CompTIA CompTIA Certifications SY0-701 Questions & Answers

• Question 181:

  An accounting intern receives an invoice via email from the Chief Executive Officer (CEO). In the email, the CEO demands the immediate release of funds to the bank account that is listed. Which of the following principles best describes why this attack might be successful?

  A. Authority

  B. Scarcity

  C. Consensus

  D. Familiarity

  Correct Answer: A

• Question 182:

  A web application for a bank displays the following output when showing details about a customer's bank account:

  

  Which of the following techniques is most likely implemented in this web application?

  A. Data minimization

  B. Data scrambling

  C. Data masking

  D. Anonymization

  Correct Answer: C

• Question 183:

  The security operations center is researching an event concerning a suspicious IP address. A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced failed log-in attempts when authenticating from the same IP address:

  

  Which of the following most likely describes the attack that took place?

  A. Spraying

  B. Brute-force

  C. Dictionary

  D. Rainbow table

  Correct Answer: A

• Question 184:

  A security analyst finds a rogue device during a monthly audit of current endpoint assets that are connected to the network. The corporate network utilizes 802.1 X for access control. To be allowed on the network, a device must have a known hardware address, and a valid username and password must be entered in a captive portal. The following is the audit report:

  

  Which of the following is the most likely way a rogue device was allowed to connect?

  A. A user performed a MAC cloning attack with a personal device.

  B. A DHCP failure caused an incorrect IP address to be distributed.

  C. An administrator bypassed the security controls for testing.

  D. DNS hijacking let an attacker intercept the captive portal traffic.

  Correct Answer: A

• Question 185:

  Which of the following incident response activities ensures evidence is properly handied?

  A. E-discovery

  B. Chain of custody

  C. Legal hold

  D. Preservation

  Correct Answer: B

  Chain of custody is the process of documenting and preserving the integrity of evidence collected during an incident response. It involves recording the details of each person who handled the evidence, the time and date of each transfer, and the location where the evidence was stored. Chain of custody ensures that the evidence is admissible in legal proceedings and can be traced back to its source. E-discovery, legal hold, and preservation are related concepts, but they do not ensure evidence is properly handled. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 487; NIST SP 800-61: 3.2. Evidence Gathering and Handling

• Question 186:

  Visitors to a secured facility are required to check in with a photo ID and enter the facility through an access control vestibule. Which of the following but describes this form of security control?

  A. Physical

  B. Managerial

  C. Technical

  D. Operational

  Correct Answer: A

  A physical security control is a device or mechanism that prevents unauthorized access to a physical location or asset. An access control vestibule, also known as a mantrap, is a physical security control that consists of a small space with two sets of interlocking doors, such that the first set of doors must close before the second set opens. This prevents unauthorized individuals from following authorized individuals into the facility, a practice known as piggybacking or tailgating. A photo ID check is another form of physical security control that verifies the identity of visitors. Managerial, technical, and operational security controls are not directly related to physical access, but rather to policies, procedures, systems, and processes that support security objectives. References: CompTIA Security+ Study Guide: Exam SY0- 701, 9th Edition, page 341; Mantrap (access control) - Wikipedia2

• Question 187:

  A company must ensure sensitive data at rest is rendered unreadable. Which of the following will the company most likely use?

  A. Hashing

  B. Tokenization

  C. Encryption

  D. Segmentation

  Correct Answer: C

  Encryption is a method of transforming data in a way that makes it unreadable without a secret key necessary to decrypt the data back into plaintext. Encryption is one of the most common and effective ways to protect data at rest, as it prevents unauthorized access, modification, or theft of the data. Encryption can be applied to different types of data at rest, such as block storage, object storage, databases, archives, and so on. Hashing, tokenization, and segmentation are not methods of rendering data at rest unreadable, but rather of protecting data in other ways. Hashing is a one-way function that generates a fixed-length output, called a hash or digest, from an input, such that the input cannot be recovered from the output. Hashing is used to verify the integrity and authenticity of data, but not to encrypt it. Tokenization is a process that replaces sensitive data with non-sensitive substitutes, called tokens, that have no meaning or value on their own. Tokenization is used to reduce the exposure and compliance scope of sensitive data, but not to encrypt it. Segmentation is a technique that divides a network or a system into smaller, isolated units, called segments, that have different levels of access and security. Segmentation is used to limit the attack surface and contain the impact of a breach, but not to encrypt data at rest. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, pages 77-781; Protecting data at rest - Security Pillar3

• Question 188:

  Which of the following would help ensure a security analyst is able to accurately measure the overall risk to an organization when a new vulnerability is disclosed?

  A. A full inventory of all hardware and software

  B. Documentation of system classifications

  C. A list of system owners and their departments

  D. Third-party risk assessment documentation

  Correct Answer: A

  A full inventory of all hardware and software is essential for measuring the overall risk to an organization when a new vulnerability is disclosed, because it allows the security analyst to identify which systems are affected by the vulnerability and prioritize the remediation efforts. Without a full inventory, the security analyst may miss some vulnerable systems or waste time and resources on irrelevant ones. Documentation of system classifications, a list of system owners and their departments, and third-party risk assessment documentation are all useful for risk management, but they are not sufficient to measure the impact of a new vulnerability. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 1221; Risk Assessment and Analysis Methods: Qualitative and Quantitative3

• Question 189:

  A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours. Which of the following is most likely occurring?

  A. A worm is propagating across the network.

  B. Data is being exfiltrated.

  C. A logic bomb is deleting data.

  D. Ransomware is encrypting files.

  Correct Answer: B

  Data exfiltration is a technique that attackers use to steal sensitive data from a target system or network by transmitting it through DNS queries and responses. This method is often used in advanced persistent threat (APT) attacks, in which attackers seek to persistently evade detection in the target environment. A large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours is a strong indicator of data exfiltration. A worm, a logic bomb, and ransomware would not use DNS queries to communicate with their command and control servers or perform their malicious actions. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 487; Introduction to DNS Data Exfiltration; Identifying a DNS Exfiltration Attack That Wasn't Real -- This Time

• Question 190:

  A company is planning a disaster recovery site and needs to ensure that a single natural disaster would not result in the complete loss of regulated backup data. Which of the following should the company consider?

  A. Geographic dispersion

  B. Platform diversity

  C. Hot site

  D. Load balancing

  Correct Answer: A

  Geographic dispersion is the practice of having backup data stored in different locations that are far enough apart to minimize the risk of a single natural disaster affecting both sites. This ensures that the company can recover its regulated data in case of a disaster at the primary site. Platform diversity, hot site, and load balancing are not directly related to the protection of backup data from natural disasters. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 449; Disaster Recovery Planning: Geographic Diversity