Which of the following is an algorithm performed to verify that data has not been modified?
A. Hash
B. Code check
C. Encryption
D. Checksum
Correct Answer: A
A hash is an algorithm used to verify data integrity by generating a fixed-size string of characters from input data. If even a single bit of the input data changes, the hash value will change, allowing users to detect any modification to the data.
Hashing algorithms like SHA-256 and MD5 are commonly used to ensure data has not been altered.
References:
CompTIA Security+ SY0-701 Course Content: Domain 6: Cryptography and PKI, which discusses the role of hashing in verifying data integrity.
Question 12:
An organization maintains intellectual property that it wants to protect. Which of the following concepts would be most beneficial to add to the company's security awareness training program?
A. Insider threat detection
B. Simulated threats
C. Phishing awareness
D. Business continuity planning
Correct Answer: A
For an organization that wants to protect its intellectual property, adding insider threat detection to the security awareness training program would be most beneficial. Insider threats can be particularly dangerous because they come from trusted individuals within the organization who have legitimate access to sensitive information. Insider threat detection: Focuses on identifying and mitigating threats from within the organization, including employees, contractors, or business partners who might misuse their access. Simulated threats: Often used for testing security measures and training, but not specifically focused on protecting intellectual property. Phishing awareness: Important for overall security but more focused on preventing external attacks rather than internal threats. Business continuity planning: Ensures the organization can continue operations during and after a disruption but does not directly address protecting intellectual property from insider threats. Reference: CompTIA Security+ SY0-701 Exam Objectives, Domain 5.6 - Implement security awareness practices (Insider threat detection).
Question 13:
A business needs a recovery site but does not require immediate failover. The business also wants to reduce the workload required to recover from an outage. Which of the following recovery sites is the best option?
A. Hot
B. Cold
C. Warm
D. Geographically dispersed
Correct Answer: C
A warm site is the best option for a business that does not require immediate failover but wants to reduce the workload required for recovery. A warm site has some pre-installed equipment and data, allowing for quicker recovery than a cold site, but it still requires some setup before becoming fully operational. Hot sites provide immediate failover but are more expensive and require constant maintenance. Cold sites require significant time and effort to get up and running after an outage. Geographically dispersed sites refer to a specific location strategy rather than the readiness of the recovery site.
Question 14:
An employee recently resigned from a company. The employee was responsible for managing and supporting weekly batch jobs over the past five years. A few weeks after the employee resigned, one of the batch jobs failed and caused a major disruption. Which of the following would work best to prevent this type of incident from reoccurring?
A. Job rotation
B. Retention
C. Outsourcing
D. Separation of duties
Correct Answer: A
Job rotation is a security control that involves regularly moving employees to different roles within an organization. This practice helps prevent incidents where a single employee has too much control or knowledge about a specific job
function, reducing the risk of disruption when an employee leaves. It also helps in identifying any hidden issues or undocumented processes that could cause problems after an employee's departure.
References:
CompTIA Security+ SY0-701 Course Content: Domain 5: Security Program Management and Oversight, which includes job rotation as a method to ensure business continuity and reduce risks.
Question 15:
A security team created a document that details the order in which critical systems should be through back online after a major outage. Which of the following documents did the team create?
A. Communication plan
B. Incident response plan
C. Data retention policy
D. Disaster recovery plan
Correct Answer: D
The document described in the question is a Disaster Recovery Plan (DRP). A DRP outlines the process and procedures for restoring critical systems and operations after a major disruption or outage. It includes the order in which systems
should be brought back online to ensure minimal impact on business operations, prioritizing the most critical systems to recover first.
References:
CompTIA Security+ SY0-701 Course Content: Domain 5: Security Program Management and Oversight, which discusses the development and implementation of disaster recovery plans.
Question 16:
A financial institution would like to store its customer data in a cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would best meet the requirement?
A. Asymmetric
B. Symmetric
C. Homomorphic
D. Ephemeral
Correct Answer: C
Homomorphic encryption allows data to be encrypted and manipulated without needing to decrypt it first. This cryptographic technique would allow the financial institution to store customer data securely in the cloud while still permitting
operations like searching and calculations to be performed on the encrypted data. This ensures that the cloud service provider cannot decipher the sensitive data, meeting the institution's security requirements.
References:
CompTIA Security+ SY0-701 Course Content: Domain 03 Security Architecture. CompTIA Security+ SY0-601 Study Guide: Chapter on Cryptographic Techniques.
Question 17:
A security analyst is investigating a workstation that is suspected of outbound communication to a command-and-control server. During the investigation, the analyst discovered that logs on the endpoint were deleted. Which of the following logs would the analyst most likely look at next?
A. IPS
B. Firewall
C. ACL
D. Windows security
Correct Answer: B
Since the logs on the endpoint were deleted, the next best option for the analyst is to examine firewall logs. Firewall logs can reveal external communication, including outbound traffic to a command-and-control (C2) server. These logs would
contain information about the IP addresses, ports, and protocols used, which can help in identifying suspicious connections.
IPS logs may provide information about network intrusions, but firewall logs are better for tracking communication patterns.
ACL logs (Access Control List) are useful for tracking access permissions but not for identifying C2 communication.
Windows security logs would have been ideal if they had not been deleted
Question 18:
A business uses Wi-Fi with content filleting enabled. An employee noticed a coworker accessed a blocked sue from a work computer and reported the issue. While investigating the issue, a security administrator found another device providing internet access to certain employees. Which of the following best describes the security risk?
A. The host-based security agent Is not running on all computers.
B. A rogue access point Is allowing users to bypass controls.
C. Employees who have certain credentials are using a hidden SSID.
D. A valid access point is being jammed to limit availability.
Correct Answer: B
The presence of another device providing internet access that bypasses the content filtering system indicates the existence of a rogue access point. Rogue access points are unauthorized devices that can create a backdoor into the network,
allowing users to bypass security controls like content filtering. This presents a significant security risk as it can expose the network to unauthorized access and potential data breaches.
References:
CompTIA Security+ SY0-701 Course Content: Rogue access points are highlighted as a major security risk, allowing unauthorized access to the network and bypassing security measures.
Question 19:
Which of the following is most likely to be deployed to obtain and analyze attacker activity and techniques?
A. Firewall
B. IDS
C. Honeypot
D. Layer 3 switch
Correct Answer: C
A honeypot is most likely to be deployed to obtain and analyze attacker activity and techniques. A honeypot is a decoy system set up to attract attackers, providing an opportunity to study their methods and behaviors in a controlled
environment without risking actual systems.
Honeypot: A decoy system designed to lure attackers, allowing administrators to observe and analyze attack patterns and techniques. Firewall: Primarily used to block unauthorized access to networks, not for observing attacker behavior. IDS
(Intrusion Detection System): Detects and alerts on malicious activity but does not specifically engage attackers to observe their behavior. Layer 3 switch: Used for routing traffic within networks, not for analyzing attacker techniques.
After performing an assessment, an analyst wants to provide a risk rating for the findings. Which of the following concepts should most likely be considered when calculating the ratings?
A. Owners and thresholds
B. Impact and likelihood
C. Appetite and tolerance
D. Probability and exposure factor
Correct Answer: B
When calculating risk ratings, the concepts of impact and likelihood are most likely to be considered. Risk assessment typically involves evaluating the potential impact of a threat (how severe the consequences would be if the threat
materialized) and the likelihood of the threat occurring (how probable it is that the threat will occur). Impact: Measures the severity of the consequences if a particular threat exploits a vulnerability. It considers factors such as financial loss,
reputational damage, and operational disruption.
Likelihood: Measures the probability of a threat exploiting a vulnerability. This can be based on historical data, current threat landscape, and expert judgment. Reference: CompTIA Security+ SY0-701 Exam Objectives, Domain 5.2 - Risk
management process (Risk assessment: impact and likelihood).
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-701 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.