CompTIA CompTIA Certifications SY0-701 Questions & Answers

• Question 221:

  An engineer recently deployed a group of 100 web servers in a cloud environment. Per the security policy, all web-server ports except 443 should be disabled. Which of the following can be used to accomplish this task?

  A. Application allow list

  B. SWG

  C. Host-based firewall

  D. VPN

  Correct Answer: C

  Host-based firewall - This is a firewall on a host where you can configured rules for ports/connections allowed on that specific host.

  As the question specifically is asking for web-server ports to be blocked, it would make more sense to configure rules to block the ports on each web server.

  ========================

  Other Choices:

  Application allow list - A list of applications and application components that are permitted to reside or perform actions on a device SWG(Secure Web Gateway) - A security product that operates between employees and the internet by filtering

  unsafe content from web traffic to stop cyber threats and data breaches. They also block risky or unauthorized user behavior.

  SWGs usually analyses the content of traffic.

  VPN (Virtual Private Network) - A service that establishes a secure encrypted connection between networks over the internet. Hosts connected on the network will behave logically as if they're on the same network even if they are a physically

  not.

• Question 222:

  A newly appointed board member with cybersecurity knowledge wants the board of directors to receive a quarterly report detailing the number of incidents that impacted the organization. The systems administrator is creating a way to present the data to the board of directors. Which of the following should the systems administrator use?

  A. Packet captures

  B. Vulnerability scans

  C. Metadata

  D. Dashboard

  Correct Answer: D

  A dashboard is a graphical user interface that provides a visual representation of key performance indicators, metrics, and trends related to security events and incidents. A dashboard can help the board of directors to understand the number and impact of incidents that affected the organization in a given period, as well as the status and effectiveness of the security controls and processes. A dashboard can also allow the board of directors to drill down into specific details or filter the data by various criteria12. A packet capture is a method of capturing and analyzing the network traffic that passes through a device or a network segment. A packet capture can provide detailed information about the source, destination, protocol, and content of each packet, but it is not a suitable way to present a summary of incidents to the board of directors13. A vulnerability scan is a process of identifying and assessing the weaknesses and exposures in a system or a network that could be exploited by attackers. A vulnerability scan can help the organization to prioritize and remediate the risks and improve the security posture, but it is not a relevant way to report the number of incidents that occurred in a quarter14. Metadata is data that describes other data, such as its format, origin, structure, or context. Metadata can provide useful information about the characteristics and properties of data, but it is not a meaningful way to communicate the impact and frequency of incidents to the board of directors.

  References: 1: CompTIA Security+ SY0-701 Certification Study Guide, page 3722: SIEM Dashboards -SY0-601 CompTIA Security+ : 4.3, video by Professor Messer3: CompTIA Security+ SY0-701 Certification Study Guide, page 3464: CompTIA Security+ SY0-701 Certification Study Guide, page 362. : CompTIA Security+ SY0-701 Certification Study Guide, page 97.

• Question 223:

  A company has begun labeling all laptops with asset inventory stickers and associating them with employee IDs. Which of the following security benefits do these actions provide? (Choose two.)

  A. If a security incident occurs on the device, the correct employee can be notified.

  B. The security team will be able to send user awareness training to the appropriate device.

  C. Users can be mapped to their devices when configuring software MFA tokens.

  D. User-based firewall policies can be correctly targeted to the appropriate laptops.

  E. When conducting penetration testing, the security team will be able to target the desired laptops.

  F. Company data can be accounted for when the employee leaves the organization.

  Correct Answer: AF

  Labeling all laptops with asset inventory stickers and associating them with employee IDs can provide several security benefits for a company. Two of these benefits are:

  A. If a security incident occurs on the device, the correct employee can be notified. An asset inventory sticker is a label that contains a unique identifier for a laptop, such as a serial number, a barcode, or a QR code. By associating this identifier with an employee ID, the security team can easily track and locate the owner of the laptop in case of a security incident, such as a malware infection, a data breach, or a theft. This way, the security team can notify the correct employee about the incident, and provide them with the necessary instructions or actions to take, such as changing passwords, scanning for viruses, or reporting the loss. This can help to contain the incident, minimize the damage, and prevent further escalation.

  F. Company data can be accounted for when the employee leaves the organization. When an employee leaves the organization, the company needs to ensure that all the company data and assets are returned or deleted from the employee's laptop. By labeling the laptop with an asset inventory sticker and associating it with an employee ID, the company can easily identify and verify the laptop that belongs to the departing employee, and perform the appropriate data backup, wipe, or transfer procedures. This can help to protect the company data from unauthorized access, disclosure, or misuse by the former employee or any other party. The other options are not correct because they are not related to the security benefits of labeling laptops with asset inventory stickers and associating them with employee IDs. B. The security team will be able to send user awareness training to the appropriate device. User awareness training is a type of security education that aims to improve the knowledge and behavior of users regarding security threats and best practices. The security team can send user awareness training to the appropriate device by using the email address, username, or IP address of the device, not the asset inventory sticker or the employee ID. C. Users can be mapped to their devices when configuring software MFA tokens. Software MFA tokens are a type of multi-factor authentication that uses a software application to generate a one-time password or a push notification for verifying the identity of a user. Users can be mapped to their devices when configuring software MFA tokens by using the device ID, phone number, or email address of the device, not the asset inventory sticker or the employee ID. D. User-based firewall policies can be correctly targeted to the appropriate laptops. User-based firewall policies are a type of firewall rules that apply to specific users or groups of users, regardless of the device or location they use to access the network. User-based firewall policies can be correctly targeted to the appropriate laptops by using the username, domain, or certificate of the user, not the asset inventory sticker or the employee ID. E. When conducting penetration testing, the security team will be able to target the desired laptops. Penetration testing is a type of security assessment that simulates a real-world attack on a network or system to identify and exploit vulnerabilities. When conducting penetration testing, the security team will be able to target the desired laptops by using the IP address, hostname, or MAC address of the laptop, not the asset inventory sticker or the employee ID.

  References: CompTIA Security+ Study Guide (SY0-701), Chapter 1: General Security Concepts, page 17. Professor Messer's CompTIA SY0-701 Security+ Training Course, Section 1.4: Asset Management, video: Asset Inventory (6:12).

• Question 224:

  An organization disabled unneeded services and placed a firewall in front of a business- critical legacy system. Which of the following best describes the actions taken by the organization?

  A. Exception

  B. Segmentation

  C. Risk transfer

  D. Compensating controls

  Correct Answer: D

  Compensating controls are alternative security measures that are implemented when the primary controls are not feasible, cost-effective, or sufficient to mitigate the risk. In this case, the organization used compensating controls to protect the

  legacy system from potential attacks by disabling unneeded services and placing a firewall in front of it. This reduced the attack surface and the likelihood of exploitation.

  References:

  Official CompTIA Security+ Study Guide (SY0-701), page 29 Security Controls - CompTIA Security+ SY0-701 - 1.1 1

• Question 225:

  Which of the following is used to protect a computer from viruses, malware, and Trojans being installed and moving laterally across the network?

  A. IDS

  B. ACL

  C. EDR

  D. NAC

  Correct Answer: C

  Endpoint detection and response (EDR) is a technology that monitors and analyzes the activity and behavior of endpoints, such as computers, laptops, mobile devices, and servers. EDR can help to detect and prevent malicious software, such as viruses, malware, and Trojans, from infecting the endpoints and spreading across the network. EDR can also provide visibility and response capabilities to contain and remediate threats. EDR is different from IDS, which is a network-based technology that monitors and alerts on network traffic anomalies. EDR is also different from ACL, which is a list of rules that control the access to network resources. EDR is also different from NAC, which is a technology that enforces policies on the network access of devices based on their identity and compliance status.

  References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 2561

• Question 226:

  A company is planning to set up a SIEM system and assign an analyst to review the logs on a weekly basis. Which of the following types of controls is the company setting up?

  A. Corrective

  B. Preventive

  C. Detective

  D. Deterrent

  Correct Answer: C

  A detective control is a type of control that monitors and analyzes the events and activities in a system or a network, and alerts or reports when an incident or a violation occurs. A SIEM (Security Information and Event Management) system is a tool that collects, correlates, and analyzes the logs from various sources, such as firewalls, routers, servers, or applications, and provides a centralized view of the security status and incidents. An analyst who reviews the logs on a weekly basis can identify and investigate any anomalies, trends, or patterns that indicate a potential threat or a breach. A detective control can help the company to respond quickly and effectively to the incidents, and to improve its security posture and resilience.

  References: CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 1, page 23. CompTIA Security+ SY0-701 Exam Objectives, Domain 4.3, page 14.

• Question 227:

  Which of the following are cases in which an engineer should recommend the decommissioning of a network device? (Select two).

  A. The device has been moved from a production environment to a test environment.

  B. The device is configured to use cleartext passwords.

  C. The device is moved to an isolated segment on the enterprise network.

  D. The device is moved to a different location in the enterprise.

  E. The device's encryption level cannot meet organizational standards.

  F. The device is unable to receive authorized updates.

  Correct Answer: EF

  An engineer should recommend the decommissioning of a network device when the device poses a security risk or a compliance violation to the enterprise environment. A device that cannot meet the encryption standards or receive

  authorized updates is vulnerable to attacks and breaches, and may expose sensitive data or compromise network integrity. Therefore, such a device should be removed from the network and replaced with a more secure and updated one.

  References CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 2, Section 2.2, page 671 CompTIA Security+ Practice Tests: Exam SY0-701, 3rd Edition, Chapter 2, Question16, page 512

• Question 228:

  Which of the following would be best suited for constantly changing environments?

  A. RTOS

  B. Containers

  C. Embedded systems

  D. SCADA

  Correct Answer: B

  Containers are a method of virtualization that allows applications to run in isolated environments with their own dependencies, libraries, and configurations. Containers are best suited for constantly changing environments because they are lightweight, portable, scalable, and easy to deploy and update. Containers can also support microservices architectures, which enable faster and more frequent delivery of software features.

  References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 10: Mobile Device Security, page 512 1

• Question 229:

  An administrator discovers that some files on a database server were recently encrypted. The administrator sees from the security logs that the data was last accessed by a domain user. Which of the following best describes the type of attack that occurred?

  A. Insider threat

  B. Social engineering

  C. Watering-hole

  D. Unauthorized attacker

  Correct Answer: A

  An insider threat is a type of attack that originates from someone who has legitimate access to an organization's network, systems, or data. In this case, the domain user who encrypted the files on the database server is an example of an insider threat, as they abused their access privileges to cause harm to the organization. Insider threats can be motivated by various factors, such as financial gain, revenge, espionage, or sabotage.

  References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 1: General Security Concepts, page 251. CompTIA Security+ Certification Kit: Exam SY0- 701, 7th Edition, Chapter 1: General Security Concepts, page 252.

• Question 230:

  A company is required to use certified hardware when building networks. Which of the following best addresses the risks associated with procuring counterfeit hardware?

  A. A thorough analysis of the supply chain

  B. A legally enforceable corporate acquisition policy

  C. A right to audit clause in vendor contracts and SOWs

  D. An in-depth penetration test of all suppliers and vendors

  Correct Answer: A

  Counterfeit hardware is hardware that is built or modified without the authorization of the original equipment manufacturer (OEM). It can pose serious risks to network quality, performance, safety, and reliability12. Counterfeit hardware can also contain malicious components that can compromise the security of the network and the data that flows through it3. To address the risks associated with procuring counterfeit hardware, a company should conduct a thorough analysis of the supply chain, which is the network of entities involved in the production, distribution, and delivery of the hardware. By analyzing the supply chain, the company can verify the origin, authenticity, and integrity of the hardware, and identify any potential sources of counterfeit or tampered products. A thorough analysis of the supply chain can include the following steps: Establishing a trusted relationship with the OEM and authorized resellers Requesting documentation and certification of the hardware from the OEM or authorized resellers Inspecting the hardware for any signs of tampering, such as mismatched labels, serial numbers, or components Testing the hardware for functionality, performance, and security Implementing a tracking system to monitor the hardware throughout its lifecycle Reporting any suspicious or counterfeit hardware to the OEM and law enforcement agencies.

  References: 1: Identify Counterfeit and Pirated Products - Cisco, 2: What Is Hardware Security? Definition, Threats, and Best Practices, 3: Beware of Counterfeit Network Equipment - TechNewsWorld, : Counterfeit Hardware: The Threat and How to Avoid It