CompTIA CompTIA Certifications SY0-701 Questions & Answers

• Question 241:

  Which of the following security concepts is the best reason for permissions on a human resources fileshare to follow the principle of least privilege?

  A. Integrity

  B. Availability

  C. Confidentiality

  D. Non-repudiation

  Correct Answer: C

  Confidentiality is the security concept that ensures data is protected from unauthorized access or disclosure. The principle of least privilege is a technique that grants users or systems the minimum level of access or permissions that they need to perform their tasks, and nothing more. By applying the principle of least privilege to a human resources fileshare, the permissions can be restricted to only those who have a legitimate need to access the sensitive data, such as HR staff, managers, or auditors. This can prevent unauthorized users, such as hackers, employees, or contractors, from accessing, copying, modifying, or deleting the data. Therefore, the principle of least privilege can enhance the confidentiality of the data on the fileshare. Integrity, availability, and non- repudiation are other security concepts, but they are not the best reason for permissions on a human resources fileshare to follow the principle of least privilege. Integrity is the security concept that ensures data is accurate and consistent, and protected from unauthorized modification or corruption. Availability is the security concept that ensures data is accessible and usable by authorized users or systems when needed. Non-repudiation is the security concept that ensures the authenticity and accountability of data and actions, and prevents the denial of involvement or responsibility. While these concepts are also important for data security, they are not directly related to the level of access or permissions granted to users or systems.

  References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 16-17, 372-373

• Question 242:

  A company prevented direct access from the database administrators' workstations to the network segment that contains database servers. Which of the following should a database administrator use to access the database servers?

  A. Jump server

  B. RADIUS

  C. HSM

  D. Load balancer

  Correct Answer: A

  A jump server is a device or virtual machine that acts as an intermediary between a user's workstation and a remote network segment. A jump server can be used to securely access servers or devices that are not directly reachable from the

  user's workstation, such as database servers. A jump server can also provide audit logs and access control for the remote connections. A jump server is also known as a jump box or a jump host12. RADIUS is a protocol for authentication,

  authorization, and accounting of network access. RADIUS is not a device or a method to access remote servers, but rather a way to verify the identity and permissions of users or devices that request network access34. HSM is an acronym

  for Hardware Security Module, which is a physical device that provides secure storage and generation of cryptographic keys. HSMs are used to protect sensitive data and applications, such as digital signatures, encryption, and authentication.

  HSMs are not used to access remote servers, but rather to enhance the security of the data and applications that reside on them5 . A load balancer is a device or software that distributes network traffic across multiple servers or devices,

  based on criteria such as availability, performance, or capacity. A load balancer can improve the scalability, reliability, and efficiency of network services, such as web servers, application servers, or database servers. A load balancer is not

  used to access remote servers, but rather to optimize the delivery of the services that run on them .

  References:

  How to access a remote server using a jump host

  Jump server

  RADIUS

  Remote Authentication Dial-In User Service (RADIUS) Hardware Security Module (HSM)

  [What is an HSM?]

  [Load balancing (computing)]

  [What is Load Balancing?]

• Question 243:

  Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?

  A. Preparation

  B. Recovery

  C. Lessons learned

  D. Analysis

  Correct Answer: A

  Preparation is the phase in the incident response process when a security analyst reviews roles and responsibilities, as well as the policies and procedures for handling incidents. Preparation also involves gathering and maintaining the

  necessary tools, resources, and contacts for responding to incidents. Preparation can help a security analyst to be ready and proactive when an incident occurs, as well as to reduce the impact and duration of the incident.

  Some of the activities that a security analyst performs during the preparation phase are:

  Defining the roles and responsibilities of the incident response team members, such as the incident manager, the incident coordinator, the technical lead, the communications lead, and the legal advisor. Establishing the incident response

  plan, which outlines the objectives, scope, authority, and procedures for responding to incidents, as well as the escalation and reporting mechanisms. Developing the incident response policy, which defines the types and categories of

  incidents, the severity levels, the notification and reporting requirements, and the roles and responsibilities of the stakeholders. Creating the incident response playbook, which provides the step-by-step guidance and checklists for handling

  specific types of incidents, such as denial-of- service, ransomware, phishing, or data breach. Acquiring and testing the incident response tools, such as network and host-based scanners, malware analysis tools, forensic tools, backup and

  recovery tools, and communication and collaboration tools. Identifying and securing the incident response resources, such as the incident response team, the incident response location, the evidence storage, and the external support.

  Building and maintaining the incident response contacts, such as the internal and external stakeholders, the law enforcement agencies, the regulatory bodies, and the media.

  References:

  CompTIA Security+ SY0-701 Certification Study Guide, Chapter 6: Architecture and Design, Section 6.4: Secure Systems Design, p. 279-280 CompTIA Security+ SY0-701 Certification Exam Objectives, Domain 3: Architecture and Design,

  Objective 3.5: Given a scenario, implement secure network architecture concepts, Sub-objective: Incident response, p. 16

• Question 244:

  A penetration tester begins an engagement by performing port and service scans against the client environment according to the rules of engagement. Which of the following reconnaissance types is the tester performing?

  A. Active

  B. Passive

  C. Defensive

  D. Offensive

  Correct Answer: A

  Active reconnaissance is a type of reconnaissance that involves sending packets or requests to a target and analyzing the responses. Active reconnaissance can reveal information such as open ports, services, operating systems, and vulnerabilities. However, active reconnaissance is also more likely to be detected by the target or its security devices, such as firewalls or intrusion detection systems. Port and service scans are examples of active reconnaissance techniques, as they involve probing the target for specific information.

  References: CompTIA Security+ Certification Exam Objectives, Domain 1.1: Given a scenario, conduct reconnaissance using appropriate techniques and tools. CompTIA Security+ Study Guide (SY0-701), Chapter 2: Reconnaissance and Intelligence Gathering, page 47. CompTIA Security+ Certification Exam SY0-701 Practice Test 1

• Question 245:

  A company is concerned about weather events causing damage to the server room and downtime. Which of the following should the company consider?

  A. Clustering servers

  B. Geographic dispersion

  C. Load balancers

  D. Off-site backups

  Correct Answer: B

  Geographic dispersion is a strategy that involves distributing the servers or data centers across different geographic locations. Geographic dispersion can help the company to mitigate the risk of weather events causing damage to the server room and downtime, as well as improve the availability, performance, and resilience of the network. Geographic dispersion can also enhance the disaster recovery and business continuity capabilities of the company, as it can provide backup and failover options in case of a regional outage or disruption12. The other options are not the best ways to address the company's concern: Clustering servers: This is a technique that involves grouping multiple servers together to act as a single system. Clustering servers can help to improve the performance, scalability, and fault tolerance of the network, but it does not protect the servers from physical damage or downtime caused by weather events, especially if the servers are located in the same room or building3. Load balancers: These are devices or software that distribute the network traffic or workload among multiple servers or resources. Load balancers can help to optimize the utilization, efficiency, and reliability of the network, but they do not prevent the servers from being damaged or disrupted by weather events, especially if the servers are located in the same room or building4. Off-site backups: These are copies of data or files that are stored in a different location than the original source. Off-site backups can help to protect the data from being lost or corrupted by weather events, but they do not prevent the servers from being damaged or disrupted by weather events, nor do they ensure the availability or continuity of the network services. References: 1: CompTIA Security+ SY0-701 Certification Study Guide, page 972: High Availability -CompTIA Security+ SY0-701 -3.4, video by Professor Messer3: CompTIA Security+ SY0-701 Certification Study Guide, page 984: CompTIA Security+ SY0-701 Certification Study Guide, page 99. : CompTIA Security+ SY0-701 Certification Study Guide, page 100.

• Question 246:

  Which of the following provides the details about the terms of a test with a third-party penetration tester?

  A. Rules of engagement

  B. Supply chain analysis

  C. Right to audit clause

  D. Due diligence

  Correct Answer: A

  Rules of engagement are the detailed guidelines and constraints regarding the execution of information security testing, such as penetration testing. They define the scope, objectives, methods, and boundaries of the test, as well as the roles

  and responsibilities of the testers and the clients. Rules of engagement help to ensure that the test is conducted in a legal, ethical, and professional manner, and that the results are accurate and reliable. Rules of engagement typically include

  the following elements:

  The type and scope of the test, such as black box, white box, or gray box, and the target systems, networks, applications, or data.

  The client contact details and the communication channels for reporting issues, incidents, or emergencies during the test.

  The testing team credentials and the authorized tools and techniques that they can use.

  The sensitive data handling and encryption requirements, such as how to store, transmit, or dispose of any data obtained during the test. The status meeting and report schedules, formats, and recipients, as well as the confidentiality and nondisclosure agreements for the test results. The timeline and duration of the test, and the hours of operation and testing windows. The professional and ethical behavior expectations for the testers, such as avoiding unnecessary damage,

  disruption, or disclosure of information. Supply chain analysis, right to audit clause, and due diligence are not related to the terms of a test with a third-party penetration tester. Supply chain analysis is the process of evaluating the security and

  risk posture of the suppliers and partners in a business network. Right to audit clause is a provision in a contract that gives one party the right to audit another party to verify their compliance with the contract terms and conditions. Due

  diligence is the process of identifying and addressing the cyber risks that a potential vendor or partner brings to an organization.

  References: https://www.yeahhub.com/every-penetration-tester-you-should-know-about- this-rules-of-engagement/

  https://bing.com/search?q=rules+of+engagement+penetration+testing

• Question 247:

  A security consultant needs secure, remote access to a client environment. Which of the following should the security consultant most likely use to gain access?

  A. EAP

  B. DHCP

  C. IPSec

  D. NAT

  Correct Answer: C

  IPSec is a protocol suite that provides secure communication over IP networks. IPSec can be used to create virtual private networks (VPNs) that encrypt and authenticate the data exchanged between two or more parties. IPSec can also provide data integrity, confidentiality, replay protection, and access control. A security consultant can use IPSec to gain secure, remote access to a client environment by establishing a VPN tunnel with the client's network.

  References: CompTIA Security+ Study Guide: Exam SY0- 701, 9th Edition, Chapter 8: Secure Protocols and Services, page 385 1

• Question 248:

  Which of the following is the most common data loss path for an air-gapped network?

  A. Bastion host

  B. Unsecured Bluetooth

  C. Unpatched OS

  D. Removable devices

  Correct Answer: D

  An air-gapped network is a network that is physically isolated from other networks, such as the internet, to prevent unauthorized access and data leakage. However, an air-gapped network can still be compromised by removable devices, such as USB drives, CDs, DVDs, or external hard drives, that are used to transfer data between the air-gapped network and other networks. Removable devices can carry malware, spyware, or other malicious code that can infect the air-gapped network or exfiltrate data from it. Therefore, removable devices are the most common data loss path for an air-gapped network.

  References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 9: Network Security, page 449 1

• Question 249:

  A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?

  A. Default credentials

  B. Non-segmented network

  C. Supply chain vendor

  D. Vulnerable software

  Correct Answer: D

• Question 250:

  A bank insists all of its vendors must prevent data loss on stolen laptops. Which of the following strategies is the bank requiring?

  A. Encryption at rest

  B. Masking

  C. Data classification

  D. Permission restrictions

  Correct Answer: A

  Encryption at rest is a strategy that protects data stored on a device, such as a laptop, by converting it into an unreadable format that can only be accessed with a decryption key or password. Encryption at rest can prevent data loss on stolen laptops by preventing unauthorized access to the data, even if the device is physically compromised. Encryption at rest can also help comply with data privacy regulations and standards that require data protection. Masking, data classification, and permission restrictions are other strategies that can help protect data, but they may not be sufficient or applicable for data stored on laptops. Masking is a technique that obscures sensitive data elements, such as credit card numbers, with random characters or symbols, but it is usually used for data in transit or in use, not at rest. Data classification is a process that assigns labels to data based on its sensitivity and business impact, but it does not protect the data itself. Permission restrictions are rules that define who can access, modify, or delete data, but they may not prevent unauthorized access if the laptop is stolen and the security controls are bypassed.

  References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 17-18, 372-373