CompTIA Security+Exam (SY0-701) Free Questions - Part 30
Question No : 436) A grocery store is expressing security and reliability concerns regarding the on-site backup strategy currently being performed by locally attached disks. The main concerns are the physical security of the backup media and the durability of the data stored on these devices Which of the following is a cost-effective approach to address these concerns?
A. Enhance resiliency by adding a hardware RAID.
B. Move data to a tape library and store the tapes off-site
C. Install a local network-attached storage.
D. Migrate to a cloud backup solution
Question No : 437) A retail company that is launching a new website to showcase the company's product line and other information for online shoppers registered the following URLs:
Which of the following should the company use to secure its website if the company is concerned with convenience and cost?
A. A self-signed certificate
B. A root certificate
C. A code-signing certificate
D. A wildcard certificate
E. An extended validation certificate
Question No : 438) An organization recently acquired an ISO 27001 certification. Which of the following would MOST likely be considered a benefit of this certification?
A. It allows for the sharing of digital forensics data across organizations
B. It provides insurance in case of a data breach
C. It provides complimentary training and certification resources to IT security staff.
D. It certifies the organization can work with foreign entities that require a security clearance
E. It assures customers that the organization meets security standards
Question No : 439) Which of the following is the MOST relevant security check to be performed before embedding third-parry libraries in developed code?
A. Check to see if the third party has resources to create dedicated development and staging environments.
B. Verify the number of companies that downloaded the third-party code and the number of contributions on the code repository.
C. Assess existing vulnerabilities affecting the third-parry code and the remediation efficiency of the libraries' developers.
D. Read multiple penetration-testing reports for environments running software that reused the library.
Question No : 440) When implementing automation with loT devices, which of the following should be considered FIRST to keep the network secure?
A. Z-Wave compatibility
B. Network range
C. Zigbee configuration
D. Communication protocols
Question No : 441) A security analyst is reviewing the following output from a system:
Which of the following is MOST likely being observed?
A. ARP palsoning
B. Man in the middle
C. Denial of service
D. DNS poisoning
Question No : 442) During a recent penetration test, the tester discovers large amounts of data were exfiltrated over the course of 12 months via the Internet. The penetration tester stops the test to inform the client of the findings. Which of the following should be the client's NEXT step to mitigate the issue?
A. Conduct a full vulnerability scan to identify possible vulnerabilities.
B. Perform containment on the critical servers and resources
C. Review the firewall and identify the source of the active connection.
D. Disconnect the entire infrastructure from the Internet
Question No : 443) Which of the following describes the continuous delivery software development methodology?
A. Waterfall
B. Spiral
C. V-shaped
D. Agile
Question No : 444) A security engineer needs to create a network segment that can be used for servers that require connections from untrusted networks When of the following should the engineer implement?
A. An air gap
B. A hot site
C. A VLAN
D. A screened subnet
Question No : 445) An analyst is trying to identify insecure services that are running on the internal network After performing a port scan the analyst identifies that a server has some insecure services enabled on default ports Which of the following BEST describes the services that are currently running and the secure alternatives for replacing them' (Select THREE)
A. SFTP FTPS
B. SNMPv2 SNMPv3
C. HTTP, HTTPS
D. TFTP FTP
E. SNMPv1, SNMPv2
F. Telnet SSH
G. TLS, SSL
H. POP, IMAP
I. Login, rlogin
Question No : 446) A backdoor was detected on the containerized application environment. The investigation detected that a zero-day vulnerability was introduced when the latest container image version was downloaded from a public registry. Which of the following is the BEST solution to prevent this type of incident from occurring again?
A. Enforce the use of a controlled trusted source of container images
B. Deploy an IPS solution capable of detecting signatures of attacks targeting containers
C. Define a vulnerability scan to assess container images before being introduced on the environment
D. Create a dedicated VPC for the containerized environment
Question No : 447) A security analyst is reviewing the following command-line output:
Which of the following Is the analyst observing?
A. IGMP spoofing
B. URL redirection
C. MAC address cloning
D. DNS poisoning
Question No : 448) A nationwide company is experiencing unauthorized logins at all hours of the day. The logins appear to originate from countries in which the company has no employees. Which of the following controls. should the company consider using as part of its IAM strategy? (Select TWO).
A. A complex password policy
B. Geolocation
C. An impossible travel policy
D. Self-service password reset
E. Geofencing
F. Time-based logins
Question No : 449) A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?
A. Default system configuration
B. Unsecure protocols
C. Lack of vendor support
D. Weak encryption
Question No : 450) The spread of misinformation surrounding the outbreak of a novel virus on election day ted to eligible voters choosing not to take the risk of going to the polls This is an example of:
A. prepending.
B. an influence campaign
C. a watering-hole attack
D. intimidation
E. information elicitation
SY0-701 Answers