Practice Free SY0-701 Exam Online Questions
During a recent company safety stand-down, the cyber-awareness team gave a presentation on the importance of cyber hygiene. One topic the team covered was best practices for printing centers.
Which of the following describes an attack method that relates to printing centers?
- A . Whaling
- B . Credential harvesting
- C . Prepending
- D . Dumpster diving
D
Explanation:
Dumpster diving is an attack method where attackers search through physical waste, such as discarded documents and printouts, to find sensitive information that has not been properly disposed of. In the context of printing centers, this could involve attackers retrieving printed documents containing confidential data that were improperly discarded without shredding or other secure disposal methods. This emphasizes the importance of proper disposal and physical security measures in cyber hygiene practices.
Reference =
CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations.
CompTIA Security+ SY0-601 Study Guide: Chapter on Physical Security and Cyber Hygiene.
Which of the following elements of digital forensics should a company use If It needs to ensure the integrity of evidence?
- A . Preservation
- B . E-discovery
- C . Acquisition
- D . Containment
After failing an audit twice, an organization has been ordered by a government regulatory agency to pay fines.
Which of the following caused this action?
- A . Non-compliance
- B . Contract violations
- C . Government sanctions
- D . Rules of engagement
A security analyst is assessing several company firewalls.
Which of the following cools would The analyst most likely use to generate custom packets to use during the assessment?
- A . hping
- B . Wireshark
- C . PowerShell
- D . netstat
A
Explanation:
Monitoring outbound traffic is essential for detecting unauthorized data exfiltration from a system. A new vulnerability that allows malware to move data unauthorizedly would typically attempt to send this data out of the network. By monitoring outbound traffic, security tools can detect unusual data transfers, trigger alerts, and help prevent the exfiltration of sensitive information.
Reference =
CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations.
CompTIA Security+ SY0-601 Study Guide: Chapter on Threat Detection and Response.
A company wants to ensure secure remote access to its internal network. The company has only one public IP and would like to avoid making any changes to the current network setup.
Which of the following solutions would best accomplish this goal?
- A . PAT
- B . IPSec VPN
- C . Perimeter network
- D . Reverse proxy
An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC’s memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network.
Which of the following describes this type of attack?
- A . Privilege escalation
- B . Buffer overflow
- C . SQL injection
- D . Pass-the-hash
D
Explanation:
The scenario describes an attacker who obtained credentials from a compromised system’s memory and used them without cracking to move laterally within the network. This technique is known as a "pass-the-hash" attack, where the attacker captures hashed credentials (e.g., NTLM hashes) and uses them to authenticate and gain access to other systems without needing to know the plaintext password. This is a common attack method in environments where weak security practices or outdated protocols are in use.
Reference =
CompTIA Security+ SY0-701 Course Content: The course discusses credential-based attacks like pass-the-hash, emphasizing their impact and the importance of protecting credential stores.
Which of the following explains why an attacker cannot easily decrypt passwords using a rainbow table attack?
- A . Digital signatures
- B . Salting
- C . Hashing
- D . Perfect forward secrecy
B
Explanation:
Salting is a technique used to enhance the security of hashed passwords by adding a unique, random value (salt) to each password before hashing it. This prevents attackers from easily decrypting passwords using rainbow tables, which are precomputed tables for reversing cryptographic hash functions. Since each password has a unique salt, the same password will produce different hash values, making rainbow table attacks ineffective.
Reference =
CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations.
CompTIA Security+ SY0-601 Study Guide: Chapter on Cryptography and Hashing Techniques.
Which of the following describes the maximum allowance of accepted risk?
- A . Risk indicator
- B . Risk level
- C . Risk score
- D . Risk threshold
D
Explanation:
Risk threshold is the maximum amount of risk that an organization is willing to accept for a given activity or decision. It is also known as risk appetite or risk tolerance. Risk threshold helps an organization to prioritize and allocate resources for risk management. Risk indicator, risk level, and risk score are different ways of measuring or expressing the likelihood and impact of a risk, but they do not describe the maximum allowance of accepted risk.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 34; Accepting Risk: Definition, How It Works, and Alternatives
A cybersecurity incident response team at a large company receives notification that malware is present on several corporate desktops No known Indicators of compromise have been found on the network.
Which of the following should the team do first to secure the environment?
- A . Contain the Impacted hosts
- B . Add the malware to the application blocklist.
- C . Segment the core database server.
- D . Implement firewall rules to block outbound beaconing
A
Explanation:
The first step in responding to a cybersecurity incident, particularly when malware is detected, is to contain the impacted hosts. This action prevents the spread of malware to other parts of the network, limiting the potential damage while further investigation and remediation actions are planned.
Reference = CompTIA Security+ SY0-701 study materials, particularly on incident response procedures and the importance of containment in managing security incidents.
The Chief Information Security Officer (CISO) at a large company would like to gain an understanding of how the company’s security policies compare to the requirements imposed by external regulators.
Which of the following should the CISO use?
- A . Penetration test
- B . Internal audit
- C . Attestation
- D . External examination
D
Explanation:
An external examination (also known as an external audit or external review) is the best method for the Chief Information Security Officer (CISO) to gain an understanding of how the company’s security policies compare to external regulatory requirements. External examinations are conducted by third-party entities that assess an organization’s compliance with laws, regulations, and industry standards.
Penetration tests focus on identifying vulnerabilities, not compliance.
Internal audits assess internal controls but are not impartial or focused on regulatory requirements.
Attestation is a formal declaration but does not involve the actual evaluation of compliance.