CompTIA Security+Exam (SY0-701) Free Questions - Part 35

Question No : 511) Which of the following represents a biometric FRR?

A. Authorized users being denied access

B. Users failing to enter the correct PIN

C. The denied and authorized numbers being equal

D. The number of unauthorized users being granted access


Question No : 512) The SIEM at an organization has detected suspicious traffic coming a workstation in its internal network. An analyst in the SOC the workstation and discovers malware that is associated with a botnet is installed on the device A review of the logs on the workstation reveals that the privileges of the local account were escalated to a local administrator. To which of the following groups should the analyst report this real-world event?

A. The NOC team

B. The vulnerability management team

C. The CIRT

D. The read team


Question No : 513) Two organizations plan to collaborate on the evaluation of new SIEM solutions for their respective companies. A combined effort from both organizations' SOC teams would speed up the effort. Which of the following can be written to document this agreement?

A. MOU

B. ISA

C. SLA

D. NDA


Question No : 514) Which of the following must be in place before implementing a BCP?

A. SLA

B. AUP

C. NDA

D. BIA


Question No : 515) A new security engineer has started hardening systems. One of the hardening techniques the engineer is using involves disabling remote logins to the NAS. Users are now reporting the inability to use SCP to transfer files to the NAS, even though the data is still viewable from the users PCs. Which of the following is the MOST likely cause of this issue? 

A. TFTP was disabled on the local hosts

B. SSH was turned off instead of modifying the configuration file

C. Remote login was disabled in the networkd.config instead of using the sshd.conf

D. Network services are no longer running on the NAS


Question No : 516) A remote user recently took a two-week vacation abroad and brought along a corporateowned laptop. Upon returning to work, the user has been unable to connect the laptop to the VPN. Which of the following is the MOST likely reason for the user's inability to connect the laptop to the VPN? (Select TWO).

A. Due to foreign travel, the user's laptop was isolated from the network.

B. The user's laptop was quarantined because it missed the latest patch update.

C. The VPN client was blacklisted.

D. The user's account was put on a legal hold.

E. The laptop is still configured to connect to an international mobile network operator.

F. The user in unable to authenticate because they are outside of the organization's mobile geofencing configuration.


Question No : 517) A systems analyst determines the source of a high number of connections to a web server that were initiated by ten different IP addresses that belong to a network block in a specific country. Which of the following techniques will the systems analyst MOST likely implement to address this issue?

A. Content filter

B. SIEM

C. Firewall rules

D. DLP


Question No : 518) The concept of connecting a user account across the systems of multiple enterprises is BEST known as: 

A. federation.

B. a remote access policy.

C. multifactor authentication.

D. single sign-on.


Question No : 519) A SECURITY ANALYST NEEDS TO FIND REAL-TIME DATA ON THE LATEST MALWARE AND loCs WHICH OF THE FOLLOWING BEST DESCRIBE THE SOLUTION THE ANALYST SHOULD PERSUE?

A. ADVISORIES AND BULLETINS

B. THREAT FEEDS

C. SECURITY NEWS ARTICLES

D. PEER-REVIEWED CONTENT


Question No : 520) A penetration tester gains access to the network by exploiting a vulnerability on a publicfacing web server. Which of the following techniques will the tester most likely perform NEXT?

A. Gather more information about the target through passive reconnaissance

B. Establish rules of engagement before proceeding

C. Create a user account to maintain persistence

D. Move laterally throughout the network to search for sensitive information


Question No : 521) An organization relies on third-party video conferencing to conduct daily business. Recent security changes now require all remote workers to utilize a VPN to corporate resources. Which of the following would BEST maintain high-quality video conferencing while minimizing latency when connected to the VPN?

A. Using geographic diversity to have VPN terminators closer to end users

B. Utilizing split tunneling so only traffic for corporate resources is encrypted

C. Purchasing higher-bandwidth connections to meet the increased demand

D. Configuring QoS properly on the VPN accelerators


Question No : 522) All security analysts workstations at a company have network access to a critical server VLAN. The information security manager wants to further enhance the controls by requiring that all access to the secure VLAN be authorized only from a given single location. Which of the following will the information security manager MOST likely implement? 

A. A forward proxy server

B. A jump server

C. A reverse proxy server

D. A stateful firewall server


Question No : 523) A bank detects fraudulent activity on user's account. The user confirms transactions completed yesterday on the bank's website at https://www.company.com. A security analyst then examines the user's Internet usage logs and observes the following output:

date; username; url;destinationport; responsecode

2020-03-01; userann; http: //www.company.org/;80;302

2020-03-01; userann: http: //www.company.org/secure_login/;80;200

2020-03-01; userann:http: //www.company.org/dashboard/;80;200

Which of the following has MOST likely occurred?

A. Replay attack

B. SQL injection

C. SSL stripping

D. Race conditions


Question No : 524) A security administrator is analyzing the corporate wireless network The network only has two access points running on channels 1 and 11. While using airodump-ng. the administrator notices other access points are running with the same corporate ESSID on all available channels and with the same BSSID of one of the legitimate access ports Which of the following attacks in happening on the corporate network?

A. Man in the middle

B. Evil twin

C. Jamming

D. Rogue access point

E. Disassociation


Question No : 525) A Chief Information Security Officer (CISO) is evaluating the dangers involved in deploying a new ERP system for the company. The CISO categorizes the system, selects the controls that apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system. Which of the following is the CISO using to evaluate the environment for this new ERP system?

A. The Diamond Model of Intrusion Analysis

B. CIS Critical Security Controls

C. NIST Risk Management Framework

D. ISO 27002

 

SY0-701 Answers

 

Part 1

Part 2

Part 3

Part 4

Part 5

Part 6

Part 7

Part 8

Part 9

Part 10

Part 11

Part 12

Part 13

Part 14

Part 15

Part 16

Part 17

Part 18

Part 19

Part 20

Part 21

Part 22

Part 23

Part 24

Part 25

Part 26

Part 27

Part 28

Part 29

Part 30

Part 31

Part 32

Part 33

Part 34

Part 35

Part 36

Part 37

Part 38

Part 39

Part 40

Part 41

Part 42