CompTIA CompTIA Certifications SY0-701 Questions & Answers

• Question 131:

  Which of the following examples would be best mitigated by input sanitization?

  A.

  B. nmap - 10.11.1.130

  C. Email message: "Click this link to get your free gift card."

  D. Browser message: "Your connection is not private."

  Correct Answer: A

  This example of a script injection attack would be best mitigated by input sanitization. Input sanitization involves cleaning or filtering user inputs to ensure that they do not contain harmful data, such as malicious scripts. This prevents attackers from executing script-based attacks (e.g., Cross-Site Scripting or XSS). Nmap command is unrelated to input sanitization, as it is a network scanning tool. Email phishing attempts require different mitigations, such as user training. Browser warnings about insecure connections involve encryption protocols, not input validation

• Question 132:

  An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC's memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack?

  A. Privilege escalation

  B. Buffer overflow

  C. SQL injection

  D. Pass-the-hash

  Correct Answer: D

  The scenario describes an attacker who obtained credentials from a compromised system's memory and used them without cracking to move laterally within the network. This technique is known as a "pass-the-hash" attack, where the

  attacker captures hashed credentials (e.g., NTLM hashes) and uses them to authenticate and gain access to other systems without needing to know the plaintext password. This is a common attack method in environments where weak

  security practices or outdated protocols are in use.

  References:

  CompTIA Security+ SY0-701 Course Content: The course discusses credential- based attacks like pass-the-hash, emphasizing their impact and the importance of protecting credential stores.

• Question 133:

  A company wants to reduce the time and expense associated with code deployment. Which of the following technologies should the company utilize?

  A. Serverless architecture

  B. Thin clients

  C. Private cloud

  D. Virtual machines

  Correct Answer: A

  Serverless architecture allows companies to deploy code without managing the underlying infrastructure. This approach significantly reduces the time and expense involved in code deployment because developers can focus solely on writing

  code, while the cloud provider manages the servers, scaling, and maintenance. Serverless computing also enables automatic scaling and pay-per-execution billing, which further optimizes costs.

  References:

  CompTIA Security+ SY0-701 Course Content: The course covers cloud technologies, including serverless architectures, which are highlighted as a method to streamline and reduce costs associated with code deployment.

• Question 134:

  A security engineer is installing an IPS to block signature-based attacks in the environment. Which of the following modes will best accomplish this task?

  A. Monitor

  B. Sensor

  C. Audit

  D. Active

  Correct Answer: D

  To block signature-based attacks, the Intrusion Prevention System (IPS) must be in active mode. In this mode, the IPS can actively monitor and block malicious traffic in real time based on predefined signatures. This is the best mode to

  prevent known attack types from reaching the internal network.

  Monitor mode and sensor mode are typically passive, meaning they only observe and log traffic without actively blocking it.

  Audit mode is used for review purposes and does not actively block traffic.

• Question 135:

  An organization would like to calculate the time needed to resolve a hardware issue with a server. Which of the following risk management processes describes this example?

  A. Recovery point objective

  B. Mean time between failures

  C. Recovery time objective

  D. Mean time to repair

  Correct Answer: D

• Question 136:

  The application development teams have been asked to answer the following questions:

  1.

  Does this application receive patches from an external source?

  2.

  Does this application contain open-source code?

  3.

  Is this application accessible by external users?

  4.

  Does this application meet the corporate password standard?

  Which of the following are these questions part of?

  A. Risk control self-assessment

  B. Risk management strategy

  C. Risk acceptance

  D. Risk matrix

  Correct Answer: A

  The questions listed are part of a Risk Control Self-Assessment (RCSA), which is a process where teams evaluate the risks associated with their operations and assess the effectiveness of existing controls. The questions focus on aspects

  such as patch management, the use of open-source code, external access, and compliance with corporate standards, all of which are critical for identifying and mitigating risks.

  References:

  CompTIA Security+ SY0-701 Course Content: The course discusses various risk management processes, including self-assessments that help in identifying and managing risks within the organization.

• Question 137:

  A security analyst is reviewing the source code of an application in order to identify misconfigurations and vulnerabilities. Which of the following kinds of analysis best describes this review?

  A. Dynamic

  B. Static

  C. Gap

  D. Impact

  Correct Answer: B

  Reviewing the source code of an application to identify misconfigurations and vulnerabilities is best described as static analysis. Static analysis involves examining the code without executing the program. It focuses on finding potential

  security issues, coding errors, and vulnerabilities by analyzing the code itself. Static analysis: Analyzes the source code or compiled code for vulnerabilities without executing the program.

  Dynamic analysis: Involves testing and evaluating the program while it is running to identify vulnerabilities.

  Gap analysis: Identifies differences between the current state and desired state, often used for compliance or process improvement. Impact analysis: Assesses the potential effects of changes in a system or process. Reference: CompTIA

  Security+ SY0-701 Exam Objectives, Domain 4.3 - Explain various activities associated with vulnerability management (Static analysis).

• Question 138:

  An enterprise is working with a third party and needs to allow access between the internal networks of both parties for a secure file migration. The solution needs to ensure encryption is applied to all traffic that is traversing the networks. Which of the following solutions should most likely be implemented?

  A. EAP

  B. IPSec

  C. SD-WAN

  D. TLS

  Correct Answer: B

• Question 139:

  An administrator has identified and fingerprinted specific files that will generate an alert if an attempt is made to email these files outside of the organization. Which of the following best describes the tool the administrator is using?

  A. DLP

  B. SNMP traps

  C. SCAP

  D. IPS

  Correct Answer: A

• Question 140:

  A software developer released a new application and is distributing application files via the developer's website. Which of the following should the developer post on the website to allow users to verify the integrity of the downloaded files?

  A. Hashes

  B. Certificates

  C. Algorithms

  D. Salting

  Correct Answer: A