CompTIA Security+Exam (SY0-701) Free Questions - Part 20
Question No : 286) A user must introduce a password and a USB key to authenticate against a secure computer, and authentication is limited to the state in which the company resides. Which of the following authentication concepts are in use?
A. Something you know, something you have, and somewhere you are
B. Something you know, something you can do, and somewhere you are
C. Something you are, something you know, and something you can exhibit
D. Something you have, somewhere you are, and someone you know
Question No : 287) A security analyst must determine if either SSH or Telnet is being used to log in to servers. Which of the following should the analyst use?
A. logger
B. Metasploit
C. tcpdump
D. netstat
Question No : 288) A500 is implementing an insider threat detection program, The primary concern is that users may be accessing confidential data without authorization. Which of the fallowing should be deployed to detect a potential insider threat?
A. A honeyfile
B. A DMZ
C. ULF
D. File integrity monitoring
Question No : 289) After a hardware incident, an unplanned emergency maintenance activity was conducted to rectify the issue. Multiple alerts were generated on the SIEM during this period of time. Which of the following BEST explains what happened?
A The unexpected traffic correlated against multiple rules, generating multiple alerts.
B. Multiple alerts were generated due to an attack occurring at the same time.
C. An error in the correlation rules triggered multiple alerts.
D. The SIEM was unable to correlate the rules, triggering the alerts.
Question No : 290) Which of the following components can be used to consolidate and forward inbound Interne! traffic to multiple cloud environments though a single firewall?
A. Transit gateway
B. Cloud hot site
C. Edge computing
D. DNS sinkhole
Question No : 291) Historically. a company has had issues with users plugging in personally owned removable media devices into corporate computers. As a result, the threat of malware incidents is almost constant. Which of the following would BEST help prevent the malware from being installed on the computers?
A. AUP
B. NGFW
C. DLP
D. EDR
Question No : 292) A company recently experienced an attack during which its main website was directed to the attacker’s web server, allowing the attacker to harvest credentials from unsuspecting customers. Which of the following should the company implement to prevent this type of attack occurring in the future?
A. IPSec
B. SSL/TLS
C. DNSSEC
D. S/MIME
Question No : 293) Which of the following controls would BEST identify and report malicious insider activities?
A. An intrusion detection system
B. A proxy
C. Audit trails
D. Strong authentication
Question No : 294) A security assessment found that several embedded systems are running unsecure protocols. These Systems were purchased two years ago and the company that developed them is no longer in business Which of the following constraints BEST describes the reason the findings cannot be remediated?
A. inability to authenticate
B. Implied trust
C. Lack of computing power
D. Unavailable patch
Question No : 295) A company just developed a new web application for a government agency. The application must be assessed and authorized prior to being deployed. Which of the following is required to assess the vulnerabilities resident in the application?
A. Repository transaction logs
B. Common Vulnerabilities and Exposures
C. Static code analysis
D. Non-credentialed scans
Question No : 296) The security administrator has installed a new firewall which implements an implicit DENY policy by default.
INSTRUCTIONS:
Click on the firewall and configure it to allow ONLY the following communication.
1. The Accounting workstation can ONLY access the web server on the public network over the default HTTPS port. The accounting workstation should not access other networks.
2. The HR workstation should be restricted to communicate with the Financial server ONLY, over the default SCP port
3. The Admin workstation should ONLY be able to access the servers on the secure network over the default TFTP port. Instructions: The firewall will process the rules in a top-down manner in order as a first match The port number must be typed in and only one port number can be entered per rule Type ANY for all ports. The original firewall configuration can be reset at any time by pressing the reset button. Once you have met the simulation requirements, click save and then Done to submit.
Hot Area:
Question No : 297) A developer is concerned about people downloading fake malware-infected replicas of a popular game. Which of the following should the developer do to help verify legitimate versions of the game for users?
A. Digitally sign the relevant game files.
B. Embed a watermark using steganography.
C. Implement TLS on the license activation server.
D. Fuzz the application for unknown vulnerabilities.
Question No : 298) An organization maintains several environments in which patches are developed and tested before deployed to an operation status. Which of the following is the environment in which patches will be deployed just prior to being put into an operational status?
A. Development
B. Test
C. Production
D. Staging
Question No : 299) Which of the following types of attacks is being attempted and how can it be mitigated?
A. XSS; implement a SIEM
B. CSRF; implement an IPS
C. Directory traversal: implement a WAF
D. SQL injection: implement an IDS
Question No : 300) After segmenting the network, the network manager wants to control the traffic between the segments. Which of the following should the manager use to control the network traffic?
A. A DMZ
B. A VPN
C. A VLAN
D. An ACL
SY0-701 Answers