  1: How do I get the meta-data of a video file?

  2: How to check if an mp4 file contains malware?

  3: [Hexdump - Wikipedia]

• Question 926:

  Which of the following allows for the attribution of messages to individuals?

  A. Adaptive identity
  B. Non-repudiation
  C. Authentication
  D. Access logs
  B. Non-repudiation

  ---

  Explanation

  Non-repudiation is the ability to prove that a message or document was sent or signed by a particular person, and that the person cannot deny sending or signing it. Non-repudiation can be achieved by using cryptographic techniques, such as hashing and digital signatures, that can verify the authenticity and integrity of the message or document. Non-repudiation can be useful for legal, financial, or contractual purposes, as it can provide evidence of the origin and content of the message or document.

  References:

  Non-repudiation -CompTIA Security+ SY0-701 ?1.2, CompTIA Security+ SY0-301: 6.1 ?Non-repudiation, CompTIA Security+ (SY0-701) Certification Exam Objectives, Domain 1.2, page 2.

• Question 927:

  A company captures log-in details and reviews them each week to identify conditions such as excessive log-in attempts and frequent lockouts.

  Which of the following should a security analyst recommend to improve security compliance monitoring?

  A. Including the date and person who reviewed the information in a report
  B. Adding automated alerting when anomalies occur
  C. Requiring a statement each week that no exceptions were noted
  D. Masking the username in a report to protect privacy
  B. Adding automated alerting when anomalies occur

• Question 928:

  A company is reviewing options to enforce user logins after several account takeovers. The following conditions must be met as part of the solution:

  1. Allow employees to work remotely or from assigned offices around the world.

  2. Provide a seamless login experience.

  3. Limit the amount of equipment required.

  Which of the following best meets these conditions?

  A. Trusted devices
  B. Geotagging
  C. Smart cards
  D. Time-based logins
  A. Trusted devices

• Question 929:

  Which of the following factors are the most important to address when formulating a training curriculum plan for a security awareness program? (Select two).

  A. Channels by which the organization communicates with customers
  B. The reporting mechanisms for ethics violations
  C. Threat vectors based on the industry in which the organization operates
  D. Secure software development training for all personnel
  E. Cadence and duration of training events
  F. Retraining requirements for individuals who fail phishing simulations
  C. Threat vectors based on the industry in which the organization operates
  E. Cadence and duration of training events

  ---

  Explanation

  A training curriculum plan for a security awareness program should address the following factors: The threat vectors based on the industry in which the organization operates. This will help the employees to understand the specific risks and challenges that their organization faces, and how to protect themselves and the organization from cyberattacks. For example, a healthcare organization may face different threat vectors than a financial organization, such as ransomware, data breaches, or medical device hacking. The cadence and duration of training events. This will help the employees to retain the information and skills they learn, and to keep up with the changing security landscape. The training events should be frequent enough to reinforce the key concepts and behaviors, but not too long or too short to lose the attention or interest of the employees. For example, a security awareness program may include monthly newsletters, quarterly webinars, annual workshops, or periodic quizzes.

  References:

  CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 2, page 34

  CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 2, page 55.

• Question 930:

  Which of the following is the best method to reduce the attack surface of an enterprise network?

  A. Disable unused network services on servers.
  B. Use port security for wired connections.
  C. Change default passwords for network printers.
  D. Create a guest wireless network for visitors.
  C. Change default passwords for network printers.