SY0-701 Exam - CompTIA Security+ Exam

NEW QUESTION 1

During a recent security assessment, a vulnerability was found in a common OS. The OS vendor was unaware of the issue and promised to release a patch within the next quarter. Which of the following best describes this type of vulnerability?

• A. Legacy operating system
• B. Weak configuration
• C. Zero day
• D. Supply chain

Answer: C

Explanation:
A zero-day vulnerability is a security flaw that is unknown to the vendor and the public, and therefore has no patch or fix available. A zero-day attack is an exploit that takes advantage of a zero-day vulnerability before the vendor or the security community becomes aware of it. A zero-day attack can cause serious damage to a system or network, as there is no defense against it until a patch is released. References:
https://resources.infosecinstitute.com/certification/security-domain-1-threats-attacks-and-vulnerabilities/
https://www.professormesser.com/security-plus/sy0-501/zero-day-attacks-4/

NEW QUESTION 2

A malicious actor recently penetrated a company's network and moved laterally to the data center Upon investigation a forensics firm wants to know what was in the memory on the compromised server Which of the following files should be given to the forensics firm?

• A. Security
• B. Application
• C. Dump
• D. Syslog

Answer: C

Explanation:
A dump file is a file that contains the contents of memory at a specific point in time. It can be used for debugging or forensic analysis of a system or an application. It can reveal what was in the memory on the compromised server, such as processes, variables, passwords, encryption keys, etc.

NEW QUESTION 3

Which of the following cloud models provides clients with servers, storage, and networks but nothing else?

• A. SaaS
• B. PaaS
• C. laaS
• D. DaaS

Answer: C

Explanation:
laaS (Infrastructure as a Service) is a cloud model that provides clients with servers, storage, and networks but nothing else. It allows clients to have more control and flexibility over the configuration and management of their infrastructure resources, but also requires them to install and maintain their own operating systems, applications, etc.

NEW QUESTION 4

A network engineer is troubleshooting wireless network connectivity issues that were reported by users The issues are occurring only in the section of the building that is closest to the parking lot. Users are intermittently experiencing slow speeds when accessing websites and are unable to connect to network drives. The issues appear to increase when laptop users return to their desks after using their devices in other areas of the building There have also been reports of users being required to enter their credentials on web pages in order to gain access to them Which of the following is the most likely cause of this issue?

• A. An external access point is engaging in an evil-Twin attack
• B. The signal on the WAP needs to be increased in that section of the building
• C. The certificates have expired on the devices and need to be reinstalled
• D. The users in that section of the building are on a VLAN that is being blocked by the firewall

Answer: A

Explanation:
An evil-Twin attack is a type of wireless network attack that involves setting up a rogue access point that mimics a legitimate one. It can trick users into connecting to the rogue access point instead of the real one, and then intercept or modify their traffic, steal their credentials, launch phishing pages, etc. It is the most likely cause of the issue that users are experiencing slow speeds, unable to connect to network drives, and required to enter their credentials on web pages when working in the section of the building that is closest to the parking lot, where an external access point could be placed nearby.

NEW QUESTION 5

A security analyst is reviewing the output of a web server log and notices a particular account is attempting to transfer large amounts of money:
GET
http://yourbank.com/transfer.do?acctnum=08764 6959
&amount=500000 HTTP/1.1
GET
http://yourbank.com/transfer.do?acctnum=087646958
&amount=5000000 HTTP/1.1
GET
http://yourbank.com/transfer.do?acctnum=-087646958
&amount=1000000 HTTP/1.1
GET
http://yourbank.com/transfer.do?acctnum=087646953
&amount=500 HTTP/1.1
Which of the following types of attacks is most likely being conducted?

• A. SQLi
• B. CSRF
• C. Spear phishing
• D. API

Answer: B

Explanation:
CSRF stands for Cross-Site Request Forgery, which is an attack that forces an end user to execute unwanted actions on a web application in which they are currently authenticated1. In this case, the attacker may have tricked the user into clicking a malicious link or visiting a malicious website that sends forged requests to the web server of the bank, using the user’s session cookie or other credentials. The web server then performs the money transfer requests as if they were initiated by the user, without verifying the origin or validity of the requests.
* A. SQLi. This is not the correct answer, because SQLi stands for SQL Injection, which is an attack that exploits a vulnerability in a web application’s database layer, where malicious SQL statements are inserted into an entry field for execution2. The output of the web server log does not show any SQL statements or commands.
* B. CSRF. This is the correct answer, because CSRF is an attack that exploits the trust a web server has in a user’s browser, where malicious requests are sent to the web server using the user’s credentials1. The output of the web server log shows multiple GET requests with different account numbers and amounts, which may indicate a CSRF attack.
* C. Spear phishing. This is not the correct answer, because spear phishing is an attack that targets a specific individual or organization with a personalized email or message that contains a malicious link or attachment3. The output of the web server log does not show any email or message content or headers.
* D. API. This is not the correct answer, because API stands for Application Programming Interface, which is a set of rules and specifications that allow software components to communicate and exchange data. API is not an attack method, but rather a way of designing and developing software applications.

NEW QUESTION 6

During an incident, an EDR system detects an increase in the number of encrypted outbound connections from multiple hosts. A firewall is also reporting an increase in outbound connections that use random high ports. An analyst plans to review the correlated logs to find the source of the incident. Which of the following tools will best assist the analyst?

• A. A vulnerability scanner
• B. A NGFW
• C. The Windows Event Viewer
• D. A SIEM

Answer: D

Explanation:
A security information and event management (SIEM) system will best assist the analyst to review the correlated logs to find the source of the incident. A SIEM system is a type of software or service that collects, analyzes, and correlates logs and events from multiple sources, such as firewalls, EDR systems, servers, or applications. A SIEM system can help to detect and respond to security incidents, provide alerts and reports, support investigations and forensics, and comply with regulations. References: https://www.comptia.org/blog/what-is-a-siem
https://www.certblaster.com/wp-content/uploads/2020/11/CompTIA-Security-SY0-601-Exam-Objectives-1.0.pd

NEW QUESTION 7

A security architect is implementing a new email architecture for a company. Due to security concerns, the Chief Information Security Officer would like the new architecture to support email encryption, as well as provide for digital signatures. Which of the following should the architect implement?

• A. TOP
• B. IMAP
• C. HTTPS
• D. S/MIME

Answer: D

Explanation:
S/MIME (Secure/Multipurpose Internet Mail Extensions) is a protocol that enables secure email messages to be sent and received. It provides email encryption, as well as digital signatures, which can be used to verify the authenticity of the sender. S/MIME can be used with a variety of email protocols, including POP and IMAP.
References:
https://www.comptia.org/content/guides/what-is-smime
CompTIA Security+ Study Guide, Sixth Edition (SY0-601), page 139

NEW QUESTION 8

Which of the following is the MOST secure but LEAST expensive data destruction method for data that is stored on hard drives?

• A. Pulverizing
• B. Shredding
• C. Incinerating
• D. Degaussing

Answer: B

Explanation:
Shredding may be the most secure and cost-effective way to destroy electronic data in any media that contain hard drives or solid-state drives and have reached their end-of-life1. Shredding reduces electronic devices to pieces no larger than 2 millimeters2. Therefore, shredding is the most secure but least expensive data destruction method for data that is stored on hard drives.

NEW QUESTION 9

An employee used a corporate mobile device during a vacation Multiple contacts were modified in the device vacation Which of the following method did attacker to insert the contacts without having 'Physical access to device?

• A. Jamming
• B. BluJacking
• C. Disassoaatm
• D. Evil twin

Answer: B

Explanation:
bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers. Bluejacking does not involve device hijacking, despite what the
name implies. In this context, a human might say that the best answer to the question is B. BluJacking, because it is a method that can insert contacts without having physical access to the device.

NEW QUESTION 10

A company recently decided to allow its employees to use their personally owned devices for tasks like checking email and messaging via mobile applications. The company would like to use MDM, but employees are concerned about the loss of personal data. Which of the following should the IT department implement to BEST protect the company against company data loss while still addressing the employees’ concerns?

• A. Enable the remote-wiping option in the MDM software in case the phone is stolen.
• B. Configure the MDM software to enforce the use of PINs to access the phone.
• C. Configure MDM for FDE without enabling the lock screen.
• D. Perform a factory reset on the phone before installing the company's applications.

Answer: C

Explanation:
MDM software is a type of remote asset-management software that runs from a central server. It is used by businesses to optimize the functionality and security of their mobile devices, including smartphones and tablets. It can monitor and regulate both corporate-owned and personally owned devices to the organization’s policies.
FDE stands for full disk encryption, which is a method of encrypting all data on a device’s storage. FDE can protect data from unauthorized access in case the device is lost or stolen.
If a company decides to allow its employees to use their personally owned devices for work tasks, it should configure MDM software to enforce FDE on those devices. This way, the company can protect its data from being exposed if the device falls into the wrong hands.
However, employees may be concerned about the loss of personal data if the company also enables the remote-wiping option in the MDM software. Remote wiping is a feature that allows the company to erase all data on a device remotely in case of theft or loss. Remote wiping can also affect personal data on the device, which may not be acceptable to employees.
Therefore, a possible compromise is to configure MDM for FDE without enabling the lock screen. This means that the device will be encrypted, but it will not require a password or PIN to unlock it. This way, employees can access their personal data easily, while the company can still protect its data with encryption.
The other options are not correct because:
A. Enable the remote-wiping option in the MDM software in case the phone is stolen. This option may address the company’s concern about data loss, but it may not address the employees’ concern about personal data loss. Remote wiping can erase both work and personal data on the device, which may not be desirable for employees.
B. Configure the MDM software to enforce the use of PINs to access the phone. This option may enhance the security of the device, but it may not address the company’s concern about data loss. PINs can be guessed or bypassed by attackers, and they do not protect data if the device is physically accessed.
D. Perform a factory reset on the phone before installing the company’s applications. This option may address the company’s concern about data loss, but it may not address the employees’ concern about personal data loss. A factory reset will erase all data on the device, including personal data, which may not be acceptable to employees.
According to CompTIA Security+ SY0-601 Exam Objectives 2.4 Given a scenario, implement secure systems design:
“MDM software is a type of remote asset-management software that runs from a central server1. It is used by businesses to optimize the functionality and security of their mobile devices, including smartphones and tablets2.”
“FDE stands for full disk encryption, which is a method of encrypting all data on a device’s storage3.” References: https://www.comptia.org/certifications/security#examdetails
https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives
https://www.makeuseof.com/what-is-mobile-device-management-mdm-software/

NEW QUESTION 11

A government organization is developing an advanced Al defense system. Develop-ers are using information collected from third-party providers Analysts are no-ticing inconsistencies in the expected powers Of then learning and attribute the Outcome to a recent attack on one of the suppliers. Which of the following IS the most likely reason for the inaccuracy of the system?

• A. Improper algorithms security
• B. Tainted training data
• C. virus
• D. Cryptomalware

Answer: B

Explanation:
Tainted training data is a type of data poisoning attack that involves modifying or injecting malicious data into the training dataset of a machine learning or artificial intelligence system. It can cause the system to learn incorrect or biased patterns and produce inaccurate or malicious outcomes. It is the most likely reason for the inaccuracy of the system that is using information collected from third-party providers that have been compromised by an attacker.

NEW QUESTION 12

While reviewing the /etc/shadow file, a security administrator notices files with the same values. Which of the following attacks should the administrator be concerned about?

• A. Plaintext
• B. Birthdat
• C. Brute-force
• D. Rainbow table

Answer: D

Explanation:
Rainbow table is a type of attack that should concern a security administrator when reviewing the /etc/shadow file. The /etc/shadow file is a file that stores encrypted passwords of users in a Linux system. A rainbow table is a precomputed table of hashes and their corresponding plaintext values that can be used to crack hashed passwords. If an attacker obtains a copy of the /etc/shadow file, they can use a rainbow table to find the plaintext passwords of users.
References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.geeksforgeeks.org/rainbow-table-in-cryptography/

NEW QUESTION 13

An information security officer at a credit card transaction company is conducting a framework-mapping exercise with the internal controls. The company recently established a new office in Europe. To which of the following frameworks should the security officer map the existing controls' (Select two).

• A. ISO
• B. PCI DSS
• C. SOC
• D. GDPR
• E. CSA
• F. NIST

Answer: BD

Explanation:
PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards and requirements for organizations that store, process, or transmit payment card data. It aims to protect cardholder data and prevent fraud and data breaches. GDPR (General Data Protection Regulation) is a regulation that governs the collection, processing, and transfer of personal data of individuals in the European Union. It aims to protect the privacy and rights of data subjects and impose obligations and penalties on data controllers and
processors. These are the frameworks that the security officer should map the existing controls to, as they are relevant for a credit card transaction company that has a new office in Europe

NEW QUESTION 14

A security analyst needs an overview of vulnerabilities for a host on the network. Which of the following is the BEST type of scan for the analyst to run to discover which vulnerable services are running?

• A. Non-credentialed
• B. Web application
• C. Privileged
• D. Internal

Answer: C

Explanation:
Privileged scanning, also known as credentialed scanning, is a type of vulnerability scanning that uses a valid user account to log in to the target host and examine vulnerabilities from a trusted user’s perspective. It can provide more accurate and comprehensive results than unprivileged scanning, which does not use any credentials and only scans for externally visible vulnerabilities.

NEW QUESTION 15

A manufacturing company has several one-off legacy information systems that cannot be migrated to a newer OS due to software compatibility issues. The OSs are still supported by the vendor but the industrial software is no longer supported The Chief Information Security Officer has created a resiliency plan for these systems that will allow OS patches to be installed in a non-production environment, white also creating backups of the systems for recovery. Which of the following resiliency techniques will provide these capabilities?

• A. Redundancy
• B. RAID 1+5
• C. Virtual machines
• D. Full backups

Answer: C

Explanation:
Virtual machines are software-based simulations of physical computers that run on a host system and share its resources. They can provide resiliency for legacy information systems that cannot be migrated to a newer OS due to software compatibility issues by allowing OS patches to be installed in a non-production environment without affecting the production environment. They can also create backups of the systems for recovery by taking snapshots or copies of the virtual machine files.

NEW QUESTION 16

A security analyst is taking part in an evaluation process that analyzes and categorizes threat actors Of real-world events in order to improve the incident response team's process. Which Of the following is the analyst most likely participating in?

• A. MITRE ATT&CK
• B. Walk-through
• C. Red team
• D. Purple team-I
• E. TAXI

Answer: A

Explanation:
MITRE ATT&CK is a knowledge base and framework that analyzes and categorizes threat actors and
real-world events based on their tactics, techniques and procedures. It can help improve the incident response team’s process by providing a common language and reference for identifying, understanding and mitigating threats

NEW QUESTION 17

Which of the following will increase cryptographic security?

• A. High data entropy
• B. Algorithms that require less computing power
• C. Longer key longevity
• D. Hashing

Answer: A

Explanation:
Data entropy is a measure of the randomness or unpredictability of data. High data entropy means that the data has more variation and less repetition, making it harder to guess or crack. It can increase cryptographic security by making the encryption keys and ciphertext more complex and resistant to brute-force attacks, frequency analysis, etc

NEW QUESTION 18

Users report access to an application from an internal workstation is still unavailable to a specific server, even after a recent firewall rule implementation that was requested for this access. ICMP traffic is successful between the two devices. Which of the following tools should the security analyst use to help identify if the traffic is being blocked?

• A. nmap
• B. tracert
• C. ping
• D. ssh

Answer: A

Explanation:
Tracert is a command-line tool that shows the route that packets take to reach a destination on a network1. It also displays the time it takes for each hop along the way1. By using tracert, you can see if there is a router or firewall that is blocking or slowing down the traffic between the internal workstation and the specific server1.

NEW QUESTION 19
......