Recommend!!

Get the Full SY0-701 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SY0-701-exam-dumps.html (0 New Questions)

CompTIA
Exam Questions SY0-701
CompTIA Security+ Exam

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SY0-701 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SY0-701-exam-dumps.html (0 New Questions)

NEW QUESTION 1
Which of the following can be used to identify potential attacker activities without affecting production servers?

A. Honey pot
B. Video surveillance
C. Zero Trust
D. Geofencing

Answer: A

Explanation:
A honey pot is a system or a network that is designed to mimic a real production server and attract potential attackers. A honey pot can be used to identify the
attacker’s methods, techniques, and objectives without affecting the actual production servers. A honey pot can also divert the attacker’s attention from the real
targets and waste their time and resources12.
The other options are not effective ways to identify potential attacker activities without affecting production servers:
? Video surveillance: This is a physical security technique that uses cameras and monitors to record and observe the activities in a certain area. Video surveillance
can help to deter, detect, and investigate physical intrusions, but it does not directly identify the attacker’s activities on the network or the servers3.
? Zero Trust: This is a security strategy that assumes that no user, device, or network is trustworthy by default and requires strict verification and validation for
every request and transaction. Zero Trust can help to improve the security posture and reduce the attack surface of an organization, but it does not directly identify
the attacker’s activities on the network or the servers4.
? Geofencing: This is a security technique that uses geographic location as a criterion to restrict or allow access to data or resources. Geofencing can help to
protect the data sovereignty and compliance of an organization, but it does not directly identify the attacker’s activities on the network or the servers5.
References = 1: CompTIA Security+ SY0-701 Certification Study Guide, page 542: Honeypots and Deception – SY0-601 CompTIA Security+ : 2.1, video by
Professor Messer3: CompTIA Security+ SY0-701 Certification Study Guide, page 974: CompTIA Security+ SY0-701 Certification Study Guide, page 985:
CompTIA Security+ SY0-701 Certification Study Guide, page 99.

NEW QUESTION 2
Which of the following allows for the attribution of messages to individuals?

A. Adaptive identity
B. Non-repudiation
C. Authentication
D. Access logs

Answer: B

Explanation:
Non-repudiation is the ability to prove that a message or document was sent or signed by a particular person, and that the person cannot deny sending or signing
it.
Non-repudiation can be achieved by using cryptographic techniques, such as hashing and digital signatures, that can verify the authenticity and integrity of the
message or document. Non-repudiation can be useful for legal, financial, or contractual purposes, as it can provide evidence of the origin and content of the
message or document. References = Non- repudiation – CompTIA Security+ SY0-701 – 1.2, CompTIA Security+ SY0-301: 6.1 – Non-repudiation, CompTIA
Security+ (SY0-701) Certification Exam Objectives, Domain 1.2, page 2.

NEW QUESTION 3
A security operations center determines that the malicious activity detected on a server is normal. Which of the following activities describes the act of ignoring
detected activity in the future?

A. Tuning
B. Aggregating
C. Quarantining
D. Archiving

Answer: A

Explanation:
Tuning is the activity of adjusting the configuration or parameters of a security tool or system to optimize its performance and reduce false positives or false
negatives. Tuning can help to filter out the normal or benign activity that is detected by the security tool or system, and focus on the malicious or anomalous activity
that requires further investigation or response. Tuning can also help to improve the efficiency and effectiveness of the security operations center by reducing the
workload and alert fatigue of
the analysts. Tuning is different from aggregating, which is the activity of collecting and combining data from multiple sources or sensors to provide a
comprehensive view of the security posture. Tuning is also different from quarantining, which is the activity of isolating a potentially infected or compromised device
or system from the rest of the network to prevent further damage or spread. Tuning is also different from archiving, which is the activity of storing and preserving
historical data or records for future reference or compliance. The act of ignoring detected activity in the future that is deemed normal by the security operations
center is an example of tuning, as it involves modifying the settings or rules of the security tool or system to exclude the activity from the detection scope.
Therefore, this is the best answer among the given options. References = Security Alerting and Monitoring Concepts and Tools – CompTIA Security+ SY0-701:
4.3, video at
7:00; CompTIA Security+ SY0-701 Certification Study Guide, page 191.

NEW QUESTION 4
Malware spread across a company's network after an employee visited a compromised industry blog. Which of the following best describes this type of attack?

A. Impersonation
B. Disinformation
C. Watering-hole
D. Smishing

Answer: C

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SY0-701 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SY0-701-exam-dumps.html (0 New Questions)

Explanation:
A watering-hole attack is a type of cyberattack that targets groups of users by infecting websites that they commonly visit. The attackers exploit vulnerabilities to
deliver a malicious payload to the organization’s network. The attack aims to infect users’ computers and gain access to a connected corporate network. The
attackers target websites known to be popular among members of a particular organization or demographic. The attack differs from phishing and spear-phishing
attacks, which typically attempt to steal data or install malware onto users’ devices1
In this scenario, the compromised industry blog is the watering hole that the attackers used to spread malware across the company’s network. The attackers likely
chose this blog because they knew that the employees of the company were interested in its content and visited it frequently. The attackers may have injected
malicious code into the blog or redirected the visitors to a spoofed website that hosted the malware. The malware then infected the employees’ computers and
propagated to the network.
References1: Watering Hole Attacks: Stages, Examples, Risk Factors & Defense …

NEW QUESTION 5
Which of the following enables the use of an input field to run commands that can view or manipulate data?

A. Cross-site scripting
B. Side loading
C. Buffer overflow
D. SQL injection

Answer: D

Explanation:
= SQL injection is a type of attack that enables the use of an input field to run commands that can view or manipulate data in a database. SQL stands for
Structured Query Language, which is a language used to communicate with databases. By injecting malicious SQL statements into an input field, an attacker can
bypass authentication, access sensitive information, modify or delete data, or execute commands on the server.
SQL injection is one of the most common and dangerous web application
vulnerabilities. References = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 5, page 195. CompTIA
Security+ SY0-701 Exam Objectives, Domain 1.1, page 8.

NEW QUESTION 6
Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?

A. Risk tolerance
B. Risk transfer
C. Risk register
D. Risk analysis

Answer: C

Explanation:
A risk register is a document that records and tracks the risks associated with a project, system, or organization. A risk register typically includes information such
as the risk description, the risk owner, the risk probability, the risk impact, the risk level, the risk response strategy, and the risk status. A risk register can help
identify, assess, prioritize, monitor, and control risks, as well as communicate them to relevant stakeholders. A risk register can also help document the risk
tolerance and thresholds of an organization, which are the acceptable levels of risk exposure and the criteria for escalating or mitigating
risks. References = CompTIA Security+ Certification Exam Objectives, Domain 5.1: Explain the importance of policies, plans, and procedures related to
organizational security. CompTIA Security+ Study Guide (SY0-701), Chapter 5: Governance, Risk, and Compliance, page 211. CompTIA Security+ Certification
Guide, Chapter 2: Risk Management, page 33. CompTIA Security+ Certification Exam SY0-701 Practice Test 1, Question 4.

NEW QUESTION 7
Which of the following should a security administrator adhere to when setting up a new set of firewall rules?

A. Disaster recovery plan

B. Incident response procedure
C. Business continuity plan
D. Change management procedure

Answer: D

Explanation:
A change management procedure is a set of steps and guidelines that a security administrator should adhere to when setting up a new set of firewall rules. A
firewall is a device or software that can filter, block, or allow network traffic based on predefined rules or policies. A firewall rule is a statement that defines the
criteria and action for a firewall to apply to a packet or a connection. For example, a firewall rule can allow or deny traffic based on the source and destination IP
addresses, ports, protocols, or applications. Setting up a new set of firewall rules is a type of change that can affect the security, performance, and functionality of
the network. Therefore, a change management procedure is necessary to ensure that the change is planned, tested, approved, implemented, documented, and
reviewed in a controlled and consistent manner. A change management procedure typically includes the following elements:
? A change request that describes the purpose, scope, impact, and benefits of the change, as well as the roles and responsibilities of the change owner,
implementer, and approver.
? A change assessment that evaluates the feasibility, risks, costs, and dependencies of the change, as well as the alternatives and contingency plans.
? A change approval that authorizes the change to proceed to the implementation stage, based on the criteria and thresholds defined by the change policy.
? A change implementation that executes the change according to the plan and schedule, and verifies the results and outcomes of the change.
? A change documentation that records the details and status of the change, as well as the lessons learned and best practices.
? A change review that monitors and measures the performance and effectiveness of the change, and identifies any issues or gaps that need to be addressed or
improved.
A change management procedure is important for a security administrator to adhere to when setting up a new set of firewall rules, as it can help to achieve the
following objectives:
? Enhance the security posture and compliance of the network by ensuring that the
firewall rules are aligned with the security policies and standards, and that they do not introduce any vulnerabilities or conflicts.
? Minimize the disruption and downtime of the network by ensuring that the firewall
rules are tested and validated before deployment, and that they do not affect the availability or functionality of the network services or applications.
? Improve the efficiency and quality of the network by ensuring that the firewall rules

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SY0-701 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SY0-701-exam-dumps.html (0 New Questions)

are optimized and updated according to the changing needs and demands of the network users and stakeholders, and that they do not cause any performance or
compatibility issues.
? Increase the accountability and transparency of the network by ensuring that the
firewall rules are documented and reviewed regularly, and that they are traceable and auditable by the relevant authorities and parties.
The other options are not correct because they are not related to the process of setting up a new set of firewall rules. A disaster recovery plan is a set of policies
and procedures that aim to restore the normal operations of an organization in the event of a system failure, natural disaster, or other emergency. An incident
response procedure is a set of steps and guidelines that aim to contain, analyze, eradicate, and recover from a security incident, such as a cyberattack, data
breach, or malware infection. A business continuity plan is a set of strategies and actions that aim to maintain the essential functions and operations of an
organization during and after a disruptive event, such as a pandemic, power outage, or civil unrest. References = CompTIA Security+ Study Guide (SY0-701),
Chapter 7: Resilience and Recovery, page 325. Professor Messer’s CompTIA SY0-701 Security+ Training Course, Section 1.3: Security Operations, video:
Change Management (5:45).

NEW QUESTION 8
A security administrator needs a method to secure data in an environment that includes some form of checks so that the administrator can track any changes.
Which of the following should the administrator set up to achieve this goal?

A. SPF
B. GPO
C. NAC
D. FIM

Answer: D

Explanation:
FIM stands for File Integrity Monitoring, which is a method to secure data by detecting any changes or modifications to files, directories, or registry keys. FIM can
help a security administrator track any unauthorized or malicious changes to the data, as well as verify the integrity and compliance of the data. FIM can also alert
the administrator of any potential breaches or incidents involving the data.
Some of the benefits of FIM are:
? It can prevent data tampering and corruption by verifying the checksums or hashes of the files.
? It can identify the source and time of the changes by logging the user and system actions.
? It can enforce security policies and standards by comparing the current state of the data with the baseline or expected state.
? It can support forensic analysis and incident response by providing evidence and audit trails of the changes.
References:
? CompTIA Security+ SY0-701 Certification Study Guide, Chapter 5: Technologies and Tools, Section 5.3: Security Tools, p. 209-210
? CompTIA Security+ SY0-701 Certification Exam Objectives, Domain 2: Technologies and Tools, Objective 2.4: Given a scenario, analyze and interpret output
from security technologies, Sub-objective: File integrity monitor, p. 12

NEW QUESTION 9
Which of the following is a primary security concern for a company setting up a BYOD program?

A. End of life
B. Buffer overflow
C. VM escape
D. Jailbreaking

Answer: D

Explanation:
Jailbreaking is a primary security concern for a company setting up a BYOD (Bring Your Own Device) program. Jailbreaking is the process of removing the
manufacturer’s or the carrier’s restrictions on a device, such as a smartphone or a tablet, to gain root access and install unauthorized or custom software.
Jailbreaking can compromise the security of the device and the data stored on it, as well as expose it to malware, viruses, or hacking. Jailbreaking can also violate
the warranty and the terms of service of the device, and make it incompatible with the company’s security policies and standards. Therefore, a company setting up
a BYOD program should prohibit jailbreaking and enforce device compliance and encryption. References = CompTIA Security+ Study Guide with over 500
Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 2, page 76. CompTIA Security+ SY0-701 Exam Objectives, Domain 2.4, page 11.

NEW QUESTION 10
Which of the following describes a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized
system?

A. SIEM
B. DLP
C. IDS
D. SNMP

Answer: A

Explanation:
SIEM stands for Security Information and Event Management. It is a security alerting and monitoring tool that collects system, application, and network logs from
multiple sources in a centralized system. SIEM can analyze the collected data, correlate events, generate alerts, and provide reports and dashboards. SIEM can
also integrate with other security tools and support compliance requirements. SIEM helps organizations to detect and respond to cyber threats, improve security
posture, and reduce operational costs. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 10: Monitoring and Auditing, page 393.
CompTIA Security+ Practice Tests: Exam SY0-701, 3rd Edition, Chapter 10: Monitoring and Auditing, page 397.

NEW QUESTION 10
A security analyst is reviewing the following logs:

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SY0-701 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SY0-701-exam-dumps.html (0 New Questions)

Which of the following attacks is most likely occurring?

A. Password spraying
B. Account forgery
C. Pass-t he-hash
D. Brute-force

Answer: A

Explanation:
Password spraying is a type of brute force attack that tries common passwords across several accounts to find a match. It is a mass trial-and-error approach that
can bypass account lockout protocols. It can give hackers access to personal or business accounts and information. It is not a targeted attack, but a high-volume
attack tactic that uses a dictionary or a list of popular or weak passwords12.
The logs show that the attacker is using the same password ("password123") to attempt to log in to different accounts ("admin", "user1", "user2", etc.) on the same
web server. This is a typical pattern of password spraying, as the attacker is hoping that at least one of the accounts has a weak password that matches the one
they are trying. The attacker is also using a tool called Hydra, which is one of the most popular brute force tools, often used in cracking passwords for network
authentication3.
Account forgery is not the correct answer, because it involves creating fake accounts or credentials to impersonate legitimate users or entities. There is no
evidence of account forgery in the logs, as the attacker is not creating any new accounts or using forged credentials.
Pass-the-hash is not the correct answer, because it involves stealing a hashed user credential and using it to create a new authenticated session on the same
network. Pass- the-hash does not require the attacker to know or crack the password, as they use the stored version of the password to initiate a new session4.
The logs show that the attacker is using plain text passwords, not hashes, to try to log in to the web server.
Brute-force is not the correct answer, because it is a broader term that encompasses different types of attacks that involve trying different variations of symbols or
words until the correct password is found. Password spraying is a specific type of brute force attack that uses a single common password against multiple
accounts5. The logs show that the attacker is using password spraying, not brute force in general, to try to gain access to the web server. References = 1:
Password spraying: An overview of password spraying attacks … - Norton, 2: Security: Credential Stuffing vs. Password Spraying -
Baeldung, 3: Brute Force Attack: A definition + 6 types to know | Norton, 4: What is a Pass- the-Hash Attack? - CrowdStrike, 5: What is a Brute Force Attack? |
Definition, Types &
How It Works - Fortinet

NEW QUESTION 13
A security analyst reviews domain activity logs and notices the following:

Which of the following is the best explanation for what the security analyst has discovered?

A. The user jsmith's account has been locked out.

B. A keylogger is installed on [smith's workstation
C. An attacker is attempting to brute force ismith's account.
D. Ransomware has been deployed in the domain.

Answer: C

Explanation:
Brute force is a type of attack that tries to guess the password or other credentials of a user account by using a large number of possible combinations. An
attacker can use automated tools or scripts to perform a brute force attack and gain unauthorized access to the account. The domain activity logs show that the
user ismith has failed to log in 10 times in a row within a short period of time, which is a strong indicator of a brute force attack. The logs also show that the source
IP address of the failed logins is different from the usual IP address of ismith, which suggests that the attacker is using a different device or location to launch the
attack. The security analyst should take immediate action to block the attacker’s IP address, reset ismith’s password, and notify ismith of the incident. References
= CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 1, page 14. CompTIA Security+ (SY0-701)
Certification Exam Objectives, Domain 1.1, page 2. Threat Actors and Attributes – SY0-601 CompTIA Security+ : 1.1

NEW QUESTION 18
An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device.
Which of the following best describes the user’s activity?

A. Penetration testing
B. Phishing campaign
C. External audit
D. Insider threat

Answer: D

Explanation:
An insider threat is a security risk that originates from within the organization, such as an employee, contractor, or business partner, who has authorized access to
the organization’s data and systems. An insider threat can be malicious, such as stealing, leaking, or sabotaging sensitive data, or unintentional, such as falling
victim to phishing or social engineering. An insider threat can cause significant damage to the organization’s reputation, finances, operations, and legal
compliance. The user’s activity of logging in remotely after hours and copying large amounts of data to a personal device is an example of a malicious insider
threat, as it violates the organization’s security policies and compromises the confidentiality and integrity of the data. References = Insider Threats – CompTIA
Security+ SY0-701: 3.2, video at 0:00; CompTIA Security+ SY0-701 Certification Study Guide, page 133.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SY0-701 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SY0-701-exam-dumps.html (0 New Questions)

NEW QUESTION 19
Which of the following must be considered when designing a high-availability network? (Select two).

A. Ease of recovery
B. Ability to patch
C. Physical isolation
D. Responsiveness
E. Attack surface
F. Extensible authentication

Answer: AE

Explanation:
A high-availability network is a network that is designed to minimize downtime and ensure continuous operation of critical services and applications. To achieve
this goal, a high-availability network must consider two important factors: ease of recovery and attack surface.
Ease of recovery refers to the ability of a network to quickly restore normal functionality after a failure, disruption, or disaster. A high-availability network should
have mechanisms such as redundancy, failover, backup, and restore to ensure that any single point of failure does not cause a complete network outage. A high-
availability network should also have procedures and policies for incident response, disaster recovery, and business continuity to minimize the impact of any
network issue on the organization’s operations and reputation. Attack surface refers to the exposure of a network to potential threats and vulnerabilities. A high-
availability network should have measures such as encryption, authentication, authorization, firewall, intrusion detection and prevention, and patch management to
protect the network from unauthorized access, data breaches, malware, denial-of-service attacks, and other cyberattacks. A high-availability network should also
have processes and tools for risk assessment, threat intelligence, vulnerability scanning, and penetration testing to identify and mitigate any weaknesses or gaps
in the network security. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 4:
Architecture and Design, pages 164-1651. CompTIA Security+ Certification Kit: Exam SY0- 701, 7th Edition, Chapter 4: Architecture and Design, pages 164-1652.

NEW QUESTION 23
A newly identified network access vulnerability has been found in the OS of legacy loT devices. Which of the following would best mitigate this vulnerability
quickly?

A. Insurance
B. Patching
C. Segmentation
D. Replacement

Answer: C

Explanation:
Segmentation is a technique that divides a network into smaller subnetworks or segments, each with its own security policies and controls. Segmentation can help
mitigate network access vulnerabilities in legacy loT devices by isolating them from other devices and systems, reducing their attack surface and limiting the
potential impact of a breach. Segmentation can also improve network performance and efficiency by reducing congestion and traffic. Patching, insurance, and
replacement are other possible strategies to deal with network access vulnerabilities, but they may not be feasible or effective in the short term. Patching may not
be available or compatible for legacy loT devices, insurance may not cover the costs or damages of a cyberattack, and replacement may be expensive and time-
consuming. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 142-143

NEW QUESTION 25
A systems administrator is working on a solution with the following requirements:
• Provide a secure zone.
• Enforce a company-wide access control policy.
• Reduce the scope of threats.
Which of the following is the systems administrator setting up?

A. Zero Trust
B. AAA
C. Non-repudiation
D. CIA

Answer: A

Explanation:
Zero Trust is a security model that assumes no trust for any entity inside or outside the network perimeter and requires continuous verification of identity and
permissions. Zero Trust can provide a secure zone by isolating and protecting sensitive data and resources from unauthorized access. Zero Trust can also enforce
a company- wide access control policy by applying the principle of least privilege and granular segmentation for users, devices, and applications. Zero Trust can
reduce the scope of threats by preventing lateral movement and minimizing the attack surface.
References:
? 5: This source explains the concept and benefits of Zero Trust security and how it differs from traditional security models.
? 8: This source provides an overview of Zero Trust identity security and how it can help verify the identity and integrity of users and devices.

NEW QUESTION 26
An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following
social engineering techniques are being attempted? (Choose two.)

A. Typosquatting
B. Phishing
C. Impersonation
D. Vishing
E. Smishing
F. Misinformation

Answer: BE

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SY0-701 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SY0-701-exam-dumps.html (0 New Questions)

Explanation:
Smishing is a type of social engineering technique that uses text messages (SMS) to trick victims into revealing sensitive information, clicking malicious links, or
downloading malware. Smishing messages often appear to come from legitimate sources, such as banks, government agencies, or service providers, and use
urgent or threatening language to persuade the recipients to take action12. In this scenario, the text message that claims to be from the payroll department is an
example of smishing.
Impersonation is a type of social engineering technique that involves pretending to be someone else, such as an authority figure, a trusted person, or a colleague,
to gain the trust or cooperation of the target. Impersonation can be done through various channels, such as phone calls, emails, text messages, or in-person visits,
and can be used to obtain information, access, or money from the victim34. In this scenario, the text message that pretends to be from the payroll department is an
example of impersonation.
* A. Typosquatting is a type of cyberattack that involves registering domain names that are similar to popular or well-known websites, but with intentional spelling
errors or different extensions. Typosquatting aims to exploit the common mistakes that users make when typing web addresses, and redirect them to malicious or
fraudulent sites that may steal their information, install malware, or display ads56. Typosquatting is not related to text messages or credential verification.
* B. Phishing is a type of social engineering technique that uses fraudulent emails to trick recipients into revealing sensitive information, clicking malicious links, or
downloading malware. Phishing emails often mimic the appearance and tone of legitimate organizations, such as banks, retailers, or service providers, and use
deceptive or urgent language to persuade the recipients to take action78. Phishing is not related to text messages or credential verification.
* D. Vishing is a type of social engineering technique that uses voice calls to trick victims into revealing sensitive information, such as passwords, credit card
numbers, or bank account details. Vishing calls often appear to come from legitimate sources, such as law enforcement, government agencies, or technical
support, and use scare tactics or false promises to persuade the recipients to comply9 . Vishing is not related to text messages or credential verification.
* F. Misinformation is a type of social engineering technique that involves spreading false or misleading information to influence the beliefs, opinions, or actions of
the target. Misinformation can be used to manipulate public perception, create confusion, damage reputation, or promote an agenda . Misinformation is not related
to text messages or credential verification.
References = 1: What is Smishing? | Definition and Examples | Kaspersky 2: Smishing - Wikipedia 3: Impersonation Attacks: What Are They and How Do You
Protect Against
Them? 4: Impersonation - Wikipedia 5: What is Typosquatting? | Definition and Examples | Kaspersky 6: Typosquatting - Wikipedia 7: What is Phishing? |
Definition and Examples | Kaspersky 8: Phishing - Wikipedia 9: What is Vishing? | Definition and Examples | Kaspersky : Vishing - Wikipedia : What is
Misinformation? | Definition and Examples | Britannica : Misinformation - Wikipedia

NEW QUESTION 27
A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy?

A. Enumeration
B. Sanitization
C. Destruction
D. Inventory

Answer: B

Explanation:
Sanitization is the process of removing sensitive data from a storage device or a system before it is disposed of or reused. Sanitization can be done by using
software tools or hardware devices that overwrite the data with random patterns or zeros, making it unrecoverable. Sanitization is different from destruction, which
is the physical damage of the storage device to render it unusable. Sanitization is also different from enumeration, which is the identification of network resources
or devices, and inventory, which is the tracking of assets and their locations. The policy of securely wiping hard drives before sending decommissioned systems to
recycling is an example of sanitization, as it ensures that no confidential data can be retrieved from the recycled devices. References = Secure Data Destruction –
SY0-601 CompTIA Security+ : 2.7, video at 1:00; CompTIA Security+ SY0-701 Certification Study Guide, page 387.

NEW QUESTION 29
A systems administrator receives the following alert from a file integrity monitoring tool: The hash of the cmd.exe file has changed.
The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?

A. The end user changed the file permissions.

B. A cryptographic collision was detected.
C. A snapshot of the file system was taken.
D. A rootkit was deployed.

Answer: D

Explanation:
A rootkit is a type of malware that modifies or replaces system files or processes to hide its presence and activity. A rootkit can change the hash of the cmd.exe
file, which is a command-line interpreter for Windows systems, to avoid detection by antivirus or file integrity monitoring tools. A rootkit can also grant the attacker
remote access and control over the infected system, as well as perform malicious actions such as stealing data, installing backdoors, or launching attacks on other
systems. A rootkit is one of the most difficult types of malware to remove, as it can persist even after rebooting or
reinstalling the OS. References = CompTIA Security+ Study Guide with over 500 Practice
Test Questions: Exam SY0-701, 9th Edition, Chapter 4, page 147. CompTIA Security+ SY0-701 Exam Objectives, Domain 1.2, page 9.

NEW QUESTION 32
Which of the following is used to protect a computer from viruses, malware, and Trojans being installed and moving laterally across the network?

A. IDS
B. ACL
C. EDR
D. NAC

Answer: C

Explanation:
Endpoint detection and response (EDR) is a technology that monitors and analyzes the activity and behavior of endpoints, such as computers, laptops, mobile
devices, and servers. EDR can help to detect and prevent malicious software, such as viruses, malware, and Trojans, from infecting the endpoints and spreading
across the network. EDR can also provide visibility and response capabilities to contain and remediate threats. EDR is different from IDS, which is a network-
based technology that monitors and alerts on network traffic anomalies. EDR is also different from ACL, which is a list of rules that control the access to network
resources. EDR is also different from NAC, which is a technology that enforces policies on the network access of devices based on their identity and compliance

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SY0-701 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SY0-701-exam-dumps.html (0 New Questions)

status. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 2561

NEW QUESTION 36
A Chief Information Security Officer wants to monitor the company's servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The
company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?

A. Logging all NetFlow traffic into a SIEM

B. Deploying network traffic sensors on the same subnet as the servers
C. Logging endpoint and OS-specific security logs
D. Enabling full packet capture for traffic entering and exiting the servers

Answer: D

Explanation:
Full packet capture is a technique that records all network traffic passing through a device, such as a router or firewall. It allows for detailed analysis and
investigation of network events, such as SQLi attacks, by providing the complete content and context of the packets. Full packet capture can help identify the
source, destination, payload, and timing of an SQLi attack, as well as the impact on the server and database. Logging NetFlow traffic, network traffic sensors, and
endpoint and OS-specific security logs can provide some information about network activity, but they do not capture the full content of the packets, which may limit
the scope and depth of the investigation. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 372-373

NEW QUESTION 37
An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker
using?

A. Smishing
B. Disinformation
C. Impersonating
D. Whaling

Answer: D

Explanation:
Whaling is a type of phishing attack that targets high-profile individuals, such as executives, celebrities, or politicians. The attacker impersonates someone with
authority or influence and tries to trick the victim into performing an action, such as transferring money, revealing sensitive information, or clicking on a malicious
link. Whaling is also called CEO fraud or business email compromise2.
References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 3, page 97.

NEW QUESTION 38
A systems administrator is looking for a low-cost application-hosting solution that is cloud- based. Which of the following meets these requirements?

A. Serverless framework
B. Type 1 hvpervisor
C. SD-WAN
D. SDN

Answer: A

Explanation:
A serverless framework is a cloud-based application-hosting solution that meets the requirements of low-cost and cloud-based. A serverless framework is a type
of cloud computing service that allows developers to run applications without managing or provisioning any servers. The cloud provider handles the server-side
infrastructure, such as scaling, load balancing, security, and maintenance, and charges the developer only for the resources consumed by the application. A
serverless framework enables developers to focus on the application logic and functionality, and reduces the operational costs and complexity of hosting
applications. Some examples of serverless frameworks are AWS Lambda, Azure Functions, and Google Cloud Functions.
A type 1 hypervisor, SD-WAN, and SDN are not cloud-based application-hosting solutions that meet the requirements of low-cost and cloud-based. A type 1
hypervisor is a software layer that runs directly on the hardware and creates multiple virtual machines that can run different operating systems and applications. A
type 1 hypervisor is not a cloud-based service, but a virtualization technology that can be used to create private or hybrid clouds. A type 1 hypervisor also requires
the developer to manage and provision the servers and the virtual machines, which can increase the operational costs and complexity of hosting applications.
Some examples of type 1 hypervisors are VMware ESXi, Microsoft Hyper-V, and Citrix XenServer.
SD-WAN (Software-Defined Wide Area Network) is a network architecture that uses software to dynamically route traffic across multiple WAN connections, such
as broadband, LTE, or MPLS. SD-WAN is not a cloud-based service, but a network optimization technology that can improve the performance, reliability, and
security of WAN connections. SD-WAN can be used to connect remote sites or users to cloud-based applications, but it does not host the applications itself. Some
examples of SD-WAN vendors are Cisco, VMware, and Fortinet.
SDN (Software-Defined Networking) is a network architecture that decouples the control plane from the data plane, and uses a centralized controller to
programmatically manage and configure the network devices and traffic flows. SDN is not a cloud-based service, but a network automation technology that can
enhance the scalability, flexibility, and efficiency of the network. SDN can be used to create virtual networks or network functions that can support cloud-based
applications, but it does not host the applications itself. Some examples of SDN vendors are OpenFlow, OpenDaylight, and OpenStack.
References = CompTIA Security+ SY0-701 Certification Study Guide, page 264-265; Professor Messer’s CompTIA SY0-701 Security+ Training Course, video 3.1
- Cloud and Virtualization, 7:40 - 10:00; [Serverless Framework]; [Type 1 Hypervisor]; [SD-WAN]; [SDN].

NEW QUESTION 40
Which of the following is used to validate a certificate when it is presented to a user?

A. OCSP
B. CSR
C. CA
D. CRC

Answer: A

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SY0-701 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SY0-701-exam-dumps.html (0 New Questions)

Explanation:
OCSP stands for Online Certificate Status Protocol. It is a protocol that allows applications to check the revocation status of a certificate in real-time. It works by
sending a query to an OCSP responder, which is a server that maintains a database of revoked certificates. The OCSP responder returns a response that
indicates whether the certificate is valid, revoked, or unknown. OCSP is faster and more efficient than downloading and parsing Certificate Revocation Lists
(CRLs), which are large files that contain the serial numbers of all revoked certificates issued by a Certificate Authority (CA). References: CompTIA Security+
Study Guide: Exam SY0-701, 9th Edition, page 337 1

NEW QUESTION 43
After an audit, an administrator discovers all users have access to confidential data on a file server. Which of the following should the administrator use to restrict
access to the data quickly?

A. Group Policy
B. Content filtering
C. Data loss prevention
D. Access control lists

Answer: D

Explanation:
Access control lists (ACLs) are rules that specify which users or groups can access which resources on a file server. They can help restrict access to confidential
data by granting or denying permissions based on the identity or role of the user. In this case, the administrator can use ACLs to quickly modify the access rights of
the users and prevent them from accessing the data they are not authorized to
see. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 308 1

NEW QUESTION 47
A company's marketing department collects, modifies, and stores sensitive customer data. The infrastructure team is responsible for securing the data while in
transit and at rest. Which of the following data roles describes the customer?

A. Processor
B. Custodian
C. Subject
D. Owner

Answer: C

Explanation:
According to the CompTIA Security+ SY0-701 Certification Study Guide, data subjects are the individuals whose personal data is collected, processed, or stored
by an organization. Data subjects have certain rights and expectations regarding how their data is handled, such as the right to access, correct, delete, or restrict
their data. Data subjects are different from data owners, who are the individuals or entities that have the authority and responsibility to determine how data is
classified, protected, and used. Data subjects are also different from data processors, who are the individuals or entities that perform operations on data on behalf
of the data owner, such as collecting, modifying, storing, or transmitting data. Data subjects are also different from data custodians, who are the individuals or
entities that implement the security controls and procedures specified by the data owner to protect data while in transit and at rest.
ReferencesCompTIA Security+ SY0-701 Certification Study Guide, Chapter 2: Data Security, page 511

NEW QUESTION 51
A security team is reviewing the findings in a report that was delivered after a third party performed a penetration test. One of the findings indicated that a web
application form field is vulnerable to cross-site scripting. Which of the following application security techniques should the security analyst recommend the
developer implement to prevent this vulnerability?

A. Secure cookies
B. Version control
C. Input validation
D. Code signing

Answer: C

Explanation:
Input validation is a technique that checks the user input for any malicious or unexpected data before processing it by the web application. Input validation can
prevent cross-site scripting (XSS) attacks, which exploit the vulnerability of a web application to execute malicious scripts in the browser of a victim. XSS attacks
can compromise the confidentiality, integrity, and availability of the web application and its users. Input validation can be implemented on both the client-side and
the server-side, but server-side validation is more reliable and secure. Input validation can use various methods, such as whitelisting, blacklisting, filtering,
escaping, encoding, and sanitizing the input data. References = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th
Edition, Chapter 2, page 70. CompTIA Security+ (SY0-701) Certification Exam Objectives, Domain 3.2, page 11. Application Security – SY0-601 CompTIA
Security+ : 3.2

NEW QUESTION 53
A company is discarding a classified storage array and hires an outside vendor to complete the disposal. Which of the following should the company request from
the vendor?

A. Certification
B. Inventory list
C. Classification
D. Proof of ownership

Answer: A

Explanation:
The company should request a certification from the vendor that confirms the storage array has been disposed of securely and in compliance with the company’s
policies and standards. A certification provides evidence that the vendor has followed the proper procedures and methods to destroy the classified data and

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SY0-701 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SY0-701-exam-dumps.html (0 New Questions)

prevent unauthorized access or recovery. A certification may also include details such as the date, time, location, and method of disposal, as well as the names
and signatures of the personnel
involved. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 3, page 1441

NEW QUESTION 56
During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters,
and two special characters. Once the password is created, the company will grant the employee access to other company-owned websites based on the intranet
profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites
based on a user's intranet account? (Select two).

A. Federation
B. Identity proofing
C. Password complexity
D. Default password changes
E. Password manager
F. Open authentication

Answer: AC

Explanation:
Federation is an access management concept that allows users to authenticate once and access multiple resources or services across different domains or
organizations. Federation relies on a trusted third party that stores the user’s credentials and provides them to the requested resources or services without
exposing them. Password complexity is a security measure that requires users to create passwords that meet certain criteria, such as length, character types, and
uniqueness. Password complexity can help prevent brute-force attacks, password guessing, and credential stuffing by making passwords harder to crack or guess.
References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 308-309 and 312-313 1

NEW QUESTION 57
Which of the following is the most likely to be included as an element of communication in a security awareness program?

A. Reporting phishing attempts or other suspicious activities

B. Detecting insider threats using anomalous behavior recognition
C. Verifying information when modifying wire transfer data
D. Performing social engineering as part of third-party penetration testing

Answer: A

Explanation:
A security awareness program is a set of activities and initiatives that aim to educate and inform the users and employees of an organization about the security
policies, procedures, and best practices. A security awareness program can help to reduce the human factor in security risks, such as social engineering, phishing,
malware, data breaches, and insider threats. A security awareness program should include various elements of communication, such as newsletters, posters,
videos, webinars, quizzes, games, simulations, and feedback mechanisms, to deliver the security messages and reinforce the security culture. One of the most
likely elements of communication to be included in a security awareness program is reporting phishing attempts or other suspicious activities, as this can help to
raise the awareness of the users and employees about the common types of cyberattacks and how to respond to them. Reporting phishing attempts or other
suspicious activities can also help to alert the security team and enable them to take appropriate actions to prevent or mitigate the impact of the attacks. Therefore,
this is the best answer among the given options.
The other options are not as likely to be included as elements of communication in a security awareness program, because they are either technical or operational
tasks that are not directly related to the security awareness of the users and employees. Detecting insider threats using anomalous behavior recognition is a
technical task that involves using security tools or systems to monitor and analyze the activities and behaviors of the users and employees and identify any
deviations or anomalies that may indicate malicious or unauthorized actions. This task is usually performed by the security team or the security operations center,
and it does not require the communication or participation of the users and employees. Verifying information when modifying wire transfer data is an operational
task that involves using verification methods, such as phone calls, emails, or digital signatures, to confirm the authenticity and accuracy of the information related
to wire transfers, such as the account number, the amount, or the recipient. This task is usually performed by the financial or accounting department, and it does
not involve the security awareness of the users and employees. Performing social engineering as part of third-party penetration testing is a technical task that
involves using deception or manipulation techniques, such as phishing, vishing, or impersonation, to test the security posture and the vulnerability of the users and
employees to social engineering attacks. This task is usually performed by external security professionals or consultants, and it does not require the
communication or consent of the users and employees. Therefore, these options are not the best answer for this question. References = Security Awareness and
Training –
CompTIA Security+ SY0-701: 5.2, video at 0:00; CompTIA Security+ SY0-701 Certification Study Guide, page 263.

NEW QUESTION 59
A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering.
Which of the following teams will conduct this assessment activity?

A. White
B. Purple
C. Blue
D. Red

Answer: D

Explanation:
A red team is a group of security professionals who perform offensive security assessments covering penetration testing and social engineering. A red team
simulates real-world attacks and exploits the vulnerabilities of a target organization, system, or network. A red team aims to test the effectiveness of the security
controls, policies, and procedures of the target, as well as the awareness and response of the staff and the blue team. A red team can be hired as an external
consultant or formed internally within the organization. References = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th
Edition, Chapter 1, page 18. CompTIA Security+ (SY0-701) Certification Exam Objectives, Domain 1.8, page 4. Security Teams – SY0-601 CompTIA Security+ :
1.8

NEW QUESTION 63

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SY0-701 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SY0-701-exam-dumps.html (0 New Questions)

An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk
software. Which of the following security techniques is the IT manager setting up?

A. Hardening
B. Employee monitoring
C. Configuration enforcement
D. Least privilege

Answer: D

Explanation:
The principle of least privilege is a security concept that limits access to resources to the minimum level needed for a user, a program, or a device to perform a
legitimate function. It is a cybersecurity best practice that protects high-value data and assets from compromise or insider threat. Least privilege can be applied to
different abstraction layers of a computing environment, such as processes, systems, or connected devices. However, it is rarely implemented in practice.
In this scenario, the IT manager is setting up the principle of least privilege by restricting access to the administrator console of the help desk software to only two
authorized users: the IT manager and the help desk lead. This way, the IT manager can prevent unauthorized or accidental changes to the software configuration,
data, or functionality by other help desk staff. The other help desk staff will only have access to the normal user interface of the software, which is sufficient for
them to perform their job functions.
The other options are not correct. Hardening is the process of securing a system by reducing its surface of vulnerability, such as by removing unnecessary
software, changing default passwords, or disabling unnecessary services. Employee monitoring is the surveillance of workers’ activity, such as by tracking web
browsing, application use, keystrokes, or screenshots. Configuration enforcement is the process of ensuring that a system adheres to a predefined set of security
settings, such as by applying a patch, a policy, or a template.
References = https://en.wikipedia.org/wiki/Principle_of_least_privilege https://en.wikipedia.org/wiki/Principle_of_least_privilege

NEW QUESTION 65
A company's end users are reporting that they are unable to reach external websites. After reviewing the performance data for the DNS severs, the analyst
discovers that the CPU, disk, and memory usage are minimal, but the network interface is flooded with inbound traffic. Network logs show only a small number of
DNS queries sent to this server. Which of the following best describes what the security analyst is seeing?

A. Concurrent session usage

B. Secure DNS cryptographic downgrade
C. On-path resource consumption
D. Reflected denial of service

Answer: D

Explanation:
A reflected denial of service (RDoS) attack is a type of DDoS attack that uses spoofed source IP addresses to send requests to a third-party server, which then
sends responses to the victim server. The attacker exploits the difference in size between the request and the response, which can amplify the amount of traffic
sent to the victim server. The attacker also hides their identity by using the victim’s IP address as the source. A RDoS attack can target DNS servers by sending
forged DNS queries that generate large DNS responses. This can flood the network interface of the DNS server and prevent it from serving legitimate requests
from end users. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 215-216 1

NEW QUESTION 66
An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution
that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee
internet traffic. Which of the following will help achieve these objectives?

A. Deploying a SASE solution to remote employees

B. Building a load-balanced VPN solution with redundant internet
C. Purchasing a low-cost SD-WAN solution for VPN traffic
D. Using a cloud provider to create additional VPN concentrators

Answer: A

Explanation:
SASE stands for Secure Access Service Edge. It is a cloud-based service that combines network and security functions into a single integrated solution. SASE
can help reduce traffic on the VPN and internet circuit by providing secure and optimized access to the data center and cloud applications for remote employees.
SASE can also monitor and enforce security policies on the remote employee internet traffic, regardless of their location or device. SASE can offer benefits such
as lower costs, improved performance, scalability, and flexibility compared to traditional VPN solutions. References: CompTIA Security+ Study Guide: Exam
SY0-701, 9th Edition, page 457-458 1

NEW QUESTION 68
An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of .ryk. Which of the
following types of infections is present on the systems?

A. Virus
B. Trojan
C. Spyware
D. Ransomware

Answer: D

Explanation:
Ransomware is a type of malware that encrypts the victim’s files and demands a ransom for the decryption key. The ransomware usually displays a message on
the infected system with instructions on how to pay the ransom and recover the files. The .ryk extension is associated with a ransomware variant called Ryuk,
which targets large organizations and demands high ransoms1.
References: CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 1, page 17.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SY0-701 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SY0-701-exam-dumps.html (0 New Questions)

NEW QUESTION 71
A user is attempting to patch a critical system, but the patch fails to transfer. Which of the following access controls is most likely inhibiting the transfer?

A. Attribute-based
B. Time of day
C. Role-based
D. Least privilege

Answer: D

Explanation:
The least privilege principle states that users and processes should only have the minimum level of access required to perform their tasks. This helps to prevent
unauthorized or unnecessary actions that could compromise security. In this case, the patch transfer might be failing because the user or process does not have
the appropriate permissions to access the critical system or the network resources needed for the transfer. Applying the least privilege principle can help to avoid
this issue by granting the user or process the necessary access rights for the patching activity. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th
Edition, page 931

NEW QUESTION 75
An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to
evaluate?

A. Secured zones
B. Subject role
C. Adaptive identity
D. Threat scope reduction

Answer: A

Explanation:
Secured zones are a key component of the Zero Trust data plane, which is the layer where data is stored, processed, and transmitted. Secured zones are logical
or physical segments of the network that isolate data and resources based on their sensitivity and risk. Secured zones enforce granular policies and controls to
prevent unauthorized access and lateral movement within the network1.
References: CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 5, page 255.

NEW QUESTION 79
......

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full SY0-701 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/SY0-701-exam-dumps.html (0 New Questions)

Thank You for Trying Our Product

We offer two products:

1st - We have Practice Tests Software with Actual Exam Questions

2nd - Questons and Answers in PDF Format

SY0-701 Practice Exam Features:

* SY0-701 Questions and Answers Updated Frequently

* SY0-701 Practice Questions Verified by Expert Senior Certified Staff

* SY0-701 Most Realistic Questions that Guarantee you a Pass on Your FirstTry

* SY0-701 Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year

100% Actual & Verified — Instant Download, Please Click

Order The SY0-701 Practice Test Here

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Powered by TCPDF (www.tcpdf.org)