CompTIA Security+Exam (SY0-701) Free Questions - Part 41
Question No : 601) An incident, which is affecting dozens of systems, involves malware that reaches out to an Internet service for rules and updates. The IP addresses for the Internet host appear to be different in each case. The organization would like to determine a common IoC to support response and recovery actions. Which of the following sources of information would BEST support this solution?
A. Web log files
B. Browser cache
C. DNS query logs
D. Antivirus
Question No : 602) Security analyst must enforce policies to harden an MOM infrastructure. The requirements are as follows:
• Ensure mobile devices can be traded and wiped.
• Conrm mobile devices are encrypted.
Which of the following should the analyst enable on all the devices to meet these requirements?
A. Geofencing
B. Biometric authentication
C. Geolocation
D. Geotagging
Question No : 603) An application owner reports suspicious activity on an internal financial application from various internal users within the past 14 days. A security analyst notices the following:
• Financial transactions were occurring during irregular time frames and outside of business hours by unauthorized users.
• Internal users in question were changing their passwords frequently during that time period.
• A jump box that several domain administrator users use to connect to remote devices was recently compromised.
• The authentication method used in the environment is NTLM.
Which of the following types of attacks is MOST likely being used to gain unauthorized access?
A. Pass-the-hash
B. Brute-force
C. Directory traversal
D. Replay
Question No : 604) The Chief Information Security Officer (CISO) has decided to reorganize security staff to concentrate on incident response and to outsource outbound Internet URL categorization and filtering to an outside company. Additionally, the CISO would like this solution to provide the same protections even when a company laptop or mobile device is away from a home office. Which of the following should the CISO choose?
A. CASB
B. Next-generation SWG
C. NGFW
D. Web-application firewall
Question No : 605) A security analyst has received several reports of an issue on an internal web application. Users stale they are having to provide their credential twice lo log in. The analyst checks with the application team and notes this is not an expected behavior. After looking at several loos the analyst decades to run some commands on the gateway and obtains the following output Internet address.
Which of the following BEST describes the attack the company is experiencing?
A. MAC flooding
B. URL redirection
C. ARP poisoning
D. DNS hijacking
Question No : 606) Which of the following holds staff accountable while escorting unauthorized personnel?
A. Locks
B. Badges
C. Cameras
D. Visitor logs
Question No : 607) An attacker was easily able to log in to a company's security camera by performing a baste online search for a setup guide for that particular camera brand and model. Which of the following BEST describes the configurations the attacker exploited?
A. Weak encryption
B. Unsecure protocols
C. Default settings
D. Open permissions
Question No : 608) A security analyst wants to verify that a client-server (non-web) application is sending encrypted traffic. Which of the following should the analyst use?
A. openssl
B. hping
C. netcat
D. tcpdump
Question No : 609) Which biometric error would allow an unauthorized user to access a system?
A. False acceptance
B. False entrance
C. False rejection
D. False denial
Question No : 610) A security administrator has noticed unusual activity occurring between different global instances and workloads and needs to identify the source of the unusual traffic. Which of the following log sources would be BEST to show the source of the unusual traffic?
A. HIDS
B. UEBA
C. CASB
D. VPC
Question No : 611) A company would like to provide flexibility for employees on device preference. However, the company is concerned about supporting too many different types of hardware. Which of the following deployment models will provide the needed flexibility with the GREATEST amount of control and security over company data and infrastructure?
A. BYOD
B. VDI
C. COPE
D. CYOD
Question No : 612) A company wants to restrict emailing of PHI documents. The company is implementing a DLP solution. In order to restrict PHI documents, which of the following should be performed FIRST?
A. Retention
B. Governance
C. Classification
D. Change management
Question No : 613) A bad actor tries to persuade someone to provide financial information over the phone in order to gain access to funds. Which of the following types of attacks does this scenario describe?
A. Vishing
B. Phishing
C. Spear phishing
D. Whaling
Question No : 614) DDoS attacks are causing an overload on the cluster of cloud servers. A security architect is researching alternatives to make the cloud environment respond to load fluctuation in a cost-effective way. Which of the following options BEST fulfils the architect’s requirements?
A. An orchestration solution that can adjust scalability of cloud assets
B. Use of multipath by adding more connections to cloud storage
C. Cloud assets replicated on geographically distributed regions
D. An on-site backup that is deployed and only used when the load increases
Question No : 615) A security analyst is reviewing a penetration-testing report from a third-party contractor. The penetration testers used the organization's new API to bypass a driver to perform privilege escalation on the organization's web servers. Upon looking at the API, the security analyst realizes the particular API call was to a legacy system running an outdated OS. Which of the following is the MOST likely attack type?
A. Request forgery
B. Session replay
C. DLL injection
D. Shimming
SY0-701 Answers