CompTIA Security+Exam (SY0-701) Free Questions - Part 23

Question No : 331) A company is setting up a web server on the Internet that will utilize both encrypted and unencrypted web-browsing protocols. A security engineer runs a port scan against the server from the Internet and sees the following output:

Which of the following steps would be best for the security engineer to take NEXT?

A. Allow DNS access from the internet.

B. Block SMTP access from the Internet

C. Block HTTPS access from the Internet

D. Block SSH access from the Internet.

Question No : 332) Which of the following should be monitored by threat intelligence researchers who search for leaked credentials?

A. Common Weakness Enumeration

B. OSINT

C. Dark web

D. Vulnerability databases

Question No : 333) A security proposal was set up to track requests for remote access by creating a baseline of the users' common sign-in properties. When a baseline deviation is detected, an Iv1FA challenge will be triggered. Which of the following should be configured in order to deploy the proposal?

A. Context-aware authentication

B. Simultaneous authentication of equals

C. Extensive authentication protocol

D. Agentless network access control

Question No : 334) A company is providing security awareness training regarding the importance of not forwarding social media messages from unverified sources. Which of the following risks would this training help to prevent?

A. Hoaxes

B. SPIMs

C. Identity fraud

D. Credential harvesting

Question No : 335) A cybersecurity administrator needs to implement a Layer 7 security control on a network and block potential attacks. Which of the following can block an attack at Layer 7? (Select TWO).

A. HIDS

B. NIPS

C. HSM

D. WAF

E. NAC

F. NIDS

G. Stateless firewall

Question No : 336) A company is implementing a new SIEM to log and send alerts whenever malicious activity is blocked by its antivirus and web content filters. Which of the following is the primary use case for this scenario?

A. Implementation of preventive controls

B. Implementation of detective controls

C. Implementation of deterrent controls

D. Implementation of corrective controls

Question No : 337) Name: Wikipedia.org Address: 208.80.154.224 Which of the following attacks MOST likely occurred on the user’s internal network?

A. DNS poisoning
B. URL redirection
C. ARP poisoning
D. /etc/hosts poisoning

Question No : 338) Which of the following control types would be BEST to use to identify violations and incidents?

A. Detective

B. Compensating

C. Deterrent

D. Corrective

E. Recovery

F. Preventive

Question No : 339) A dynamic application vulnerability scan identified code injection could be performed using a web form. Which of the following will be BEST remediation to prevent this vulnerability?

A. Implement input validations

B. Deploy MFA

C. Utilize a WAF

D. Configure HIPS

Question No : 340) A company reduced the area utilized in its datacenter by creating virtual networking through automation and by creating provisioning routes and rules through scripting. Which of the following does this example describe?

A. laC

B. MSSP

C. Containers

D. SaaS

Question No : 341) An analyst is generating a security report for the management team. Security guidelines recommend disabling all listening unencrypted services. Given this output from Nmap.

Which of the following should the analyst recommend to disable?

A. 21/tcp

B. 22/tcp

C. 23/tcp

D. 443/tcp

Question No : 342) A network engineer at a company with a web server is building a new web environment with the following requirements: Only one web server at a time can service requests. If the primary web server fails, a failover needs to occur to ensure the secondary web server becomes the primary. Which of the following load-balancing options BEST fits the requirements?

A. Cookie-based

B. Active-passive

C. Persistence

D. Round robin

Question No : 343) A security manager runs Nessus scans of the network after every maintenance window. Which of the following is the security manger MOST likely trying to accomplish?

A. Verifying that system patching has effectively removed knows vulnerabilities

B. Identifying assets on the network that may not exist on the network asset inventory

C. Validating the hosts do not have vulnerable ports exposed to the internet

D. Checking the status of the automated malware analysis that is being performed

Question No : 344) A security analyst generated a file named host1.pcap and shared it with a team member who is going to use it for further incident analysis. Which of the following tools will the other team member MOST likely use to open this file?

A. Autopsy

B. Memdump

C. FTK imager

D. Wireshark

Question No : 345) A user's PC was recently infected by malware. The user has a legacy printer without vendor support, and the user's OS is fully patched. The user downloaded a driver package from the internet. No threats were found on the downloaded file, but during file installation, a malicious runtime threat was detected. Which of the following is MOST likely cause of the infection?

A. The driver has malware installed and was refactored upon download to avoid detection.

B. The user's computer has a rootkit installed that has avoided detection until the new driver overwrote key files.

C. The user's antivirus software definition were out of date and were damaged by the installation of the driver

D. The user's computer has been infected with a logic bomb set to run when new driver was installed.