CompTIA Security+Exam (SY0-701) Free Questions - Part 11

Question No : 151) A nuclear plant was the victim of a recent attack, and all the networks were air gapped. A subsequent investigation revealed a worm as the source of the issue. Which of the following BEST explains what happened?

A. A malicious USB was introduced by an unsuspecting employee.

B. The ICS firmware was outdated

C. A local machine has a RAT installed.

D. The HVAC was connected to the maintenance vendor.

 

Question No : 152) An organization routes all of its traffic through a VPN Most users are remote and connect into a corporate datacenter that houses confidential information There is a firewall at the Internet border followed by a DIP appliance, the VPN server and the datacenter itself. Which of the following is the WEAKEST design element?

A. The DLP appliance should be integrated into a NGFW.

B. Split-tunnel connections can negatively impact the DLP appliance's performance

C. Encrypted VPN traffic will not be inspected when entering or leaving the network

D. Adding two hops in the VPN tunnel may slow down remote connections

 

Question No : 153) An end user reports a computer has been acting slower than normal for a few weeks. During an investigation, an analyst determines the system is sending the user's email address and a ten-digit number to an IP address once a day. The only recent log entry regarding the user's computer is the following:

 

An end user reports a computer has been acting slower than normal for a few weeks.

 

Which of the following is the MOST likely cause of the issue?

A. The end user purchased and installed a PUP from a web browser

B. A bot on the computer is brute forcing passwords against a website

C. A hacker is attempting to exfiltrate sensitive data

D. Ransomware is communicating with a command-and-control server.

 

Question No : 154) A company recently experienced an attack in which a malicious actor was able to exfiltrate data by cracking stolen passwords, using a rainbow table the sensitive data. Which of the following should a security engineer do to prevent such an attack in the future?

A. Use password hashing.

B. Enforce password complexity.

C. Implement password salting.

D. Disable password reuse.

 

Question No : 155) Which of the following are requirements that must be configured for PCI DSS compliance? (Select TWO).

A. Testing security systems and processes regularly

B. Installing and maintaining a web proxy to protect cardholder data

C. Assigning a unique ID to each person with computer access

D. Encrypting transmission of cardholder data across private networks

E. Benchmarking security awareness training for contractors

F. Using vendor-supplied default passwords for system passwords

 

Question No : 156) Which of the following provides the BEST protection for sensitive information and data stored in cloud-based services but still allows for full functionality and searchability of data within the cloud-based services?

A. Data encryption

B. Data masking

C. Anonymization

D. Tokenization

 

Question No : 157) Which of the following disaster recovery tests is The LEAST time consuming for the disaster recovery team?

A. Tabletop

B. Parallel

C. Full interruption

D. Simulation

 

Question No : 158) An attacked is attempting to exploit users by creating a fake website with the URL www.validwebsite.com. The attacker's intent is to imitate the look and feel of a legitimate website to obtain personal information from unsuspecting users. Which of the following social-engineering attacks does this describe?

A. Information elicitation

B. Typo squatting

C. Impersonation

D. Watering-hole attack

 

Question No : 159) A security manager for a retailer needs to reduce the scope of a project to comply with PCI DSS. The PCI data is located in different offices than where credit cards are accepted. All the offices are connected via MPLS back to the primary datacenter. Which of the following should the security manager implement to achieve the objective? 

A. Segmentation

B. Containment

C. Geofencing

D. Isolation

 

Question No : 160) When used at the design stage, which of the following improves the efficiency, accuracy, and speed of a database?

A. Tokenization

B. Data masking

C. Normalization

D. Obfuscation

 

Question No : 161) A network engineer needs to create a plan for upgrading the wireless infrastructure in a large office Priority must be given to areas that are currently experiencing latency and connection issues. Which of the following would be the BEST resource for determining the order of priority?

A. Nmapn

B. Heat maps

C. Network diagrams

D. Wireshark

 

Question No : 162) An organization has been experiencing outages during holiday sales and needs to ensure availability of its point-of-sale systems The IT administrator has been asked to improve both server-data fault tolerance and site availability under high consumer load Which of the following are the BEST options to accomplish this objective'? (Select TWO) 

A. Load balancing

B. Incremental backups

C. UPS

D. RAID

E. Dual power supply

F. NIC teaming

 

Question No : 163) A security analyst is reviewing logs on a server and observes the following output: 

 

A security analyst is reviewing logs on a server and observes the following output

 

Which of the following is the security analyst observing?

A. A rainbow table attack

B. A password-spraying attack

C. A dictionary attack

D. A keylogger attack

 

Question No : 164) Which of the following scenarios BEST describes a risk reduction technique?

A. A security control objective cannot be met through a technical change, so the company purchases insurance and is no longer concerned about losses from data breaches.

B. A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation.

C. A security control objective cannot be met through a technical change, so the company changes as method of operation

D. A security control objective cannot be met through a technical change, so the Chief Information Officer (CIO) decides to sign off on the risk.

 

Question No : 165) A security analyst is investigating an incident to determine what an attacker was able to do on a compromised laptop. The analyst reviews the following SIEM log:

 

A security analyst is investigating an incident to determine what an attacker was able to do on a compromised laptop.

 

Which of the following describes the method that was used to compromise the laptop?

A. An attacker was able to move laterally from PC1 to PC2 using a pass-the-hash attack

B. An attacker was able to bypass application whitelisting by emailing a spreadsheet attachment with an embedded PowerShell in the file

C. An attacker was able to install malware to the CAasdf234 folder and use it to gam administrator nights and launch Outlook

D. An attacker was able to phish user credentials successfully from an Outlook user profile 

 

SY0-701 Answers

 

Part 1

Part 2

Part 3

Part 4

Part 5

Part 6

Part 7

Part 8

Part 9

Part 10

Part 11

Part 12

Part 13

Part 14

Part 15

Part 16

Part 17

Part 18

Part 19

Part 20

Part 21

Part 22

Part 23

Part 24

Part 25

Part 26

Part 27

Part 28

Part 29

Part 30

Part 31

Part 32

Part 33

Part 34

Part 35

Part 36

Part 37

Part 38

Part 39

Part 40

Part 41

Part 42