CompTIA Security+Exam (SY0-701) Free Questions - Part 15
Question No : 211) A well-known organization has been experiencing attacks from APIs. The organization is concerned that custom malware is being created and emailed into the company or installed on USB sticks that are dropped in parking lots. Which of the following is the BEST defense against this scenario?
A. Configuring signature-based antivirus io update every 30 minutes
B. Enforcing S/MIME for email and automatically encrypting USB drives upon insertion.
C. Implementing application execution in a sandbox for unknown software.
D. Fuzzing new files for vulnerabilities if they are not digitally signed
Question No : 212) Which of the following would be BEST to establish between organizations that have agreed cooperate and are engaged in early discussion to define the responsibilities of each party, but do not want to establish a contractually binding agreement?
A. An SLA
B. An NDA
C. A BPA
D. An MOU
Question No : 213) An organization hired a consultant to assist with an active attack, and the consultant was able to identify the compromised accounts and computers. Which of the following is the consultant MOST likely to recommend to prepare for eradication?
A. Quarantining the compromised accounts and computers, only providing them with network access
B. Segmenting the compromised accounts and computers into a honeynet so as to not alert the attackers.
C. Isolating the compromised accounts and computers, cutting off all network and internet access.
D. Logging off and deleting the compromised accounts and computers to eliminate attacker access.
Question No : 214) Users at organization have been installing programs from the internet on their workstations without first proper authorization. The organization maintains a portal from which users can install standardized programs. However, some users have administrative access on their workstations to enable legacy programs to function property. Which of the following should the security administrator consider implementing to address this issue?
A. Application code signing
B. Application whitellsting
C. Data loss prevention
D. Web application firewalls
Question No : 215) Which of the following would be BEST to establish between organizations to define the responsibilities of each party outline the key deliverables and include monetary penalties for breaches to manage third-party risk?
A. An ARO
B. An MOU
C. An SLA
D. A BPA
Question No : 216) An attacker is exploiting a vulnerability that does not have a patch available. Which of the following is the attacker exploiting?
A. Zero-day
B. Default permissions
C. Weak encryption
D. Unsecure root accounts
Question No : 217) A systems analyst is responsible for generating a new digital forensics chain-of-custody form Which of the following should the analyst Include in this documentation? (Select TWO).
A. The order of volatility
B. A checksum
C. The location of the artifacts
D. The vendor's name
E. The date and time
F. A warning banner
Question No : 218) A Chief Information Security Officer (CISO) is concerned about the organization's ability to continue business operation in the event of a prolonged DDoS attack on its local datacenter that consumes database resources. Which of the following will the CISO MOST likely recommend to mitigate this risk?
A. Upgrade the bandwidth available into the datacenter
B. Implement a hot-site failover location
C. Switch to a complete SaaS offering to customers
D. Implement a challenge response test on all end-user queries
Question No : 219) A cybersecurity administrator is using iptables as an enterprise firewall. The administrator created some rules, but the network now seems to be unresponsive All connections are being dropped by the firewall. Which of the following would be the BEST option to remove the rules?
A. # iptables -t mangle -X
B. # iptables -F
C. # iptables -Z
D. # iptables -P INPUT -j DROP
Question No : 220) A security administrator checks the table of a network switch, which shows the following output:
Which of the following is happening to this switch?
A. MAC Flooding
B. DNS poisoning
C. MAC cloning
D. ARP poisoning
Question No : 221) A security analyst is reviewing information regarding recent vulnerabilities. Which of the following will the analyst MOST likely consult to validate which platforms have been affected?
A. OSINT
B. SIEM
C. CVSS
D. CVE
Question No : 222) An analyst has determined that a server was not patched and an external actor exfiltrated data on port 139. Which of the following sources should the analyst review to BEST ascertain how the Incident could have been prevented?
A. The vulnerability scan output
B. The security logs
C. The baseline report
D. The correlation of events
Question No : 223) A security analyst discovers several .jpg photos from a cellular phone during a forensics investigation involving a compromised system. The analyst runs a forensics tool to gather file metadata. Which of the following would be part of the images if all the metadata is still intact?
A. The GPS location
B. When the file was deleted
C. The total number of print jobs
D. The number of copies made
Question No : 224) A forensics examiner is attempting to dump password cached in the physical memory of a live system but keeps receiving an error message. Which of the following BEST describes the cause of the error?
A. The examiner does not have administrative privileges to the system
B. The system must be taken offline before a snapshot can be created
C. Checksum mismatches are invalidating the disk image
D. The swap file needs to be unlocked before it can be accessed
Question No : 225) Which of the following will MOST likely cause machine learning and Al-enabled systems to operate with unintended consequences?
A. Stored procedures
B. Buffer overflows
C. Data bias
D. Code reuse
SY0-701 Answers