CompTIA CompTIA Certifications SY0-701 Questions & Answers

• Question 211:

  A user is attempting to navigate to a website from inside the company network using a desktop. When the user types in the URL. https://www.site.com, the user is presented with a certificate mismatch warning from the browser. The user does not receive a warning when visiting http://www.anothersite.com. Which of the following describes this attack?

  A. On-path

  B. Domain hijacking

  C. DNS poisoning

  D. Evil twin

  Correct Answer: C

  DNS poisoning - DNS poisoning occurs when hackers gain access to a DNS server and begins to redirect traffic to a different IP address by alternating a DNS record.

  For this question, DNS poisoning on HTTPS will result in a certificate mismatch error, which means a DNS record has been altered.

• Question 212:

  Which of the following is a known security risk associated with data archives that contain financial information?

  A. Data can become a liability if archived longer than required by regulatory guidance

  B. Data must be archived off-site to avoid breaches and meet business requirements

  C. Companies are prohibited from providing archived data to e-discovery requests

  D. Unencrypted archives should be preserved as long as possible and encrypted

  Correct Answer: A

  Data minimization has to be done to decrease liability

• Question 213:

  Which of the following tools is effective in preventing a user from accessing unauthorized removable media?

  A. USB data blocker

  B. Faraday cage

  C. Proximity reader

  D. Cable lock

  Correct Answer: A

  A USB data blocker, also known as a "USB condom" (really, no kidding!), is a device that allows you to plug into USB charging ports including charging kiosks, and USB ports on gadgets owned by other people.

  The main purpose of using one is to eliminate the risk of infecting your phone or tablet with malware, and even prevent hackers to install/execute any malicious code to access your data.

• Question 214:

  An organization is migrating several SaaS applications that support SSO. The security manager wants to ensure the migration is completed securely. Which of the following should the organization consider before implementation? (Select TWO).

  A. The back-end directory source

  B. The identity federation protocol

  C. The hashing method

  D. The encryption method

  E. The registration authority

  F. The certificate authority

  Correct Answer: BF

• Question 215:

  A recent audit cited a risk involving numerous low-criticality vulnerabilities created by a web application using a third-party library. The development staff state there are still customers using the application even though it is end of life and it would be a substantial burden to update the application for compatibility with more secure libraries. Which of the following would be the MOST prudent course of action?

  A. Accept the risk if there is a clear road map for timely decommission

  B. Deny the risk due to the end-of-life status of the application.

  C. Use containerization to segment the application from other applications to eliminate the risk

  D. Outsource the application to a third-party developer group

  Correct Answer: A

  Accept the risk if there is a clear road map for timely decommission.

  The audit found low-criticality vulnerabilities so, from the organization's perspective, it's not an issue that requires immediate attention. If the organization's understands the level of severity of the vulnerabilities and plans to decommission the

  application when they see fit, then that would be the most prudent(practical) action for them.

  There are still users that are using the application, so there should be time given to notify the users when it is time to decommission the application to minimize disruption.

• Question 216:

  Which of the following control types is focused primarily on reducing risk before an incident occurs?

  A. Preventive

  B. Deterrent

  C. Corrective

  D. Detective

  Correct Answer: A

  "Preventive controls act before an event, preventing it from advancing". Deterrent - "acts to discourage the attacker by reducing the likelhood of success from the perspective of the attacker".

• Question 217:

  Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment?

  A. Fines

  B. Audit findings

  C. Sanctions

  D. Reputation damage

  Correct Answer: B

• Question 218:

  An organization has hired a red team to simulate attacks on its security posture. Which of the following will the blue team do after detecting an IoC?

  A. Reimage the impacted workstations

  B. Activate runbooks for incident response

  C. Conduct forensics on the compromised system

  D. Conduct passive reconnaissance to gather information

  Correct Answer: B

• Question 219:

  A company wants to improve end users experiences when they tog in to a trusted partner website The company does not want the users to be issued separate credentials for the partner website Which of the following should be implemented to allow users to authenticate using their own credentials to log in to the trusted partner's website?

  A. Directory service

  B. AAA server

  C. Federation

  D. Multifactor authentication

  Correct Answer: C

  Federation means the company trusts accounts created and managed by a different network. It connects the identity management services of multiple systems

• Question 220:

  Which of the following is the MOST effective control against zero-day vulnerabilities?

  A. Network segmentation

  B. Patch management

  C. Intrusion prevention system

  D. Multiple vulnerability scanners

  Correct Answer: A

  IPS can only protect against known host and application-based attacks and exploits. IPS inspects traffic against signatures and anomalies, it does cover a broad spectrum of attack types, most of them signature-based, and signatures alone cannot protect against zero-day attacks. (www.rawcode7.medium.com)

  However, with network segmentation, you're able to isolate critical assets into different segments. And when a zero-day attack occurs, you're not at risk of losing all and are able to isolate the attack's effect to one segment.