CompTIA Security+Exam (SY0-701) Free Questions - Part 37
Question No : 541) During an incident response, an analyst applied rules to all inbound traffic on the border firewall and implemented ACLs on each critical server. Following an investigation, the company realizes it is still vulnerable because outbound traffic is not restricted, and the adversary is able to maintain a presence in the network. In which of the following stages of the Cyber Kill Chain is the adversary currently operating?
A. Reconnaissance
B. Command and control
C. Actions on objective
D. Exploitation
Question No : 542) Which of the following would a European company interested in implementing a technical, hands-on set of security standards MOST likely choose?
A. GOPR
B. CIS controls
C. ISO 27001
D. ISO 37000
Question No : 543) An organization's Chief Information Security Officer is creating a position that will be responsible for implementing technical controls to protect data, including ensuring backups are properly maintained. Which of the following roles would MOST likely include these responsibilities?
A. Data protection officer
B. Data owner
C. Backup administrator
D. Data custodian
E. Internal auditor
Question No : 544) A software company is analyzing a process that detects software vulnerabilities at the earliest stage possible. The goal is to scan the source looking for unsecure practices and weaknesses before the application is deployed in a runtime environment. Which of the following would BEST assist the company with this objective?
A. Use fuzzing testing
B. Use a web vulnerability scanner
C. Use static code analysis
D. Use a penetration-testing OS
Question No : 545) Which of the following is the MOST secure but LEAST expensive data destruction method for data that is stored on hard drives?
A. Pulverizing
B. Shredding
C. Incinerating
D. Degaussing
Question No : 546) The cost of '©movable media and the security risks of transporting data have become too great for a laboratory. The laboratory has decided to interconnect with partner laboratones to make data transfers easier and more secure. The Chief Security Officer
A. VLAN zoning with a file-transfer server in an external-facing zone
B. DLP running on hosts to prevent file transfers between networks
C. NAC that permits only data-transfer agents to move data between networks
D. VPN with full tunneling and NAS authenticating through the Active Directory
Question No : 547) An attacker was easily able to log in to a company's security camera by performing a basic online search for a setup guide for that particular camera brand and model Which of the following BEST describes the configurations the attacker exploited?
A. Weak encryption
B. Unsecure protocols
C. Default settings
D. Open permissions
Question No : 548) After returning from a conference, a user's laptop has been operating slower than normal and overheating, and the fans have been running constantly. During the diagnosis process, an unknown piece of hardware is found connected to the laptop's motherboard. Which of the following attack vectors was exploited to install the hardware?
A. Removable media
B. Spear phishing
C. Supply chain
D. Direct access
Question No : 549) A company has been experiencing very brief power outages from its utility company over the last few months. These outages only last for one second each time. The utility company is aware of the issue and is working to replace a faulty transformer. Which of the following BEST describes what the company should purchase to ensure its critical servers and network devices stay online?
A. Dual power supplies
B. A UPS
C. A generator
D. APDU
Question No : 550) During a security assessment, a security finds a file with overly permissive permissions. Which of the following tools will allow the analyst to reduce the permission for the existing users and groups and remove the set-user-ID from the file?
A. 1s
B. chflags
C. chmod
D. lsof
E. setuid
Question No : 551) An organization wants seamless authentication to its applications. Which of the following should the organization employ to meet this requirement?
A. SOAP
B. SAML
C. SSO
D. Kerberos
Question No : 552) Which of the following would MOST likely be identified by a credentialed scan but would be missed by an uncredentialed scan?
A. Vulnerabilities with a CVSS score greater than 6.9.
B. Critical infrastructure vulnerabilities on non-IP protocols.
C. CVEs related to non-Microsoft systems such as printers and switches.
D. Missing patches for third-party software on Windows workstations and servers.
Question No : 553) A security analyst is hardening a network infrastructure. The analyst is given the following requirements.
Preserve the use of public IP addresses assigned to equipment on the core router. Enable "in transport ‘encryption protection to the web server with the strongest ciphers. Which of the following should the analyst implement to meet these requirements? (Select TWO).
A. Configure VLANs on the core router
B. Configure NAT on the core router
C. Configure BGP on the core router
D. Configure AES encryption on the web server
E. Enable 3DES encryption on the web server
F. Enable TLSv2 encryption on the web server
Question No : 554) A database administrator wants to grant access to an application that will be reading and writing data to a database. The database is shared by other applications also used by the finance department Which of the following account types Is MOST appropriate for this purpose?
A. Service
B. Shared
C. Generic
D. Admin
Question No : 555) A financial institution would like to stare is customer data a could but still allow the data to be accessed and manipulated while encrypted. Doing se would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concern about computational overheads and slow speeds, Which of the following cryptographic techniques would BEST meet the requirement?
A. Asymmetric
B. Symmetric
C. Homeomorphic
D. Ephemeral
SY0-701 Answers