CompTIA Security+Exam (SY0-701) Free Questions - Part 26

Question No : 376) A network administrator at a large organization Is reviewing methods to improve the security of the wired LAN Any security improvement must be centrally managed and allow corporate-owned devices to have access to the intranet but limit others to Internet access only. Which of the following should the administrator recommend?

A. 802.1X utilizing the current PKI infrastructure

B. SSO to authenticate corporate users

C. MAC address filtering with ACLs on the router

D. PAM for user account management


Question No : 377) A security analyst is investigating multiple hosts that are communicating to external IP addresses during the hours of 2:00 a.m - 4:00 am. The malware has evaded detection by traditional antivirus software. Which of the following types of malware is MOST likely infecting the hosts?

A. A RAT

B. Ransomware

C. Polymophic

D. A worm


Question No : 378) Which of the following employee roles is responsible for protecting an organization's collected personal information?

A. CTO

B. DPO

C. CEO

D. DBA


Question No : 379) An organization is building backup sever moms in geographically diverse locations. The Chief information Security Officer implemented a requirement on the project that states the new hardware cannot be susceptible to the same vulnerabilities in the existing sewer room, Which of the following should the systems engineer consider? 

A. Purchasing hardware from different vendors

B. Migrating workloads to public cloud infrastructure

C. Implementing a robust patch management solution

D. Designing new detective security controls


Question No : 380) A new vulnerability in the SMB protocol on the Windows systems was recently discovered, but no patches are currently available to resolve the issue. The security administrator is concerned that servers in the company's DMZ will be vulnerable to external attack; however, the administrator cannot disable the service on the servers, as SMB is used by a number of internal systems and applications on the LAN Which of the following TCP ports should be blocked for all external inbound connections to the DMZ as a workaround to protect the servers? (Select TWO).

A. 135

B. 139

C. 143

D. 161

E. 443

F. 445


Question No : 381) Customers reported their antivirus software flagged one of the company’s primary software products as suspicious. The company’s Chief Information Security Officer has tasked the developer with determining a method to create a trust model between the software and the customer’s antivirus software. Which of the following would be the BEST solution? 

A. Code signing

B. Domain validation

C. Extended validation

D. Self-signing


Question No : 382) Which of the following often operates in a client-server architecture to act as a service repository. providing enterprise consumers access to structured threat intelligence data? 

A. STIX

B. CIRT

C. OSINT

D. TAXII


Question No : 383) A systems administrator reports degraded performance on a virtual server. The administrator increases the virtual memory allocation, which improves conditions, but performance degrades again after a few days The administrator runs an analysis tool and sees the following output:

 

A systems administrator reports degraded performance on a virtual server.

 

The administrator terminates the timeAttend.exe, observes system performance over the next few days and notices that the system performance does not degrade Which of the following issues is MOST likely occurring?

A. DLL injection

B. API attack

C. Buffer overflow

D. Memory leak


Question No : 384) A security manager needs to assess the security posture of one of the organization's vendors. The contract with the vendor does not allow for auditing of the vendor's security controls. Which of (he following should the manager request to complete the assessment?

A. A service-level agreement

B. A business partnership agreement

C. A SOC 2 Type 2 report

D. A memorandum of understanding


Question No : 385) Which of the following function as preventive, detective, and deterrent controls to reduce the risk of physical theft? (Select TWO).

A. Mantraps

B. Security guards

C. Video surveillance

D. Fences

E. Bollards

F. Antivirus


Question No : 386) A company was compromised, and a security analyst discovered the attacker was able to get access to a service account. The following logs were discovered during the investigation:

 

A company was compromised, and a security analyst discovered the attacker was able to get access to a service account.

 

Which of the following MOST likely would have prevented the attacker from learning the service account name? 

A. Race condition testing

B. Proper error handling

C. Forward web server logs to a SIEM

D. Input sanitization


Question No : 387) An analyst just discovered an ongoing attack on a host that is on the network. The analyst observes the below taking place:

The computer performance is slow
Ads are appearing from various pop-up windows
Operating system files are modified
The computer is receiving AV alerts for execution of malicious processes

Which of the following steps should the analyst consider FIRST?

A. Check to make sure the DLP solution is in the active state

B. Patch the host to prevent exploitation

C. Put the machine in containment

D. Update the AV solution on the host to stop the attack


Question No : 388) After a WiFi scan of a local office was conducted, an unknown wireless signal was identified Upon investigation, an unknown Raspberry Pi device was found connected to an Ethernet port using a single connection. Which of the following BEST describes the purpose of this device?

A. loT sensor

B. Evil twin

C. Rogue access point

D. On-path attack


Question No : 389) A security administrator is trying to determine whether a server is vulnerable to a range of attacks. After using a tool, the administrator obtains the following output:

 

A security administrator is trying to determine whether a server is vulnerable to a range of attacks.

 

Which of the following attacks was successfully implemented based on the output?

A. Memory leak

B. Race conditions

C. SQL injection

D. Directory traversal


Question No : 390) After multiple on premises security solutions were migrated to the cloud, the incident response time increased. The analyst are spending a long time to trace information on different cloud consoles and correlating data in different formats. Which of the following can be used to optimize the incident response time?

A. CASB

B. VPC

C. SWG

D. CMS

 

 

SY0-701 Answers

 

Part 1

Part 2

Part 3

Part 4

Part 5

Part 6

Part 7

Part 8

Part 9

Part 10

Part 11

Part 12

Part 13

Part 14

Part 15

Part 16

Part 17

Part 18

Part 19

Part 20

Part 21

Part 22

Part 23

Part 24

Part 25

Part 26

Part 27

Part 28

Part 29

Part 30

Part 31

Part 32

Part 33

Part 34

Part 35

Part 36

Part 37

Part 38

Part 39

Part 40

Part 41

Part 42