Sy0-701 0
Uploaded by
Asif RzayevSy0-701 0
Uploaded by
Asif RzayevCertshared now are offering 100% pass ensure SY0-701 dumps!
https://www.certshared.com/exam/SY0-701/ (0 Q&As)
CompTIA
Exam Questions SY0-701
CompTIA Security+ Exam
Guaranteed success with Our exam guides visit - https://www.certshared.com
Certshared now are offering 100% pass ensure SY0-701 dumps!
https://www.certshared.com/exam/SY0-701/ (0 Q&As)
NEW QUESTION 1
Employees in the research and development business unit receive extensive training to ensure they understand how to best protect company data. Which of the
following is the type of data these employees are most likely to use in day-to-day work activities?
A. Encrypted
B. Intellectual property
C. Critical
D. Data in transit
Answer: B
Explanation:
Intellectual property is a type of data that consists of ideas, inventions, designs, or other creative works that have commercial value and are protected by law.
Employees in the research and development business unit are most likely to use intellectual property data in their day-to-day work activities, as they are involved in
creating new products or services for the company. Intellectual property data needs to be protected from unauthorized use, disclosure, or theft, as it can give the
company a competitive advantage in the market. Therefore, these employees receive extensive training to ensure
they understand how to best protect this type of data. References = CompTIA Security+ SY0-701 Certification Study Guide, page 90; Professor Messer’s
CompTIA SY0-701 Security+ Training Course, video 1.2 - Security Concepts, 7:57 - 9:03.
NEW QUESTION 2
Which of the following agreement types defines the time frame in which a vendor needs to respond?
A. SOW
B. SLA
C. MOA
D. MOU
Answer: B
Explanation:
A service level agreement (SLA) is a type of agreement that defines the expectations and responsibilities between a service provider and a customer. It usually
includes the quality, availability, and performance metrics of the service, as well as the time frame in which the provider needs to respond to service requests,
incidents, or complaints. An SLA can help ensure that the customer receives the desired level of service and that the provider is accountable for meeting the
agreed-upon standards.
References:
? Security+ (Plus) Certification | CompTIA IT Certifications, under “About the exam”, bullet point 3: “Operate with an awareness of applicable regulations and
policies, including principles of governance, risk, and compliance.”
? CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 1, page 14: “Service Level Agreements (SLAs) are contracts between a service
provider and a customer that specify the level of service expected from the service provider.”
NEW QUESTION 3
Which of the following is the best reason to complete an audit in a banking environment?
A. Regulatory requirement
B. Organizational change
C. Self-assessment requirement
D. Service-level requirement
Answer: A
Explanation:
A regulatory requirement is a mandate imposed by a government or an authority that must be followed by an organization or an individual. In a banking
environment, audits are often required by regulators to ensure compliance with laws, standards, and policies related to security, privacy, and financial reporting.
Audits help to identify and correct any gaps or weaknesses in the security posture and the internal controls of the organization. References:
? Official CompTIA Security+ Study Guide (SY0-701), page 507
? Security+ (Plus) Certification | CompTIA IT Certifications 2
NEW QUESTION 4
Which of the following must be considered when designing a high-availability network? (Choose two).
A. Ease of recovery
B. Ability to patch
C. Physical isolation
D. Responsiveness
E. Attack surface
F. Extensible authentication
Answer: AE
Explanation:
A high-availability network is a network that is designed to minimize downtime and ensure continuous operation even in the event of a failure or disruption. A high-
availability network must consider the following factors12:
? Ease of recovery: This refers to the ability of the network to restore normal functionality quickly and efficiently after a failure or disruption. Ease of recovery can
be achieved by implementing backup and restore procedures, redundancy and failover mechanisms, fault tolerance and resilience, and disaster recovery plans.
? Attack surface: This refers to the amount of exposure and vulnerability of the network to potential threats and attacks. Attack surface can be reduced by
implementing security controls such as firewalls, encryption, authentication, access control, segmentation, and hardening.
The other options are not directly related to high-availability network design:
? Ability to patch: This refers to the process of updating and fixing software components to address security issues, bugs, or performance improvements. Ability to
Guaranteed success with Our exam guides visit - https://www.certshared.com
Certshared now are offering 100% pass ensure SY0-701 dumps!
https://www.certshared.com/exam/SY0-701/ (0 Q&As)
patch is important for maintaining the security and functionality of the network, but it is not a specific factor for high-availability network design.
? Physical isolation: This refers to the separation of network components or devices from other networks or physical environments. Physical isolation can enhance
the security and performance of the network, but it can also reduce the availability and accessibility of the network resources.
? Responsiveness: This refers to the speed and quality of the network’s performance and service delivery. Responsiveness can be measured by metrics such as
latency, throughput, jitter, and packet loss. Responsiveness is important for ensuring customer satisfaction and user experience, but it is not a specific factor for
high-availability network design.
? Extensible authentication: This refers to the ability of the network to support multiple and flexible authentication methods and protocols. Extensible authentication
can improve the security and convenience of the network, but it is not a specific factor for high-availability network design.
References = 1: CompTIA Security+ SY0-701 Certification Study Guide, page 972: High Availability – CompTIA Security+ SY0-701 – 3.4, video by Professor
Messer.
NEW QUESTION 5
An engineer needs to find a solution that creates an added layer of security by preventing unauthorized access to internal company resources. Which of the
following would be the best solution?
A. RDP server
B. Jump server
C. Proxy server
D. Hypervisor
Answer: B
Explanation:
= A jump server is a server that acts as an intermediary between a user and a target system. A jump server can provide an added layer of security by preventing
unauthorized access to internal company resources. A user can connect to the jump server using a secure protocol, such as SSH, and then access the target
system from the jump server. This way, the target system is isolated from the external network and only accessible through the jump server. A jump server can
also enforce security policies, such as authentication, authorization, logging, and auditing, on the user’s connection. A jump server is also known as a bastion host
or a jump box. References = CompTIA Security+ Certification Exam Objectives, Domain 3.3: Given a scenario, implement secure network architecture concepts.
CompTIA Security+ Study Guide (SY0-701), Chapter 3: Network Architecture and Design, page 101. Other Network Appliances – SY0-601 CompTIA Security+ :
3.3, Video 3:03. CompTIA Security+ Certification Exam SY0-701 Practice Test 1, Question 2.
NEW QUESTION 6
Which of the following can be used to identify potential attacker activities without affecting production servers?
A. Honey pot
B. Video surveillance
C. Zero Trust
D. Geofencing
Answer: A
Explanation:
A honey pot is a system or a network that is designed to mimic a real production server and attract potential attackers. A honey pot can be used to identify the
attacker’s methods, techniques, and objectives without affecting the actual production servers. A honey pot can also divert the attacker’s attention from the real
targets and waste their time and resources12.
The other options are not effective ways to identify potential attacker activities without affecting production servers:
? Video surveillance: This is a physical security technique that uses cameras and monitors to record and observe the activities in a certain area. Video surveillance
can help to deter, detect, and investigate physical intrusions, but it does not directly identify the attacker’s activities on the network or the servers3.
? Zero Trust: This is a security strategy that assumes that no user, device, or network is trustworthy by default and requires strict verification and validation for
every request and transaction. Zero Trust can help to improve the security posture and reduce the attack surface of an organization, but it does not directly identify
the attacker’s activities on the network or the servers4.
? Geofencing: This is a security technique that uses geographic location as a criterion to restrict or allow access to data or resources. Geofencing can help to
protect the data sovereignty and compliance of an organization, but it does not directly identify the attacker’s activities on the network or the servers5.
References = 1: CompTIA Security+ SY0-701 Certification Study Guide, page 542: Honeypots and Deception – SY0-601 CompTIA Security+ : 2.1, video by
Professor Messer3: CompTIA Security+ SY0-701 Certification Study Guide, page 974: CompTIA Security+ SY0-701 Certification Study Guide, page 985:
CompTIA Security+ SY0-701 Certification Study Guide, page 99.
NEW QUESTION 7
Which of the following can best protect against an employee inadvertently installing malware on a company system?
A. Host-based firewall
B. System isolation
C. Least privilege
D. Application allow list
Answer: D
Explanation:
An application allow list is a security technique that specifies which applications are authorized to run on a system and blocks all other applications. An application
allow list can best protect against an employee inadvertently installing malware on a company system because it prevents the execution of any unauthorized or
malicious software, such as viruses, worms, trojans, ransomware, or spyware. An application allow list can also reduce the attack surface and improve the
performance of the
system. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 11: Secure Application Development, page 551 1
NEW QUESTION 8
A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The
company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?
A. SSO
Guaranteed success with Our exam guides visit - https://www.certshared.com
Certshared now are offering 100% pass ensure SY0-701 dumps!
https://www.certshared.com/exam/SY0-701/ (0 Q&As)
B. LEAP
C. MFA
D. PEAP
Answer: A
Explanation:
SSO stands for single sign-on, which is a method of authentication that allows users to access multiple applications or services with one set of credentials. SSO
reduces the number of credentials employees need to maintain and simplifies the login process. SSO can also improve security by reducing the risk of password
reuse, phishing, and credential theft. SSO can be implemented using various protocols, such as SAML, OAuth, OpenID Connect, and Kerberos, that enable the
exchange of authentication information between different domains or systems. SSO is commonly used for accessing SaaS applications, such as Office 365,
Google Workspace, Salesforce, and others, using domain credentials123.
* B. LEAP stands for Lightweight Extensible Authentication Protocol, which is a Cisco proprietary protocol that provides authentication for wireless networks. LEAP
is not related to SaaS applications or domain credentials4.
* C. MFA stands for multi-factor authentication, which is a method of authentication that requires users to provide two or more pieces of evidence to prove their
identity. MFA can enhance security by adding an extra layer of protection beyond passwords, such as tokens, biometrics, or codes. MFA is not related to SaaS
applications or domain credentials, but it can be used in conjunction with SSO.
* D. PEAP stands for Protected Extensible Authentication Protocol, which is a protocol that provides secure authentication for wireless networks. PEAP uses TLS
to create an encrypted tunnel between the client and the server, and then uses another authentication method, such as MS-CHAPv2 or EAP-GTC, to verify the
user’s identity. PEAP is not related to SaaS applications or domain credentials.
References = 1: Security+ (SY0-701) Certification Study Guide | CompTIA IT Certifications 2: What is Single Sign-On (SSO)? - Definition from WhatIs.com 3:
Single sign-on - Wikipedia 4: Lightweight Extensible Authentication Protocol - Wikipedia : What is Multi-Factor Authentication (MFA)? - Definition from WhatIs.com :
Protected Extensible Authentication Protocol - Wikipedia
NEW QUESTION 9
Which of the following allows for the attribution of messages to individuals?
A. Adaptive identity
B. Non-repudiation
C. Authentication
D. Access logs
Answer: B
Explanation:
Non-repudiation is the ability to prove that a message or document was sent or signed by a particular person, and that the person cannot deny sending or signing
it.
Non-repudiation can be achieved by using cryptographic techniques, such as hashing and digital signatures, that can verify the authenticity and integrity of the
message or document. Non-repudiation can be useful for legal, financial, or contractual purposes, as it can provide evidence of the origin and content of the
message or document. References = Non- repudiation – CompTIA Security+ SY0-701 – 1.2, CompTIA Security+ SY0-301: 6.1 – Non-repudiation, CompTIA
Security+ (SY0-701) Certification Exam Objectives, Domain 1.2, page 2.
NEW QUESTION 10
A security analyst locates a potentially malicious video file on a server and needs to identify both the creation date and the file's creator. Which of the following
actions would most likely give the security analyst the information required?
A. Obtain the file's SHA-256 hash.
B. Use hexdump on the file's contents.
C. Check endpoint logs.
D. Query the file's metadata.
Answer: D
Explanation:
Metadata is data that describes other data, such as its format, origin, creation date, author, and other attributes. Video files, like other types of files, can contain
metadata that can provide useful information for forensic analysis. For example, metadata can reveal the camera model, location, date and time, and software
used to create or edit the video file. To query the file’s metadata, a security analyst can use various tools, such as MediaInfo1, ffprobe2, or hexdump3, to extract
and display the metadata from the video file. By querying the file’s metadata, the security analyst can most likely identify both the creation date and the file’s
creator, as well as other relevant information. Obtaining the file’s SHA-256 hash, checking endpoint logs, or using hexdump on the file’s contents are other
possible actions, but they are not the most appropriate to answer the question. The file’s SHA-256 hash is a cryptographic value that can be used to verify the
integrity or uniqueness of the file, but it does not reveal any information about the file’s creation date or creator. Checking endpoint logs can provide some clues
about the file’s origin or activity, but it may not be reliable or accurate, especially if the logs are tampered with or incomplete. Using hexdump on the file’s contents
can show the raw binary data of the file, but it may not be easy or feasible to interpret the metadata from the hex output, especially if the file is large or encrypted.
References: 1: How do I get the meta-data of a video file? 2: How to check if an mp4 file contains malware? 3: [Hexdump - Wikipedia]
NEW QUESTION 10
Which of the following describes the process of concealing code or text inside a graphical
image?
A. Symmetric encryption
B. Hashing
C. Data masking
D. Steganography
Answer: D
Explanation:
Steganography is the process of hiding information within another medium, such as an image, audio, video, or text file. The hidden information is not visible or
noticeable to the casual observer, and can only be extracted by using a specific technique or key. Steganography can be used for various purposes, such as
concealing secret messages, watermarking, or evading detection by antivirus software12
Guaranteed success with Our exam guides visit - https://www.certshared.com
Certshared now are offering 100% pass ensure SY0-701 dumps!
https://www.certshared.com/exam/SY0-701/ (0 Q&As)
References:
1: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 5: Cryptography and PKI, page 233 2: CompTIA Security+ Certification Kit: Exam
SY0-701, 7th Edition, Chapter 5: Cryptography and PKI, page 235
NEW QUESTION 14
A security operations center determines that the malicious activity detected on a server is normal. Which of the following activities describes the act of ignoring
detected activity in the future?
A. Tuning
B. Aggregating
C. Quarantining
D. Archiving
Answer: A
Explanation:
Tuning is the activity of adjusting the configuration or parameters of a security tool or system to optimize its performance and reduce false positives or false
negatives. Tuning can help to filter out the normal or benign activity that is detected by the security tool or system, and focus on the malicious or anomalous activity
that requires further investigation or response. Tuning can also help to improve the efficiency and effectiveness of the security operations center by reducing the
workload and alert fatigue of
the analysts. Tuning is different from aggregating, which is the activity of collecting and combining data from multiple sources or sensors to provide a
comprehensive view of the security posture. Tuning is also different from quarantining, which is the activity of isolating a potentially infected or compromised device
or system from the rest of the network to prevent further damage or spread. Tuning is also different from archiving, which is the activity of storing and preserving
historical data or records for future reference or compliance. The act of ignoring detected activity in the future that is deemed normal by the security operations
center is an example of tuning, as it involves modifying the settings or rules of the security tool or system to exclude the activity from the detection scope.
Therefore, this is the best answer among the given options. References = Security Alerting and Monitoring Concepts and Tools – CompTIA Security+ SY0-701:
4.3, video at
7:00; CompTIA Security+ SY0-701 Certification Study Guide, page 191.
NEW QUESTION 18
Malware spread across a company's network after an employee visited a compromised industry blog. Which of the following best describes this type of attack?
A. Impersonation
B. Disinformation
C. Watering-hole
D. Smishing
Answer: C
Explanation:
A watering-hole attack is a type of cyberattack that targets groups of users by infecting websites that they commonly visit. The attackers exploit vulnerabilities to
deliver a malicious payload to the organization’s network. The attack aims to infect users’ computers and gain access to a connected corporate network. The
attackers target websites known to be popular among members of a particular organization or demographic. The attack differs from phishing and spear-phishing
attacks, which typically attempt to steal data or install malware onto users’ devices1
In this scenario, the compromised industry blog is the watering hole that the attackers used to spread malware across the company’s network. The attackers likely
chose this blog because they knew that the employees of the company were interested in its content and visited it frequently. The attackers may have injected
malicious code into the blog or redirected the visitors to a spoofed website that hosted the malware. The malware then infected the employees’ computers and
propagated to the network.
References1: Watering Hole Attacks: Stages, Examples, Risk Factors & Defense …
NEW QUESTION 20
Which of the following enables the use of an input field to run commands that can view or manipulate data?
A. Cross-site scripting
B. Side loading
C. Buffer overflow
D. SQL injection
Answer: D
Explanation:
= SQL injection is a type of attack that enables the use of an input field to run commands that can view or manipulate data in a database. SQL stands for
Structured Query Language, which is a language used to communicate with databases. By injecting malicious SQL statements into an input field, an attacker can
bypass authentication, access sensitive information, modify or delete data, or execute commands on the server.
SQL injection is one of the most common and dangerous web application
vulnerabilities. References = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 5, page 195. CompTIA
Security+ SY0-701 Exam Objectives, Domain 1.1, page 8.
NEW QUESTION 24
A business received a small grant to migrate its infrastructure to an off-premises solution. Which of the following should be considered first?
A. Security of cloud providers
B. Cost of implementation
C. Ability of engineers
D. Security of architecture
Answer: D
Explanation:
Guaranteed success with Our exam guides visit - https://www.certshared.com
Certshared now are offering 100% pass ensure SY0-701 dumps!
https://www.certshared.com/exam/SY0-701/ (0 Q&As)
Security of architecture is the process of designing and implementing a secure infrastructure that meets the business objectives and requirements. Security of
architecture should be considered first when migrating to an off-premises solution, such as cloud computing, because it can help to identify and mitigate the
potential risks and challenges associated with the migration, such as data security, compliance, availability, scalability, and performance. Security of architecture is
different from security of cloud providers, which is the process of evaluating and selecting a trustworthy and reliable cloud service provider that can meet the
security and operational needs of the business. Security of architecture is also different from cost of implementation, which is the amount of money required to
migrate and maintain the infrastructure in the cloud. Security of architecture is also different from ability of engineers, which is the level of skill and knowledge of
the IT staff who are responsible for the migration and management of the cloud
infrastructure. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 3491
NEW QUESTION 27
An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to
evaluate?
A. Secured zones
B. Subject role
C. Adaptive identity
D. Threat scope reduction
Answer: D
Explanation:
The data plane, also known as the forwarding plane, is the part of the network that carries user traffic and data. It is responsible for moving packets from one
device to another based on the routing and switching decisions made by the control plane. The data plane is a critical component of the Zero Trust architecture, as
it is where most of the attacks and breaches occur. Therefore, implementing Zero Trust principles within the data plane can help to improve the security and
resilience of the network.
One of the key principles of Zero Trust is to assume breach and minimize the blast radius and segment access. This means that the network should be divided into
smaller and isolated segments or zones, each with its own security policies and controls. This way, if one segment is compromised, the attacker cannot easily
move laterally to other segments and access more resources or data. This principle is also known as threat scope reduction, as it reduces the scope and impact of
a potential threat.
The other options are not as relevant for the data plane as threat scope reduction. Secured zones are a concept related to the control plane, which is the part of
the network that makes routing and switching decisions. Subject role is a concept related to the identity plane, which is the part of the network that authenticates
and authorizes users and devices. Adaptive identity is a concept related to the policy plane, which is the part of the network that defines and enforces the security
policies and rules.
References = https://bing.com/search?q=Zero+Trust+data+plane https://learn.microsoft.com/en-us/security/zero-trust/deploy/data
NEW QUESTION 28
Which of the following should a security administrator adhere to when setting up a new set of firewall rules?
A. Disaster recovery plan
B. Incident response procedure
C. Business continuity plan
D. Change management procedure
Answer: D
Explanation:
A change management procedure is a set of steps and guidelines that a security administrator should adhere to when setting up a new set of firewall rules. A
firewall is a device or software that can filter, block, or allow network traffic based on predefined rules or policies. A firewall rule is a statement that defines the
criteria and action for a firewall to apply to a packet or a connection. For example, a firewall rule can allow or deny traffic based on the source and destination IP
addresses, ports, protocols, or applications. Setting up a new set of firewall rules is a type of change that can affect the security, performance, and functionality of
the network. Therefore, a change management procedure is necessary to ensure that the change is planned, tested, approved, implemented, documented, and
reviewed in a controlled and consistent manner. A change management procedure typically includes the following elements:
? A change request that describes the purpose, scope, impact, and benefits of the change, as well as the roles and responsibilities of the change owner,
implementer, and approver.
? A change assessment that evaluates the feasibility, risks, costs, and dependencies of the change, as well as the alternatives and contingency plans.
? A change approval that authorizes the change to proceed to the implementation stage, based on the criteria and thresholds defined by the change policy.
? A change implementation that executes the change according to the plan and schedule, and verifies the results and outcomes of the change.
? A change documentation that records the details and status of the change, as well as the lessons learned and best practices.
? A change review that monitors and measures the performance and effectiveness of the change, and identifies any issues or gaps that need to be addressed or
improved.
A change management procedure is important for a security administrator to adhere to when setting up a new set of firewall rules, as it can help to achieve the
following objectives:
? Enhance the security posture and compliance of the network by ensuring that the
firewall rules are aligned with the security policies and standards, and that they do not introduce any vulnerabilities or conflicts.
? Minimize the disruption and downtime of the network by ensuring that the firewall
rules are tested and validated before deployment, and that they do not affect the availability or functionality of the network services or applications.
? Improve the efficiency and quality of the network by ensuring that the firewall rules
are optimized and updated according to the changing needs and demands of the network users and stakeholders, and that they do not cause any performance or
compatibility issues.
? Increase the accountability and transparency of the network by ensuring that the
firewall rules are documented and reviewed regularly, and that they are traceable and auditable by the relevant authorities and parties.
The other options are not correct because they are not related to the process of setting up a new set of firewall rules. A disaster recovery plan is a set of policies
and procedures that aim to restore the normal operations of an organization in the event of a system failure, natural disaster, or other emergency. An incident
response procedure is a set of steps and guidelines that aim to contain, analyze, eradicate, and recover from a security incident, such as a cyberattack, data
breach, or malware infection. A business continuity plan is a set of strategies and actions that aim to maintain the essential functions and operations of an
organization during and after a disruptive event, such as a pandemic, power outage, or civil unrest. References = CompTIA Security+ Study Guide (SY0-701),
Chapter 7: Resilience and Recovery, page 325. Professor Messer’s CompTIA SY0-701 Security+ Training Course, Section 1.3: Security Operations, video:
Change Management (5:45).
NEW QUESTION 29
Guaranteed success with Our exam guides visit - https://www.certshared.com
Certshared now are offering 100% pass ensure SY0-701 dumps!
https://www.certshared.com/exam/SY0-701/ (0 Q&As)
Which of the following practices would be best to prevent an insider from introducing malicious code into a company's development process?
A. Code scanning for vulnerabilities
B. Open-source component usage
C. Quality assurance testing
D. Peer review and approval
Answer: D
Explanation:
Peer review and approval is a practice that involves having other developers or experts review the code before it is deployed or released. Peer review and
approval can help detect and prevent malicious code, errors, bugs, vulnerabilities, and poor quality in the development process. Peer review and approval can also
enforce coding standards, best practices, and compliance requirements. Peer review and approval can be done manually or with the help of tools, such as code
analysis, code review, and code
signing. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 11: Secure Application Development, page 543 2
NEW QUESTION 30
An administrator notices that several users are logging in from suspicious IP addresses. After speaking with the users, the administrator determines that the
employees were not logging in from those IP addresses and resets the affected users’ passwords. Which of the following should the administrator implement to
prevent this type of attack from succeeding in the future?
A. Multifactor authentication
B. Permissions assignment
C. Access management
D. Password complexity
Answer: A
Explanation:
The correct answer is A because multifactor authentication (MFA) is a method of verifying a user’s identity by requiring more than one factor, such as something
the user knows (e.g., password), something the user has (e.g., token), or something the user is (e.g., biometric). MFA can prevent unauthorized access even if the
user’s password is compromised, as the attacker would need to provide another factor to log in. The other options are incorrect because they do not address the
root cause of the attack, which is weak authentication. Permissions assignment (B) is the process of granting or denying access to resources based on the user’s
role or identity. Access management © is the process of controlling who can access what and under what conditions. Password complexity (D) is the requirement
of using strong passwords that are hard to guess or crack, but it does not prevent an attacker from using a stolen password. References = You can learn more
about multifactor authentication and other security concepts in the following resources:
? CompTIA Security+ SY0-701 Certification Study Guide, Chapter 1: General Security Concepts1
? Professor Messer’s CompTIA SY0-701 Security+ Training Course, Section 1.2: Security Concepts2
? Multi-factor Authentication – SY0-601 CompTIA Security+ : 2.43
? TOTAL: CompTIA Security+ Cert (SY0-701) | Udemy, Section 3: Identity and Access Management, Lecture 15: Multifactor Authentication4
? CompTIA Security+ Certification SY0-601: The Total Course [Video], Chapter 3: Identity and Account Management, Section 2: Enabling Multifactor
Authentication5
NEW QUESTION 32
A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following
vulnerabilities is the organization addressing?
A. Cross-site scripting
B. Buffer overflow
C. Jailbreaking
D. Side loading
Answer: C
Explanation:
Jailbreaking is the process of removing the restrictions imposed by the manufacturer or carrier on a mobile device, such as an iPhone or iPad. Jailbreaking allows
users to install unauthorized applications, modify system settings, and access root privileges. However, jailbreaking also exposes the device to potential security
risks, such as malware, spyware, unauthorized access, data loss, and voided warranty. Therefore, an organization may prohibit employees from jailbreaking their
mobile devices to prevent these vulnerabilities and protect the corporate data and network. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th
Edition, Chapter 10: Mobile Device Security, page 507 2
NEW QUESTION 33
Which of the following is a primary security concern for a company setting up a BYOD program?
A. End of life
B. Buffer overflow
C. VM escape
D. Jailbreaking
Answer: D
Explanation:
Jailbreaking is a primary security concern for a company setting up a BYOD (Bring Your Own Device) program. Jailbreaking is the process of removing the
manufacturer’s or the carrier’s restrictions on a device, such as a smartphone or a tablet, to gain root access and install unauthorized or custom software.
Jailbreaking can compromise the security of the device and the data stored on it, as well as expose it to malware, viruses, or hacking. Jailbreaking can also violate
the warranty and the terms of service of the device, and make it incompatible with the company’s security policies and standards. Therefore, a company setting up
a BYOD program should prohibit jailbreaking and enforce device compliance and encryption. References = CompTIA Security+ Study Guide with over 500
Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 2, page 76. CompTIA Security+ SY0-701 Exam Objectives, Domain 2.4, page 11.
Guaranteed success with Our exam guides visit - https://www.certshared.com
Certshared now are offering 100% pass ensure SY0-701 dumps!
https://www.certshared.com/exam/SY0-701/ (0 Q&As)
NEW QUESTION 35
A company is concerned about weather events causing damage to the server room and downtime. Which of the following should the company consider?
A. Clustering servers
B. Geographic dispersion
C. Load balancers
D. Off-site backups
Answer: B
Explanation:
Geographic dispersion is a strategy that involves distributing the servers or data centers across different geographic locations. Geographic dispersion can help the
company to mitigate the risk of weather events causing damage to the server room and downtime, as well as improve the availability, performance, and resilience
of the network. Geographic dispersion can also enhance the disaster recovery and business continuity capabilities of the company, as it can provide backup and
failover options in case of a regional outage or disruption12.
The other options are not the best ways to address the company’s concern:
? Clustering servers: This is a technique that involves grouping multiple servers together to act as a single system. Clustering servers can help to improve the
performance, scalability, and fault tolerance of the network, but it does not protect the servers from physical damage or downtime caused by weather events,
especially if the servers are located in the same room or building3.
? Load balancers: These are devices or software that distribute the network traffic or workload among multiple servers or resources. Load balancers can help to
optimize the utilization, efficiency, and reliability of the network, but they do not prevent the servers from being damaged or disrupted by weather events, especially
if the servers are located in the same room or building4.
? Off-site backups: These are copies of data or files that are stored in a different location than the original source. Off-site backups can help to protect the data
from being lost or corrupted by weather events, but they do not prevent the servers from being damaged or disrupted by weather events, nor do they ensure the
availability or continuity of the network services.
References = 1: CompTIA Security+ SY0-701 Certification Study Guide, page 972: High Availability – CompTIA Security+ SY0-701 – 3.4, video by Professor
Messer3: CompTIA Security+ SY0-701 Certification Study Guide, page 984: CompTIA Security+ SY0-701 Certification Study Guide, page 99. : CompTIA Security+
SY0-701 Certification Study Guide, page 100.
NEW QUESTION 38
An organization disabled unneeded services and placed a firewall in front of a business- critical legacy system. Which of the following best describes the actions
taken by the organization?
A. Exception
B. Segmentation
C. Risk transfer
D. Compensating controls
Answer: D
Explanation:
Compensating controls are alternative security measures that are implemented when the primary controls are not feasible, cost-effective, or sufficient to mitigate
the risk. In this case, the organization used compensating controls to protect the legacy system from potential attacks by disabling unneeded services and placing
a firewall in front of it. This reduced the attack surface and the likelihood of exploitation.
References:
? Official CompTIA Security+ Study Guide (SY0-701), page 29
? Security Controls - CompTIA Security+ SY0-701 - 1.1 1
NEW QUESTION 41
Which of the following describes a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized
system?
A. SIEM
B. DLP
C. IDS
D. SNMP
Answer: A
Explanation:
SIEM stands for Security Information and Event Management. It is a security alerting and monitoring tool that collects system, application, and network logs from
multiple sources in a centralized system. SIEM can analyze the collected data, correlate events, generate alerts, and provide reports and dashboards. SIEM can
also integrate with other security tools and support compliance requirements. SIEM helps organizations to detect and respond to cyber threats, improve security
posture, and reduce operational costs. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 10: Monitoring and Auditing, page 393.
CompTIA Security+ Practice Tests: Exam SY0-701, 3rd Edition, Chapter 10: Monitoring and Auditing, page 397.
NEW QUESTION 46
A bank insists all of its vendors must prevent data loss on stolen laptops. Which of the following strategies is the bank requiring?
A. Encryption at rest
B. Masking
C. Data classification
D. Permission restrictions
Answer: A
Explanation:
Encryption at rest is a strategy that protects data stored on a device, such as a laptop, by converting it into an unreadable format that can only be accessed with a
decryption key or password. Encryption at rest can prevent data loss on stolen laptops by preventing unauthorized access to the data, even if the device is
physically compromised.
Guaranteed success with Our exam guides visit - https://www.certshared.com
Certshared now are offering 100% pass ensure SY0-701 dumps!
https://www.certshared.com/exam/SY0-701/ (0 Q&As)
Encryption at rest can also help comply with data privacy regulations and standards that require data protection. Masking, data classification, and permission
restrictions are other strategies that can help protect data, but they may not be sufficient or applicable for data stored on laptops. Masking is a technique that
obscures sensitive data elements, such as credit card numbers, with random characters or symbols, but it is usually used for data in transit or in use, not at rest.
Data classification is a process that assigns labels to data based on its sensitivity and business impact, but it does not protect the data itself. Permission
restrictions are rules that define who can access, modify, or delete data, but they may not prevent unauthorized access if the laptop is stolen and the security
controls are bypassed. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 17-18, 372-373
NEW QUESTION 51
A security consultant needs secure, remote access to a client environment. Which of the following should the security consultant most likely use to gain access?
A. EAP
B. DHCP
C. IPSec
D. NAT
Answer: C
Explanation:
IPSec is a protocol suite that provides secure communication over IP networks. IPSec can be used to create virtual private networks (VPNs) that encrypt and
authenticate the data exchanged between two or more parties. IPSec can also provide data integrity, confidentiality, replay protection, and access control. A
security consultant can use IPSec to gain secure, remote access to a client environment by establishing a VPN tunnel with the client’s network. References:
CompTIA Security+ Study Guide: Exam SY0- 701, 9th Edition, Chapter 8: Secure Protocols and Services, page 385 1
NEW QUESTION 52
Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software?
A. Configure all systems to log scheduled tasks.
B. Collect and monitor all traffic exiting the network.
C. Block traffic based on known malicious signatures.
D. Install endpoint management software on all systems.
Answer: D
Explanation:
Endpoint management software is a tool that allows security engineers to monitor and control the configuration, security, and performance of workstations and
servers from a central console. Endpoint management software can help detect and prevent unauthorized changes and software installations, enforce policies and
compliance, and provide reports and alerts on the status of the endpoints. The other options are not as effective or comprehensive as endpoint management
software for this
purpose. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page
137 1
NEW QUESTION 54
A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be
used to secure patient data?
A. Private
B. Critical
C. Sensitive
D. Public
Answer: C
Explanation:
Data classification is a process of categorizing data based on its level of sensitivity, value, and impact to the organization if compromised. Data classification helps
to determine the appropriate security controls and policies to protect the data from unauthorized access, disclosure, or modification. Different organizations may
use different data classification schemes, but a common one is the four-tier model, which consists of the following categories: public, private, sensitive, and critical.
Public data is data that is intended for public access and disclosure, and has no impact to the organization if compromised. Examples of public data include
marketing materials, press releases, and public web pages.
Private data is data that is intended for internal use only, and has a low to moderate impact to the organization if compromised. Examples of private data include
employee records, financial reports, and internal policies.
Sensitive data is data that is intended for authorized use only, and has a high impact to the organization if compromised. Examples of sensitive data include
personal information, health records, and intellectual property.
Critical data is data that is essential for the organization’s operations and survival, and has a severe impact to the organization if compromised. Examples of
critical data include encryption keys, disaster recovery plans, and system backups.
Patient data is a type of sensitive data, as it contains personal and health information that is protected by law and ethical standards. Patient data should be used
only by authorized personnel for legitimate purposes, and should be secured from unauthorized access, disclosure, or modification. Therefore, the systems
administrator should use the sensitive data classification to secure patient data.
References = CompTIA Security+ SY0-701 Certification Study Guide, page 90-91; Professor Messer’s CompTIA SY0-701 Security+ Training Course, video 5.5 -
Data Classifications, 0:00 - 4:30.
NEW QUESTION 56
A security engineer is implementing FDE for all laptops in an organization. Which of the following are the most important for the engineer to consider as part of the
planning process? (Select two).
A. Key escrow
B. TPM presence
C. Digital signatures
D. Data tokenization
E. Public key management
Guaranteed success with Our exam guides visit - https://www.certshared.com
Certshared now are offering 100% pass ensure SY0-701 dumps!
https://www.certshared.com/exam/SY0-701/ (0 Q&As)
F. Certificate authority linking
Answer: AB
Explanation:
? Key escrow is a method of storing encryption keys in a secure location, such as a trusted third party or a hardware security module (HSM). Key escrow is
important for FDE because it allows the recovery of encrypted data in case of lost or forgotten passwords, device theft, or hardware failure. Key escrow also
enables authorized access to encrypted data for legal or forensic purposes.
? TPM presence is a feature of some laptops that have a dedicated chip for storing encryption keys and other security information. TPM presence is important for
FDE because it enhances the security and performance of encryption by generating and protecting the keys within the chip, rather than relying on software or
external devices. TPM presence also enables features such as secure boot, remote attestation, and device authentication.
NEW QUESTION 57
Which of the following must be considered when designing a high-availability network? (Select two).
A. Ease of recovery
B. Ability to patch
C. Physical isolation
D. Responsiveness
E. Attack surface
F. Extensible authentication
Answer: AE
Explanation:
A high-availability network is a network that is designed to minimize downtime and ensure continuous operation of critical services and applications. To achieve
this goal, a high-availability network must consider two important factors: ease of recovery and attack surface.
Ease of recovery refers to the ability of a network to quickly restore normal functionality after a failure, disruption, or disaster. A high-availability network should
have mechanisms such as redundancy, failover, backup, and restore to ensure that any single point of failure does not cause a complete network outage. A high-
availability network should also have procedures and policies for incident response, disaster recovery, and business continuity to minimize the impact of any
network issue on the organization’s operations and reputation. Attack surface refers to the exposure of a network to potential threats and vulnerabilities. A high-
availability network should have measures such as encryption, authentication, authorization, firewall, intrusion detection and prevention, and patch management to
protect the network from unauthorized access, data breaches, malware, denial-of-service attacks, and other cyberattacks. A high-availability network should also
have processes and tools for risk assessment, threat intelligence, vulnerability scanning, and penetration testing to identify and mitigate any weaknesses or gaps
in the network security. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 4:
Architecture and Design, pages 164-1651. CompTIA Security+ Certification Kit: Exam SY0- 701, 7th Edition, Chapter 4: Architecture and Design, pages 164-1652.
NEW QUESTION 61
A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks.
Which of the following analysis elements did the company most likely use in making this decision?
A. IMTTR
B. RTO
C. ARO
D. MTBF
Answer: C
Explanation:
ARO (Annualized Rate of Occurrence) is an analysis element that measures the frequency or likelihood of an event happening in a given year. ARO is often used
in risk assessment and management, as it helps to estimate the potential loss or impact of an event. A company can use ARO to calculate the annualized loss
expectancy (ALE) of an event, which is the product of ARO and the single loss expectancy (SLE). ALE represents the expected cost of an event per year, and can
be used to compare with the cost of implementing a security control or purchasing an insurance policy.
The company most likely used ARO in making the decision to remove the coverage for ransomware attacks from its cyber insurance policy. The company may
have estimated the ARO of ransomware attacks based on historical data, industry trends, or threat intelligence, and found that the ARO was low or negligible. The
company may have also calculated the ALE of ransomware attacks, and found that the ALE was lower than the cost of the insurance policy. Therefore, the
company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks, as it deemed the risk to be acceptable
or manageable.
IMTTR (Incident Management Team Training and Readiness), RTO (Recovery Time Objective), and MTBF (Mean Time Between Failures) are not analysis
elements that the company most likely used in making the decision to remove the coverage for ransomware attacks from its cyber insurance policy. IMTTR is a
process of preparing and training the incident management team to respond effectively to security incidents. IMTTR does not measure the frequency or impact of
an event, but rather the capability and readiness of the team. RTO is a metric that defines the maximum acceptable time for restoring a system or service after a
disruption. RTO does not measure the frequency or impact of an event, but rather the availability and continuity of the system or service. MTBF is a metric that
measures the average time between failures of a system or component. MTBF does not measure the frequency or impact of an event, but rather the reliability and
performance of the system or component.
References = CompTIA Security+ SY0-701 Certification Study Guide, page 97-
98; Professor Messer’s CompTIA SY0-701 Security+ Training Course, video 5.2 - Risk Management, 0:00 - 3:00.
NEW QUESTION 63
A company’s web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an
analyst employ to prohibit access to non-encrypted websites?
A. encryption=off\
B. http://
C. www.*.com
D. :443
Answer: B
Explanation:
Guaranteed success with Our exam guides visit - https://www.certshared.com
Certshared now are offering 100% pass ensure SY0-701 dumps!
https://www.certshared.com/exam/SY0-701/ (0 Q&As)
A web filter is a device or software that can monitor, block, or allow web traffic based on predefined rules or policies. One of the common methods of web filtering
is to scan the URL for strings and deny access when matches are found. For example, a web filter can block access to websites that contain the words
“gambling”, “porn”, or “malware” in their URLs. A URL is a uniform resource locator that identifies the location and protocol of a web resource. A URL typically
consists of the following components: protocol://domain:port/path?query#fragment. The protocol specifies the communication method used to access the web
resource, such as HTTP, HTTPS, FTP, or SMTP. The domain is the name of the web server that hosts the web resource, such as www.google.com or
www.bing.com. The port is an optional number that identifies the specific service or application running on the web server, such as 80 for HTTP or 443 for HTTPS.
The path is the specific folder or file name of the web resource, such as /index.html or /images/logo.png. The query is an optional string that contains additional
information or parameters for the web resource, such as ?q=security or ?lang=en. The fragment is an optional string that identifies a specific part or section of the
web resource, such as #introduction or #summary.
To prohibit access to non-encrypted websites, an analyst should employ a search string that matches the protocol of non-encrypted web traffic, which is HTTP.
HTTP stands for hypertext transfer protocol, and it is a standard protocol for transferring data between web servers and web browsers. However, HTTP does not
provide any encryption or security for the data, which means that anyone who intercepts the web traffic can read or modify the data. Therefore, non-encrypted
websites are vulnerable to eavesdropping, tampering, or spoofing attacks. To access a non-encrypted website, the URL usually starts with http://, followed by the
domain name and optionally the port number. For example, http://www.example.com or http://www.example.com:80. By scanning the URL for the string http://, the
web filter can identify and block non-encrypted websites.
The other options are not correct because they do not match the protocol of non-encrypted web traffic. Encryption=off is a possible query string that indicates the
encryption status of the web resource, but it is not a standard or mandatory parameter. Https:// is the protocol of encrypted web traffic, which uses hypertext
transfer protocol secure (HTTPS) to provide encryption and security for the data. Www.*.com is a possible domain name that matches any website that starts with
www and ends with .com, but it does not specify the protocol.
:443 is the port number of HTTPS, which is the protocol of encrypted web traffic. References = CompTIA Security+ Study Guide (SY0-701), Chapter 2: Securing
Networks, page 69. Professor Messer’s CompTIA SY0-701 Security+ Training Course, Section 2.1: Network Devices and Technologies, video: Web Filter (5:16).
NEW QUESTION 64
A company is required to use certified hardware when building networks. Which of the following best addresses the risks associated with procuring counterfeit
hardware?
A. A thorough analysis of the supply chain
B. A legally enforceable corporate acquisition policy
C. A right to audit clause in vendor contracts and SOWs
D. An in-depth penetration test of all suppliers and vendors
Answer: A
Explanation:
Counterfeit hardware is hardware that is built or modified without the authorization of the original equipment manufacturer (OEM). It can pose serious risks to
network quality, performance, safety, and reliability12. Counterfeit hardware can also contain malicious components that can compromise the security of the
network and the data that flows through it3. To address the risks associated with procuring counterfeit hardware, a company should conduct a thorough analysis of
the supply chain, which is the network of entities involved in the production, distribution, and delivery of the hardware. By analyzing the supply chain, the company
can verify the origin, authenticity, and integrity of the hardware, and identify any potential sources of counterfeit or tampered products. A thorough analysis of the
supply chain can include the following steps:
? Establishing a trusted relationship with the OEM and authorized resellers
? Requesting documentation and certification of the hardware from the OEM or authorized resellers
? Inspecting the hardware for any signs of tampering, such as mismatched labels, serial numbers, or components
? Testing the hardware for functionality, performance, and security
? Implementing a tracking system to monitor the hardware throughout its lifecycle
? Reporting any suspicious or counterfeit hardware to the OEM and law enforcement agencies References = 1: Identify Counterfeit and Pirated Products -
Cisco, 2: What Is Hardware Security? Definition, Threats, and Best Practices, 3: Beware of Counterfeit Network Equipment - TechNewsWorld, : Counterfeit
Hardware: The Threat and How to Avoid It
NEW QUESTION 68
Which of the following factors are the most important to address when formulating a training curriculum plan for a security awareness program? (Select two).
A. Channels by which the organization communicates with customers
B. The reporting mechanisms for ethics violations
C. Threat vectors based on the industry in which the organization operates
D. Secure software development training for all personnel
E. Cadence and duration of training events
F. Retraining requirements for individuals who fail phishing simulations
Answer: CE
Explanation:
A training curriculum plan for a security awareness program should address the following factors:
? The threat vectors based on the industry in which the organization operates. This will help the employees to understand the specific risks and challenges that
their organization faces, and how to protect themselves and the organization from cyberattacks. For example, a healthcare organization may face different threat
vectors than a financial organization, such as ransomware, data breaches, or medical device hacking1.
? The cadence and duration of training events. This will help the employees to retain
the information and skills they learn, and to keep up with the changing security landscape. The training events should be frequent enough to reinforce the key
concepts and behaviors, but not too long or too short to lose the attention or interest of the employees. For example, a security awareness program may include
monthly newsletters, quarterly webinars, annual workshops, or periodic quizzes2.
References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 2, page 34; CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition,
Chapter 2, page 55.
NEW QUESTION 72
A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations. Which of the following should the hosting provider consider
first?
A. Local data protection regulations
B. Risks from hackers residing in other countries
C. Impacts to existing contractual obligations
Guaranteed success with Our exam guides visit - https://www.certshared.com
Certshared now are offering 100% pass ensure SY0-701 dumps!
https://www.certshared.com/exam/SY0-701/ (0 Q&As)
D. Time zone differences in log correlation
Answer: A
Explanation:
Local data protection regulations are the first thing that a cloud-hosting provider should consider before expanding its data centers to new international locations.
Data protection regulations are laws or standards that govern how personal or sensitive data is collected, stored, processed, and transferred across borders.
Different countries or regions may have different data protection regulations, such as the General Data Protection Regulation (GDPR) in the European Union, the
Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, or the California Consumer Privacy Act (CCPA) in the United States. A cloud-
hosting provider must comply with the local data protection regulations of the countries or regions where it operates or serves customers, or else it may face legal
penalties, fines, or reputational damage. Therefore, a cloud-hosting provider should research and understand the local data protection regulations of the new
international locations before expanding its data centers there. References = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam
SY0-701, 9th Edition, Chapter 7, page 269. CompTIA Security+ SY0-701 Exam Objectives, Domain 5.1, page 14.
NEW QUESTION 74
A systems administrator is working on a solution with the following requirements:
• Provide a secure zone.
• Enforce a company-wide access control policy.
• Reduce the scope of threats.
Which of the following is the systems administrator setting up?
A. Zero Trust
B. AAA
C. Non-repudiation
D. CIA
Answer: A
Explanation:
Zero Trust is a security model that assumes no trust for any entity inside or outside the network perimeter and requires continuous verification of identity and
permissions. Zero Trust can provide a secure zone by isolating and protecting sensitive data and resources from unauthorized access. Zero Trust can also enforce
a company- wide access control policy by applying the principle of least privilege and granular segmentation for users, devices, and applications. Zero Trust can
reduce the scope of threats by preventing lateral movement and minimizing the attack surface.
References:
? 5: This source explains the concept and benefits of Zero Trust security and how it differs from traditional security models.
? 8: This source provides an overview of Zero Trust identity security and how it can help verify the identity and integrity of users and devices.
NEW QUESTION 77
A company needs to provide administrative access to internal resources while minimizing the traffic allowed through the security boundary. Which of the following
methods is most secure?
A. Implementing a bastion host
B. Deploying a perimeter network
C. Installing a WAF
D. Utilizing single sign-on
Answer: A
Explanation:
A bastion host is a special-purpose server that is designed to withstand attacks and provide secure access to internal resources. A bastion host is usually placed
on the edge of a network, acting as a gateway or proxy to the internal network. A bastion host can be configured to allow only certain types of traffic, such as SSH
or HTTP, and block all other traffic. A bastion host can also run security software such as firewalls, intrusion detection systems, and antivirus programs to monitor
and filter incoming and outgoing traffic. A bastion host can provide administrative access to internal resources by requiring strong authentication and encryption,
and by logging all activities for auditing purposes12.
A bastion host is the most secure method among the given options because it minimizes the traffic allowed through the security boundary and provides a single
point of control and defense. A bastion host can also isolate the internal network from direct exposure to the internet or other untrusted networks, reducing the
attack surface and the risk of compromise3.
Deploying a perimeter network is not the correct answer, because a perimeter network is a network segment that separates the internal network from the external
network. A perimeter network usually hosts public-facing services such as web servers, email servers, or DNS servers that need to be accessible from the internet.
A perimeter network does not provide administrative access to internal resources, but rather protects them from unauthorized access. A perimeter network can
also increase the complexity and cost of network management and security4.
Installing a WAF is not the correct answer, because a WAF is a security tool that protects web applications from common web-based attacks by monitoring,
filtering, and blocking HTTP traffic. A WAF can prevent attacks such as cross-site scripting, SQL injection, or file inclusion, among others. A WAF does not provide
administrative access to internal resources, but rather protects them from web application vulnerabilities. A WAF is also not a comprehensive solution for network
security, as it only operates at the application layer and does not protect against other types of attacks or threats5.
Utilizing single sign-on is not the correct answer, because single sign-on is a method of authentication that allows users to access multiple sites, services, or
applications with one username and password. Single sign-on can simplify the sign-in process for users and reduce the number of passwords they have to
remember and manage. Single sign-on does not provide administrative access to internal resources, but rather enables access to various resources that the user
is authorized to use. Single sign-on can also introduce security risks if the user’s credentials are compromised or if the single sign-on provider is
breached6. References = 1: Bastion host - Wikipedia, 2: 14 Best Practices to Secure SSH Bastion Host - goteleport.com, 3: The Importance Of Bastion Hosts In
Network
Security, 4: What is the network perimeter? | Cloudflare, 5: What is a WAF? | Web Application Firewall explained, 6: [What is single sign-on (SSO)? - Definition
from WhatIs.com]
NEW QUESTION 78
A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?
A. Testing input validation on the user input fields
B. Performing code signing on company-developed software
C. Performing static code analysis on the software
Guaranteed success with Our exam guides visit - https://www.certshared.com
Certshared now are offering 100% pass ensure SY0-701 dumps!
https://www.certshared.com/exam/SY0-701/ (0 Q&As)
D. Ensuring secure cookies are use
Answer: B
Explanation:
Code signing is a technique that uses cryptography to verify the authenticity and integrity of the code created by the company. Code signing involves applying a
digital signature to the code using a private key that only the company possesses. The digital signature can be verified by anyone who has the corresponding
public key, which can be distributed through a trusted certificate authority. Code signing can prevent unauthorized modifications, tampering, or malware injection
into the code, and it can also assure the users that the code is from a legitimate source. References = CompTIA Security+ Study Guide with over 500 Practice Test
Questions: Exam SY0-701, 9th Edition, Chapter 2, page 74. CompTIA Security+ (SY0-701) Certification Exam Objectives, Domain 3.2, page 11. Application
Security – SY0-601 CompTIA Security+ : 3.2
NEW QUESTION 81
Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?
A. Compensating control
B. Network segmentation
C. Transfer of risk
D. SNMP traps
Answer: A
Explanation:
A compensating control is a security measure that is implemented to mitigate the risk of a vulnerability or a weakness that cannot be resolved by the primary
control. A compensating control does not prevent or eliminate the vulnerability or weakness, but it can reduce the likelihood or impact of an attack. A host-based
firewall on a legacy Linux system that allows connections from only specific internal IP addresses is an example of a compensating control, as it can limit the
exposure of the system to potential threats from external or unauthorized sources. A host-based firewall is a software application that monitors and filters the
incoming and outgoing network traffic on a single host, based on a set of rules or policies. A legacy Linux system is an older version of the Linux operating system
that may not be compatible with the latest security updates or patches, and may have known vulnerabilities or weaknesses that could be exploited by attackers.
References = Security Controls – SY0-601 CompTIA Security+ : 5.1, Security Controls – CompTIA Security+ SY0-501 – 5.7, CompTIA Security+ Study Guide with
over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 5, page 240. CompTIA Security+ (SY0-701) Certification Exam Objectives, Domain 5.1,
page 18.
NEW QUESTION 85
Which of the following involves an attempt to take advantage of database misconfigurations?
A. Buffer overflow
B. SQL injection
C. VM escape
D. Memory injection
Answer: B
Explanation:
SQL injection is a type of attack that exploits a database misconfiguration or a flaw in the application code that interacts with the database. An attacker can inject
malicious SQL statements into the user input fields or the URL parameters that are sent to the database server. These statements can then execute unauthorized
commands, such as reading, modifying, deleting, or creating data, or even taking over the database server. SQL injection can compromise the confidentiality,
integrity, and availability of the data and the system. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 215 1
NEW QUESTION 88
A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy?
A. Enumeration
B. Sanitization
C. Destruction
D. Inventory
Answer: B
Explanation:
Sanitization is the process of removing sensitive data from a storage device or a system before it is disposed of or reused. Sanitization can be done by using
software tools or hardware devices that overwrite the data with random patterns or zeros, making it unrecoverable. Sanitization is different from destruction, which
is the physical damage of the storage device to render it unusable. Sanitization is also different from enumeration, which is the identification of network resources
or devices, and inventory, which is the tracking of assets and their locations. The policy of securely wiping hard drives before sending decommissioned systems to
recycling is an example of sanitization, as it ensures that no confidential data can be retrieved from the recycled devices. References = Secure Data Destruction –
SY0-601 CompTIA Security+ : 2.7, video at 1:00; CompTIA Security+ SY0-701 Certification Study Guide, page 387.
NEW QUESTION 91
Which of the following best practices gives administrators a set period to perform changes to an operational system to ensure availability and minimize business
impacts?
A. Impact analysis
B. Scheduled downtime
C. Backout plan
D. Change management boards
Answer: B
Explanation:
Guaranteed success with Our exam guides visit - https://www.certshared.com
Certshared now are offering 100% pass ensure SY0-701 dumps!
https://www.certshared.com/exam/SY0-701/ (0 Q&As)
Scheduled downtime is a planned period of time when a system or service is unavailable for maintenance, updates, upgrades, or other changes. Scheduled
downtime gives administrators a set period to perform changes to an operational system without disrupting the normal business operations or affecting the
availability of the system or service. Scheduled downtime also allows administrators to inform the users and stakeholders about the expected duration and impact
of the changes. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 12: Security Operations and Administration, page 579 1
NEW QUESTION 94
A company’s legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-
risk countries. Which of the following is the most effective way to limit this access?
A. Data masking
B. Encryption
C. Geolocation policy
D. Data sovereignty regulation
Answer: C
Explanation:
A geolocation policy is a policy that restricts or allows access to data or resources based on the geographic location of the user or device. A geolocation policy can
be implemented using various methods, such as IP address filtering, GPS tracking, or geofencing. A geolocation policy can help the company’s legal department
to prevent unauthorized access to sensitive documents from individuals in high-risk countries12.
The other options are not effective ways to limit access based on location:
? Data masking: This is a technique of obscuring or replacing sensitive data with fictitious or anonymized data. Data masking can protect the privacy and
confidentiality of data, but it does not prevent access to data based on location3.
? Encryption: This is a process of transforming data into an unreadable format using a secret key or algorithm. Encryption can protect the integrity and
confidentiality of data, but it does not prevent access to data based on location. Encryption can also be bypassed by attackers who have the decryption key or
method4.
? Data sovereignty regulation: This is a set of laws or rules that govern the storage, processing, and transfer of data within a specific jurisdiction or country. Data
sovereignty regulation can affect the availability and compliance of data, but it does not prevent access to data based on location. Data sovereignty regulation can
also vary depending on the country or region.
References = 1: CompTIA Security+ SY0-701 Certification Study Guide, page 972: Account Policies – SY0-601 CompTIA Security+ : 3.7, video by Professor
Messer3: CompTIA Security+ SY0-701 Certification Study Guide, page 1004: CompTIA Security+ SY0-701 Certification Study Guide, page 101. : CompTIA
Security+ SY0-701 Certification Study Guide, page 102.
NEW QUESTION 96
Which of the following would be the best way to block unknown programs from executing?
A. Access control list
B. Application allow list.
C. Host-based firewall
D. DLP solution
Answer: B
Explanation:
An application allow list is a security technique that specifies which applications are permitted to run on a system or a network. An application allow list can block
unknown programs from executing by only allowing the execution of programs that are explicitly authorized and verified. An application allow list can prevent
malware, unauthorized software, or unwanted applications from running and compromising the security of the system or the network12.
The other options are not the best ways to block unknown programs from executing:
? Access control list: This is a security technique that specifies which users or groups are granted or denied access to a resource or an object. An access control
list can control the permissions and privileges of users or groups, but it does not directly block unknown programs from executing13.
? Host-based firewall: This is a security device that monitors and filters the incoming and outgoing network traffic on a single host or system. A host-based firewall
can block or allow network connections based on predefined rules, but it does not directly block unknown programs from executing1 .
? DLP solution: This is a security system that detects and prevents the unauthorized transmission or leakage of sensitive data. A DLP solution can protect the
confidentiality and integrity of data, but it does not directly block unknown programs from executing1 .
References = 1: CompTIA Security+ SY0-701 Certification Study Guide, page 972: Application Whitelisting – CompTIA Security+ SY0-701 – 3.5, video by
Professor Messer3: CompTIA Security+ SY0-701 Certification Study Guide, page 98. : CompTIA Security+ SY0-701 Certification Study Guide, page 99. :
CompTIA Security+ SY0-701 Certification Study Guide, page 100.
NEW QUESTION 99
An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the
following types of sites is the best for this scenario?
A. Real-time recovery
B. Hot
C. Cold
D. Warm
Answer: C
Explanation:
A cold site is a type of backup data center that has the necessary infrastructure to support IT operations, but does not have any pre-configured hardware or
software. A cold site is the cheapest option among the backup data center types, but it also has the longest recovery time objective (RTO) and recovery point
objective (RPO) values. A cold site is suitable for scenarios where the cost-benefit is the primary requirement and the RTO and RPO values are not very stringent.
A cold site can take up to two days or more to restore the normal operations after a disaster. References = CompTIA Security+ SY0-701 Certification Study Guide,
page 387; Backup Types – SY0-601 CompTIA Security+ : 2.5, video at 4:50.
NEW QUESTION 102
A client demands at least 99.99% uptime from a service provider's hosted security services. Which of the following documents includes the information the service
provider should return to the client?
Guaranteed success with Our exam guides visit - https://www.certshared.com
Certshared now are offering 100% pass ensure SY0-701 dumps!
https://www.certshared.com/exam/SY0-701/ (0 Q&As)
A. MOA
B. SOW
C. MOU
D. SLA
Answer: D
Explanation:
A service level agreement (SLA) is a document that defines the level of service expected by a customer from a service provider, indicating the metrics by which
that service is measured, and the remedies or penalties, if any, should the agreed-upon levels not be achieved. An SLA can specify the minimum uptime or
availability of a service, such as 99.99%, and the consequences for failing to meet that standard. A memorandum of agreement (MOA), a statement of work
(SOW), and a memorandum of understanding (MOU) are other types of documents that can be used to establish a relationship between parties, but they do not
typically include the details of service levels and performance metrics that an SLA does. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition,
page 16-17
NEW QUESTION 106
A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded
the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message. Which of the following
should the analyst do?
A. Place posters around the office to raise awareness of common phishing activities.
B. Implement email security filters to prevent phishing emails from being delivered
C. Update the EDR policies to block automatic execution of downloaded programs.
D. Create additional training for users to recognize the signs of phishing attempts.
Answer: C
Explanation:
An endpoint detection and response (EDR) system is a security tool that monitors and analyzes the activities and behaviors of endpoints, such as computers,
laptops, mobile devices, and servers. An EDR system can detect, prevent, and respond to various types of threats, such as malware, ransomware, phishing, and
advanced persistent threats (APTs). One of the features of an EDR system is to block the automatic execution of downloaded programs, which can prevent
malicious code from running on the endpoint when a user clicks on a link in a phishing message. This can reduce the impact of a phishing attack and protect the
endpoint from compromise. Updating the EDR policies to block automatic execution of downloaded programs is a technical control that can mitigate the risk of
phishing, regardless of the user’s awareness or behavior. Therefore, this is the best answer among the given options.
The other options are not as effective as updating the EDR policies, because they rely on administrative or physical controls that may not be sufficient to prevent or
stop a phishing attack. Placing posters around the office to raise awareness of common phishing activities is a physical control that can increase the user’s
knowledge of phishing, but it may not change their behavior or prevent them from clicking on a link in a phishing message. Implementing email security filters to
prevent phishing emails from being delivered is an administrative control that can reduce the exposure to phishing, but it may not be able to block all phishing
emails, especially if they are crafted to bypass the filters. Creating additional training for users to recognize the signs of phishing attempts is an administrative
control that can improve the user’s skills of phishing detection, but it may not guarantee that they will always be vigilant or cautious when receiving an email.
Therefore, these options are not the best answer for this question. References = Endpoint Detection and Response – CompTIA Security+ SY0-701 – 2.2, video at
5:30; CompTIA Security+ SY0- 701 Certification Study Guide, page 163.
NEW QUESTION 110
Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment?
A. Fines
B. Audit findings
C. Sanctions
D. Reputation damage
Answer: A
Explanation:
PCI DSS is the Payment Card Industry Data Security Standard, which is a set of security requirements for organizations that store, process, or transmit cardholder
data. PCI DSS aims to protect the confidentiality, integrity, and availability of cardholder data and prevent fraud, identity theft, and data breaches. PCI DSS is
enforced by the payment card brands, such as Visa, Mastercard, American Express, Discover, and JCB, and applies to all entities involved in the payment card
ecosystem, such as merchants, acquirers, issuers, processors, service providers, and payment applications.
If a large bank fails an internal PCI DSS compliance assessment, the most likely outcome is that the bank will face fines from the payment card brands. An internal
PCI DSS compliance assessment is a self-assessment that the bank performs to evaluate its own compliance with the PCI DSS requirements. The bank must
submit the results of the internal assessment to the payment card brands or their designated agents, such as acquirers or qualified security assessors (QSAs). If
the internal assessment reveals that the bank is not compliant with the PCI DSS requirements, the payment card brands may impose fines on the bank as a
penalty for violating the PCI DSS contract. The amount and frequency of the fines may vary depending on the severity and duration of the non- compliance, the
number and type of cardholder data compromised, and the level of cooperation and remediation from the bank. The fines can range from thousands to millions of
dollars per month, and can increase over time if the non-compliance is not resolved.
The other options are not correct because they are not the most likely outcomes if a large bank fails an internal PCI DSS compliance assessment. B. Audit
findings. Audit findings are the results of an external PCI DSS compliance assessment that is performed by a QSA or an approved scanning vendor (ASV). An
external assessment is required for certain entities that handle a large volume of cardholder data or have a history of non-compliance. An external assessment
may also be triggered by a security incident or a request from the payment card brands. Audit findings may reveal the gaps and weaknesses in the bank’s security
controls and recommend corrective actions to achieve compliance. However, audit findings are not the outcome of an internal assessment, which is performed by
the bank itself. C. Sanctions. Sanctions are the measures that the payment card brands may take against the bank if the bank fails to pay the fines or comply with
the PCI DSS requirements. Sanctions may include increasing the fines, suspending or terminating the bank’s ability to accept or process payment cards, or
revoking the bank’s PCI DSS certification. Sanctions are not the immediate outcome of an internal assessment, but rather the possible
consequence of prolonged or repeated non-compliance. D. Reputation damage. Reputation damage is the loss of trust and credibility that the bank may suffer
from its customers, partners, regulators, and the public if the bank fails an internal PCI DSS compliance assessment. Reputation damage may affect the bank’s
brand image, customer loyalty, market share, and profitability. Reputation damage is not a direct outcome of an internal assessment, but rather a potential risk that
the bank may face if the non-compliance is exposed or exploited by malicious actors. References = CompTIA Security+ Study Guide (SY0-701), Chapter 8:
Governance, Risk, and Compliance, page 388. Professor Messer’s CompTIA SY0-701 Security+ Training Course, Section 8.2: Compliance and Controls, video:
PCI DSS (5:12). PCI Security Standards Council, PCI DSS Quick Reference Guide, page 4. PCI Security Standards Council, PCI DSS FAQs, question 8. PCI
Security Standards Council, PCI DSS FAQs, question 9. [PCI Security Standards Council], PCI DSS FAQs, question 10. [PCI Security Standards Council], PCI
DSS FAQs, question 11. [PCI Security Standards Council], PCI DSS FAQs, question 12. [PCI Security Standards Council], PCI DSS FAQs, question 13. [PCI
Guaranteed success with Our exam guides visit - https://www.certshared.com
Certshared now are offering 100% pass ensure SY0-701 dumps!
https://www.certshared.com/exam/SY0-701/ (0 Q&As)
Security Standards Council], PCI DSS FAQs, question 14. [PCI Security Standards Council], PCI DSS FAQs, question 15. [PCI Security Standards Council], PCI
DSS FAQs, question 16. [PCI Security Standards Council], PCI DSS FAQs, question 17. [PCI Security Standards Council], PCI DSS FAQs, question 18. [PCI
Security Standards Council], PCI DSS FAQs, question 19. [PCI Security Standards Council], PCI DSS FAQs, question 20. [PCI Security Standards Council], PCI
DSS FAQs, question 21. [PCI Security Standards Council], PCI DSS FAQs, question 22. [PCI Security Standards Council], PCI DSS FAQs, question 23. [PCI
Security Standards Council], PCI DSS FAQs, question 24. [PCI Security Standards Council], PCI DSS FAQs, question 25. [PCI Security Standards Council], PCI
DSS FAQs, question 26. [PCI Security Standards Council], PCI DSS FAQs, question 27. [PCI Security Standards Council], PCI DSS FAQs, question 28. [PCI
Security Standards Council], PCI DSS FAQs, question 29. [PCI Security Standards Council], PCI DSS FAQs, question 30. [PCI Security Standards Council]
NEW QUESTION 114
An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker
using?
A. Smishing
B. Disinformation
C. Impersonating
D. Whaling
Answer: D
Explanation:
Whaling is a type of phishing attack that targets high-profile individuals, such as executives, celebrities, or politicians. The attacker impersonates someone with
authority or influence and tries to trick the victim into performing an action, such as transferring money, revealing sensitive information, or clicking on a malicious
link. Whaling is also called CEO fraud or business email compromise2.
References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 3, page 97.
NEW QUESTION 118
Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer’s PII?
A. SCAP
B. Net Flow
C. Antivirus
D. DLP
Answer: D
Explanation:
DLP stands for Data Loss Prevention, which is a tool that can assist with detecting and preventing the unauthorized transmission or leakage of sensitive data,
such as a customer’s PII (Personally Identifiable Information). DLP can monitor, filter, and block data in motion (such as emails), data at rest (such as files), and
data in use (such as applications). DLP can also alert the sender, the recipient, or the administrator of the data breach, and apply remediation actions, such as
encryption, quarantine, or deletion. DLP can help an organization comply with data protection regulations, such as GDPR, HIPAA, or PCI DSS, and protect its
reputation and assets. References = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 2, page 78.
CompTIA Security+ SY0-701 Exam Objectives, Domain 2.5, page 11.
NEW QUESTION 122
An organization wants a third-party vendor to do a penetration test that targets a specific
device. The organization has provided basic information about the device. Which of the following best describes this kind of penetration test?
A. Partially known environment
B. Unknown environment
C. Integrated
D. Known environment
Answer: A
Explanation:
A partially known environment is a type of penetration test where the tester has some information about the target, such as the IP address, the operating system,
or the device type. This can help the tester focus on specific vulnerabilities and reduce the scope of the test. A partially known environment is also called a gray
box test1. References: CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 10, page 543.
NEW QUESTION 126
A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management
team. Which of the following best describes the threat actor in the CISO's report?
A. Insider threat
B. Hacktivist
C. Nation-state
D. Organized crime
Answer: D
Explanation:
Ransomware-as-a-service is a type of cybercrime where hackers sell or rent ransomware tools or services to other criminals who use them to launch attacks and
extort money from victims. This is a typical example of organized crime, which is a group of criminals who work together to conduct illegal activities for profit.
Organized crime is different from other types of threat actors, such as insider threats, hacktivists, or nation-states, who may have different motives, methods, or
targets. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 17 1
NEW QUESTION 129
Which of the following is a hardware-specific vulnerability?
Guaranteed success with Our exam guides visit - https://www.certshared.com
Certshared now are offering 100% pass ensure SY0-701 dumps!
https://www.certshared.com/exam/SY0-701/ (0 Q&As)
A. Firmware version
B. Buffer overflow
C. SQL injection
D. Cross-site scripting
Answer: A
Explanation:
Firmware is a type of software that is embedded in a hardware device, such as a router, a printer, or a BIOS chip. Firmware controls the basic functions and
operations of the device, and it can be updated or modified by the manufacturer or the user. Firmware version is a hardware-specific vulnerability, as it can expose
the device to security risks if it is outdated, corrupted, or tampered with. An attacker can exploit firmware vulnerabilities to gain unauthorized access, modify device
settings, install malware, or cause damage to the device or the network. Therefore, it is important to keep firmware updated and verify its integrity and authenticity.
References = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 2, page 67. CompTIA Security+
SY0-701 Exam Objectives, Domain 2.1, page 10.
NEW QUESTION 131
A company is planning to set up a SIEM system and assign an analyst to review the logs on a weekly basis. Which of the following types of controls is the
company setting up?
A. Corrective
B. Preventive
C. Detective
D. Deterrent
Answer: C
Explanation:
A detective control is a type of control that monitors and analyzes the events and activities in a system or a network, and alerts or reports when an incident or a
violation occurs. A SIEM (Security Information and Event Management) system is a tool that collects, correlates, and analyzes the logs from various sources, such
as firewalls, routers, servers, or applications, and provides a centralized view of the security status and incidents. An analyst who reviews the logs on a weekly
basis can identify and investigate any anomalies, trends, or patterns that indicate a potential threat or a breach. A detective control can help the company to
respond quickly and effectively to the incidents, and to improve its security posture and resilience. References = CompTIA Security+ Study Guide with over 500
Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 1, page 23. CompTIA Security+ SY0-701 Exam Objectives, Domain 4.3, page 14.
NEW QUESTION 133
Which of the following is used to validate a certificate when it is presented to a user?
A. OCSP
B. CSR
C. CA
D. CRC
Answer: A
Explanation:
OCSP stands for Online Certificate Status Protocol. It is a protocol that allows applications to check the revocation status of a certificate in real-time. It works by
sending a query to an OCSP responder, which is a server that maintains a database of revoked certificates. The OCSP responder returns a response that
indicates whether the certificate is valid, revoked, or unknown. OCSP is faster and more efficient than downloading and parsing Certificate Revocation Lists
(CRLs), which are large files that contain the serial numbers of all revoked certificates issued by a Certificate Authority (CA). References: CompTIA Security+
Study Guide: Exam SY0-701, 9th Edition, page 337 1
NEW QUESTION 135
During an investigation, an incident response team attempts to understand the source of an
incident. Which of the following incident response activities describes this process?
A. Analysis
B. Lessons learned
C. Detection
D. Containment
Answer: A
Explanation:
Analysis is the incident response activity that describes the process of understanding the source of an incident. Analysis involves collecting and examining
evidence, identifying the root cause, determining the scope and impact, and assessing the threat actor’s motives and capabilities. Analysis helps the incident
response team to formulate an appropriate response strategy, as well as to prevent or mitigate future incidents. Analysis is usually performed after detection and
before containment, eradication, recovery, and lessons learned. References = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam
SY0-701, 9th Edition, Chapter 6, page 223. CompTIA Security+ SY0-701 Exam Objectives, Domain 4.2, page 13.
NEW QUESTION 137
Which of the following automation use cases would best enhance the security posture of an organization by rapidly updating permissions when employees leave a
company?
A. Provisioning resources
B. Disabling access
C. Reviewing change approvals
D. Escalating permission requests
Answer: B
Guaranteed success with Our exam guides visit - https://www.certshared.com
Certshared now are offering 100% pass ensure SY0-701 dumps!
https://www.certshared.com/exam/SY0-701/ (0 Q&As)
Explanation:
Disabling access is an automation use case that would best enhance the security posture of an organization by rapidly updating permissions when employees
leave a company. Disabling access is the process of revoking or suspending the access rights of a user account, such as login credentials, email, VPN, cloud
services, etc. Disabling access can prevent unauthorized or malicious use of the account by former employees or attackers who may have compromised the
account. Disabling access can also reduce the attack surface and the risk of data breaches or leaks. Disabling access can be automated by using scripts, tools, or
workflows that can trigger the action based on predefined events, such as employee termination, resignation, or transfer. Automation can ensure that the access is
disabled in a timely, consistent, and efficient manner, without relying on manual intervention or human error.
References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 5: Identity and Access Management, page 2131. CompTIA Security+
Certification Kit: Exam SY0-701, 7th Edition, Chapter 5: Identity and Access Management, page 2132.
NEW QUESTION 140
A security practitioner completes a vulnerability assessment on a company’s network and finds several vulnerabilities, which the operations team remediates.
Which of the following should be done next?
A. Conduct an audit.
B. Initiate a penetration test.
C. Rescan the network.
D. Submit a report.
Answer: C
Explanation:
After completing a vulnerability assessment and remediating the identified vulnerabilities, the next step is to rescan the network to verify that the vulnerabilities
have been successfully fixed and no new vulnerabilities have been introduced. A vulnerability assessment is a process of identifying and evaluating the
weaknesses and exposures in a network, system, or application that could be exploited by attackers. A vulnerability assessment typically involves using automated
tools, such as scanners, to scan the network and generate a report of the findings. The report may include information such as the severity, impact, and
remediation of the vulnerabilities. The operations team is responsible for applying the appropriate patches, updates, or configurations to address the vulnerabilities
and reduce the risk to the network. A rescan is necessary to confirm that the remediation actions have been effective and that the network is secure.
Conducting an audit, initiating a penetration test, or submitting a report are not the next steps after completing a vulnerability assessment and remediating the
vulnerabilities. An audit is a process of reviewing and verifying the compliance of the network with the established policies, standards, and regulations. An audit
may be performed by internal or external auditors, and it may use the results of the vulnerability assessment as part of the evidence. However, an audit is not a
mandatory step after a vulnerability assessment, and it does not validate the effectiveness of the remediation actions.
A penetration test is a process of simulating a real-world attack on the network to test the security defenses and identify any gaps or weaknesses. A penetration
test may use the results of the vulnerability assessment as a starting point, but it goes beyond scanning and involves exploiting the vulnerabilities to gain access or
cause damage. A penetration test may be performed after a vulnerability assessment, but only with the proper authorization, scope, and rules of engagement. A
penetration test is not a substitute for a rescan, as it does not verify that the vulnerabilities have been fixed.
Submitting a report is a step that is done after the vulnerability assessment, but before the remediation. The report is a document that summarizes the findings and
recommendations of the vulnerability assessment, and it is used to communicate the results to the stakeholders and the operations team. The report may also
include a follow-up plan and a timeline for the remediation actions. However, submitting a report is not the final step after the remediation, as it does not confirm
that the network is secure.
References = CompTIA Security+ SY0-701 Certification Study Guide, page 372- 375; Professor Messer’s CompTIA SY0-701 Security+ Training Course, video 4.1
- Vulnerability Scanning, 0:00 - 8:00.
NEW QUESTION 141
A security administrator would like to protect data on employees’ laptops. Which of the following encryption techniques should the security administrator use?
A. Partition
B. Asymmetric
C. Full disk
D. Database
Answer: C
Explanation:
Full disk encryption (FDE) is a technique that encrypts all the data on a hard drive, including the operating system, applications, and files. FDE protects the data
from unauthorized access in case the laptop is lost, stolen, or disposed of without proper sanitization. FDE requires the user to enter a password, a PIN, a smart
card, or a biometric factor to unlock the drive and boot the system. FDE can be implemented by using software solutions, such as BitLocker, FileVault, or
VeraCrypt, or by using hardware solutions, such as self-encrypting drives (SEDs) or Trusted Platform Modules (TPMs). FDE is a recommended encryption
technique for laptops and other mobile devices that store sensitive data.
Partition encryption is a technique that encrypts only a specific partition or volume on a hard drive, leaving the rest of the drive unencrypted. Partition encryption is
less secure than FDE, as it does not protect the entire drive and may leave traces of data on unencrypted areas. Partition encryption is also less convenient than
FDE, as it requires the user to mount and unmount the encrypted partition manually.
Asymmetric encryption is a technique that uses a pair of keys, one public and one private, to encrypt and decrypt data. Asymmetric encryption is mainly used for
securing communication, such as email, web, or VPN, rather than for encrypting data at rest. Asymmetric encryption is also slower and more computationally
intensive than symmetric encryption, which is the type of encryption used by FDE and partition encryption.
Database encryption is a technique that encrypts data stored in a database, such as tables, columns, rows, or cells. Database encryption can be done at the
application level, the database level, or the file system level. Database encryption is useful for protecting data from unauthorized access by database
administrators, hackers, or malware, but it does not protect the data from physical theft or loss of the device that hosts the database. References = Data Encryption
– CompTIA Security+ SY0-401: 4.4, CompTIA Security+Cheat Sheet and PDF | Zero To Mastery, CompTIA Security+ SY0-601 Certification Course
- Cybr, Application Hardening – SY0-601 CompTIA Security+ : 3.2.
NEW QUESTION 143
The marketing department set up its own project management software without telling the appropriate departments. Which of the following describes this scenario?
A. Shadow IT
B. Insider threat
C. Data exfiltration
D. Service disruption
Answer: A
Guaranteed success with Our exam guides visit - https://www.certshared.com
Certshared now are offering 100% pass ensure SY0-701 dumps!
https://www.certshared.com/exam/SY0-701/ (0 Q&As)
Explanation:
Shadow IT is the term used to describe the use of unauthorized or unapproved IT resources within an organization. The marketing department set up its own
project management software without telling the appropriate departments, such as IT, security, or compliance. This could pose a risk to the organization’s security
posture, data integrity, and regulatory compliance1.
References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 2, page 35.
NEW QUESTION 148
A company's marketing department collects, modifies, and stores sensitive customer data. The infrastructure team is responsible for securing the data while in
transit and at rest. Which of the following data roles describes the customer?
A. Processor
B. Custodian
C. Subject
D. Owner
Answer: C
Explanation:
According to the CompTIA Security+ SY0-701 Certification Study Guide, data subjects are the individuals whose personal data is collected, processed, or stored
by an organization. Data subjects have certain rights and expectations regarding how their data is handled, such as the right to access, correct, delete, or restrict
their data. Data subjects are different from data owners, who are the individuals or entities that have the authority and responsibility to determine how data is
classified, protected, and used. Data subjects are also different from data processors, who are the individuals or entities that perform operations on data on behalf
of the data owner, such as collecting, modifying, storing, or transmitting data. Data subjects are also different from data custodians, who are the individuals or
entities that implement the security controls and procedures specified by the data owner to protect data while in transit and at rest.
ReferencesCompTIA Security+ SY0-701 Certification Study Guide, Chapter 2: Data Security, page 511
NEW QUESTION 152
A security manager created new documentation to use in response to various types of security incidents. Which of the following is the next step the manager
should take?
A. Set the maximum data retention policy.
B. Securely store the documents on an air-gapped network.
C. Review the documents' data classification policy.
D. Conduct a tabletop exercise with the team.
Answer: D
Explanation:
A tabletop exercise is a simulated scenario that tests the effectiveness of a security incident response plan. It involves gathering the relevant stakeholders and
walking through the steps of the plan, identifying any gaps or issues that need to be addressed. A tabletop exercise is a good way to validate the documentation
created by the security manager and ensure that the team is prepared for various types of security incidents. References: CompTIA Security+ Study Guide: Exam
SY0-701, 9th Edition, Chapter 6: Risk Management, page 2841. CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 6: Risk Management,
page 2842.
NEW QUESTION 157
An organization’s internet-facing website was compromised when an attacker exploited a buffer overflow. Which of the following should the organization deploy to
best protect against similar attacks in the future?
A. NGFW
B. WAF
C. TLS
D. SD-WAN
Answer: B
Explanation:
A buffer overflow is a type of software vulnerability that occurs when an application writes more data to a memory buffer than it can hold, causing the excess data
to overwrite adjacent memory locations. This can lead to unexpected behavior, such as crashes, errors, or code execution. A buffer overflow can be exploited by
an attacker to inject malicious code or commands into the application, which can compromise the security and functionality of the system. An organization’s
internet-facing website was compromised when an attacker exploited a buffer overflow. To best protect against similar attacks in the future, the organization should
deploy a web application firewall (WAF). A WAF is a type of firewall that monitors and filters the traffic between a web application and the internet. A WAF can
detect and block common web attacks, such as buffer overflows, SQL injections, cross-site scripting (XSS), and more. A WAF can also enforce security policies
and rules, such as input validation, output encoding, and encryption. A WAF can provide a layer of protection for the web application, preventing attackers from
exploiting its vulnerabilities and compromising its data. References = Buffer Overflows – CompTIA Security+ SY0-701
– 2.3, Web Application Firewalls – CompTIA Security+ SY0-701 – 2.4, [CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701,
9th Edition]
NEW QUESTION 159
A security administrator is deploying a DLP solution to prevent the exfiltration of sensitive customer data. Which of the following should the administrator do first?
A. Block access to cloud storage websites.
B. Create a rule to block outgoing email attachments.
C. Apply classifications to the data.
D. Remove all user permissions from shares on the file server.
Answer: C
Explanation:
Data classification is the process of assigning labels or tags to data based on its sensitivity, value, and risk. Data classification is the first step in a data loss
Guaranteed success with Our exam guides visit - https://www.certshared.com
Certshared now are offering 100% pass ensure SY0-701 dumps!
https://www.certshared.com/exam/SY0-701/ (0 Q&As)
prevention (DLP) solution, as it helps to identify what data needs to be protected and how. By applying classifications to the data, the security administrator can
define appropriate policies and rules for the DLP solution to prevent the exfiltration of sensitive customer data. References: CompTIA Security+ Study Guide: Exam
SY0-701, 9th Edition, Chapter 8: Data Protection, page 323. CompTIA Security+ Practice Tests: Exam SY0-701, 3rd Edition, Chapter 8: Data Protection, page
327.
NEW QUESTION 163
A company is discarding a classified storage array and hires an outside vendor to complete the disposal. Which of the following should the company request from
the vendor?
A. Certification
B. Inventory list
C. Classification
D. Proof of ownership
Answer: A
Explanation:
The company should request a certification from the vendor that confirms the storage array has been disposed of securely and in compliance with the company’s
policies and standards. A certification provides evidence that the vendor has followed the proper procedures and methods to destroy the classified data and
prevent unauthorized access or recovery. A certification may also include details such as the date, time, location, and method of disposal, as well as the names
and signatures of the personnel
involved. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 3, page 1441
NEW QUESTION 164
An administrator discovers that some files on a database server were recently encrypted. The administrator sees from the security logs that the data was last
accessed by a domain user. Which of the following best describes the type of attack that occurred?
A. Insider threat
B. Social engineering
C. Watering-hole
D. Unauthorized attacker
Answer: A
Explanation:
An insider threat is a type of attack that originates from someone who has legitimate access to an organization’s network, systems, or data. In this case, the
domain user who encrypted the files on the database server is an example of an insider threat, as they abused their access privileges to cause harm to the
organization. Insider threats can be motivated by various factors, such as financial gain, revenge, espionage, or sabotage. References: CompTIA Security+ Study
Guide: Exam SY0-701, 9th Edition, Chapter 1: General Security Concepts, page 251. CompTIA Security+ Certification Kit: Exam SY0- 701, 7th Edition, Chapter 1:
General Security Concepts, page 252.
NEW QUESTION 165
A cyber operations team informs a security analyst about a new tactic malicious actors are using to compromise networks.
SIEM alerts have not yet been configured. Which of the following best describes what the security analyst should do to identify this behavior?
A. [Digital forensics
B. E-discovery
C. Incident response
D. Threat hunting
Answer: D
Explanation:
Threat hunting is the process of proactively searching for signs of malicious activity or compromise in a network, rather than waiting for alerts or indicators of
compromise (IOCs) to appear. Threat hunting can help identify new tactics, techniques, and procedures (TTPs) used by malicious actors, as well as uncover
hidden or stealthy threats that may have evaded detection by security tools. Threat hunting requires a combination of skills, tools, and methodologies, such as
hypothesis generation, data
collection and analysis, threat intelligence, and incident response. Threat hunting can also help improve the security posture of an organization by providing
feedback and recommendations for security improvements. References = CompTIA Security+ Certification Exam Objectives, Domain 4.1: Given a scenario,
analyze potential indicators of malicious activity. CompTIA Security+ Study Guide (SY0-701), Chapter 4: Threat Detection and Response, page 153. Threat
Hunting – SY0-701 CompTIA Security+ : 4.1, Video 3:18. CompTIA Security+ Certification Exam SY0-701 Practice Test 1, Question 3.
NEW QUESTION 170
Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?
A. Automation
B. Compliance checklist
C. Attestation
D. Manual audit
Answer: A
Explanation:
Automation is the best way to consistently determine on a daily basis whether security settings on servers have been modified. Automation is the process of using
software, hardware, or other tools to perform tasks that would otherwise require human intervention or manual effort. Automation can help to improve the
efficiency, accuracy, and consistency of security operations, as well as reduce human errors and costs. Automation can be used to monitor, audit, and enforce
security settings on servers, such as firewall rules, encryption keys, access controls, patch levels, and configuration files. Automation can also alert security
personnel of any changes or anomalies that may indicate a security breach or compromise12.
The other options are not the best ways to consistently determine on a daily basis whether security settings on servers have been modified:
Guaranteed success with Our exam guides visit - https://www.certshared.com
Certshared now are offering 100% pass ensure SY0-701 dumps!
https://www.certshared.com/exam/SY0-701/ (0 Q&As)
? Compliance checklist: This is a document that lists the security requirements, standards, or best practices that an organization must follow or adhere to. A
compliance checklist can help to ensure that the security settings on servers are aligned with the organizational policies and regulations, but it does not
automatically detect or report any changes or modifications that may occur on a daily basis3.
? Attestation: This is a process of verifying or confirming the validity or accuracy of a statement, claim, or fact. Attestation can be used to provide assurance or
evidence that the security settings on servers are correct and authorized, but it does not continuously monitor or audit any changes or modifications that may occur
on a daily basis4.
? Manual audit: This is a process of examining or reviewing the security settings on servers by human inspectors or auditors. A manual audit can help to identify
and correct any security issues or discrepancies on servers, but it is time-consuming, labor-intensive, and prone to human errors. A manual audit may not be
feasible or practical to perform on a daily basis.
References = 1: CompTIA Security+ SY0-701 Certification Study Guide, page 1022: Automation and Scripting – CompTIA Security+ SY0-701 – 5.1, video by
Professor Messer3: CompTIA Security+ SY0-701 Certification Study Guide, page 974: CompTIA Security+ SY0-701 Certification Study Guide, page 98. :
CompTIA Security+ SY0-701 Certification Study Guide, page 99.
NEW QUESTION 174
Which of the following is the most common data loss path for an air-gapped network?
A. Bastion host
B. Unsecured Bluetooth
C. Unpatched OS
D. Removable devices
Answer: D
Explanation:
An air-gapped network is a network that is physically isolated from other networks, such as the internet, to prevent unauthorized access and data leakage.
However, an air-gapped network can still be compromised by removable devices, such as USB drives, CDs, DVDs, or external hard drives, that are used to
transfer data between the air-gapped network and other networks. Removable devices can carry malware, spyware, or other malicious code that can infect the air-
gapped network or exfiltrate data from
it. Therefore, removable devices are the most common data loss path for an air-gapped network. References: CompTIA Security+ Study Guide: Exam SY0-701,
9th Edition, Chapter 9: Network Security, page 449 1
NEW QUESTION 179
Which of the following vulnerabilities is associated with installing software outside of a manufacturer’s approved software repository?
A. Jailbreaking
B. Memory injection
C. Resource reuse
D. Side loading
Answer: D
Explanation:
Side loading is the process of installing software outside of a manufacturer’s approved software repository. This can expose the device to potential vulnerabilities,
such as malware, spyware, or unauthorized access. Side loading can also bypass security controls and policies that are enforced by the manufacturer or the
organization. Side loading is often done by users who want to access applications or features that are not available or allowed on their devices. References =
Sideloading - CompTIA Security + Video Training | Interface Technical Training, Security+ (Plus) Certification | CompTIA IT Certifications, Load Balancers –
CompTIA Security+ SY0-501 – 2.1, CompTIA Security+ SY0-601 Certification Study Guide.
NEW QUESTION 183
An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution
that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee
internet traffic. Which of the following will help achieve these objectives?
A. Deploying a SASE solution to remote employees
B. Building a load-balanced VPN solution with redundant internet
C. Purchasing a low-cost SD-WAN solution for VPN traffic
D. Using a cloud provider to create additional VPN concentrators
Answer: A
Explanation:
SASE stands for Secure Access Service Edge. It is a cloud-based service that combines network and security functions into a single integrated solution. SASE
can help reduce traffic on the VPN and internet circuit by providing secure and optimized access to the data center and cloud applications for remote employees.
SASE can also monitor and enforce security policies on the remote employee internet traffic, regardless of their location or device. SASE can offer benefits such
as lower costs, improved performance, scalability, and flexibility compared to traditional VPN solutions. References: CompTIA Security+ Study Guide: Exam
SY0-701, 9th Edition, page 457-458 1
NEW QUESTION 186
Which of the following threat actors is the most likely to use large financial resources to attack critical systems located in other countries?
A. Insider
B. Unskilled attacker
C. Nation-state
D. Hacktivist
Answer: C
Explanation:
A nation-state is a threat actor that is sponsored by a government or a political entity to conduct cyberattacks against other countries or organizations. Nation-
Guaranteed success with Our exam guides visit - https://www.certshared.com
Certshared now are offering 100% pass ensure SY0-701 dumps!
https://www.certshared.com/exam/SY0-701/ (0 Q&As)
states have large financial resources, advanced technical skills, and strategic objectives that may target critical systems such as military, energy, or infrastructure.
Nation-states are often motivated by espionage, sabotage, or warfare12. References = 1: CompTIA Security+ SY0-701 Certification Study Guide, page 542:
Threat Actors – CompTIA
Security+ SY0-701 – 2.1, video by Professor Messer.
NEW QUESTION 189
The management team notices that new accounts that are set up manually do not always have correct access or permissions.
Which of the following automation techniques should a systems administrator use to streamline account creation?
A. Guard rail script
B. Ticketing workflow
C. Escalation script
D. User provisioning script
Answer: D
Explanation:
A user provisioning script is an automation technique that uses a predefined set of instructions or commands to create, modify, or delete user accounts and assign
appropriate access or permissions. A user provisioning script can help to streamline account creation by reducing manual errors, ensuring consistency and
compliance, and saving time and resources12.
The other options are not automation techniques that can streamline account creation:
? Guard rail script: This is a script that monitors and enforces the security policies and rules on a system or a network. A guard rail script can help to prevent
unauthorized or malicious actions, such as changing security settings, accessing restricted resources, or installing unwanted software3.
? Ticketing workflow: This is a process that tracks and manages the requests, issues, or incidents that are reported by users or customers. A ticketing workflow
can help to improve the communication, collaboration, and resolution of problems, but it does not automate the account creation process4.
? Escalation script: This is a script that triggers an alert or a notification when a certain condition or threshold is met or exceeded. An escalation script can help to
inform the relevant parties or authorities of a critical situation, such as a security breach, a performance degradation, or a service outage.
References = 1: CompTIA Security+ SY0-701 Certification Study Guide, page 1022: User Provisioning – CompTIA Security+ SY0-701 – 5.1, video by Professor
Messer3: CompTIA Security+ SY0-701 Certification Study Guide, page 1034: CompTIA Security+ SY0-701 Certification Study Guide, page 104. : CompTIA
Security+ SY0-701 Certification Study Guide, page 105.
NEW QUESTION 192
A penetration tester begins an engagement by performing port and service scans against the client environment according to the rules of engagement. Which of
the following reconnaissance types is the tester performing?
A. Active
B. Passive
C. Defensive
D. Offensive
Answer: A
Explanation:
Active reconnaissance is a type of reconnaissance that involves sending packets or requests to a target and analyzing the responses. Active reconnaissance can
reveal information such as open ports, services, operating systems, and vulnerabilities. However, active reconnaissance is also more likely to be detected by the
target or its security devices, such as firewalls or intrusion detection systems. Port and service scans are examples of active reconnaissance techniques, as they
involve probing the target for specific information. References = CompTIA Security+ Certification Exam Objectives, Domain 1.1: Given a scenario, conduct
reconnaissance using appropriate techniques and tools. CompTIA Security+ Study Guide (SY0-701), Chapter 2: Reconnaissance and Intelligence Gathering, page
47. CompTIA Security+ Certification Exam SY0-701 Practice Test 1, Question 1.
NEW QUESTION 197
After a recent ransomware attack on a company's system, an administrator reviewed the log files. Which of the following control types did the administrator use?
A. Compensating
B. Detective
C. Preventive
D. Corrective
Answer: B
Explanation:
Detective controls are security measures that are designed to identify and monitor any malicious activity or anomalies on a system or network. They can help to
discover the source, scope, and impact of an attack, and provide evidence for further analysis or investigation. Detective controls include log files, security audits,
intrusion detection systems, network monitoring tools, and antivirus software. In this case, the administrator used log files as a detective control to review the
ransomware attack on the company’s system. Log files are records of events and activities that occur on a system or network, such as user actions, system
errors, network traffic, and security alerts. They can provide valuable information for troubleshooting, auditing, and forensics.
References:
? Security+ (Plus) Certification | CompTIA IT Certifications, under “About the exam”, bullet point 3: “Operate with an awareness of applicable regulations and
policies, including principles of governance, risk, and compliance.”
? CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 1, page 14: “Detective controls are designed to identify and monitor any malicious
activity or anomalies on a system or network.”
? Control Types – CompTIA Security+ SY0-401: 2.1 - Professor Messer IT …, under “Detective Controls”: “Detective controls are security measures that are
designed to identify and monitor any malicious activity or anomalies on a system or network.”
NEW QUESTION 198
HOTSPOT
Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.
INSTRUCTIONS
Not all attacks and remediation actions will be used.
Guaranteed success with Our exam guides visit - https://www.certshared.com
Certshared now are offering 100% pass ensure SY0-701 dumps!
https://www.certshared.com/exam/SY0-701/ (0 Q&As)
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Web serverBotnet Enable DDoS protectionUser RAT Implement a host-based IPS Database server Worm Change the default application passwordExecutive
KeyloggerDisable vulnerable servicesApplication Backdoor Implement 2FA using push notification
Guaranteed success with Our exam guides visit - https://www.certshared.com
Certshared now are offering 100% pass ensure SY0-701 dumps!
https://www.certshared.com/exam/SY0-701/ (0 Q&As)
A screenshot of a computer program
Description automatically generated with low confidence
NEW QUESTION 203
A company is developing a critical system for the government and storing project information on a fileshare. Which of the following describes how this data will
most likely be classified? (Select two).
A. Private
B. Confidential
C. Public
D. Operational
E. Urgent
F. Restricted
Answer: BF
Explanation:
Data classification is the process of assigning labels to data based on its sensitivity and business impact. Different organizations and sectors may have different
data classification schemes, but a common one is the following1:
? Public: Data that can be freely disclosed to anyone without any harm or risk.
? Private: Data that is intended for internal use only and may cause some harm or risk if disclosed.
? Confidential: Data that is intended for authorized use only and may cause significant harm or risk if disclosed.
? Restricted: Data that is intended for very limited use only and may cause severe harm or risk if disclosed.
In this scenario, the company is developing a critical system for the government and storing project information on a fileshare. This data is likely to be classified as
confidential and restricted, because it is not meant for public or private use, and it may cause serious damage to national security or public safety if disclosed. The
government may also have specific requirements or regulations for handling such data, such as encryption, access control, and auditing2. References: 1:
CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 16-17 2: Data Classification Practices: Final Project Description Released
NEW QUESTION 204
A systems administrator set up a perimeter firewall but continues to notice suspicious connections between internal endpoints. Which of the following should be set
up in order to mitigate the threat posed by the suspicious activity?
A. Host-based firewall
B. Web application firewall
C. Access control list
D. Application allow list
Answer: A
Explanation:
A host-based firewall is a software application that runs on an individual endpoint and filters the incoming and outgoing network traffic based on a set of rules. A
host-based firewall can help to mitigate the threat posed by suspicious connections between internal endpoints by blocking or allowing the traffic based on the
source, destination, port, protocol, or application. A host-based firewall is different from a web application firewall, which is a type of firewall that protects web
applications from common web-based attacks, such as SQL injection, cross-site scripting, and session hijacking. A host-based firewall is also different from an
access control list, which is a list of rules that control the access to network resources, such as files, folders, printers, or routers. A host- based firewall is also
different from an application allow list, which is a list of applications that are authorized to run on an endpoint, preventing unauthorized or malicious applications
from executing. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 254
NEW QUESTION 207
......
Guaranteed success with Our exam guides visit - https://www.certshared.com
Certshared now are offering 100% pass ensure SY0-701 dumps!
https://www.certshared.com/exam/SY0-701/ (0 Q&As)
Thank You for Trying Our Product
We offer two products:
1st - We have Practice Tests Software with Actual Exam Questions
2nd - Questons and Answers in PDF Format
SY0-701 Practice Exam Features:
* SY0-701 Questions and Answers Updated Frequently
* SY0-701 Practice Questions Verified by Expert Senior Certified Staff
* SY0-701 Most Realistic Questions that Guarantee you a Pass on Your FirstTry
* SY0-701 Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year
100% Actual & Verified — Instant Download, Please Click
Order The SY0-701 Practice Test Here
Guaranteed success with Our exam guides visit - https://www.certshared.com
Powered by TCPDF (www.tcpdf.org)
You might also like
- SY0-701 CompTIA Security Updated Practice QuestionsNo ratings yetSY0-701 CompTIA Security Updated Practice Questions27 pages
- (ISC)2 CCSP Certified Cloud Security Professional Official Study GuideFrom Everand(ISC)2 CCSP Certified Cloud Security Professional Official Study GuideNo ratings yet
- CompTIA Security+ SY0-701 Practice Tests: Hundreds of challenging mock exam questions aligned with the latest SY0-701 exam objectivesFrom EverandCompTIA Security+ SY0-701 Practice Tests: Hundreds of challenging mock exam questions aligned with the latest SY0-701 exam objectivesNo ratings yet
- SY0-601 Exam - Free Actual Q&as, Page 1 - ExamTopicsNo ratings yetSY0-601 Exam - Free Actual Q&as, Page 1 - ExamTopics188 pages
- AZURE AZ 500 STUDY GUIDE-1: Microsoft Certified Associate Azure Security Engineer: Exam-AZ 500From EverandAZURE AZ 500 STUDY GUIDE-1: Microsoft Certified Associate Azure Security Engineer: Exam-AZ 500No ratings yet
- Sybex - Maya - Secrets of The Pros - 2003 (PDF)No ratings yetSybex - Maya - Secrets of The Pros - 2003 (PDF)384 pages
- CertMaster Network+ (N10-009) Module 9 - Presentation SlidesNo ratings yetCertMaster Network+ (N10-009) Module 9 - Presentation Slides44 pages
- SY0-601 Exam - Free Actual Q&As, Page 1 - ExamTopicsNo ratings yetSY0-601 Exam - Free Actual Q&As, Page 1 - ExamTopics180 pages
- Automationinmanufacturingunit 1byvarunpratapsingh 230215010703 90e10c8eNo ratings yetAutomationinmanufacturingunit 1byvarunpratapsingh 230215010703 90e10c8e57 pages
- N10-009 Updated Dumps - CompTIA Network+ CertificationNo ratings yetN10-009 Updated Dumps - CompTIA Network+ Certification36 pages
- CompTIA - SY0-701.vJun-2024.by .Davac .94q100% (1)CompTIA - SY0-701.vJun-2024.by .Davac .94q51 pages
- WWW Freecram Net Question CompTIA SY0 701 v2024!08!26 q91 A Hacker Gained Access...No ratings yetWWW Freecram Net Question CompTIA SY0 701 v2024!08!26 q91 A Hacker Gained Access...6 pages
- Comptia Pentest pt0 003 Exam Objectives (2 0)No ratings yetComptia Pentest pt0 003 Exam Objectives (2 0)16 pages
- CompTIA Security Plus SY0 701 Acronym ListNo ratings yetCompTIA Security Plus SY0 701 Acronym List4 pages
- CompTIA SY0-701 Vjan-2024 by - Koanxy 37qNo ratings yetCompTIA SY0-701 Vjan-2024 by - Koanxy 37q17 pages
- CV0-004 CompTIA Cloud+ (2024) Updated DumpsNo ratings yetCV0-004 CompTIA Cloud+ (2024) Updated Dumps16 pages
- SY0-701 CompTIA Security+ Certification Exam Questions and Answers PDF - PDF RoomNo ratings yetSY0-701 CompTIA Security+ Certification Exam Questions and Answers PDF - PDF Room30 pages
- SY0-701 Updated Dumps - CompTIA Security+ Certification100% (3)SY0-701 Updated Dumps - CompTIA Security+ Certification34 pages
- A Comparative Study of The Academic Performance of USL-SHS Students Before and During Pandemic I100% (1)A Comparative Study of The Academic Performance of USL-SHS Students Before and During Pandemic I10 pages
- CAS-004 Updated Dumps - CompTIA Advanced Security Practitioner (CASP+) ExamNo ratings yetCAS-004 Updated Dumps - CompTIA Advanced Security Practitioner (CASP+) Exam54 pages
- CompTIA - SY0-701.vAug-2024.by .Akio .107q100% (1)CompTIA - SY0-701.vAug-2024.by .Akio .107q56 pages
- Comptia Security+ Examtopics All Questions100% (1)Comptia Security+ Examtopics All Questions256 pages
- Comptia Secutiry+ Sy0-501 Exam Questions: Presentation TitleNo ratings yetComptia Secutiry+ Sy0-501 Exam Questions: Presentation Title7 pages
- Service Provider Management Policy Template For CIS Control 15 3 7 20No ratings yetService Provider Management Policy Template For CIS Control 15 3 7 2016 pages
- Students Perceptions On Online EducationNo ratings yetStudents Perceptions On Online Education4 pages
- US Gov National Standards Strategy 2023No ratings yetUS Gov National Standards Strategy 202314 pages
- Factsheet Enterprise Endpoint Security Fortinet 2024 04No ratings yetFactsheet Enterprise Endpoint Security Fortinet 2024 041 page
- Organ Donar Prediction Using Machine LearningNo ratings yetOrgan Donar Prediction Using Machine Learning13 pages
- B - Com - II Money and Financial System Additional Sub PointNo ratings yetB - Com - II Money and Financial System Additional Sub Point32 pages
- Information and Software Technology: Andrew Austin, Casper Holmgreen, Laurie WilliamsNo ratings yetInformation and Software Technology: Andrew Austin, Casper Holmgreen, Laurie Williams10 pages
