Summer Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

SY0-701 Exam Dumps - CompTIA Security+ Exam

Question # 4

A security administrator would like to protect data on employees’ laptops. Which of the following encryption techniques should the security administrator use?

A.

Partition

B.

Asymmetric

C.

Full disk

D.

Database

Full Access
Question # 5

Which of the following is most likely to be deployed to obtain and analyze attacker activity and techniques?

A.

Firewall

B.

IDS

C.

Honeypot

D.

Layer 3 switch

Full Access
Question # 6

A penetration tester begins an engagement by performing port and service scans against the client environment according to the rules of engagement. Which of the following reconnaissance types is the tester performing?

A.

Active

B.

Passive

C.

Defensive

D.

Offensive

Full Access
Question # 7

During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Once the password is created, the company will grant the employee access to other company-owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user's intranet account? (Select two).

A.

Federation

B.

Identity proofing

C.

Password complexity

D.

Default password changes

E.

Password manager

F.

Open authentication

Full Access
Question # 8

Which of the following factors are the most important to address when formulating a training curriculum plan for a security awareness program? (Select two).

A.

Channels by which the organization communicates with customers

B.

The reporting mechanisms for ethics violations

C.

Threat vectors based on the industry in which the organization operates

D.

Secure software development training for all personnel

E.

Cadence and duration of training events

F.

Retraining requirements for individuals who fail phishing simulations

Full Access
Question # 9

A company prevented direct access from the database administrators’ workstations to the network segment that contains database servers. Which of the following should a database administrator use to access the database servers?

A.

Jump server

B.

RADIUS

C.

HSM

D.

Load balancer

Full Access
Question # 10

Which of the following is used to validate a certificate when it is presented to a user?

A.

OCSP

B.

CSR

C.

CA

D.

CRC

Full Access
Question # 11

A security practitioner completes a vulnerability assessment on a company’s network and finds several vulnerabilities, which the operations team remediates. Which of the following should be donenext?

A.

Conduct an audit.

B.

Initiate a penetration test.

C.

Rescan the network.

D.

Submit a report.

Full Access
Question # 12

Which of the following vulnerabilities is exploited when an attacker overwrites a register with a malicious address?

A.

VM escape

B.

SQL injection

C.

Buffer overflow

D.

Race condition

Full Access
Question # 13

An employee receives a text message from an unknown number claiming to be the company's Chief Executive Officer and asking the employee to purchase several gift cards. Which of the following types of attacks does this describe?

A.

Vishing

B.

Smishing

C.

Pretexting

D.

Phishing

Full Access
Question # 14

An organization recently updated its security policy to include the following statement:

Regular expressions are included in source code to remove special characters such as $, |, ;. &, `, and ? from variables set by forms in a web application.

Which of the following best explains the security technique the organization adopted by making this addition to the policy?

A.

Identify embedded keys

B.

Code debugging

C.

Input validation

D.

Static code analysis

Full Access
Question # 15

A company is planning a disaster recovery site and needs to ensure that a single natural disaster would not result in the complete loss of regulated backup data. Which of the following should the company consider?

A.

Geographic dispersion

B.

Platform diversity

C.

Hot site

D.

Load balancing

Full Access
Question # 16

An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee internet traffic. Which of the following will help achieve these objectives?

A.

Deploying a SASE solution to remote employees

B.

Building a load-balanced VPN solution with redundant internet

C.

Purchasing a low-cost SD-WAN solution for VPN traffic

D.

Using a cloud provider to create additional VPN concentrators

Full Access
Question # 17

A systems administrator is working on a defense-in-depth strategy and needs to restrict activity from employees after hours. Which of the following should the systems administrator implement?

A.

Role-based restrictions

B.

Attribute-based restrictions

C.

Mandatory restrictions

D.

Time-of-day restrictions

Full Access
Question # 18

Which of the following would be the best ways to ensure only authorized personnel can access a secure facility? (Select two).

A.

Fencing

B.

Video surveillance

C.

Badge access

D.

Access control vestibule

E.

Sign-in sheet

F.

Sensor

Full Access
Question # 19

Which of the following teams combines both offensive and defensive testing techniques to protect an organization's critical systems?

A.

Red

B.

Blue

C.

Purple

D.

Yellow

Full Access
Question # 20

A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee’s corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?

A.

Application

B.

IPS/IDS

C.

Network

D.

Endpoint

Full Access
Question # 21

Which of the following would be most useful in determining whether the long-term cost to transfer a risk is less than the impact of the risk?

A.

ARO

B.

RTO

C.

RPO

D.

ALE

E.

SLE

Full Access
Question # 22

A security administrator is deploying a DLP solution to prevent the exfiltration of sensitive customer data. Which of the following should the administrator do first?

A.

Block access to cloud storage websites.

B.

Create a rule to block outgoing email attachments.

C.

Apply classifications to the data.

D.

Remove all user permissions from shares on the file server.

Full Access
Question # 23

An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is thebestfor this scenario?

A.

Real-time recovery

B.

Hot

C.

Cold

D.

Warm

Full Access
Question # 24

Which of the following is required for an organization to properly manage its restore process in the event of system failure?

A.

IRP

B.

DRP

C.

RPO

D.

SDLC

Full Access
Question # 25

A company’s legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is themosteffective way to limit this access?

A.

Data masking

B.

Encryption

C.

Geolocation policy

D.

Data sovereignty regulation

Full Access
Question # 26

A company is planning to set up a SIEM system and assign an analyst to review the logs on a weekly basis. Which of the following types of controls is the company setting up?

A.

Corrective

B.

Preventive

C.

Detective

D.

Deterrent

Full Access
Question # 27

Which of the following penetration testing teams is focused only on trying to compromise an organization using an attacker's tactics?

A.

White

B.

Red

C.

Purple

D.

Blue

Full Access
Question # 28

A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours. Which of the following is most likely occurring?

A.

A worm is propagating across the network.

B.

Data is being exfiltrated.

C.

A logic bomb is deleting data.

D.

Ransomware is encrypting files.

Full Access
Question # 29

A systems administrator wants to prevent users from being able to access data based on their responsibilities. The administrator also wants to apply the required access structure via a simplified format. Which of the following should the administrator apply to the site recovery resource group?

A.

RBAC

B.

ACL

C.

SAML

D.

GPO

Full Access
Question # 30

During an investigation, an incident response team attempts to understand the source of an incident. Which of the following incident response activities describes this process?

A.

Analysis

B.

Lessons learned

C.

Detection

D.

Containment

Full Access
Question # 31

A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations. Which of the following should the hosting provider considerfirst?

A.

Local data protection regulations

B.

Risks from hackers residing in other countries

C.

Impacts to existing contractual obligations

D.

Time zone differences in log correlation

Full Access
Question # 32

A systems administrator is changing the password policy within an enterprise environment and wants this update implemented on all systems as quickly as possible. Which of the following operating system security measures will the administrator most likely use?

A.

Deploying PowerShell scripts

B.

Pushing GPO update

C.

Enabling PAP

D.

Updating EDR profiles

Full Access
Question # 33

An organization wants a third-party vendor to do a penetration test that targets a specific device. The organization has provided basic information about the device. Which of the following best describes this kind of penetration test?

A.

Partially known environment

B.

Unknown environment

C.

Integrated

D.

Known environment

Full Access
Question # 34

A systems administrator would like to deploy a change to a production system. Which of the following must the administrator submit to demonstrate that the system can be restored to a working state in the event of a performance issue?

A.

Backout plan

B.

Impact analysis

C.

Test procedure

D.

Approval procedure

Full Access
Question # 35

Which of the following would be the best way to handle a critical business application that is running on a legacy server?

A.

Segmentation

B.

Isolation

C.

Hardening

D.

Decommissioning

Full Access
Question # 36

A company’s web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?

A.

encryption=off\

B.

http://

C.

www.*.com

D.

:443

Full Access
Question # 37

Which of the following tasks is typically included in the BIA process?

A.

Estimating the recovery time of systems

B.

Identifying the communication strategy

C.

Evaluating the risk management plan

D.

Establishing the backup and recovery procedures

E.

Developing the incident response plan

Full Access
Question # 38

Which of the following describes effective change management procedures?

A.

Approving the change after a successful deployment

B.

Having a backout plan when a patch fails

C.

Using a spreadsheet for tracking changes

D.

Using an automatic change control bypass for security updates

Full Access
Question # 39

After a company was compromised, customers initiated a lawsuit. The company's attorneys have requested that the security team initiate a legal hold in response to the lawsuit. Which of the following describes the action the security team will most likely be required to take?

A.

Retain the emails between the security team and affected customers for 30 days.

B.

Retain any communications related to the security breach until further notice.

C.

Retain any communications between security members during the breach response.

D.

Retain all emails from the company to affected customers for an indefinite period of time.

Full Access
Question # 40

A company's marketing department collects, modifies, and stores sensitive customer data. The infrastructure team is responsible for securing the data while in transit and at rest. Which of the following data roles describes the customer?

A.

Processor

B.

Custodian

C.

Subject

D.

Owner

Full Access
Question # 41

Visitors to a secured facility are required to check in with a photo ID and enter the facility through an access control vestibule Which of the following but describes this form of security control?

A.

Physical

B.

Managerial

C.

Technical

D.

Operational

Full Access
Question # 42

While troubleshooting a firewall configuration, a technician determines that a “deny any” policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable.

Which of the following actions would prevent this issue?

A.

Documenting the new policy in a change request and submitting the request to change management

B.

Testing the policy in a non-production environment before enabling the policy in the production network

C.

Disabling any intrusion prevention signatures on the 'deny any* policy prior to enabling the new policy

D.

Including an 'allow any1 policy above the 'deny any* policy

Full Access
Question # 43

Which of the following is aprimarysecurity concern for a company setting up a BYOD program?

A.

End of life

B.

Buffer overflow

C.

VM escape

D.

Jailbreaking

Full Access
Question # 44

A company hired a security manager from outside the organization to lead security operations. Which of the following actions should the security manager perform first in this new role?

A.

Establish a security baseline.

B.

Review security policies.

C.

Adopt security benchmarks.

D.

Perform a user ID revalidation.

Full Access
Question # 45

A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the followingbestdescribes this step?

A.

Capacity planning

B.

Redundancy

C.

Geographic dispersion

D.

Tablet exercise

Full Access
Question # 46

You are security administrator investigating a potential infection on a network.

Click on each host and firewall. Review all logs to determine which host originated the Infecton and then deny each remaining hosts clean or infected.

Full Access
Question # 47

A client demands at least 99.99% uptime from a service provider's hosted security services. Which of the following documents includes the information the service provider should return to the client?

A.

MOA

B.

SOW

C.

MOU

D.

SLA

Full Access
Question # 48

Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software?

A.

Configure all systems to log scheduled tasks.

B.

Collect and monitor all traffic exiting the network.

C.

Block traffic based on known malicious signatures.

D.

Install endpoint management software on all systems.

Full Access
Question # 49

A security administrator is configuring fileshares. The administrator removed the default permissions and added permissions for only users who will need to access the fileshares as part of their job duties. Which of the following best describes why the administrator performed these actions?

A.

Encryption standard compliance

B.

Data replication requirements

C.

Least privilege

D.

Access control monitoring

Full Access
Question # 50

Which of the following allows for the attribution of messages to individuals?

A.

Adaptive identity

B.

Non-repudiation

C.

Authentication

D.

Access logs

Full Access
Question # 51

An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?

A.

Smishing

B.

Disinformation

C.

Impersonating

D.

Whaling

Full Access
Question # 52

Which of the following is a hardware-specific vulnerability?

A.

Firmware version

B.

Buffer overflow

C.

SQL injection

D.

Cross-site scripting

Full Access
Question # 53

Which of the following most impacts an administrator's ability to address CVEs discovered on a server?

A.

Rescanning requirements

B.

Patch availability

C.

Organizational impact

D.

Risk tolerance

Full Access
Question # 54

A Chief Information Security Officer wants to monitor the company's servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?

A.

Logging all NetFlow traffic into a SIEM

B.

Deploying network traffic sensors on the same subnet as the servers

C.

Logging endpoint and OS-specific security logs

D.

Enabling full packet capture for traffic entering and exiting the servers

Full Access
Question # 55

One of a company's vendors sent an analyst a security bulletin that recommends a BIOS update. Which of the following vulnerability types is being addressed by the patch?

A.

Virtualization

B.

Firmware

C.

Application

D.

Operating system

Full Access
Question # 56

The marketing department set up its own project management software without telling the appropriate departments. Which of the following describes this scenario?

A.

Shadow IT

B.

Insider threat

C.

Data exfiltration

D.

Service disruption

Full Access
Question # 57

Which of the following is thebestway to consistently determine on a daily basis whether security settings on servers have been modified?

A.

Automation

B.

Compliance checklist

C.

Attestation

D.

Manual audit

Full Access
Question # 58

A newly identified network access vulnerability has been found in the OS of legacy loT devices. Which of the following would best mitigate this vulnerability quickly?

A.

Insurance

B.

Patching

C.

Segmentation

D.

Replacement

Full Access
Question # 59

A systems administrator is looking for a low-cost application-hosting solution that is cloud-based. Which of the following meets these requirements?

A.

Serverless framework

B.

Type 1 hvpervisor

C.

SD-WAN

D.

SDN

Full Access
Question # 60

The marketing department set up its own project management software without telling the appropriate departments. Which of the following describes this scenario?

A.

Shadow IT

B.

Insider threat

C.

Data exfiltration

D.

Service disruption

Full Access
Question # 61

Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?

A.

Software as a service

B.

Infrastructure as code

C.

Internet of Things

D.

Software-defined networking

Full Access
Question # 62

Which of the following would be thebestway to block unknown programs from executing?

A.

Access control list

B.

Application allow list.

C.

Host-based firewall

D.

DLP solution

Full Access
Question # 63

An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization?

A.

Exception

B.

Segmentation

C.

Risk transfer

D.

Compensating controls

Full Access
Question # 64

A security analyst reviews domain activity logs and notices the following:

Which of the following is thebestexplanation for what the security analyst has discovered?

A.

The user jsmith's account has been locked out.

B.

A keylogger is installed on [smith's workstation

C.

An attacker is attempting to brute force ismith's account.

D.

Ransomware has been deployed in the domain.

Full Access
Question # 65

An administrator discovers that some files on a database server were recently encrypted. The administrator sees from the security logs that the data was last accessed by a domain user. Which of the following best describes the type of attack that occurred?

A.

Insider threat

B.

Social engineering

C.

Watering-hole

D.

Unauthorized attacker

Full Access
Question # 66

A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users. Which of the following would be a good use case for this task?

A.

Off-the-shelf software

B.

Orchestration

C.

Baseline

D.

Policy enforcement

Full Access