CompTIA Security+Exam (SY0-701) Free Questions - Part 14

Question No : 196) A security engineer has enabled two-factor authentication on all workstations. Which of the following approaches are the MOST secure? (Select TWO).

A. Password and security question

B. Password and CAPTCHA

C. Password and smart card

D. Password and fingerprint

E. Password and one-time token

F. Password and voice

 

Question No : 197) A company was recently breached Part of the company's new cybersecurity strategy is to centralize the logs from all security devices Which of the following components forwards the logs to a central source?

A. Log enrichment

B. Log aggregation

C. Log parser

D. Log collector

 

Question No : 198) A security analyst is performing a packet capture on a series of SOAP HTTP requests for a security assessment. The analyst redirects the output to a file After the capture is complete, the analyst needs to review the first transactions quickly and then search the entire series of requests for a particular string Which of the following would be BEST to use to accomplish the task? (Select TWO).

A. head

B. Tcpdump

C. grep

D. rail

E. curl

F. openssi

G. dd

 

Question No : 199) A smart retail business has a local store and a newly established and growing online storefront. A recent storm caused a power outage to the business and the local ISP, resulting in several hours of lost sales and delayed order processing. The business owner now needs to ensure two things:

* Protection from power outages

* Always-available connectivity In case of an outage

The owner has decided to implement battery backups for the computer equipment Which of the following would BEST fulfill the owner's second need?

A. Lease a point-to-point circuit to provide dedicated access.

B. Connect the business router to its own dedicated UPS.

C. Purchase services from a cloud provider for high availability

D Replace the business's wired network with a wireless network.

 

Question No : 200) An organization blocks user access to command-line interpreters but hackers still managed to invoke the interpreters using native administrative tools Which of the following should the security team do to prevent this from Happening in the future?

A. Implement HIPS to block Inbound and outbound SMB ports 139 and 445.

B. Trigger a SIEM alert whenever the native OS tools are executed by the user

C. Disable the built-in OS utilities as long as they are not needed for functionality.

D. Configure the AV to quarantine the native OS tools whenever they are executed

 

Question No : 201) Employees are having issues accessing the company's website. Some employees report very slow performance, while others cannot the website at all. The web and security administrators search the logs and find millions of half-open connections to port 443 on the web server. Further analysis reveals thousands of different source IPs initiating this traffic. Which of the following attacks is MOST likely occurring?

A. DDoS

B. Man-in-the-middle

C. MAC flooding

D. Domain hijacking

 

Question No : 202) A network administrator has been asked to design a solution to improve a company's security posture The administrator is given the following, requirements?

• The solution must be inline in the network

• The solution must be able to block known malicious traffic

• The solution must be able to stop network-based attacks

Which of the following should the network administrator implement to BEST meet these requirements?

A. HIDS

B. NIDS

C. HIPS

D. NIPS

 

Question No : 203) A symmetric encryption algorithm Is BEST suited for: 

A. key-exchange scalability.

B. protecting large amounts of data.

C. providing hashing capabilities,

D. implementing non-repudiation.

 

Question No : 204) Which of the following is MOST likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented?

A. An RTO report

B. A risk register

C. A business impact analysis

D. An asset value register

E. A disaster recovery plan

 

Question No : 205) To reduce costs and overhead, an organization wants to move from an on-premises email solution to a cloud-based email solution. At this time, no other services will be moving. Which of the following cloud models would BEST meet the needs of the organization?

A. MaaS

B. laaS

C. SaaS

D. PaaS

 

Question No : 206) Some laptops recently went missing from a locked storage area that is protected by keyless RFID-enabled locks. There is no obvious damage to the physical space. The security manager identifies who unlocked the door, however, human resources confirms the employee was on vacation at the time of the incident. Which of the following describes what MOST likely occurred?

A. The employee's physical access card was cloned.

B. The employee is colluding with human resources

C. The employee's biometrics were harvested

D. A criminal used lock picking tools to open the door.

 

Question No : 207) Following a prolonged datacenter outage that affected web-based sales, a company has decided to move its operations to a private cloud solution. The security team has received the following requirements:

• There must be visibility into how teams are using cloud-based services.

• The company must be able to identify when data related to payment cards is being sent to the cloud.

• Data must be available regardless of the end user's geographic location

• Administrators need a single pane-of-glass view into traffic and trends.

Which of the following should the security analyst recommend?

A. Create firewall rules to restrict traffic to other cloud service providers.

B. Install a DLP solution to monitor data in transit.

C. Implement a CASB solution.

D. Configure a web-based content filter.

 

Question No : 208) A security analyst Is hardening a Linux workstation and must ensure It has public keys forwarded to remote systems for secure login Which of the following steps should the analyst perform to meet these requirements? (Select TWO).

A. Forward the keys using ssh-copy-id.

B. Forward the keys using scp.

C. Forward the keys using ash -i.

D. Forward the keys using openssl -s.

E. Forward the keys using ssh-keyger.

 

Question No : 209) A security analyst needs to determine how an attacker was able to use User3 to gain a foothold within a company's network. The company's lockout policy requires that an account be locked out for a minimum of 15 minutes after three unsuccessful attempts. While reviewing the log files, the analyst discovers the following:

 

A security analyst needs to determine how an attacker was able to use User3 to gain a foothold within a compan

 

Which of the following attacks MOST likely occurred?

A. Dictionary

B. Credential-stuffing

C. Password-spraying

D. Brute-force

 

Question No : 210) A security analyst is investigation an incident that was first reported as an issue connecting to network shares and the internet, While reviewing logs and tool output, the analyst sees the following:

 

A security analyst is investigation an incident that was first reported as an issue connecting to network shares and the internet

 

Which of the following attacks has occurred?

A. IP conflict

B. Pass-the-hash

C. MAC flooding

D. Directory traversal

E. ARP poisoning

 

SY0-701 Answers

 

Part 1

Part 2

Part 3

Part 4

Part 5

Part 6

Part 7

Part 8

Part 9

Part 10

Part 11

Part 12

Part 13

Part 14

Part 15

Part 16

Part 17

Part 18

Part 19

Part 20

Part 21

Part 22

Part 23

Part 24

Part 25

Part 26

Part 27

Part 28

Part 29

Part 30

Part 31

Part 32

Part 33

Part 34

Part 35

Part 36

Part 37

Part 38

Part 39

Part 40

Part 41

Part 42