CompTIA CompTIA Certifications SY0-701 Questions & Answers

• Question 361:

  Which of the following describes the reason root cause analysis should be conducted as part of incident response?

  A. To gather loCs for the investigation

  B. To discover which systems have been affected

  C. To eradicate any trace of malware on the network

  D. To prevent future incidents of the same nature

  Correct Answer: D

  Root cause analysis is a process of identifying and resolving the underlying factors that led to an incident. By conducting root cause analysis as part of incident response, security professionals can learn from the incident and implement corrective actions to prevent future incidents of the same nature. For example, if the root cause of a data breach was a weak password policy, the security team can enforce a stronger password policy and educate users on the importance of password security. Root cause analysis can also help to improve security processes, policies, and procedures, and to enhance security awareness and culture within the organization. Root cause analysis is not meant to gather loCs (indicators of compromise) for the investigation, as this is a task performed during the identification and analysis phases of incident response. Root cause analysis is also not meant to discover which systems have been affected or to eradicate any trace of malware on the network, as these are tasks performed during the containment and eradication phases of incident response.

  References: CompTIA Security+ SY0-701 Certification Study Guide, page 424-425; Professor Messer's CompTIA SY0-701 Security+ Training Course, video 5.1 - Incident Response, 9:55 - 11:18.

• Question 362:

  Which of the following involves an attempt to take advantage of database misconfigurations?

  A. Buffer overflow

  B. SQL injection

  C. VM escape

  D. Memory injection

  Correct Answer: B

  SQL injection is a type of attack that exploits a database misconfiguration or a flaw in the application code that interacts with the database. An attacker can inject malicious SQL statements into the user input fields or the URL parameters that are sent to the database server. These statements can then execute unauthorized commands, such as reading, modifying, deleting, or creating data, or even taking over the database server. SQL injection can compromise the confidentiality, integrity, and availability of the data and the system.

  References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 215 1

• Question 363:

  A security manager created new documentation to use in response to various types of security incidents. Which of the following is the next step the manager should take?

  A. Set the maximum data retention policy.

  B. Securely store the documents on an air-gapped network.

  C. Review the documents' data classification policy.

  D. Conduct a tabletop exercise with the team.

  Correct Answer: D

  A tabletop exercise is a simulated scenario that tests the effectiveness of a security incident response plan. It involves gathering the relevant stakeholders and walking through the steps of the plan, identifying any gaps or issues that need to be addressed. A tabletop exercise is a good way to validate the documentation created by the security manager and ensure that the team is prepared for various types of security incidents.

  References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 6: Risk Management, page 2841. CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 6: Risk Management, page 2842.

• Question 364:

  An organization wants a third-party vendor to do a penetration test that targets a specific device. The organization has provided basic information about the device. Which of the following best describes this kind of penetration test?

  A. Partially known environment

  B. Unknown environment

  C. Integrated

  D. Known environment

  Correct Answer: A

  A partially known environment is a type of penetration test where the tester has some information about the target, such as the IP address, the operating system, or the device type. This can help the tester focus on specific vulnerabilities and reduce the scope of the test. A partially known environment is also called a gray box test1.

  References: CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 10, page 543.

• Question 365:

  A systems administrator is looking for a low-cost application-hosting solution that is cloud- based. Which of the following meets these requirements?

  A. Serverless framework

  B. Type 1 hvpervisor

  C. SD-WAN

  D. SDN

  Correct Answer: A

  A serverless framework is a cloud-based application-hosting solution that meets the requirements of low-cost and cloud-based. A serverless framework is a type of cloud computing service that allows developers to run applications without managing or provisioning any servers. The cloud provider handles the server-side infrastructure, such as scaling, load balancing, security, and maintenance, and charges the developer only for the resources consumed by the application. A serverless framework enables developers to focus on the application logic and functionality, and reduces the operational costs and complexity of hosting applications. Some examples of serverless frameworks are AWS Lambda, Azure Functions, and Google Cloud Functions. A type 1 hypervisor, SD-WAN, and SDN are not cloud-based application-hosting solutions that meet the requirements of low-cost and cloud-based. A type 1 hypervisor is a software layer that runs directly on the hardware and creates multiple virtual machines that can run different operating systems and applications. A type 1 hypervisor is not a cloud-based service, but a virtualization technology that can be used to create private or hybrid clouds. A type 1 hypervisor also requires the developer to manage and provision the servers and the virtual machines, which can increase the operational costs and complexity of hosting applications. Some examples of type 1 hypervisors are VMware ESXi, Microsoft Hyper-V, and Citrix XenServer. SD-WAN (Software-Defined Wide Area Network) is a network architecture that uses software to dynamically route traffic across multiple WAN connections, such as broadband, LTE, or MPLS. SD-WAN is not a cloud-based service, but a network optimization technology that can improve the performance, reliability, and security of WAN connections. SD-WAN can be used to connect remote sites or users to cloud-based applications, but it does not host the applications itself. Some examples of SD-WAN vendors are Cisco, VMware, and Fortinet. SDN (Software-Defined Networking) is a network architecture that decouples the control plane from the data plane, and uses a centralized controller to programmatically manage and configure the network devices and traffic flows. SDN is not a cloud-based service, but a network automation technology that can enhance the scalability, flexibility, and efficiency of the network. SDN can be used to create virtual networks or network functions that can support cloud-based applications, but it does not host the applications itself. Some examples of SDN vendors are OpenFlow, OpenDaylight, and OpenStack.

  References: CompTIA Security+ SY0-701 Certification Study Guide, page 264- 265; Professor Messer's CompTIA SY0-701 Security+ Training Course, video 3.1 - Cloud and Virtualization, 7:40 - 10:00; [Serverless Framework]; [Type 1 Hypervisor]; [SD-WAN]; [SDN].

• Question 366:

  During a security incident, the security operations team identified sustained network traffic from a malicious IP address:

  10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization's network.

  Which of the following fulfills this request?

  A. access-list inbound deny ig source 0.0.0.0/0 destination 10.1.4.9/32

  B. access-list inbound deny ig source 10.1.4.9/32 destination 0.0.0.0/0

  C. access-list inbound permit ig source 10.1.4.9/32 destination 0.0.0.0/0

  D. access-list inbound permit ig source 0.0.0.0/0 destination 10.1.4.9/32

  Correct Answer: B

  A firewall rule is a set of criteria that determines whether to allow or deny a packet to pass through the firewall. A firewall rule consists of several elements, such as the action, the protocol, the source address, the destination address, and the port number. The syntax of a firewall rule may vary depending on the type and vendor of the firewall, but the basic logic is the same. In this question, the security analyst is creating an inbound firewall rule to block the IP address 10.1.4.9 from accessing the organization's network. This means that the action should be deny, the protocol should be any (or ig for IP), the source address should be 10.1.4.9/32 (which means a single IP address), the destination address should be 0.0.0.0/0 (which means any IP address), and the port number should be any. Therefore, the correct firewall rule is: access-list inbound deny ig source 10.1.4.9/32 destination 0.0.0.0/0 This rule will match any packet that has the source IP address of 10.1.4.9 and drop it. The other options are incorrect because they either have the wrong action, the wrong source address, or the wrong destination address. For example, option A has the source and destination addresses reversed, which means that it will block any packet that has the destination IP address of 10.1.4.9, which is not the intended goal. Option C has the wrong action, which is permit, which means that it will allow the packet to pass through the firewall, which is also not the intended goal. Option D has the same problem as option A, with the source and destination addresses reversed.

  References: Firewall Rules -CompTIA Security+ SY0-401: 1.2, Firewalls -SY0-601 CompTIA Security+ : 3.3, Firewalls -CompTIA Security+ SY0-501, Understanding Firewall Rules -CompTIA Network+ N10-005: 5.5, Configuring Windows Firewall -CompTIA A+ 220-1102 -1.6.

• Question 367:

  Which of the following is used to add extra complexity before using a one-way data transformation algorithm?

  A. Key stretching

  B. Data masking

  C. Steganography

  D. Salting

  Correct Answer: D

  Salting is the process of adding extra random data to a password or other data before applying a one-way data transformation algorithm, such as a hash function. Salting increases the complexity and randomness of the input data, making it harder for attackers to guess or crack the original data using precomputed tables or brute force methods. Salting also helps prevent identical passwords from producing identical hash values, which could reveal the passwords to attackers who have access to the hashed data. Salting is commonly used to protect passwords stored in databases or transmitted over networks.

• Question 368:

  Which of the following must be considered when designing a high-availability network? (Choose two).

  A. Ease of recovery

  B. Ability to patch

  C. Physical isolation

  D. Responsiveness

  E. Attack surface

  F. Extensible authentication

  Correct Answer: AD

  Ease of recovery. This is essential for high availability because the network must be able to recover quickly from failures to minimize downtime. Responsiveness. Ensuring that the network can handle high traffic loads and respond quickly to user requests is crucial for maintaining high availability.

  Other factors like physical isolation, ability to patch, attack surface, and extensible authentication are important for security and maintenance but are not primary considerations for high availability.

• Question 369:

  An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period. Which of the following data policies is the administrator carrying out?

  A. Compromise

  B. Retention

  C. Analysis

  D. Transfer

  E. Inventory

  Correct Answer: B

  A data retention policy is a set of rules that defines how long data should be stored and when it should be deleted or archived. An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period by following the data retention policy of the organization. This policy helps the organization to comply with legal and regulatory requirements, optimize storage space, and protect data privacy and security.

  References CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 3, Section 3.4, page 1211 CompTIA Security+ Practice Tests: Exam SY0-701, 3rd Edition, Chapter 3, Question15, page 832

• Question 370:

  A company is developing a critical system for the government and storing project information on a fileshare. Which of the following describes how this data will most likely be classified? (Select two).

  A. Private

  B. Confidential

  C. Public

  D. Operational

  E. Urgent

  F. Restricted

  Correct Answer: BF

  Data classification is the process of assigning labels to data based on its sensitivity and business impact. Different organizations and sectors may have different data classification schemes, but a common one is the following1:

  Public: Data that can be freely disclosed to anyone without any harm or risk. Private: Data that is intended for internal use only and may cause some harm or risk if disclosed.

  Confidential: Data that is intended for authorized use only and may cause significant harm or risk if disclosed.

  Restricted: Data that is intended for very limited use only and may cause severe harm or risk if disclosed.

  In this scenario, the company is developing a critical system for the government and storing project information on a fileshare. This data is likely to be classified as confidential and restricted, because it is not meant for public or private use,

  and it may cause serious damage to national security or public safety if disclosed. The government may also have specific requirements or regulations for handling such data, such as encryption, access control, and auditing2.

  References: 1: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 16-17 2: Data Classification Practices: Final Project Description Released