[2024] SY0-701 Exam Dumps, Test Engine Practice Test Questions [Q25-Q42]

4.3/5 - (6 votes)

[2024] SY0-701 Exam Dumps, Test Engine Practice Test Questions

Pass SY0-701 exam [Mar 26, 2024] Updated 158 Questions

QUESTION 25
An organization wants a third-party vendor to do a penetration test that targets a specific device. The organization has provided basic information about the device. Which of the following best describes this kind of penetration test?

Partially known environment

Unknown environment

Integrated

Known environment

QUESTION 26
During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Once the password is created, the company will grant the employee access to other company-owned websites based on the intranet profile.
Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user’s intranet account? (Select two).

Federation

Identity proofing

Password complexity

Default password changes

Password manager

Open authentication

QUESTION 27
A security team is reviewing the findings in a report that was delivered after a third party performed a penetration test. One of the findings indicated that a web application form field is vulnerable to cross-site scripting. Which of the following application security techniques should the security analyst recommend the developer implement to prevent this vulnerability?

Secure cookies

Version control

Input validation

Code signing

QUESTION 28
Which of the following practices would be best to prevent an insider from introducing malicious code into a company’s development process?

Code scanning for vulnerabilities

Open-source component usage

Quality assurance testing

Peer review and approval

QUESTION 29
An administrator notices that several users are logging in from suspicious IP addresses. After speaking with the users, the administrator determines that the employees were not logging in from those IP addresses and resets the affected users’ passwords. Which of the following should the administrator implement to prevent this type of attack from succeeding in the future?

Multifactor authentication

Permissions assignment

Access management

Password complexity

QUESTION 30
Which of the following scenarios describes a possible business email compromise attack?

An employee receives a gift card request in an email that has an executive’s name in the display field of the email.

Employees who open an email attachment receive messages demanding payment in order to access files.

A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account.

An employee receives an email with a link to a phishing site that is designed to look like the company’s email portal.

QUESTION 31
After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training?

Insider threat

Email phishing

Social engineering

Executive whaling

QUESTION 32
An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device.
Which of the followingbestdescribes the user’s activity?

Penetration testing

Phishing campaign

External audit

Insider threat

QUESTION 33
A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO’s report?

Insider threat

Hacktivist

Nation-state

Organized crime

QUESTION 34
A client asked a security company to provide a document outlining the project, the cost, and the completion time frame. Which of the following documents should the company provide to the client?

MSA

SLA

BPA

ISOW

Explanation
An ISOW is a document that outlines the project, the cost, and the completion time frame for a security company to provide a service to a client. ISOW stands for Information Security Operations Work, and it is a type of contract that specifies the scope, deliverables, milestones, and payment terms of a security project. An ISOW is usually used for one-time or short-term projects that have a clear and defined objective and outcome.
For example, an ISOW can be used for a security assessment, a penetration test, a security audit, or a security training.
The other options are not correct because they are not documents that outline the project, the cost, and the completion time frame for a security company to provide a service to a client. A MSA is a master service agreement, which is a type of contract that establishes the general terms and conditions for a long-term or ongoing relationship between a security company and a client. A MSA does not specify the details of each individual project, but rather sets the framework for future projects that will be governed by separate statements of work (SOWs). A SLA is a service level agreement, which is a type of contract that defines the quality and performance standards for a security service provided by a security company to a client. A SLA usually includes the metrics, targets, responsibilities, and penalties for measuring and ensuring the service level. A BPA is a business partnership agreement, which is a type of contract that establishes the roles and expectations for a strategic alliance between two or more security companies that collaborate to provide a joint service to a client. A BPA usually covers the objectives, benefits, risks, and obligations of the partnership. References = CompTIA Security+ Study Guide (SY0-701), Chapter 8: Governance, Risk, and Compliance, page 387. Professor Messer’s CompTIA SY0-701 Security+ Training Course, Section 8.2:
Compliance and Controls, video: Contracts and Agreements (5:12).

QUESTION 35
Which of the following agreement types defines the time frame in which a vendor needs to respond?

SOW

SLA

MOA

MOU

QUESTION 36
Which of the following are cases in which an engineer should recommend the decommissioning of a network device? (Select two).

The device has been moved from a production environment to a test environment.

The device is configured to use cleartext passwords.

The device is moved to an isolated segment on the enterprise network.

The device is moved to a different location in the enterprise.

The device’s encryption level cannot meet organizational standards.

The device is unable to receive authorized updates.

QUESTION 37
Which of the following is thebestway to consistently determine on a daily basis whether security settings on servers have been modified?

Automation

Compliance checklist

Attestation

Manual audit

Automation is the best way to consistently determine on a daily basis whether security settings on servers have been modified. Automation is the process of using software, hardware, or other tools to perform tasks that would otherwise require human intervention or manual effort. Automation can help to improve the efficiency, accuracy, and consistency of security operations, as well as reduce human errors and costs.
Automation can be used to monitor, audit, and enforce security settings on servers, such as firewall rules, encryption keys, access controls, patch levels, and configuration files. Automation can also alert security personnel of any changes or anomalies that may indicate a security breach or compromise12.
The other options are not the best ways to consistently determine on a daily basis whether security settings on servers have been modified:
Compliance checklist: This is a document that lists the security requirements, standards, or best practices that an organization must follow or adhere to. A compliance checklist can help to ensure that the security settings on servers are aligned with the organizational policies and regulations, but it does not automatically detect or report any changes or modifications that may occur on a daily basis3.
Attestation: This is a process of verifying or confirming the validity or accuracy of a statement, claim, or fact. Attestation can be used to provide assurance or evidence that the security settings on servers are correct and authorized, but it does not continuously monitor or audit any changes or modifications that may occur on a daily basis4.
Manual audit: This is a process of examining or reviewing the security settings on servers by human inspectors or auditors. A manual audit can help to identify and correct any security issues or discrepancies on servers, but it is time-consuming, labor-intensive, and prone to human errors. A manual audit may not be feasible or practical to perform on a daily basis.
References = 1: CompTIA Security+ SY0-701 Certification Study Guide, page 1022: Automation and Scripting – CompTIA Security+ SY0-701 – 5.1, video by Professor Messer3: CompTIA Security+ SY0-701 Certification Study Guide, page 974: CompTIA Security+ SY0-701 Certification Study Guide, page 98. :
CompTIA Security+ SY0-701 Certification Study Guide, page 99.

QUESTION 38
Which of the following best practices gives administrators a set period to perform changes to an operational system to ensure availability and minimize business impacts?

Impact analysis

Scheduled downtime

Backout plan

Change management boards

QUESTION 39
A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the followingbestdescribes this step?

Capacity planning

Redundancy

Geographic dispersion

Tablet exercise

QUESTION 40
A company’s marketing department collects, modifies, and stores sensitive customer data. The infrastructure team is responsible for securing the data while in transit and at rest. Which of the following data roles describes the customer?

Processor

Custodian

Subject

Owner

QUESTION 41
A company’s end users are reporting that they are unable to reach external websites. After reviewing the performance data for the DNS severs, the analyst discovers that the CPU, disk, and memory usage are minimal, but the network interface is flooded with inbound traffic. Network logs show only a small number of DNS queries sent to this server. Which of the following best describes what the security analyst is seeing?

Concurrent session usage

Secure DNS cryptographic downgrade

On-path resource consumption

Reflected denial of service

QUESTION 42
A newly appointed board member with cybersecurity knowledge wants the board of directors to receive a quarterly report detailing the number of incidents that impacted the organization. The systems administrator is creating a way to present the data to the board of directors. Which of the following should the systems administrator use?

Packet captures

Vulnerability scans

Metadata

Dashboard