CompTIA CompTIA Certifications SY0-701 Questions & Answers

• Question 321:

  After a recent ransomware attack on a company's system, an administrator reviewed the log files. Which of the following control types did the administrator use?

  A. Compensating

  B. Detective

  C. Preventive

  D. Corrective

  Correct Answer: B

  Detective controls are security measures that are designed to identify and monitor any malicious activity or anomalies on a system or network. They can help to discover the source, scope, and impact of an attack, and provide evidence for

  further analysis or investigation. Detective controls include log files, security audits, intrusion detection systems, network monitoring tools, and antivirus software. In this case, the administrator used log files as a detective control to review the

  ransomware attack on the company's system. Log files are records of events and activities that occur on a system or network, such as user actions, system errors, network traffic, and security alerts. They can provide valuable information for

  troubleshooting, auditing, and forensics.

  References:

  Security+ (Plus) Certification | CompTIA IT Certifications, under "About the exam", bullet point 3: "Operate with an awareness of applicable regulations and policies, including principles of governance, risk, and compliance." CompTIA Security

  + Certification Kit: Exam SY0-701, 7th Edition, Chapter 1, page 14: "Detective controls are designed to identify and monitor any malicious activity or anomalies on a system or network." Control Types -CompTIA Security+ SY0-401: 2.1 Professor Messer IT ..., under "Detective Controls": "Detective controls are security measures that are designed to identify and monitor any malicious activity or anomalies on a system or network."

• Question 322:

  An employee clicked a link in an email from a payment website that asked the employee to update contact information. The employee entered the log-in information but received a "page not found" error message. Which of the following types of social engineering attacks occurred?

  A. Brand impersonation

  B. Pretexting

  C. Typosquatting

  D. Phishing

  Correct Answer: D

  Phishing is a type of social engineering attack that involves sending fraudulent emails that appear to be from legitimate sources, such as payment websites, banks, or other trusted entities. The goal of phishing is to trick the recipients into clicking on malicious links, opening malicious attachments, or providing sensitive information, such as log-in credentials, personal data, or financial details. In this scenario, the employee received an email from a payment website that asked the employee to update contact information. The email contained a link that directed the employee to a fake website that mimicked the appearance of the real one. The employee entered the log-in information, but received a "page not found" error message. This indicates that the employee fell victim to a phishing attack, and the attacker may have captured the employee's credentials for the payment website.

  References: Other Social Engineering Attacks -CompTIA Security+ SY0-701 -2.2, CompTIA Security+: Social Engineering Techniquesand; Other Attack ... - NICCS, [CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition]

• Question 323:

  A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?

  A. Testing input validation on the user input fields

  B. Performing code signing on company-developed software

  C. Performing static code analysis on the software

  D. Ensuring secure cookies are use

  Correct Answer: B

  Code signing is a technique that uses cryptography to verify the authenticity and integrity of the code created by the company. Code signing involves applying a digital signature to the code using a private key that only the company possesses. The digital signature can be verified by anyone who has the corresponding public key, which can be distributed through a trusted certificate authority. Code signing can prevent unauthorized modifications, tampering, or malware injection into the code, and it can also assure the users that the code is from a legitimate source.

  References: CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 2, page 74. CompTIA Security+ (SY0-701) Certification Exam Objectives, Domain 3.2, page 11. Application Security SY0-601 CompTIA Security+ : 3.2

• Question 324:

  A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering.

  Which of the following teams will conduct this assessment activity?

  A. White

  B. Purple

  C. Blue

  D. Red

  Correct Answer: D

  A red team is a group of security professionals who perform offensive security assessments covering penetration testing and social engineering. A red team simulates real-world attacks and exploits the vulnerabilities of a target organization, system, or network. A red team aims to test the effectiveness of the security controls, policies, and procedures of the target, as well as the awareness and response of the staff and the blue team. A red team can be hired as an external consultant or formed internally within the organization.

  References: CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 1, page 18. CompTIA Security+ (SY0-701) Certification Exam Objectives, Domain 1.8, page 4. Security Teams -SY0601 CompTIA Security+ : 1.8

• Question 325:

  Which of the following is the best reason to complete an audit in a banking environment?

  A. Regulatory requirement

  B. Organizational change

  C. Self-assessment requirement

  D. Service-level requirement

  Correct Answer: A

  A regulatory requirement is a mandate imposed by a government or an authority that must be followed by an organization or an individual. In a banking environment, audits are often required by regulators to ensure compliance with laws,

  standards, and policies related to security, privacy, and financial reporting. Audits help to identify and correct any gaps or weaknesses in the security posture and the internal controls of the organization.

  References:

  Official CompTIA Security+ Study Guide (SY0-701), page 507 Security+ (Plus) Certification | CompTIA IT Certifications 2

• Question 326:

  Which of the following methods to secure credit card data is best to use when a requirement is to see only the last four numbers on a credit card?

  A. Encryption

  B. Hashing

  C. Masking

  D. Tokenization

  Correct Answer: C

  Masking is a method to secure credit card data that involves replacing some or all of the digits with symbols, such as asterisks, dashes, or Xs, while leaving some of the original digits visible. Masking is best to use when a requirement is to see only the last four numbers on a credit card, as it can prevent unauthorized access to the full card number, while still allowing identification and verification of the cardholder. Masking does not alter the original data, unlike encryption, hashing, or tokenization, which use algorithms to transform the data into different formats.

  References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 2: Compliance and Operational Security, page 721. CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 2: Compliance and Operational Security, page 722.

• Question 327:

  A systems administrator wants to prevent users from being able to access data based on their responsibilities. The administrator also wants to apply the required access structure via a simplified format. Which of the following should the administrator apply to the site recovery resource group?

  A. RBAC

  B. ACL

  C. SAML

  D. GPO

  Correct Answer: A

  RBAC stands for Role-Based Access Control, which is a method of restricting access to data and resources based on the roles or responsibilities of users. RBAC simplifies the management of permissions by assigning roles to users and granting access rights to roles, rather than to individual users. RBAC can help enforce the principle of least privilege and reduce the risk of unauthorized access or data leakage. The other options are not as suitable for the scenario as RBAC, as they either do not prevent access based on responsibilities, or do not apply a simplified format.

  References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 133 1

• Question 328:

  Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?

  A. Automation

  B. Compliance checklist

  C. Attestation

  D. Manual audit

  Correct Answer: A

  Automation is the best way to consistently determine on a daily basis whether security settings on servers have been modified. Automation is the process of using software, hardware, or other tools to perform tasks that would otherwise

  require human intervention or manual effort. Automation can help to improve the efficiency, accuracy, and consistency of security operations, as well as reduce human errors and costs. Automation can be used to monitor, audit, and enforce

  security settings on servers, such as firewall rules, encryption keys, access controls, patch levels, and configuration files. Automation can also alert security personnel of any changes or anomalies that may indicate a security breach or

  compromise12.

  The other options are not the best ways to consistently determine on a daily basis whether security settings on servers have been modified:

  Compliance checklist: This is a document that lists the security requirements, standards, or best practices that an organization must follow or adhere to. A compliance checklist can help to ensure that the security settings on servers are

  aligned with the organizational policies and regulations, but it does not automatically detect or report any changes or modifications that may occur on a daily basis3. Attestation: This is a process of verifying or confirming the validity or

  accuracy of a statement, claim, or fact. Attestation can be used to provide assurance or evidence that the security settings on servers are correct and authorized, but it does not continuously monitor or audit any changes or modifications that

  may occur on a daily basis4.

  Manual audit: This is a process of examining or reviewing the security settings on servers by human inspectors or auditors. A manual audit can help to identify and correct any security issues or discrepancies on servers, but it is time-

  consuming, labor-intensive, and prone to human errors. A manual audit may not be feasible or practical to perform on a daily basis.

  References: 1: CompTIA Security+ SY0-701 Certification Study Guide, page 1022:

  Automation and Scripting -CompTIA Security+ SY0-701 -5.1, video by Professor Messer3: CompTIA Security+ SY0-701 Certification Study Guide, page 974: CompTIA Security+ SY0-701 Certification Study Guide, page 98. : CompTIA

  Security+ SY0-701 Certification Study Guide, page 99.

• Question 329:

  A company's legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?

  A. Data masking

  B. Encryption

  C. Geolocation policy

  D. Data sovereignty regulation

  Correct Answer: C

  A geolocation policy is a policy that restricts or allows access to data or resources based on the geographic location of the user or device. A geolocation policy can be implemented using various methods, such as IP address filtering, GPS

  tracking, or geofencing. A geolocation policy can help the company's legal department to prevent unauthorized access to sensitive documents from individuals in high-risk countries12. The other options are not effective ways to limit access

  based on location:

  Data masking: This is a technique of obscuring or replacing sensitive data with fictitious or anonymized data. Data masking can protect the privacy and confidentiality of data, but it does not prevent access to data based on location3.

  Encryption: This is a process of transforming data into an unreadable format using a secret key or algorithm. Encryption can protect the integrity and confidentiality of data, but it does not prevent access to data based on location. Encryption

  can also be bypassed by attackers who have the decryption key or method4. Data sovereignty regulation: This is a set of laws or rules that govern the storage, processing, and transfer of data within a specific jurisdiction or country. Data

  sovereignty regulation can affect the availability and compliance of data, but it does not prevent access to data based on location. Data sovereignty regulation can also vary depending on the country or region.

  References: 1: CompTIA Security+ SY0-701 Certification Study Guide, page 972:

  Account Policies -SY0-601 CompTIA Security+ : 3.7, video by Professor Messer3:

  CompTIA Security+ SY0-701 Certification Study Guide, page 1004: CompTIA Security+ SY0-701 Certification Study Guide, page 101. : CompTIA Security+ SY0-701 Certification Study Guide, page 102.

• Question 330:

  Which of the following allows for the attribution of messages to individuals?

  A. Adaptive identity

  B. Non-repudiation

  C. Authentication

  D. Access logs

  Correct Answer: B

  Non-repudiation is the ability to prove that a message or document was sent or signed by a particular person, and that the person cannot deny sending or signing it. Non-repudiation can be achieved by using cryptographic techniques, such as hashing and digital signatures, that can verify the authenticity and integrity of the message or document. Non-repudiation can be useful for legal, financial, or contractual purposes, as it can provide evidence of the origin and content of the message or document.

  References: Non- repudiation -CompTIA Security+ SY0-701 ?1.2, CompTIA Security+ SY0-301: 6.1 ?Non- repudiation, CompTIA Security+ (SY0-701) Certification Exam Objectives, Domain 1.2, page 2.