CompTIA CompTIA Certifications SY0-701 Questions & Answers

• Question 31:

  A user would like to install software and features that are not available with a smartphone's default software. Which of the following would allow the user to install unauthorized software and enable new features?

  A. SOU

  B. Cross-site scripting

  C. Jailbreaking

  D. Side loading

  Correct Answer: C

  Jailbreaking is the process of removing restrictions imposed by the manufacturer on a smartphone, allowing the user to install unauthorized software and features not available through official app stores. This action typically voids the warranty and can introduce security risks by bypassing built-in protections. SOU (Statement of Understanding) is not related to modifying devices. Cross-site scripting is a web-based attack technique, unrelated to smartphone software. Side loading refers to installing apps from unofficial sources but without necessarily removing built-in restrictions like jailbreaking does.

• Question 32:

  An organization implemented cloud-managed IP cameras to monitor building entry points and sensitive areas. The service provider enables direct TCP/IP connection to stream live video footage from each camera. The organization wants to ensure this stream is encrypted and authenticated. Which of the following protocols should be implemented to best meet this objective?

  A. SSH

  B. SRTP

  C. S/MIME

  D. PPTP

  Correct Answer: B

  Secure Real-Time Transport Protocol (SRTP) is a security protocol used to encrypt and authenticate the streaming of audio and video over IP networks. It ensures that the video streams from the IP cameras are both encrypted to prevent

  unauthorized access and authenticated to verify the integrity of the stream, making it the ideal choice for securing video surveillance.

  References:

  CompTIA Security+ SY0-701 Course Content: Domain 3: Security Architecture, which includes secure communication protocols like SRTP for protecting data in transit.

• Question 33:

  While investigating a recent security breach an analyst finds that an attacker gained access by SOL infection through a company website. Which of the following should the analyst recommend to the website developers to prevent this from reoccurring?

  A. Secure cookies

  B. Input sanitization

  C. Code signing

  D. Blocklist

  Correct Answer: B

  Input sanitization is a critical security measure to prevent SQL injection attacks, which occur when an attacker exploits vulnerabilities in a website's input fields to execute malicious SQL code. By properly sanitizing and validating all user

  inputs, developers can prevent malicious code from being executed, thereby securing the website against such attacks.

  References: CompTIA Security+ SY0-701 study materials, particularly in the domain of web application security and common vulnerability mitigation strategies.

• Question 34:

  An administrator is reviewing a single server's security logs and discovers the following:

  

  Which of the following best describes the action captured in this log file?

  A. Brute-force attack

  B. Privilege escalation

  C. Failed password audit

  D. Forgotten password by the user

  Correct Answer: A

  A brute-force attack is a type of attack that involves systematically trying all possible combinations of passwords or keys until the correct one is found. The log file shows multiple failed login attempts in a short amount of time, which is a

  characteristic of a brute-force attack. The attacker is trying to guess the password of the Administrator account on the server. The log file also shows the event ID 4625, which indicates a failed logon attempt, and the status code 0xC000006A,

  which means the user name is correct but the password is wrong. These are indicators of compromise (IoC) that suggest a brute- force attack is taking place.

  References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 215-216 and 223 1

• Question 35:

  An organization has too many variations of a single operating system and needs to standardize the arrangement prior to pushing the system image to users. Which of the following should the organization implement first?

  A. Standard naming convention

  B. Mashing

  C. Network diagrams

  D. Baseline configuration

  Correct Answer: D

  Baseline configuration is the process of standardizing the configuration settings for a system or network. In this scenario, the organization needs to standardize the operating system configurations before deploying them across the network. Establishing a baseline configuration ensures that all systems adhere to the organization's security policies and operational requirements. References: CompTIA Security+ SY0-701 study materials, particularly in the domain of system hardening and configuration management.

• Question 36:

  An organization wants to ensure the integrity of compiled binaries in the production environment. Which of the following security measures would best support this objective?

  A. Input validation

  B. Code signing

  C. SQL injection

  D. Static analysis

  Correct Answer: B

  To ensure the integrity of compiled binaries in the production environment, the best security measure is code signing. Code signing uses digital signatures to verify the authenticity and integrity of the software, ensuring that the code has not

  been tampered with or altered after it was signed.

  Code signing: Involves signing code with a digital signature to verify its authenticity and integrity, ensuring the compiled binaries have not been altered. Input validation: Ensures that only properly formatted data enters an application but does

  not verify the integrity of compiled binaries. SQL injection: A type of attack, not a security measure. Static analysis: Analyzes code for vulnerabilities and errors but does not ensure the integrity of compiled binaries in production. Reference:

  CompTIA Security+ SY0-701 Exam Objectives, Domain 1.4 - Explain the importance of using appropriate cryptographic solutions (Code signing).

• Question 37:

  Which of the following best describes configuring devices to log to an off-site location for possible future reference?

  A. Log aggregation

  B. DLP

  C. Archiving

  D. SCAP

  Correct Answer: A

  Configuring devices to log to an off-site location for possible future reference is best described as log aggregation. Log aggregation involves collecting logs from multiple sources and storing them in a centralized location, often off-site, to

  ensure they are preserved and can be analyzed in the future.

  Log aggregation: Centralizes log data from multiple devices, making it easier to analyze and ensuring logs are available for future reference. DLP (Data Loss Prevention): Focuses on preventing unauthorized data transfer and ensuring data

  security.

  Archiving: Involves storing data for long-term retention, which could be part of log aggregation but is broader in scope.

  SCAP (Security Content Automation Protocol): A standard for automating vulnerability management and policy compliance.

  Reference: CompTIA Security+ SY0-701 Exam Objectives, Domain 4.4 - Explain security alerting and monitoring concepts and tools (Log aggregation).

• Question 38:

  Which of the following threat vectors is most commonly utilized by insider threat actors attempting data exfiltration?

  A. Unidentified removable devices

  B. Default network device credentials

  C. Spear phishing emails

  D. Impersonation of business units through typosquatting

  Correct Answer: A

  Unidentified removable devices, such as USB drives, are a common threat vector for insider threat actors attempting data exfiltration. Insiders can easily use these devices to transfer sensitive data out of the organization undetected, making it

  one of the most commonly utilized methods for data theft.

  Default network device credentials are a security vulnerability but not typically used for data exfiltration.

  Spear phishing emails are used for external attacks, not insider data exfiltration. Impersonation through typosquatting is typically used by external actors for phishing or fraud.

• Question 39:

  An IT manager is putting together a documented plan describing how the organization will keep operating in the event of a global incident. Which of the following plans is the IT manager creating?

  A. Business continuity

  B. Physical security

  C. Change management

  D. Disaster recovery

  Correct Answer: A

  The IT manager is creating a Business Continuity Plan (BCP). A BCP describes how an organization will continue to operate during and after a disaster or global incident. It ensures that critical business functions remain operational despite

  adverse conditions, with a focus on minimizing downtime and maintaining essential services. Physical security relates to protecting physical assets. Change management ensures changes in IT systems are introduced smoothly, without

  disrupting operations.

  Disaster recovery is a subset of business continuity but focuses specifically on recovering from IT-related incidents.

• Question 40:

  Which of the following best describe a penetration test that resembles an actual external attack?

  A. Known environment

  B. Partially known environment

  C. Bug bounty

  D. Unknown environment

  Correct Answer: D

  An unknown environment in penetration testing, also known as a black-box test, simulates an actual external attack where the tester has no prior knowledge of the system. This type of penetration test is designed to mimic real-world attack

  scenarios, where an attacker has little to no information about the target environment. The tester must rely on various reconnaissance and attack techniques to uncover vulnerabilities, much like a real-world attacker would. This approach

  helps organizations understand their security posture from an external perspective, providing insights into how their defenses would hold up against a true outsider threat.

  References:

  CompTIA Security+ SY0-701 Course Content: The course highlights the importance of understanding different penetration testing environments, including black-box testing, which aligns with the "unknown environment" in the provided

  answer.

  CompTIA Security+ SY0-601 Study Guide: The guide details penetration testing methodologies, including black-box testing, which is crucial for simulating real external attacks.