CompTIA Security+Exam (SY0-701) Free Questions - Part 40
Question No : 586) An organization wants to implement a biometric system with the highest likelihood that an unauthorized user will be denied access. Which of the following should the organization use to compare biometric solutions?
A. FRR
B. Difficulty of use
C. Cost
D. FAR
E. CER
Question No : 587) A company is looking to migrate some servers to the cloud to minimize its technology footprint. The company has 100 databases that are on premises. Which of the following solutions will require the LEAST management and support from the company?
A. SaaS
B. IaaS
C. PaaS
D. SDN
Question No : 588) A developer is building a new portal to deliver single-pane-of-glass management capabilities to customers with multiple firewalls. To Improve the user experience, the developer wants to implement an authentication and authorization standard that uses security tokens that contain assertions to pass user Information between nodes. Which of the following roles should the developer configure to meet these requirements? (Select TWO).
A. Identity processor
B. Service requestor
C. Identity provider
D. Service provider
E. Tokenized resource
F. Notarized referral
Question No : 589) A security monitoring company offers a service that alerts ifs customers if their credit cards have been stolen. Which of the following is the MOST likely source of this information?
A. STIX
B. The dark web
C. TAXII
D. Social media
E. PCI
Question No : 590) An organization is concerned about hackers potentially entering a facility and plugging in a remotely accessible Kali Linux box. Which of the following should be the first lines of defense against such an attack? (Select TWO).
A. MAC filtering
B. Zero Trust segmentation
C. Network access control
D. Access control vestibules
E. Guards
F. Bollards
Question No : 591) Accompany deployed a WiFi access point in a public area and wants to harden the configuration to make it more secure. After performing an assessment, an analyst identifies that the access point is configured to use WPA3, AES, WPS, and RADIUS. Which of the following should the analyst disable to enhance the access point security?
A. WPA3
B. AES
C. RADIUS
D. WPS
Question No : 592) The following are the logs of a successful attack.
Which of the following controls would be BEST to use to prevent such a breach in the future?
A. Password history
B. Account expiration
C. Password complexity
D. Account lockout
Question No : 593) A company recently experienced a significant data loss when proprietary Information was leaked to a competitor. The company took special precautions by using proper labels; however, email filter logs do not have any record of the incident. An Investigation confirmed the corporate network was not breached, but documents were downloaded from an employee's COPE tablet and passed to the competitor via cloud storage. Which of the following is the BEST remediation for this data leak?
A. User training
B. CASB
C. MDM
D. DLP
Question No : 594) A systems administrator needs to install the same X.509 certificate on multiple servers. Which of the following should the administrator use?
A. Key escrow
B. A self-signed certificate
C. Certificate chaining
D. An extended validation certificate
Question No : 595) A security analyst has been asked by the Chief Information Security Officer to:
• develop a secure method of providing centralized management of infrastructure
• reduce the need to constantly replace aging end user machines
• provide a consistent user desktop experience
Which of the following BEST meets these requirements?
A. BYOD
B. Mobile device management
C. VDI
D. Containerization
Question No : 596) An attacker is attempting, to harvest user credentials on a client's website. A security analyst notices multiple attempts of random usernames and passwords. When the analyst types in a random username and password. the logon screen displays the following message:
Which of the following should the analyst recommend be enabled?
A. Input validation
B. Obfuscation
C. Error handling
D. Username lockout
Question No : 597) Which of the following would be the BEST resource for a software developer who is looking to improve secure coding practices for web applications?
A. OWASP
B. Vulnerability scan results
C. NIST CSF
D. Third-party libraries
Question No : 598) A Chief Security Officer (CSO) was notified that a customer was able to access confidential internal company files on a commonly used file-sharing service. The file-sharing service is the same one used by company staff as one of its approved third-party applications. After further investigation, the security team determines the sharing of confidential files was accidental and not malicious. However, the CSO wants to implement changes to minimize this type of incident from reoccurring but does not want to impact existing business processes. Which of the following would BEST meet the CSO's objectives?
A. DLP
B. SWG
C. CASB
D. Virtual network segmentation
E. Container security
Question No : 599) An organization has hired a red team to simulate attacks on its security posture. Which of the following will the blue team do after detecting an loC?
A. Reimage the impacted workstations.
B. Activate runbooks for incident response
C. Conduct forensics on the compromised system
D. Conduct passive reconnaissance to gather information
Question No : 600) Entering a secure area requires passing through two doors, both of which require someone who is already inside to initiate access. Which of the following types of physical security controls does this describe?
A. Cameras
B. Faraday cage
C. Access control vestibule
D. Sensors
E. Guards
SY0-701 Answers