CompTIA Security+Exam (SY0-701) Free Questions - Part 34
Question No : 496) A security analyst reports a company policy violation in a case in which a large amount of sensitive data is being downloaded after hours from various mobile devices to an external site. Upon further investigation, the analyst notices that successful login attempts are being conducted with impossible travel times during the same time periods when the unauthorized downloads are occurring. The analyst also discovers a couple of WAPs are using the same SSID, but they have non-standard DHCP configurations and an overlapping channel. Which of the following attacks is being conducted?
A. Evil twin
B. Jamming
C. DNS poisoning
D. Bluesnarfing
E. DDoS
Question No : 497) After installing a Windows server, a cybersecurity administrator needs to harden it, following security best practices. Which of the following will achieve the administrator's goal? (Select TWO).
A. Disabling guest accounts
B. Disabling service accounts
C. Enabling network sharing
D. Disabling NetBIOS over TCP/IP
E. Storing LAN manager hash values
F. Enabling NTLM
Question No : 498) A systems administrator is looking for a solution that will help prevent OAuth applications from being leveraged by hackers to trick users into authorizing the use of their corporate credentials. Which of the following BEST describes this solution?
A. CASB
B. UEM
C. WAF
D. VPC
Question No : 499) A customer called a company's security team to report that all invoices the customer has received over the last five days from the company appear to have fraudulent banking details. An investigation into the matter reveals the following
* The manager of the accounts payable department is using the same password across multiple external websites and the corporate account.
* One of the websites the manager used recently experienced a data breach.
* The manager's corporate email account was successfully accessed in the last five days by an IP address located in a foreign country
Which of the following attacks has MOST likely been used to compromise the manager's corporate account?
A. Remote access Trojan
B. Brute-force
C. Dictionary
D. Credential stuffing
E. Password spraying
Question No : 500) A desktop support technician recently installed a new document-scanning software program on a computer However, when the end user tried to launch the program, it did not respond. Which of the following is MOST likely the cause?
A. A new firewall rule is needed to access the application.
B. The system was quarantined for missing software updates
C. The software was not added to the application whitelist.
D. The system was isolated from the network due to infected software.
Question No : 501) Which of the following policies establishes rules to measure third-party work tasks and ensure deliverables are provided within a specific time line?
A. SLA
B. MOU
C. AUP
D. NDA
Question No : 502) A company wants to modify its current backup strategy to minimize the number of backups that would need to be restored in case of data loss. Which of the following would be the BEST backup strategy to implement?
A. Incremental backups followed by differential backups
B. Full backups followed by incremental backups
C. Delta backups followed by differential backups
D. Incremental backups followed by delta backups
E. Full backups followed by differential backups
Question No : 503) A new vulnerability in the SMB protocol on the Windows systems was recently discovered, but no patches are currently available to resolve the issue. The security administrator is concerned tf servers in the company's DMZ will be vulnerable to external attack; however, the administrator cannot disable the service on the servers, as SMB is used by a number of internal systems and applications on the LAN. Which of the following TCP ports should be blocked for all external inbound connections to the DMZ as a workaround to protect the servers? (Select TWO).
A. 135
B. 139
C. 143
D. 161
E. 443
F. 445
Question No : 504) An organization wants to integrate its incident response processes into a workflow with automated decision points and actions based on predefined playbooks. Which of the following should the organization implement?
A. SIEM
B. SOAR
C. EDR
D. CASB
Question No : 505) A new plug-and-play storage device was installed on a PC in the corporate environment. Which of the following safeguards will BEST help to protect the PC from malicious files on the storage device?
A. Change the default settings on the PC.
B. Define the PC firewall rules to limit access.
C. Encrypt the disk on the storage device.
D. Plug the storage device in to the UPS
Question No : 506) Security analysts are conducting an investigation of an attack that occurred inside the organization’s network. An attacker was able to connect network traffic between workstation throughout the network. The analysts review the following logs:
The layer 2 address table has hundred of entries similar to the ones above. Which of the following attacks has MOST likely occurred?
A. SQL injection
B. DNS spoofing
C. MAC flooding
D. ARP poisoning
Question No : 507) Which of the following distributes data among nodes, making it more difficult to manipulate the data while also minimizing downtime?
A. MSSP
B. Public cloud
C. Hybrid cloud
D. Fog computing
Question No : 508) Which of the following BEST describes the MFA attribute that requires a callback on a predefined landline?
A. Something you exhibit
B. Something you can do
C. Someone you know
D. Somewhere you are
Question No : 509) A security researcher has alerted an organization that its sensitive user data was found for sale on a website. Which of the following should the organization use to inform the affected parties?
A. An incident response plan
B. A communications plan
C. A business continuity plan
D. A disaster recovery plan
Question No : 510) An engineer needs to deploy a security measure to identify and prevent data tampering within the enterprise. Which of the following will accomplish this goal?
A. Antivirus
B. IPS
C. FTP
D. FIM
SY0-701 Answers