CompTIA Security+Exam (SY0-701) Free Questions - Part 21

Question No : 301) Which of the following environments typically hosts the current version configurations and code, compares user-story responses and workflow, and uses a modified version of actual data for testing?

A. Development

B. Staging

C. Production


Question No : 302) An organization is having difficulty correlating events from its individual AV. EDR. DLP. SWG. WAF. MOM. HIPS, and CASB systems. Which of the following is the BEST way to improve the situation?

A. Remove expensive systems that generate few alerts.

B. Modify the systems to alert only on critical issues.

C. Utilize a SIEM to centralize togs and dashboards.

D. Implement a new syslog/NetFlow appliance.


Question No : 303) Which of the following are common VoIP-associated vulnerabilities? (Select TWO).

A. SPIM

B. vising

C. Hopping

D. Phishing

E. Credential harvesting

F. Tailgating


Question No : 304) A network analyst is setting up a wireless access point for a home office in a remote, rural location. The requirement is that users need to connect to the access point securely but do not want to have to remember passwords Which of the following should the network analyst enable to meet the requirement?

A. MAC address filtering

B. 802.1X

C. Captive portal

D. WPS


Question No : 305) While reviewing the wireless router, the systems administrator of a small business determines someone is spoofing the MAC address of an authorized device. Given the table below:

 

While reviewing the wireless router, the systems administrator of a small business determines someone is spoofing the MAC address of an authorized device.

 

Which of the following should be the administrator's NEXT step to detect if there is a rogue system without impacting availability?

A. Conduct a ping sweep.

B. Physically check each system,

C. Deny Internet access to the "UNKNOWN" hostname.

D. Apply MAC filtering,


Question No : 306) The chief compliance officer from a bank has approved a background check policy for all new hires. Which of the following is the policy MOST likely protecting against?

A. Preventing any current employees’ siblings from working at the bank to prevent nepotism 

B. Hiring an employee who has been convicted of theft to adhere to industry compliance 

C. Filtering applicants who have added false information to resumes so they appear better qualified

D. Ensuring no new hires have worked at other banks that may be trying to steal customer information


Question No : 307) A Chief Executive Officer (CEO) is dissatisfied with the level of service from the company's new service provider. The service provider is preventing the CEO from sending email from a work account to a personal account. Which of the following types of service providers is being used?

A. Telecommunications service provider

B. Cloud service provider

C. Master managed service provider

D. Managed security service provider


Question No : 308) An end user reports a computer has been acting slower than normal for a few weeks, During an investigation, an analyst determines the system 3 sending the users email address and a ten-digit number ta an IP address once a day. The only resent log entry regarding the user's computer is the following:

 

An end user reports a computer has been acting slower than normal for a few weeks, During an investigation

 

Which of the following is the MOST likely cause of the issue?

A. The end user purchased and installed 2 PUP from a web browser.

B. 4 bot on the computer is rule forcing passwords against a website.

C. A hacker Is attempting to exfilltrated sensitive data.

D. Ransomwere is communicating with a command-and-control server.


Question No : 309) The Chief Information Security Officer (CISO) requested a report on potential areas of improvement following a security incident. Which of the following incident response processes is the CISO requesting?

A. Lessons learned

B. Preparation

C. Detection

D. Containment

E. Root cause analysis


Question No : 310) The human resources department of a large online retailer has received multiple customer complaints about the rudeness of the automated chatbots It uses to interface and assist online shoppers. The system, which continuously learns and adapts, was working fine when it was installed a few months ago. Which of the following BEST describes the method being used to exploit the system?

A. Baseline modification

B. A fileless virus

C. Tainted training data

D. Cryptographic manipulation


Question No : 311) A customer service representative reported an unusual text message that was sent to the help desk. The message contained an unrecognized invoice number with a large balance due and a link to click for more details. Which of the following BEST describes this technique?

A. Vishing

B. Whaling

C. Phishing

D. Smishing


Question No : 312) Which of the following would be used to find the MOST common web-application vulnerabilities?

A. OWASP

B. MITRE ATTACK

C. Cyber Kill Chain

D. SDLC


Question No : 313) Which of the following would cause a Chief Information Security Officer (CISO) the MOST concern regarding newly installed Internet-accessible 4K surveillance cameras?

A. An inability to monitor 100%, of every facility could expose the company to unnecessary risk.

B. The cameras could be compromised if not patched in a timely manner.

C. Physical security at the facility may not protect the cameras from theft.

D. Exported videos may take up excessive space on the file servers.


Question No : 314) A news article states that a popular web browser deployed on all corporate PCs is vulnerable a zero-day attack. Which of the following MOST concern the Chief Information Security Officer about the information in the new article?

A. Insider threats have compromised this network

B. Web browsing is not functional for the entire network

C. Antivirus signatures are required to be updated immediately

D. No patches are available for the web browser


Question No : 315) A company Is planning to install a guest wireless network so visitors will be able to access the Internet. The stakeholders want the network to be easy to connect to so time is not wasted during meetings. The WAPs are configured so that power levels and antennas cover only the conference rooms where visitors will attend meetings. Which of the following would BEST protect the company's Internal wireless network against visitors accessing company resources?

A. Configure the guest wireless network to be on a separate VLAN from the company's internal wireless network

B. Change the password for the guest wireless network every month.

C. Decrease the power levels of the access points for the guest wireless network.

D. Enable WPA2 using 802.1X for logging on to the guest wireless network.

 

SY0-701 Answers

 

Part 1

Part 2

Part 3

Part 4

Part 5

Part 6

Part 7

Part 8

Part 9

Part 10

Part 11

Part 12

Part 13

Part 14

Part 15

Part 16

Part 17

Part 18

Part 19

Part 20

Part 21

Part 22

Part 23

Part 24

Part 25

Part 26

Part 27

Part 28

Part 29

Part 30

Part 31

Part 32

Part 33

Part 34

Part 35

Part 36

Part 37

Part 38

Part 39

Part 40

Part 41

Part 42