CompTIA CompTIA Certifications SY0-701 Questions & Answers

• Question 201:

  An organization discovered files with proprietary financial data have been deleted. The files have been recovered from backup but every time the Chief Financial Officer logs in to the file server, the same files are deleted again No other users are experiencing this issue. Which of the following types of malware is MOST likely causing this behavior?

  A. Logic bomb

  B. Crypto malware

  C. Spyware

  D. Remote access Trojan

  Correct Answer: A

  Logic bomb: a set of instructions secretly incorporated into a program so that if a particular condition is satisfied they will be carried out, usually with harmful effects.

• Question 202:

  After multiple on premises security solutions were migrated to the cloud, the incident response time increased. The analyst are spending a long time to trace information on different cloud consoles and correlating data in different formats. Which of the following can be used to optimize the incident response time?

  A. CASB

  B. VPC

  C. SWG

  D. CMS

  Correct Answer: A

  CASB vs SWG CASB is the more optimal solution for multiple on premises security solutions CASB services are explicitly designed to fit the needs of large enterprises You can access link and read about it: https://www.gend.co/blog/casb-or-swg-which-is-best-option-for-your-enterprise

• Question 203:

  The Chief Information Security Officer wants to prevent exfiltration of sensitive information from employee cell phones when using public USB power charging stations. Which of the following would be the BEST solution to Implement?

  A. DLP

  B. USB data blocker

  C. USB OTG

  D. Disabling USB ports

  Correct Answer: B

  The best solution to prevent exfiltration of sensitive information from employee cell phones when using public USB power charging stations would be to use a USB data blocker. A USB data blocker is a device that can be used to physically block the data pins on a USB cable, preventing data transfer while still allowing the device to be charged. This would prevent employees from accidentally or maliciously transferring sensitive data from their cell phones to the public charging station. Options A, C, and D would not be effective in preventing this type of data exfiltration

• Question 204:

  Several universities are participating m a collaborative research project and need to share compute and storage resources Which of the following cloud deployment strategies would BEST meet this need?

  A. Community

  B. Private

  C. Public

  D. Hybrid

  Correct Answer: A

  Community cloud storage is a variation of the private cloud storage model, which offers cloud solutions for specific businesses or communities. In this model, cloud storage providers offer their cloud architecture, software and other development tools to meet the requirements of the community. A community cloud in computing is a collaborative effort in which infrastructure is shared between several organizations from a specific community with common concerns (security, compliance, jurisdiction, etc.), whether managed internally or by a third-party and hosted internally or externally.

• Question 205:

  Digital signatures use asymmetric encryption. This means the message is encrypted with:

  A. the sender's private key and decrypted with the sender's public key

  B. the sender's public key and decrypted with the sender's private key

  C. the sender's private key and decrypted with the recipient's public key.

  D. the sender's public key and decrypted with the recipient's private key

  Correct Answer: A

  There are 2 general ways to use asymetric algorithm.

  1 - For communication between 2 hosts: If bob sends a message to Alice, bob uses Alice's public key to encrypt the message, and Alice uses her private key to decrypt the message. 2 - For digital signature/Authentication: If ALice need to

  authenticate Bob, BOB uses his private key to sign the message, and Alice uses the public key of bob to decrypt the message. This process help to make sure the signature is owned by Bob.

  On this example, A is totally correct.

• Question 206:

  The SOC for a large MSSP is meeting to discuss the lessons learned from a recent incident that took much too long to resolve This type of incident has become more common in recent weeks and is consuming large amounts of the analysts' time due to manual tasks being performed Which of the following solutions should the SOC consider to BEST improve its response time?

  A. Configure a NIDS appliance using a Switched Port Analyzer

  B. Collect OSINT and catalog the artifacts in a central repository

  C. Implement a SOAR with customizable playbooks

  D. Install a SIEM with community-driven threat intelligence

  Correct Answer: C

  SOAR (Security Orchestration, Automation, and Response) Can use either playbook or runbook. It assists in collecting threat related data from a range of sources and automate responses to low level threats. (frees up some of the CSIRT time)

• Question 207:

  An engineer wants to inspect traffic to a cluster of web servers in a cloud environment. Which of the following solutions should the engineer implement?

  A. CASB

  B. WAF

  C. Load balancer

  D. VPN

  Correct Answer: A

• Question 208:

  Two organizations plan to collaborate on the evaluation of new SIEM solutions for their respective companies. A combined effort from both organizations' SOC teams would speed up the effort. Which of the following can be written to document this agreement?

  A. MOU

  B. ISA

  C. SLA

  D. NDA

  Correct Answer: A

  A document that regulates security-relevant aspects of an intended connection between an agency and an external system. It regulates the security interface between any two systems operating under two different distinct authorities. It includes a variety of descriptive, technical, procedural, and planning information. It is usually preceded by a formal MOA/MOU that defines high- level roles and responsibilities in management of a cross-domain connection.

• Question 209:

  Which of the following documents provides expectations at a technical level for quality, availability, and responsibilities?

  A. EOL

  B. SLA

  C. MOU

  D. EOSL

  Correct Answer: B

  A document that provides expectations at a technical level for quality, availability, and responsibilities is a Service Level Agreement (SLA). An SLA is a contract between a service provider and a customer that specifies the level of service that the provider will deliver. This typically includes technical details such as uptime, response times, and performance criteria. The SLA is used to ensure that the customer receives the level of service that they have agreed to and that the provider is held accountable for meeting those expectations. Options A, C, and D are not related to the technical level of service expectations. EOL refers to the end of life for a product or service, MOU is a memorandum of understanding, and EOSL is the end of service life.

• Question 210:

  An organization would like to give remote workers the ability to use applications hosted inside the corporate network Users will be allowed to use their personal computers or they will be provided organization assets Either way no data or applications will be installed locally on any user systems

  Which of the following mobile solutions would accomplish these goals?

  A. VDI

  B. MDM

  C. COPE

  D. UTM

  Correct Answer: A

  MDM would require something to be installed. VDI, virtual desktop infrastructure, would allow employees to use run apps on the company network without installing locally.