CompTIA CompTIA Certifications SY0-701 Questions & Answers

• Question 271:

  Employees in the research and development business unit receive extensive training to ensure they understand how to best protect company data. Which of the following is the type of data these employees are most likely to use in day-to-day work activities?

  A. Encrypted

  B. Intellectual property

  C. Critical

  D. Data in transit

  Correct Answer: B

  Intellectual property is a type of data that consists of ideas, inventions, designs, or other creative works that have commercial value and are protected by law. Employees in the research and development business unit are most likely to use intellectual property data in their day-to-day work activities, as they are involved in creating new products or services for the company. Intellectual property data needs to be protected from unauthorized use, disclosure, or theft, as it can give the company a competitive advantage in the market. Therefore, these employees receive extensive training to ensure they understand how to best protect this type of data.

  References: CompTIA Security+ SY0-701 Certification Study Guide, page 90; Professor Messer's CompTIA SY0-701 Security+ Training Course, video 1.2 - Security Concepts, 7:57 - 9:03.

• Question 272:

  An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following social engineering techniques are being attempted? (Choose two.)

  A. Typosquatting

  B. Phishing

  C. Impersonation

  D. Vishing

  E. Smishing

  F. Misinformation

  Correct Answer: CE

  In this scenario, where an employee receives a text message appearing to be from the payroll department asking for credential verification, the following social engineering techniques are being attempted:

  Impersonation

  The attacker is pretending to be a trusted entity (the payroll department) to gain the employee's trust and obtain their credentials.

  Smishing

  Smishing (SMS phishing) involves sending fraudulent text messages to trick individuals into revealing personal information, such as credentials, by clicking on a link or responding to the message.

• Question 273:

  A small business uses kiosks on the sales floor to display product information for customers. A security team discovers the kiosks use end-of-life operating systems. Which of the following is the security team most likely to document as a security implication of the current architecture?

  A. Patch availability

  B. Product software compatibility

  C. Ease of recovery

  D. Cost of replacement

  Correct Answer: A

  End-of-life operating systems are those that are no longer supported by the vendor or manufacturer, meaning they do not receive any security updates or patches. This makes them vulnerable to exploits and attacks that take advantage of known or unknown flaws in the software. Patch availability is the security implication of using end-of-life operating systems, as it affects the ability to fix or prevent security issues. Other factors, such as product software compatibility, ease of recovery, or cost of replacement, are not directly related to security, but rather to functionality, availability, or budget.

  References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 29 1

• Question 274:

  A newly identified network access vulnerability has been found in the OS of legacy loT devices. Which of the following would best mitigate this vulnerability quickly?

  A. Insurance

  B. Patching

  C. Segmentation

  D. Replacement

  Correct Answer: C

  Segmentation is a technique that divides a network into smaller subnetworks or segments, each with its own security policies and controls. Segmentation can help mitigate network access vulnerabilities in legacy loT devices by isolating them from other devices and systems, reducing their attack surface and limiting the potential impact of a breach. Segmentation can also improve network performance and efficiency by reducing congestion and traffic. Patching, insurance, and replacement are other possible strategies to deal with network access vulnerabilities, but they may not be feasible or effective in the short term. Patching may not be available or compatible for legacy loT devices, insurance may not cover the costs or damages of a cyberattack, and replacement may be expensive and time-consuming.

  References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 142-143

• Question 275:

  A security analyst reviews domain activity logs and notices the following:

  

  Which of the following is the best explanation for what the security analyst has discovered?

  A. The user jsmith's account has been locked out.

  B. A keylogger is installed on [smith's workstation

  C. An attacker is attempting to brute force ismith's account.

  D. Ransomware has been deployed in the domain.

  Correct Answer: C

  Brute force is a type of attack that tries to guess the password or other credentials of a user account by using a large number of possible combinations. An attacker can use automated tools or scripts to perform a brute force attack and gain unauthorized access to the account. The domain activity logs show that the user ismith has failed to log in 10 times in a row within a short period of time, which is a strong indicator of a brute force attack. The logs also show that the source IP address of the failed logins is different from the usual IP address of ismith, which suggests that the attacker is using a different device or location to launch the attack. The security analyst should take immediate action to block the attacker's IP address, reset ismith's password, and notify ismith of the incident.

  References: CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 1, page 14. CompTIA Security+ (SY0-701) Certification Exam Objectives, Domain 1.1, page 2. Threat Actors and Attributes -SY0-601 CompTIA Security+ : 1.1

• Question 276:

  Security controls in a data center are being reviewed to ensure data is properly protected and that human life considerations are included. Which of the following best describes how the controls should be set up?

  A. Remote access points should fail closed.

  B. Logging controls should fail open.

  C. Safety controls should fail open.

  D. Logical security controls should fail closed.

  Correct Answer: C

  Safety controls are security controls that are designed to protect human life and physical assets from harm or damage. Examples of safety controls include fire alarms, sprinklers, emergency exits, backup generators, and surge protectors. Safety controls should fail open, which means that they should remain operational or allow access when a failure or error occurs. Failing open can prevent or minimize the impact of a disaster, such as a fire, flood, earthquake, or power outage, on human life and physical assets. For example, if a fire alarm fails, it should still trigger the sprinklers and unlock the emergency exits, rather than remain silent and locked. Failing open can also ensure that essential services, such as healthcare, transportation, or communication, are available during a crisis. Remote access points, logging controls, and logical security controls are other types of security controls, but they should not fail open in a data center. Remote access points are security controls that allow users or systems to access a network or a system from a remote location, such as a VPN, a web portal, or a wireless access point. Remote access points should fail closed, which means that they should deny access when a failure or error occurs. Failing closed can prevent unauthorized or malicious access to the data center's network or systems, such as by hackers, malware, or rogue devices. Logging controls are security controls that record and monitor the activities and events that occur on a network or a system, such as user actions, system errors, security incidents, or performance metrics. Logging controls should also fail closed, which means that they should stop or suspend the activities or events when a failure or error occurs. Failing closed can prevent data loss, corruption, or tampering, as well as ensure compliance with regulations and standards. Logical security controls are security controls that use software or code to protect data and systems from unauthorized or malicious access, modification, or destruction, such as encryption, authentication, authorization, or firewall. Logical security controls should also fail closed, which means that they should block or restrict access when a failure or error occurs. Failing closed can prevent data breaches, cyberattacks, or logical flaws, as well as ensure confidentiality, integrity, and availability of data and systems.

  References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 142-143, 372-373, 376-377

• Question 277:

  An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate?

  A. Secured zones

  B. Subject role

  C. Adaptive identity

  D. Threat scope reduction

  Correct Answer: A

  In the context of implementing Zero Trust principles within the data plane, the option "A. Secured zones" is typically the most relevant to evaluate because it directly pertains to how data and resources are segmented and protected. In a Zero Trust model, the data plane is crucial for controlling how data flows across a network and ensuring that access is securely managed.

  Here's a bit more detail on why "A. Secured zones" is a crucial focus over "D. Threat scope reduction":

  1.

  Secured Zones: These refer to the controlled segments of the network where access is strictly enforced based on the principle of least privilege. In a Zero Trust architecture, secured zones ensure that entities (both users and devices) are given access only to the network resources they absolutely need to perform their tasks. Evaluating secured zones involves looking at how these are implemented to isolate sensitive data and systems, thus minimizing lateral movement within the network.

  2.

  Threat Scope Reduction: While also important, this aspect is generally broader and more strategic, encompassing a range of actions aimed at reducing the overall exposure of the network to potential threats. It includes measures like threat detection and response, which are critical but operate at a different layer of security strategy.

  In the specific context of the data plane within a Zero Trust framework, the structuring and enforcement of secured zones are more directly applicable. These zones are where the fundamental principles of Zero Trust--verifying anything and everything trying to connect to systems before granting access--are executed. This tactical application of Zero Trust to control access based on strict verification of credentials and continuous monitoring aligns directly with the primary function of the data plane in network architecture.

  Thus, while reducing the threat scope is undoubtedly important and relevant in a broader security strategy, focusing on secured zones within the data plane is more directly related to the core objectives of Zero Trust security in controlling and managing access to data and resources.

• Question 278:

  Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?

  A. Compensating control

  B. Network segmentation

  C. Transfer of risk

  D. SNMP traps

  Correct Answer: A

  A compensating control is a security measure that is implemented to mitigate the risk of a vulnerability or a weakness that cannot be resolved by the primary control. A compensating control does not prevent or eliminate the vulnerability or weakness, but it can reduce the likelihood or impact of an attack. A host-based firewall on a legacy Linux system that allows connections from only specific internal IP addresses is an example of a compensating control, as it can limit the exposure of the system to potential threats from external or unauthorized sources. A host-based firewall is a software application that monitors and filters the incoming and outgoing network traffic on a single host, based on a set of rules or policies. A legacy Linux system is an older version of the Linux operating system that may not be compatible with the latest security updates or patches, and may have known vulnerabilities or weaknesses that could be exploited by attackers.

  References: Security Controls -SY0-601 CompTIA Security+ : 5.1, Security Controls -CompTIA Security+ SY0-501 -5.7, CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 5, page

  240. CompTIA Security+ (SY0-701) Certification Exam Objectives, Domain 5.1, page 18.

• Question 279:

  SIMULATION

  A systems administrator is configuring a site-to-site VPN between two branch offices. Some of the settings have already been configured correctly. The systems administrator has been provided the following requirements as part of completing the configuration:

  1.

  Most secure algorithms should be selected

  2.

  All traffic should be encrypted over the VPN

  3.

  A secret password will be used to authenticate the two VPN concentrators

  INSTRUCTIONS

  Click on the two VPN Concentrators to configure the appropriate settings.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  

  

  A. See the part for all the Solution

  B. PlaceHolder

  C. PlaceHolder

  D. PlaceHolder

  Correct Answer: A

  To configure the site-to-site VPN between the two branch offices according to the provided requirements, here are the detailed steps and settings that need to be applied to the VPN concentrators:

  Requirements:

  Most secure algorithms should be selected.

  All traffic should be encrypted over the VPN.

  A secret password will be used to authenticate the two VPN concentrators.

  VPN Concentrator 1 Configuration:

  Phase 1:

  Peer IP address: 5.5.5.20 (The IP address of VPN Concentrator 2) Auth method: PSK (Pre-Shared Key)

  Negotiation mode: MAIN

  Encryption algorithm: AES256

  Hash algorithm: SHA256

  DH key group: 14

  Phase 2:

  Mode: Tunnel

  Protocol: ESP (Encapsulating Security Payload)

  Encryption algorithm: AES256

  Hash algorithm: SHA256

  Local network/mask: 192.168.1.0/24

  Remote network/mask: 192.168.2.0/24

  VPN Concentrator 2 Configuration:

  Phase 1:

  Peer IP address: 5.5.5.5 (The IP address of VPN Concentrator 1) Auth method: PSK (Pre-Shared Key)

  Negotiation mode: MAIN

  Encryption algorithm: AES256

  Hash algorithm: SHA256

  DH key group: 14

  Phase 2:

  Mode: Tunnel

  Protocol: ESP (Encapsulating Security Payload)

  Encryption algorithm: AES256

  Hash algorithm: SHA256

  Local network/mask: 192.168.2.0/24

  Remote network/mask: 192.168.1.0/24

  Summary:

  Peer IP Address: Set to the IP address of the remote VPN concentrator.

  Auth Method: PSK for using a pre-shared key.

  Negotiation Mode: MAIN for the initial setup.

  Encryption Algorithm: AES256, which is a strong and secure algorithm. Hash Algorithm: SHA256, which provides strong hashing. DH Key Group: 14 for strong Diffie-Hellman key exchange. Phase 2 Protocol: ESP for encryption and integrity.

  Local and Remote Networks: Properly configure the local and remote network addresses to match each branch office subnet.

  By configuring these settings on both VPN concentrators, the site-to-site VPN will meet the requirements for strong security algorithms, encryption of all traffic, and authentication using a pre-shared key.

• Question 280:

  You are security administrator investigating a potential infection on a network.

  Click on each host and firewall. Review all logs to determine which host originated the Infecton and then deny each remaining hosts clean or infected.

  

  

  

  Hot Area:

  

  Correct Answer: