Practice Free SY0-701 Exam Online Questions
Question #131
A recent penetration test identified that an attacker could flood the MAC address table of network switches.
Which of the following would best mitigate this type of attack?
- A . Load balancer
- B . Port security
- C . IPS
- D . NGFW
Correct Answer: B
B
Explanation:
Port security is the best mitigation technique for preventing an attacker from flooding the MAC address table of network switches. Port security can limit the number of MAC addresses learned on a port, preventing an attacker from overwhelming the switch’s MAC table (a form of MAC flooding attack). When the allowed number of MAC addresses is exceeded, port security can block additional devices or trigger alerts.
Load balancer distributes network traffic but does not address MAC flooding attacks.
IPS (Intrusion Prevention System) detects and prevents attacks but isn’t specifically designed for MAC flooding mitigation.
NGFW (Next-Generation Firewall) offers advanced traffic inspection but is not directly involved in MAC table security.
B
Explanation:
Port security is the best mitigation technique for preventing an attacker from flooding the MAC address table of network switches. Port security can limit the number of MAC addresses learned on a port, preventing an attacker from overwhelming the switch’s MAC table (a form of MAC flooding attack). When the allowed number of MAC addresses is exceeded, port security can block additional devices or trigger alerts.
Load balancer distributes network traffic but does not address MAC flooding attacks.
IPS (Intrusion Prevention System) detects and prevents attacks but isn’t specifically designed for MAC flooding mitigation.
NGFW (Next-Generation Firewall) offers advanced traffic inspection but is not directly involved in MAC table security.
Question #132
An IT administrator needs to ensure data retention standards are implemented on an enterprise application.
Which of the Mowing describes the administrator’s role?
- A . Processor
- B . Custodian
- C . Privacy officer
- D . Owner
Correct Answer: D
Question #133
Which of the following environments utilizes a subset of customer data and is most likely to be used to assess the impacts of major system upgrades and demonstrate system features?
- A . Development
- B . Test
- C . Production
- D . Staging
Correct Answer: D
D
Explanation:
A staging environment is a controlled setting that closely mirrors the production environment but uses a subset of customer data. It is used to test major system upgrades, assess their impact, and demonstrate new features before they are rolled out to the live production environment. This ensures that any issues can be identified and addressed in a safe environment before affecting end-users.
Reference = CompTIA Security+ SY0-701 study materials, particularly in the domain of secure system development and testing environments.
D
Explanation:
A staging environment is a controlled setting that closely mirrors the production environment but uses a subset of customer data. It is used to test major system upgrades, assess their impact, and demonstrate new features before they are rolled out to the live production environment. This ensures that any issues can be identified and addressed in a safe environment before affecting end-users.
Reference = CompTIA Security+ SY0-701 study materials, particularly in the domain of secure system development and testing environments.
Question #134
Malware spread across a company’s network after an employee visited a compromised industry blog.
Which of the following best describes this type of attack?
- A . Impersonation
- B . Disinformation
- C . Watering-hole
- D . Smishing
Correct Answer: C
C
Explanation:
A watering-hole attack is a type of cyberattack that targets groups of users by infecting websites that they commonly visit. The attackers exploit vulnerabilities to deliver a malicious payload to the organization’s network. The attack aims to infect users’ computers and gain access to a connected corporate network. The attackers target websites known to be popular among members of a particular organization or demographic. The attack differs from phishing and spear-phishing attacks, which typically attempt to steal data or install malware onto users’ devices1
In this scenario, the compromised industry blog is the watering hole that the attackers used to spread malware across the company’s network. The attackers likely chose this blog because they knew that the employees of the company were interested in its content and visited it frequently. The attackers may have injected malicious code into the blog or redirected the visitors to a spoofed website that hosted the malware. The malware then infected the employees’ computers and propagated to the network.
Reference1: Watering Hole Attacks: Stages, Examples, Risk Factors & Defense …
C
Explanation:
A watering-hole attack is a type of cyberattack that targets groups of users by infecting websites that they commonly visit. The attackers exploit vulnerabilities to deliver a malicious payload to the organization’s network. The attack aims to infect users’ computers and gain access to a connected corporate network. The attackers target websites known to be popular among members of a particular organization or demographic. The attack differs from phishing and spear-phishing attacks, which typically attempt to steal data or install malware onto users’ devices1
In this scenario, the compromised industry blog is the watering hole that the attackers used to spread malware across the company’s network. The attackers likely chose this blog because they knew that the employees of the company were interested in its content and visited it frequently. The attackers may have injected malicious code into the blog or redirected the visitors to a spoofed website that hosted the malware. The malware then infected the employees’ computers and propagated to the network.
Reference1: Watering Hole Attacks: Stages, Examples, Risk Factors & Defense …
Question #135
A security analyst developed a script to automate a trivial and repeatable task.
Which of the following best describes the benefits of ensuring other team members understand how the script works?
- A . To reduce implementation cost
- B . To identify complexity
- C . To remediate technical debt
- D . To prevent a single point of failure
Correct Answer: D
D
Explanation:
Ensuring that other team members understand how a script works is essential to prevent a single point of failure. If only one person knows how the script operates, the organization risks being unable to maintain or troubleshoot it if that person is unavailable. Sharing knowledge ensures continuity and reduces dependence on one individual.
Reducing implementation cost and remediating technical debt are secondary considerations in this context.
Identifying complexity is important, but the main benefit is to avoid a single point of failure.
D
Explanation:
Ensuring that other team members understand how a script works is essential to prevent a single point of failure. If only one person knows how the script operates, the organization risks being unable to maintain or troubleshoot it if that person is unavailable. Sharing knowledge ensures continuity and reduces dependence on one individual.
Reducing implementation cost and remediating technical debt are secondary considerations in this context.
Identifying complexity is important, but the main benefit is to avoid a single point of failure.
Question #136
A security team receives reports about high latency and complete network unavailability throughout most of the office building. Flow logs from the campus switches show high traffic on TCP 445.
Which of the following is most likely the root cause of this incident?
- A . Buffer overflow
- B . NTP amplification attack
- C . Worm
- D . Kerberoasting attack
Correct Answer: C
C
Explanation:
Port 445 is used by the SMB protocol on Windows systems. Large volumes of unexpected traffic on TCP 445 are commonly associated with worms that exploit SMB vulnerabilities (such as WannaCry or Not Petya). Worms are self-replicating malware that spread rapidly across a network, consuming bandwidth, causing high latency, and often resulting in network outages. This matches the scenario given, where network unavailability and abnormal port 445 traffic are observed.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 2.1, "Malware Types: Worms"
CompTIA Security+ Exam Objectives: 2.1
CompTIA Glossary: "Worm―A self-replicating malware that spreads across networks, often exploiting vulnerabilities such as those in SMB (TCP 445)."
C
Explanation:
Port 445 is used by the SMB protocol on Windows systems. Large volumes of unexpected traffic on TCP 445 are commonly associated with worms that exploit SMB vulnerabilities (such as WannaCry or Not Petya). Worms are self-replicating malware that spread rapidly across a network, consuming bandwidth, causing high latency, and often resulting in network outages. This matches the scenario given, where network unavailability and abnormal port 445 traffic are observed.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 2.1, "Malware Types: Worms"
CompTIA Security+ Exam Objectives: 2.1
CompTIA Glossary: "Worm―A self-replicating malware that spreads across networks, often exploiting vulnerabilities such as those in SMB (TCP 445)."
Question #137
Which of the following is a possible consequence of a VM escape?
- A . Malicious instructions can be inserted into memory and give the attacker elevated permissions.
- B . An attacker can access the hypervisor and compromise other VMs.
- C . Unencrypted data can be read by a user in a separate environment.
- D . Users can install software that is not on the manufacturer’s approved list.
Correct Answer: B
B
Explanation:
Detailed A VM escape occurs when an attacker breaks out of a virtual machine’s isolation to access the hypervisor. This compromise can allow control of the hypervisor and all other VMs on the host, posing significant security risks.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 3: Security Architecture, Section: "Virtualization Risks and Mitigation".
B
Explanation:
Detailed A VM escape occurs when an attacker breaks out of a virtual machine’s isolation to access the hypervisor. This compromise can allow control of the hypervisor and all other VMs on the host, posing significant security risks.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 3: Security Architecture, Section: "Virtualization Risks and Mitigation".
Question #138
An organization issued new laptops to all employees and wants to provide web filtering both in and out of the office without configuring additional access to the network.
Which of the following types of web filtering should a systems administrator configure?
- A . Agent-based
- B . Centralized proxy
- C . URL scanning
- D . Content categorization
Correct Answer: A
Question #139
Which of the following is an example of a certificate that is generated by an internal source?
- A . Digital signature
- B . Asymmetric key
- C . Self-signed
- D . Symmetric key
Correct Answer: C
C
Explanation:
A self-signed certificate is generated internally without involving an external Certificate Authority (CA). In a self-signed certificate, the certificate issuer and certificate subject are the same entity. Security+ SY0-701 explains that organizations frequently use self-signed certificates for internal systems, lab environments, or testing scenarios where external trust chains are unnecessary.
A digital signature (A) is a cryptographic function, not a certificate. Asymmetric keys (B) are used in public-key cryptography but do not constitute a certificate by themselves. Symmetric keys (D) are encryption tools, not certificates.
Therefore, the example of a certificate generated internally is C: Self-signed.
C
Explanation:
A self-signed certificate is generated internally without involving an external Certificate Authority (CA). In a self-signed certificate, the certificate issuer and certificate subject are the same entity. Security+ SY0-701 explains that organizations frequently use self-signed certificates for internal systems, lab environments, or testing scenarios where external trust chains are unnecessary.
A digital signature (A) is a cryptographic function, not a certificate. Asymmetric keys (B) are used in public-key cryptography but do not constitute a certificate by themselves. Symmetric keys (D) are encryption tools, not certificates.
Therefore, the example of a certificate generated internally is C: Self-signed.
Question #140
Which vulnerability is most likely mitigated by setting up an MDM platform?
- A . TPM
- B . Buffer overflow
- C . Jailbreaking
- D . SQL injection
Correct Answer: C
C
Explanation:
Mobile Device Management (MDM) platforms enforce security policies on mobile devices, including preventing or detecting jailbreaking, which is the act of removing manufacturer restrictions on devices. Jailbroken devices bypass security protections, allow installation of unauthorized apps, expose system files, and greatly increase risk.
Security+ SY0-701 identifies MDM as a key defense for mobile ecosystems, providing controls such as:
Jailbreak/root detection
Remote wipe
App allow/deny lists
Configuration enforcement
Encryption enforcement
TPM (A) is hardware-based protection unrelated to MDM. Buffer overflow (B) and SQL injection (D) are software coding vulnerabilities not affected by mobile device policy enforcement.
Thus, the correct answer is C: Jailbreaking.
C
Explanation:
Mobile Device Management (MDM) platforms enforce security policies on mobile devices, including preventing or detecting jailbreaking, which is the act of removing manufacturer restrictions on devices. Jailbroken devices bypass security protections, allow installation of unauthorized apps, expose system files, and greatly increase risk.
Security+ SY0-701 identifies MDM as a key defense for mobile ecosystems, providing controls such as:
Jailbreak/root detection
Remote wipe
App allow/deny lists
Configuration enforcement
Encryption enforcement
TPM (A) is hardware-based protection unrelated to MDM. Buffer overflow (B) and SQL injection (D) are software coding vulnerabilities not affected by mobile device policy enforcement.
Thus, the correct answer is C: Jailbreaking.