Practice Free SY0-701 Exam Online Questions
Question #151
An external security assessment report indicates a high click rate on suspicious emails. The Chief Intelligence Security Officer (CISO) must reduce this behavior.
Which of the following should the CISO do first?
- A . Update the acceptable use policy.
- B . Deploy a password management solution.
- C . Issue warning letters to affected users.
- D . Implement a phishing awareness campaign.
Correct Answer: D
D
Explanation:
To reduce risky behaviors such as clicking suspicious emails, the first and most effective step is to implement a phishing awareness campaign that educates users about recognizing phishing attempts, the risks involved, and safe practices. Awareness training can significantly reduce successful phishing attacks by changing user behavior.
Updating policies (A) is important but does not directly affect user behavior immediately. Password management solutions (B) help with credential security but do not reduce phishing click rates. Issuing warning letters (C) is punitive and less effective than proactive education.
This approach aligns with Security Program Management principles emphasizing training and awareness as primary controls against phishing risks 【 6:Chapter 16†CompTIA Security+ Study Guide 】 .
D
Explanation:
To reduce risky behaviors such as clicking suspicious emails, the first and most effective step is to implement a phishing awareness campaign that educates users about recognizing phishing attempts, the risks involved, and safe practices. Awareness training can significantly reduce successful phishing attacks by changing user behavior.
Updating policies (A) is important but does not directly affect user behavior immediately. Password management solutions (B) help with credential security but do not reduce phishing click rates. Issuing warning letters (C) is punitive and less effective than proactive education.
This approach aligns with Security Program Management principles emphasizing training and awareness as primary controls against phishing risks 【 6:Chapter 16†CompTIA Security+ Study Guide 】 .
Question #152
Which of the following can best protect against an employee inadvertently installing malware on a company system?
- A . Host-based firewall
- B . System isolation
- C . Least privilege
- D . Application allow list
Correct Answer: D
D
Explanation:
An application allow list is a security technique that specifies which applications are authorized to run on a system and blocks all other applications. An application allow list can best protect against an employee inadvertently installing malware on a company system because it prevents the execution of any unauthorized or malicious software, such as viruses, worms, trojans, ransomware, or spyware. An application allow list can also reduce the attack surface and improve the performance of the system.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 11: Secure Application Development, page 551 1
D
Explanation:
An application allow list is a security technique that specifies which applications are authorized to run on a system and blocks all other applications. An application allow list can best protect against an employee inadvertently installing malware on a company system because it prevents the execution of any unauthorized or malicious software, such as viruses, worms, trojans, ransomware, or spyware. An application allow list can also reduce the attack surface and improve the performance of the system.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 11: Secure Application Development, page 551 1
Question #153
Which of the following involves an attempt to take advantage of database misconfigurations?
- A . Buffer overflow
- B . SQL injection
- C . VM escape
- D . Memory injection
Correct Answer: B
B
Explanation:
SQL injection is a type of attack that exploits a database misconfiguration or a flaw in the application code that interacts with the database. An attacker can inject malicious SQL statements into the user input fields or the URL parameters that are sent to the database server. These statements can then execute unauthorized commands, such as reading, modifying, deleting, or creating data, or even taking over the database server. SQL injection can compromise the confidentiality, integrity, and availability of the data and the system.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 215 1
B
Explanation:
SQL injection is a type of attack that exploits a database misconfiguration or a flaw in the application code that interacts with the database. An attacker can inject malicious SQL statements into the user input fields or the URL parameters that are sent to the database server. These statements can then execute unauthorized commands, such as reading, modifying, deleting, or creating data, or even taking over the database server. SQL injection can compromise the confidentiality, integrity, and availability of the data and the system.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 215 1
Question #154
Which of the following is a common source of unintentional corporate credential leakage in cloud environments?
- A . Code repositories
- B . Dark web
- C . Threat feeds
- D . State actors
- E . Vulnerability databases
Correct Answer: A
A
Explanation:
Code repositories are a common source of unintentional corporate credential leakage, especially in cloud environments. Developers may accidentally commit and push sensitive information, such as API keys, passwords, and other credentials, to public or poorly secured repositories. These credentials can then be accessed by unauthorized users, leading to security breaches. Ensuring that repositories are properly secured and that sensitive data is never committed is critical for protecting against this type of leakage.
Reference =
CompTIA Security+ SY0-701 Course Content: Domain 03 Security Architecture.
CompTIA Security+ SY0-601 Study Guide: Chapter on Threats and Vulnerability Management.
A
Explanation:
Code repositories are a common source of unintentional corporate credential leakage, especially in cloud environments. Developers may accidentally commit and push sensitive information, such as API keys, passwords, and other credentials, to public or poorly secured repositories. These credentials can then be accessed by unauthorized users, leading to security breaches. Ensuring that repositories are properly secured and that sensitive data is never committed is critical for protecting against this type of leakage.
Reference =
CompTIA Security+ SY0-701 Course Content: Domain 03 Security Architecture.
CompTIA Security+ SY0-601 Study Guide: Chapter on Threats and Vulnerability Management.
Question #155
An organization is required to provide assurance that its controls are properly designed and operating effectively.
Which of the following reports will best achieve the objective?
- A . Red teaming
- B . Penetration testing
- C . Independent audit
- D . Vulnerability assessment
Correct Answer: D
Question #156
An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC’s memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network.
Which of the following describes this type of attack?
- A . Privilege escalation
- B . Buffer overflow
- C . SQL injection
- D . Pass-the-hash
Correct Answer: D
D
Explanation:
The scenario describes an attacker who obtained credentials from a compromised system’s memory and used them without cracking to move laterally within the network. This technique is known as a "pass-the-hash" attack, where the attacker captures hashed credentials (e.g., NTLM hashes) and uses them to authenticate and gain access to other systems without needing to know the plaintext password. This is a common attack method in environments where weak security practices or outdated protocols are in use.
Reference =
CompTIA Security+ SY0-701 Course Content: The course discusses credential-based attacks like pass-the-hash, emphasizing their impact and the importance of protecting credential stores.
D
Explanation:
The scenario describes an attacker who obtained credentials from a compromised system’s memory and used them without cracking to move laterally within the network. This technique is known as a "pass-the-hash" attack, where the attacker captures hashed credentials (e.g., NTLM hashes) and uses them to authenticate and gain access to other systems without needing to know the plaintext password. This is a common attack method in environments where weak security practices or outdated protocols are in use.
Reference =
CompTIA Security+ SY0-701 Course Content: The course discusses credential-based attacks like pass-the-hash, emphasizing their impact and the importance of protecting credential stores.
Question #157
A company is required to use certified hardware when building networks.
Which of the following best addresses the risks associated with procuring counterfeit hardware?
- A . A thorough analysis of the supply chain
- B . A legally enforceable corporate acquisition policy
- C . A right to audit clause in vendor contracts and SOWs
- D . An in-depth penetration test of all suppliers and vendors
Correct Answer: A
A
Explanation:
Counterfeit hardware is hardware that is built or modified without the authorization of the original equipment manufacturer (OEM). It can pose serious risks to network quality, performance, safety, and reliability12. Counterfeit hardware can also contain malicious components that can compromise the security of the network and the data that flows through it3. To address the risks associated with procuring counterfeit hardware, a company should conduct a thorough analysis of the supply chain, which is the network of entities involved in the production, distribution, and delivery of the hardware. By analyzing the supply chain, the company can verify the origin, authenticity, and integrity of the hardware, and identify any potential sources of counterfeit or tampered products. A thorough analysis of the supply chain can include the following steps: Establishing a trusted relationship with the OEM and authorized resellers
Requesting documentation and certification of the hardware from the OEM or authorized resellers Inspecting the hardware for any signs of tampering, such as mismatched labels, serial numbers, or components
Testing the hardware for functionality, performance, and security
Implementing a tracking system to monitor the hardware throughout its lifecycle Reporting any suspicious or counterfeit hardware to the OEM and law enforcement agencies
Reference = 1: Identify Counterfeit and Pirated Products – Cisco, 2: What Is HardwareSecurity? Definition, Threats, and Best Practices, 3: Beware of Counterfeit Network Equipment – TechNewsWorld,: Counterfeit Hardware: The Threat and How to Avoid It
A
Explanation:
Counterfeit hardware is hardware that is built or modified without the authorization of the original equipment manufacturer (OEM). It can pose serious risks to network quality, performance, safety, and reliability12. Counterfeit hardware can also contain malicious components that can compromise the security of the network and the data that flows through it3. To address the risks associated with procuring counterfeit hardware, a company should conduct a thorough analysis of the supply chain, which is the network of entities involved in the production, distribution, and delivery of the hardware. By analyzing the supply chain, the company can verify the origin, authenticity, and integrity of the hardware, and identify any potential sources of counterfeit or tampered products. A thorough analysis of the supply chain can include the following steps: Establishing a trusted relationship with the OEM and authorized resellers
Requesting documentation and certification of the hardware from the OEM or authorized resellers Inspecting the hardware for any signs of tampering, such as mismatched labels, serial numbers, or components
Testing the hardware for functionality, performance, and security
Implementing a tracking system to monitor the hardware throughout its lifecycle Reporting any suspicious or counterfeit hardware to the OEM and law enforcement agencies
Reference = 1: Identify Counterfeit and Pirated Products – Cisco, 2: What Is HardwareSecurity? Definition, Threats, and Best Practices, 3: Beware of Counterfeit Network Equipment – TechNewsWorld,: Counterfeit Hardware: The Threat and How to Avoid It
Question #158
Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?
- A . To track the status of patch installations
- B . To find shadow IT cloud deployments
- C . To continuously monitor hardware inventory
- D . To hunt for active attackers in the network
Correct Answer: A
A
Explanation:
Detailed
Daily vulnerability scans help identify missing patches or updates across endpoints, allowing security teams to ensure compliance with patch management policies.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 4: Security Operations, Section: "Vulnerability Management".
A
Explanation:
Detailed
Daily vulnerability scans help identify missing patches or updates across endpoints, allowing security teams to ensure compliance with patch management policies.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 4: Security Operations, Section: "Vulnerability Management".
Question #159
Which of the following would most likely be used by attackers to perform credential harvesting?
- A . Social engineering
- B . Supply chain compromise
- C . Third-party software
- D . Rainbow table
Correct Answer: A
Question #160
A systems administrator needs to encrypt all data on employee laptops.
Which of the following encryption levels should be implemented?
- A . Volume
- B . Partition
- C . Full disk
- D . File
Correct Answer: C