Practice Free SY0-701 Exam Online Questions
A customer of a large company receives a phone call from someone claiming to work for the company and asking for the customer’s credit card information. The customer sees the caller ID is the same as the company’s main phone number.
Which of the following attacks is the customer most likely a target of?
- A . Phishing
- B . Whaling
- C . Smishing
- D . Vishing
For which of the following reasons would a systems administrator leverage a 3DES hash from an installer file that is posted on a vendor’s website?
- A . To test the integrity of the file
- B . To validate the authenticity of the file
- C . To activate the license for the file
- D . To calculate the checksum of the file
A security report shows that during a two-week test period. 80% of employees unwittingly disclosed their SSO credentials when accessing an external website. The organization purposely created the website to simulate a cost-free password complexity test.
Which of the following would best help reduce the number of visits to similar websites in the future?
- A . Block all outbound traffic from the intranet.
- B . Introduce a campaign to recognize phishing attempts.
- C . Restrict internet access for the employees who disclosed credentials.
- D . Implement a deny list of websites.
During a recent company safety stand-down, the cyber-awareness team gave a presentation on the importance of cyber hygiene. One topic the team covered was best practices for printing centers.
Which of the following describes an attack method that relates to printing centers?
- A . Whaling
- B . Credential harvesting
- C . Prepending
- D . Dumpster diving
D
Explanation:
Dumpster diving is an attack method where attackers search through physical waste, such as discarded documents and printouts, to find sensitive information that has not been properly disposed of. In the context of printing centers, this could involve attackers retrieving printed documents containing confidential data that were improperly discarded without shredding or other secure disposal methods. This emphasizes the importance of proper disposal and physical security measures in cyber hygiene practices.
Reference =
CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations.
CompTIA Security+ SY0-601 Study Guide: Chapter on Physical Security and Cyber Hygiene.
An employee clicks a malicious link in an email that appears to be from the company’s Chief Executive Officer. The employee’s computer is infected with ransomware that encrypts the company’s files.
Which of the following is the most effective way for the company to prevent similar incidents in the future?
- A . Security awareness training
- B . Database encryption
- C . Segmentation
- D . Reporting suspicious emails
Which of the following describes the understanding between a company and a client about what will be provided and the accepted time needed to provide the company with the resources?
- A . SLA
- B . MOU
- C . MOA
- D . BPA
A
Explanation:
A Service Level Agreement (SLA) is a formal document between a service provider and a client that defines the expected level of service, including what resources will be provided and the agreed-upon time frames. It typically includes metrics to evaluate performance, uptime guarantees, and response times.
MOU (Memorandum of Understanding) and MOA (Memorandum of Agreement) are less formal and may not specify the exact level of service.
BPA (Business Partners Agreement) focuses more on the long-term relationship between partners.
Which of the following is a preventive physical security control?
- A . Video surveillance system
- B . Bollards
- C . Alarm system
- D . Motion sensors
A company wants to ensure employees are allowed to copy files from a virtual desktop during the workday but are restricted during non-working hours.
Which of the following security measures should the company set up?
- A . Digital rights management
- B . Role-based access control
- C . Time-based access control
- D . Network access control
A user would like to install software and features that are not available with a smartphone’s default software.
Which of the following would allow the user to install unauthorized software and enable new features?
- A . SOU
- B . Cross-site scripting
- C . Jailbreaking
- D . Side loading
C
Explanation:
Jailbreaking is the process of removing restrictions imposed by the manufacturer on a smartphone, allowing the user to install unauthorized software and features not available through official app stores. This action typically voids the warranty and can introduce security risks by bypassing built-in protections.
SOU (Statement of Understanding) is not related to modifying devices.
Cross-site scripting is a web-based attack technique, unrelated to smartphone software.
Side loading refers to installing apps from unofficial sources but without necessarily removing built-in restrictions like jailbreaking does.
Which of the following would be the best ways to ensure only authorized personnel can access a secure facility? (Select two).
- A . Fencing
- B . Video surveillance
- C . Badge access
- D . Access control vestibule
- E . Sign-in sheet
- F . Sensor
C,D
Explanation:
Badge access and access control vestibule are two of the best ways to ensure only authorized personnel can access a secure facility. Badge access requires the personnel to present a valid and authenticated badge to a reader or scanner that grants or denies access based on predefined rules and permissions. Access control vestibule is a physical security measure that consists of a small room or chamber with two doors, one leading to the outside and one leading to the secure area. The personnel must enter the vestibule and wait for the first door to close and lock before the second door can be opened. This prevents tailgating or piggybacking by unauthorized individuals.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 4, pages 197-1981