Practice Free SY0-701 Exam Online Questions
A newly appointed board member with cybersecurity knowledge wants the board of directors to receive a quarterly report detailing the number of incidents that impacted the organization. The systems administrator is creating a way to present the data to the board of directors.
Which of the following should the systems administrator use?
- A . Packet captures
- B . Vulnerability scans
- C . Metadata
- D . Dashboard
D
Explanation:
A dashboard is a graphical user interface that provides a visual representation of key performance indicators, metrics, and trends related to security events and incidents. A dashboard can help the board of directors to understand the number and impact of incidents that affected the organization in a given period, as well as the status and effectiveness of the security controls and processes. A dashboard can also allow the board of directors to drill down into specific details or filter the data by various criteria12.
A packet capture is a method of capturing and analyzing the network traffic that passes through a device or a network segment. A packet capture can provide information about the source, destination, protocol, and content of each packet, but it is not a suitable way to present a summary of incidents to the board of directors13.
A vulnerability scan is a process of identifying and assessing the weaknesses and exposures in a system or a network that could be exploited by attackers. A vulnerability scan can help the organization to prioritize and remediate the risks and improve the security posture, but it is not a relevant way to report the number of incidents that occurred in a quarter14.
Metadata is data that describes other data, such as its format, origin, structure, or context. Metadata can provide useful information about the characteristics and properties of data, but it is not a meaningful way to communicate the impact and frequency of incidents to the board of directors. Reference 1: CompTIA Security+ SY0-701 Certification Study Guide, page 3722: SIEM
Dashboards C SY0-601 CompTIA Security+: 4.3, video by Professor Messer3: CompTIA Security+ SY0-
701 Certification Study Guide, page 3464: CompTIA Security+ SY0-701 Certification Study Guide,
page 362.: CompTIA Security+ SY0-701 Certification Study Guide, page 97.
Which of the following threat vectors is most commonly utilized by insider threat actors attempting
data exfiltration?
- A . Unidentified removable devices
- B . Default network device credentials
- C . Spear phishing emails
- D . Impersonation of business units through typosquatting
A
Explanation:
Unidentified removable devices, such as USB drives, are a common threat vector for insider threat actors attempting data exfiltration. Insiders can easily use these devices to transfer sensitive data out of the organization undetected, making it one of the most commonly utilized methods for data theft. Default network device credentials are a security vulnerability but not typically used for data exfiltration.
Spear phishing emails are used for external attacks, not insider data exfiltration.
Impersonation through typosquatting is typically used by external actors for phishing or fraud.
A company is currently utilizing usernames and passwords, and it wants to integrate an MFA method that is seamless, can Integrate easily into a user’s workflow, and can utilize employee-owned devices.
Which of the following will meet these requirements?
- A . Push notifications
- B . Phone call
- C . Smart card
- D . Offline backup codes
An IT manager is increasing the security capabilities of an organization after a data classification initiative determined that sensitive data could be exfiltrated from the environment.
Which of the
following solutions would mitigate the risk?
- A . XDR
- B . SPF
- C . DLP
- D . DMARC
C
Explanation:
To mitigate the risk of sensitive data being exfiltrated from the environment, the IT manager should implement a Data Loss Prevention (DLP) solution. DLP monitors and controls the movement of sensitive data, ensuring that unauthorized transfers are blocked and potential data breaches are prevented.
XDR (Extended Detection and Response) is useful for threat detection across multiple environments but doesn’t specifically address data exfiltration.
SPF (Sender Policy Framework) helps prevent email spoofing, not data exfiltration.
DMARC (Domain-based Message Authentication, Reporting & Conformance) also addresses email security and spoofing, not data exfiltration.
An organization has too many variations of a single operating system and needs to standardize the arrangement prior to pushing the system image to users.
Which of the following should the organization implement first?
- A . Standard naming convention
- B . Mashing
- C . Network diagrams
- D . Baseline configuration
D
Explanation:
Baseline configuration is the process of standardizing the configuration settings for a system or network. In this scenario, the organization needs to standardize the operating system configurations before deploying them across the network. Establishing a baseline configuration ensures that all systems adhere to the organization’s security policies and operational requirements.
Reference: CompTIA Security+ SY0-701 study materials, particularly in the domain of system hardening and configuration management.
A security engineer is working to address the growing risks that shadow IT services are introducing to the organization. The organization has taken a cloud-first approach end does not have an on-premises IT infrastructure.
Which of the following would best secure the organization?
- A . Upgrading to a next-generation firewall
- B . Deploying an appropriate in-line CASB solution
- C . Conducting user training on software policies
- D . Configuring double key encryption in SaaS platforms
A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message.
Which of the following should the analyst do?
- A . Place posters around the office to raise awareness of common phishing activities.
- B . Implement email security filters to prevent phishing emails from being delivered
- C . Update the EDR policies to block automatic execution of downloaded programs.
- D . Create additional training for users to recognize the signs of phishing attempts.
C
Explanation:
An endpoint detection and response (EDR) system is a security tool that monitors and analyzes the activities and behaviors of endpoints, such as computers, laptops, mobile devices, and servers. An EDR system can detect, prevent, and respond to various types of threats, such as malware, ransomware, phishing, and advanced persistent threats (APTs). One of the features of an EDR system is to block the automatic execution of downloaded programs, which can prevent malicious code from running on the endpoint when a user clicks on a link in a phishing message. This can reduce the impact of a phishing attack and protect the endpoint from compromise. Updating the EDR policies to block automatic execution of downloaded programs is a technical control that can mitigate the risk of phishing, regardless of the user’s awareness or behavior. Therefore, this is the best answer among the given options.
The other options are not as effective as updating the EDR policies, because they rely on administrative or physical controls that may not be sufficient to prevent or stop a phishing attack. Placing posters around the office to raise awareness of common phishing activities is a physical control that can increase the user’s knowledge of phishing, but it may not change their behavior or prevent them from clicking on a link in a phishing message. Implementing email security filters to prevent phishing emails from being delivered is an administrative control that can reduce the exposure to phishing, but it may not be able to block all phishing emails, especially if they are crafted to bypass the filters. Creating additional training for users to recognize the signs of phishing attempts is an administrative control that can improve the user’s skills of phishing detection, but it may not guarantee that they will always be vigilant or cautious when receiving an email. Therefore, these options are not the best answer for this question.
Reference: Endpoint Detection and Response C CompTIA Security+ SY0-701 C 2.2, video at 5:30; CompTIA Security+ SY0-701 Certification Study Guide, page 163.
A hacker gained access to a system via a phishing attempt that was a direct result of a user clicking a suspicious link. The link laterally deployed ransomware, which laid dormant for multiple weeks, across the network.
Which of the following would have mitigated the spread?
- A . IPS
- B . IDS
- C . WAF
- D . UAT
A
Explanation:
IPS stands for intrusion prevention system, which is a network security device that monitors and blocks malicious traffic in real time. IPS is different from IDS, which only detects and alerts on malicious traffic, but does not block it. IPS would have mitigated the spread of ransomware by preventing the hacker from accessing the system via the phishing link, or by stopping the ransomware from communicating with its command and control server or encrypting the files.
An administrator must replace an expired SSL certificate.
Which of the following does the administrator need to create the new SSL certificate?
- A . CSR
- B . OCSP
- C . Key
- D . CRL
A
Explanation:
A Certificate Signing Request (CSR) is a request sent to a certificate authority (CA) to issue an SSL certificate. The CSR contains information like the public key, which will be part of the certificate.
Reference: Security+ SY0-701 Course Content, Security+ SY0-601 Book.
Which of the following is the stage in an investigation when forensic images are obtained?
- A . Acquisition
- B . Preservation
- C . Reporting
- D . E-discovery
A
Explanation:
The acquisition phase involves creating forensic images (exact replicas) of storage devices or memory to ensure data integrity for further analysis.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 4: Security Operations, Section: "Forensic Imaging and Chain of Custody".