CompTIA Security+Exam (SY0-701) Free Questions - Part 7

Question No : 91) A security analyst is performing a forensic investigation compromised account credentials. Using the Event Viewer, the analyst able to detect the following message, ‘’Special privileges assigned to new login.’’ Several of these messages did not have a valid logon associated with the user before these privileges were assigned. Which of the following attacks is MOST likely being detected?

A. Pass-the-hash

B. Buffer overflow

C. Cross-site scripting

D. Session replay

 

Question No : 92) A remote user recently took a two-week vacation abroad and brought along a corporate owned laptop. Upon returning to work, the user has been unable to connect the laptop to the VPN. Which of the following is the MOST likely reason for the user’s inability to connect the laptop to the VPN?

A. Due to foreign travel, the user’s laptop was isolated from the network.

B. The user’s laptop was quarantined because it missed the latest path update.

C. The VPN client was blacklisted.

D. The user’s account was put on a legal hold.

 

Question No : 93) A cybersecurity administrator has a reduced team and needs to operate an on-premises network and security infrastructure efficiently. To help with the situation, the administrator decides to hire a service provider. Which of the following should the administrator use?

A. SDP

B. AAA

C. IaaS

D. MSSP

E. Microservices

 

Question No : 94) A company’s bank has reported that multiple corporate credit cards have been stolen over the past several weeks. The bank has provided the names of the affected cardholders to the company’s forensics team to assist in the cyber-incident investigation. An incident responder learns the following information:

The timeline of stolen card numbers corresponds closely with affected users making Internet-based purchases from diverse websites via enterprise desktop PCs. All purchase connections were encrypted, and the company uses an SSL inspection proxy for the inspection of encrypted traffic of the hardwired network. Purchases made with corporate cards over the corporate guest WiFi network, where no SSL inspection occurs, were unaffected. Which of the following is the MOST likely root cause?

A. HTTPS sessions are being downgraded to insecure cipher suites

B. The SSL inspection proxy is feeding events to a compromised SIEM

C. The payment providers are insecurely processing credit card charges

D. The adversary has not yet established a presence on the guest WiFi network

 

Question No : 95) A network administrator has been alerted that web pages are experiencing long load times. After determining it is not a routing or DNS issue, the administrator logs in to the router, runs a command, and receives the following output:

 

A network administrator has been alerted that web pages are experiencing long load times.

 

Which of the following is the router experiencing?

A. DDoS attack

B. Memory leak

C. Buffer overflow

D. Resource exhaustion

 

Question No : 96) Which of the following ISO standards is certified for privacy?

A. ISO 9001

B. ISO 27002

C. ISO 27701

D. ISO 31000

 

Question No : 97) A software developer needs to perform code-execution testing, black-box testing, and nonfunctional testing on a new product before its general release. Which of the following BEST describes the tasks the developer is conducting?

A. Verification

B. Validation

C. Normalization

D. Staging

 

Question No : 98) The IT department’s on-site developer has been with the team for many years. Each time an application is released, the security team is able to identify multiple vulnerabilities. Which of the following would BEST help the team ensure the application is ready to be released to production?

A. Limit the use of third-party libraries.

B. Prevent data exposure queries.

C. Obfuscate the source code.

D. Submit the application to QA before releasing it.

 

Question No : 99) A small company that does not have security staff wants to improve its security posture. Which of the following would BEST assist the company?

A. MSSP

B. SOAR

C. IaaS

D. PaaS

 

Question No : 100) A security analyst is reviewing the following attack log output:

 

A security analyst is reviewing the following attack log output:

 

Which of the following types of attacks does this MOST likely represent?

A. Rainbow table

B. Brute-force

C. Password-spraying

D. Dictionary

 

Question No : 101) An organization has implemented a policy requiring the use of conductive metal lockboxes for personal electronic devices outside of a secure research lab. Which of the following did the organization determine to be the GREATEST risk to intellectual property when creating this policy?

A. The theft of portable electronic devices

B. Geotagging in the metadata of images

C. Bluesnarfing of mobile devices

D. Data exfiltration over a mobile hotspot

 

Question No : 102) A Chief Security Office's (CSO's) key priorities are to improve preparation, response, and recovery practices to minimize system downtime and enhance organizational resilience to ransomware attacks. Which of the following would BEST meet the CSO's objectives? 

A. Use email-filtering software and centralized account management, patch high-risk systems, and restrict administration privileges on fileshares.

B. Purchase cyber insurance from a reputable provider to reduce expenses during an incident.

C. Invest in end-user awareness training to change the long-term culture and behavior of staff and executives, reducing the organization's susceptibility to phishing attacks.

D. Implement application whitelisting and centralized event-log management, and perform regular testing and validation of full backups.

 

Question No : 103) A global pandemic is forcing a private organization to close some business units and reduce staffing at others. Which of the following would be BEST to help the organization’s executives determine the next course of action?

A. An incident response plan

B. A communications plan

C. A disaster recovery plan

D. A business continuity plan

 

Question No : 104) In which of the following situations would it be BEST to use a detective control type for mitigation?

A. A company implemented a network load balancer to ensure 99.999% availability of its web application.

B. A company designed a backup solution to increase the chances of restoring services in case of a natural disaster.

C. A company purchased an application-level firewall to isolate traffic between the accounting department and the information technology department.

D. A company purchased an IPS system, but after reviewing the requirements, the appliance was supposed to monitor, not block, any traffic.

E. A company purchased liability insurance for flood protection on all capital assets.

 

Question No : 105) An organization is developing a plan in the event of a complete loss of critical systems and data. Which of the following plans is the organization MOST likely developing?

A. Incident response

B. Communications

C. Disaster recovery

D. Data retention

 

SY0-701 Answers

 

Part 1

Part 2

Part 3

Part 4

Part 5

Part 6

Part 7

Part 8

Part 9

Part 10

Part 11

Part 12

Part 13

Part 14

Part 15

Part 16

Part 17

Part 18

Part 19

Part 20

Part 21

Part 22

Part 23

Part 24

Part 25

Part 26

Part 27

Part 28

Part 29

Part 30

Part 31

Part 32

Part 33

Part 34

Part 35

Part 36

Part 37

Part 38

Part 39

Part 40

Part 41

Part 42