CompTIA CompTIA Certifications SY0-701 Questions & Answers

• Question 71:

  A systems administrator notices that the research and development department is not using the company VPN when accessing various company-related services and systems. Which of the following scenarios describes this activity?

  A. Espionage

  B. Data exfiltration

  C. Nation-state attack

  D. Shadow IT

  Correct Answer: D

  The activity described, where a department is not using the company VPN when accessing various company-related services and systems, is an example of Shadow IT. Shadow IT refers to the use of IT systems, devices, software,

  applications, and services without explicit IT department approval.

  Espionage: Involves spying to gather confidential information, not simply bypassing the VPN.

  Data exfiltration: Refers to unauthorized transfer of data, which might involve not using a VPN but is more specific to the act of transferring data out of the organization.

  Nation-state attack: Involves attacks sponsored by nation-states, which is not indicated in the scenario.

  Shadow IT: Use of unauthorized systems and services, which aligns with bypassing the company VPN.

  Reference: CompTIA Security+ SY0-701 Exam Objectives, Domain 2.1 - Compare and contrast common threat actors and motivations (Shadow IT).

• Question 72:

  A security administrator identifies an application that is storing data using MD5. Which of the following best identifies the vulnerability likely present in the application?

  A. Cryptographic

  B. Malicious update

  C. Zero day

  D. Side loading

  Correct Answer: A

  The vulnerability likely present in the application that is storing data using MD5 is a cryptographic vulnerability. MD5 is considered to be a weak hashing algorithm due to its susceptibility to collision attacks, where two different inputs produce

  the same hash output, compromising data integrity and security. Cryptographic: Refers to vulnerabilities in cryptographic algorithms or implementations, such as the weaknesses in MD5.

  Malicious update: Refers to the intentional injection of harmful updates, not related to the use of MD5.

  Zero day: Refers to previously unknown vulnerabilities for which no patch is available, not specifically related to MD5.

  Side loading: Involves installing software from unofficial sources, not directly related to the use of MD5.

  Reference: CompTIA Security+ SY0-701 Exam Objectives, Domain 1.4 - Explain the importance of using appropriate cryptographic solutions (MD5 vulnerabilities).

• Question 73:

  A security analyst is creating base for the server team to follow when hardening new devices for deployment. Which of the following beet describes what the analyst is creating?

  A. Change management procedure

  B. Information security policy

  C. Cybersecurity framework D. Secure configuration guide

  Correct Answer: D

  The security analyst is creating a "secure configuration guide," which is a set of instructions or guidelines used to configure devices securely before deployment. This guide ensures that the devices are set up according to best practices to

  minimize vulnerabilities and protect against potential security threats.

  References:

  CompTIA Security+ SY0-701 Course Content: Domain 03 Security Architecture. CompTIA Security+ SY0-601 Study Guide: Chapter on System Hardening and Secure Configuration.

• Question 74:

  A company wants to get alerts when others are researching and doing reconnaissance on the company. One approach would be to host a part of the Infrastructure online with known vulnerabilities that would appear to be company assets. Which of the following describes this approach?

  A. Watering hole

  B. Bug bounty

  C. DNS sinkhole

  D. Honeypot

  Correct Answer: D

  A honeypot is a security mechanism set up to attract and detect potential attackers by simulating vulnerable assets. By hosting a part of the infrastructure online with known vulnerabilities that appear to be company assets, the company can

  observe and analyze the behavior of attackers conducting reconnaissance. This approach allows the company to get alerts and gather intelligence on potential threats.

  References: CompTIA Security+ SY0-701 study materials, particularly on threat detection techniques such as honeypots.

• Question 75:

  An administrator at a small business notices an increase in support calls from employees who receive a blocked page message after trying to navigate to a spoofed website. Which of the following should the administrator do?

  A. Deploy multifactor authentication.

  B. Decrease the level of the web filter settings

  C. Implement security awareness training.

  D. Update the acceptable use policy

  Correct Answer: C

  In this scenario, employees are attempting to navigate to spoofed websites, which is being blocked by the web filter. To address this issue, the administrator should implement security awareness training. Training helps employees recognize phishing and other social engineering attacks, reducing the likelihood that they will attempt to access malicious websites in the future. Deploying multifactor authentication (MFA) would strengthen authentication but does not directly address user behavior related to phishing websites. Decreasing the level of the web filter would expose the organization to more threats. Updating the acceptable use policy may clarify guidelines but is not as effective as hands-on training for improving user behavior.

• Question 76:

  Which of the following tasks is typically included in the BIA process?

  A. Estimating the recovery time of systems

  B. Identifying the communication strategy

  C. Evaluating the risk management plan

  D. Establishing the backup and recovery procedures

  E. Developing the incident response plan

  Correct Answer: A

  Estimating the recovery time of systems is a task typically included in the Business Impact Analysis (BIA) process. BIA involves identifying the critical functions of a business and determining the impact of a disruption. This includes estimating

  how long it will take to recover systems and resume normal operations. Estimating the recovery time of systems: A key component of BIA, which helps in understanding the time needed to restore systems and services after a disruption.

  Identifying the communication strategy: Typically part of the incident response plan, not BIA.

  Evaluating the risk management plan: Part of risk management, not specifically BIA.

  Establishing the backup and recovery procedures: Important for disaster recovery, not directly part of BIA.

  Developing the incident response plan: Focuses on responding to security incidents, not on the impact analysis.

  Reference: CompTIA Security+ SY0-701 Exam Objectives, Domain 5.2 - Risk management process (Business Impact Analysis - BIA).

• Question 77:

  Which of the following data roles is responsible for identifying risks and appropriate access to data?

  A. Owner

  B. Custodian

  C. Steward D. Controller

  Correct Answer: A

  The data owner is the role responsible for identifying risks to data and determining who should have access to that data. The owner has the authority to make decisions about the protection and usage of the data, including setting access

  controls and ensuring that appropriate security measures are in place.

  References: CompTIA Security+ SY0-701 study materials, particularly in the domain of data governance and the roles and responsibilities associated with data management.

• Question 78:

  Employees located off-site must have access to company resources in order to complete their assigned tasks. These employees utilize a solution that allows remote access without interception concerns. Which of the following best describes this solution?

  A. Proxy server

  B. NGFW

  C. VPN

  D. Security zone

  Correct Answer: C

  A Virtual Private Network (VPN) is the best solution to allow remote employees secure access to company resources without interception concerns. A VPN establishes an encrypted tunnel over the internet, ensuring that data transferred

  between remote employees and the company is secure from eavesdropping. Proxy server helps with web content filtering and anonymization but does not provide encrypted access.

  NGFW (Next-Generation Firewall) enhances security but is not the primary tool for enabling remote access.

  Security zone is a network segmentation technique but does not provide remote access capabilities.

• Question 79:

  Which of the following would most likely mitigate the impact of an extended power outage on a company's environment?

  A. Hot site

  B. UPS

  C. Snapshots

  D. SOAR

  Correct Answer: B

  A UPS (Uninterruptible Power Supply) would most likely mitigate the impact of an extended power outage on a company's environment. A UPS provides backup power and ensures that systems continue to run during short-term power

  outages, giving enough time to perform an orderly shutdown or switch to a longer-term power solution like a generator.

  Hot site: A fully operational offsite data center that can be used if the primary site becomes unavailable. It's more suitable for disaster recovery rather than mitigating short-term power outages.

  UPS: Provides immediate backup power, protecting against data loss and hardware damage during power interruptions.

  Snapshots: Used for data backup and recovery, not for power outage mitigation. SOAR (Security Orchestration, Automation, and Response): A platform for automating security operations, not related to power outage mitigation. Reference:

  CompTIA Security+ SY0-701 Exam Objectives, Domain 3.4 - Importance of resilience and recovery in security architecture (Power: Generators, UPS).

• Question 80:

  A company would like to provide employees with computers that do not have access to the internet in order to prevent information from being leaked to an online forum. Which of the following would be best for the systems administrator to implement?

  A. Air gap

  B. Jump server

  C. Logical segmentation

  D. Virtualization

  Correct Answer: A

  To provide employees with computers that do not have access to the internet and prevent information leaks to an online forum, implementing an air gap would be the best solution. An air gap physically isolates the computer or network from

  any outside connections, including the internet, ensuring that data cannot be transferred to or from the system.

  Air gap: A security measure that isolates a computer or network from the internet or other networks, preventing any form of electronic communication with external systems. Jump server: A secure server used to access and manage devices

  in a different security zone, but it does not provide isolation from the internet. Logical segmentation: Segregates networks using software or network configurations, but it does not guarantee complete isolation from the internet. Virtualization:

  Creates virtual instances of systems, which can be isolated, but does not inherently prevent internet access without additional configurations. Reference: CompTIA Security+ SY0-701 Exam Objectives, Domain 2.5 - Explain the purpose of

  mitigation techniques used to secure the enterprise (Air gap).