Practice Free SY0-701 Exam Online Questions
A company’s online shopping website became unusable shortly after midnight on January 30, 2023. When a security analyst reviewed the database server, the analyst noticed the following code used for backing up data:
Which of the following should the analyst do next?
- A . Check for recently terminated DBAs.
- B . Review WAF logs for evidence of command injection.
- C . Scan the database server for malware.
- D . Search the web server for ransomware notes.
A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours.
Which of the following is most likely occurring?
- A . A worm is propagating across the network.
- B . Data is being exfiltrated.
- C . A logic bomb is deleting data.
- D . Ransomware is encrypting files.
B
Explanation:
Data exfiltration is a technique that attackers use to steal sensitive data from a target system or network by transmitting it through DNS queries and responses. This method is often used in advanced persistent threat (APT) attacks, in which attackers seek to persistently evade detection in the target environment. A large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours is a strong indicator of data exfiltration. A worm, a logic bomb, and ransomware would not use DNS queries to communicate with their command and control servers or perform their malicious actions.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 487; Introduction to DNS Data Exfiltration; Identifying a DNS Exfiltration Attack That Wasn’t Real ― This Time
A systems administrator is concerned about vulnerabilities within cloud computing instances.
Which of the following is most important for the administrator to consider when architecting a cloud computing environment?
- A . SQL injection
- B . TOC/TOU
- C . VM escape
- D . Tokenization
- E . Password spraying
An administrator is creating a secure method for a contractor to access a test environment.
Which of the following would provide the contractor with the best access to the test environment?
- A . Application server
- B . Jump server
- C . RDP server
- D . Proxy server
The physical security team at a company receives reports that employees are not displaying their badges. The team also observes employees tailgating at controlled entrances.
Which of the following topics will the security team most likely emphasize in upcoming security training?
- A . Social engineering
- B . Situational awareness
- C . Phishing
- D . Acceptable use policy
A
Explanation:
Social engineering attacks exploit human behavior to bypass security controls. Tailgating (following an authorized person into a restricted area without authentication) and badge non-compliance are common tactics used by attackers to gain unauthorized physical access. Training employees to recognize and prevent social engineering tactics can reduce these risks.
Situational awareness (B) relates to general security awareness but is not specific to social engineering attacks.
Phishing (C) targets victims via email or online deception, not physical access.
Acceptable use policy (D) defines how employees should use IT resources but does not address physical security risks.
Reference: CompTIA Security+ SY0-701 Official Study Guide, General Security Concepts domain.
An organization implemented cloud-managed IP cameras to monitor building entry points and sensitive areas. The service provider enables direct TCP/IP connection to stream live video footage from each camera. The organization wants to ensure this stream is encrypted and authenticated.
Which of the following protocols should be implemented to best meet this objective?
- A . SSH
- B . SRTP
- C . S/MIME
- D . PPTP
B
Explanation:
Secure Real-Time Transport Protocol (SRTP) is a security protocol used to encrypt and authenticate the streaming of audio and video over IP networks. It ensures that the video streams from the IP
cameras are both encrypted to prevent unauthorized access and authenticated to verify the integrity of the stream, making it the ideal choice for securing video surveillance.
Reference: CompTIA Security+ SY0-701 Course Content: Domain 3: Security Architecture, which includes secure communication protocols like SRTP for protecting data in transit.
An administrator is reviewing a single server’s security logs and discovers the following;
Which of the following best describes the action captured in this log file?
- A . Brute-force attack
- B . Privilege escalation
- C . Failed password audit
- D . Forgotten password by the user
A
Explanation:
A brute-force attack is a type of attack that involves systematically trying all possible combinations of passwords or keys until the correct one is found. The log file shows multiple failed login attempts in a short amount of time, which is a characteristic of a brute-force attack. The attacker is trying to guess the password of the Administrator account on the server. The log file also shows the event ID 4625, which indicates a failed logon attempt, and the status code 0xC000006A, which means the user name is correct but the password is wrong. These are indicators of compromise (IoC) that suggest a brute-force attack is taking place.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 215-216 and 223 1
A systems administrator needs to encrypt all data on employee laptops.
Which of the following encryption levels should be implemented?
- A . Volume
- B . Partition
- C . Full disk
- D . File
Which of the following describes an executive team that is meeting in a board room and testing the company’s incident response plan?
- A . Continuity of operations
- B . Capacity planning
- C . Tabletop exercise
- D . Parallel processing
C
Explanation:
A tabletop exercise involves the executive team or key stakeholders discussing and testing the company’s incident response plan in a simulated environment. These exercises are low-stress, discussion-based, and help to validate the plan’s effectiveness by walking through different scenarios without disrupting actual operations. It is an essential part of testing business continuity and incident response strategies.
Continuity of operations refers to the ability of an organization to continue functioning during and after a disaster but doesn’t specifically involve simulations like tabletop exercises.
Capacity planning is related to ensuring the infrastructure can handle growth, not incident response testing.
Parallel processing refers to running multiple processes simultaneously, which is unrelated to testing an incident response plan.
The security operations center is researching an event concerning a suspicious IP address A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced faded log-In attempts when authenticating from the same IP address:
Which of the following most likely describes attack that took place?
- A . Spraying
- B . Brute-force
- C . Dictionary
- D . Rainbow table