CompTIA Security+Exam (SY0-701) Free Questions - Part 2

Question No : 16) A website developer is working on a new e-commerce website and has asked an information security expert for the most appropriate way to store credit card numbers to create an easy reordering process. Which of the following methods would BEST accomplish this goal?

A. Salting the magnetic strip information

B. Encrypting the credit card information in transit.

C. Hashing the credit card numbers upon entry.

D. Tokenizing the credit cards in the database

 

Question No : 17) A security administrator suspects there may be unnecessary services running on a server. Which of the following tools will the administrator MOST likely use to confirm the suspicions?

A. Nmap

B. Wireshark

C. Autopsy

D. DNSEnum

 

Question No : 18) An auditor is performing an assessment of a security appliance with an embedded OS that was vulnerable during the last two assessments. Which of the following BEST explains the appliance’s vulnerable state?

A. The system was configured with weak default security settings.

B. The device uses weak encryption ciphers.

C. The vendor has not supplied a patch for the appliance.

D. The appliance requires administrative credentials for the assessment.

 

Question No : 19) Which of the following refers to applications and systems that are used within an organization without consent or approval?

A. Shadow IT

B. OSINT

C. Dark web

D. Insider threats

 

Question No : 20) Which of the following is MOST likely to outline the roles and responsibilities of data controllers and data processors?

A. SSAE SOC 2

B. PCI DSS

C. GDPR

D. ISO 31000

 

Question No : 21) A security engineer is reviewing log files after a third discovered usernames and passwords for the organization’s accounts. The engineer sees there was a change in the IP address for a vendor website one earlier. This change lasted eight hours. Which of the following attacks was MOST likely used?

A. Man-in- the middle

B. Spear-phishing

C. Evil twin

D. DNS poising

 

Question No : 22) A cybersecurity administrator needs to add disk redundancy for a critical server. The solution must have a two- drive failure for better fault tolerance. Which of the following RAID levels should the administrator select? 

A. 0

B. 1

C. 5

D. 6

 

Question No : 23) Which of the following technical controls is BEST suited for the detection and prevention of buffer overflows on hosts?

A. DLP

B. HIDS

C. EDR

D. NIPS

 

Question No : 24) An organization just experienced a major cyberattack modem. The attack was well coordinated sophisticated and highly skilled. Which of the following targeted the organization?

A. Shadow IT

B. An insider threat

C. A hacktivist

D. An advanced persistent threat

 

Question No : 25) A public relations team will be taking a group of guest on a tour through the facility of a large e-commerce company. The day before the tour, the company sends out an email to employees to ensure all whiteboards are cleaned and all desks are cleared. The company is MOST likely trying to protect against.

A. Loss of proprietary information

B. Damage to the company’s reputation

C. Social engineering

D. Credential exposure

 

Question No : 26) A company has limited storage available and online presence that cannot for more than four hours. Which of the following backup methodologies should the company implement to allow for the FASTEST database restore time In the event of a failure, which being maindful of the limited available storage space?

A. Implement fulltape backup every Sunday at 8:00 p.m and perform nightly tape rotations.

B. Implement different backups every Sunday at 8:00 and nightly incremental backups at 8:00 p.m

C. Implement nightly full backups every Sunday at 8:00 p.m 

D. Implement full backups every Sunday at 8:00 p.m and nightly differential backups at 8:00

 

Question No : 27) The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, incident during a pandemic or crisis, However, the CEO is concerned that some staff members may take advantage of the of the flexibility and work from high-risk countries while on holidays work to a third-party organization in another country. The Chief information Officer (CIO) believes the company can implement some basic to mitigate the majority of the risk. Which of the following would be BEST to mitigate CEO’s concern? (Select TWO).

A. Geolocation

B. Time-of-day restrictions

C. Certificates

D. Tokens

E. Geotagging

F. Role-based access controls

 

Question No : 28) A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA to be non-disruptive and user friendly. Which of the following technologies should the IT manager use when implementing MFA?

A. One-time passwords

B. Email tokens

C. Push notifications

D. Hardware authentication

 

Question No : 29)  An analyst visits an internet forum looking for information about a tool. The analyst finds a threat that appears to contain relevant information. One of the posts says the following: 

An analyst visits an internet forum looking for information about a tool.

Which of the following BEST describes the attack that was attempted against the forum readers?

A. SOU attack

B. DLL attack

C. XSS attack

D. API attack

 

Question No : 30) In which of the following risk management strategies would cybersecurity insurance be used?

A. Transference

B. Avoidance

C. Acceptance

D. Mitigation
 

SY0-701 Answers

 

Part 1

Part 2

Part 3

Part 4

Part 5

Part 6

Part 7

Part 8

Part 9

Part 10

Part 11

Part 12

Part 13

Part 14

Part 15

Part 16

Part 17

Part 18

Part 19

Part 20

Part 21

Part 22

Part 23

Part 24

Part 25

Part 26

Part 27

Part 28

Part 29

Part 30

Part 31

Part 32

Part 33

Part 34

Part 35

Part 36

Part 37

Part 38

Part 39

Part 40

Part 41

Part 42