Practice Free SY0-701 Exam Online Questions
Question #191
A security analyst scans a company’s public network and discovers a host is running a remote desktop that can be used to access the production network.
Which of the following changes should the security analyst recommend?
- A . Changing the remote desktop port to a non-standard number
- B . Setting up a VPN and placing the jump server inside the firewall
- C . Using a proxy for web connections from the remote desktop server
- D . Connecting the remote server to the domain and increasing the password length
Correct Answer: B
B
Explanation:
A VPN is a virtual private network that creates a secure tunnel between two or more devices over a public network. A VPN can encrypt and authenticate the data, as well as hide the IP addresses and locations of the devices. A jump server is a server that acts as an intermediary between a user and a target server, such as a production server. A jump server can provide an additional layer of security and access control, as well as logging and auditing capabilities. A firewall is a device or software that filters and blocks unwanted network traffic based on predefined rules. A firewall can protect the internal network from external threats and limit the exposure of sensitive services and ports. A security analyst should recommend setting up a VPN and placing the jump server inside the firewall to improve the security of the remote desktop access to the production network. This way, the remote desktop service will not be exposed to the public network, and only authorized users with VPN credentials can access the jump server and then the production server.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 8: Secure Protocols and Services, page 382-383 1; Chapter 9: Network Security, page 441-442 1
B
Explanation:
A VPN is a virtual private network that creates a secure tunnel between two or more devices over a public network. A VPN can encrypt and authenticate the data, as well as hide the IP addresses and locations of the devices. A jump server is a server that acts as an intermediary between a user and a target server, such as a production server. A jump server can provide an additional layer of security and access control, as well as logging and auditing capabilities. A firewall is a device or software that filters and blocks unwanted network traffic based on predefined rules. A firewall can protect the internal network from external threats and limit the exposure of sensitive services and ports. A security analyst should recommend setting up a VPN and placing the jump server inside the firewall to improve the security of the remote desktop access to the production network. This way, the remote desktop service will not be exposed to the public network, and only authorized users with VPN credentials can access the jump server and then the production server.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 8: Secure Protocols and Services, page 382-383 1; Chapter 9: Network Security, page 441-442 1
Question #192
The security operations center is researching an event concerning a suspicious IP address A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced faded log-In attempts when authenticating from the same IP address:
Which of the following most likely describes attack that took place?
- A . Spraying
- B . Brute-force
- C . Dictionary
- D . Rainbow table
Correct Answer: A
Question #193
Which of the following best practices gives administrators a set period to perform changes to an operational system to ensure availability and minimize business impacts?
- A . Impact analysis
- B . Scheduled downtime
- C . Backout plan
- D . Change management boards
Correct Answer: B
B
Explanation:
Scheduled downtime is a planned period of time when a system or service is unavailable for maintenance, updates, upgrades, or other changes. Scheduled downtime gives administrators a set period to perform changes to an operational system without disrupting the normal business operations or affecting the availability of the system or service. Scheduled downtime also allows administrators to inform the users and stakeholders about the expected duration and impact of the changes.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 12: Security Operations and Administration, page 579 1
B
Explanation:
Scheduled downtime is a planned period of time when a system or service is unavailable for maintenance, updates, upgrades, or other changes. Scheduled downtime gives administrators a set period to perform changes to an operational system without disrupting the normal business operations or affecting the availability of the system or service. Scheduled downtime also allows administrators to inform the users and stakeholders about the expected duration and impact of the changes.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 12: Security Operations and Administration, page 579 1
Question #194
A security administrator needs a method to secure data in an environment that includes some form of checks so that the administrator can track any changes.
Which of the following should the administrator set up to achieve this goal?
- A . SPF
- B . GPO
- C . NAC
- D . FIM
Correct Answer: D
D
Explanation:
FIM stands for File Integrity Monitoring, which is a method to secure data by detecting any changes or modifications to files, directories, or registry keys. FIM can help a security administrator track any unauthorized or malicious changes to the data, as well as verify the integrity and compliance of the data. FIM can also alert the administrator of any potential breaches or incidents involving the data.
Some of the benefits of FIM are:
It can prevent data tampering and corruption by verifying the checksums or hashes of the files.
It can identify the source and time of the changes by logging the user and system actions.
It can enforce security policies and standards by comparing the current state of the data with the baseline or expected state.
It can support forensic analysis and incident response by providing evidence and audit trails of the
changes.
Reference: CompTIA Security+ SY0-701 Certification Study Guide, Chapter 5: Technologies and Tools, Section 5.3:
Security Tools, p. 209-210
CompTIA Security+ SY0-701 Certification Exam Objectives, Domain 2: Technologies and Tools, Objective 2.4: Given a scenario, analyze and interpret output from security technologies, Sub-objective: File integrity monitor, p. 12
D
Explanation:
FIM stands for File Integrity Monitoring, which is a method to secure data by detecting any changes or modifications to files, directories, or registry keys. FIM can help a security administrator track any unauthorized or malicious changes to the data, as well as verify the integrity and compliance of the data. FIM can also alert the administrator of any potential breaches or incidents involving the data.
Some of the benefits of FIM are:
It can prevent data tampering and corruption by verifying the checksums or hashes of the files.
It can identify the source and time of the changes by logging the user and system actions.
It can enforce security policies and standards by comparing the current state of the data with the baseline or expected state.
It can support forensic analysis and incident response by providing evidence and audit trails of the
changes.
Reference: CompTIA Security+ SY0-701 Certification Study Guide, Chapter 5: Technologies and Tools, Section 5.3:
Security Tools, p. 209-210
CompTIA Security+ SY0-701 Certification Exam Objectives, Domain 2: Technologies and Tools, Objective 2.4: Given a scenario, analyze and interpret output from security technologies, Sub-objective: File integrity monitor, p. 12
Question #195
Which of the following should be deployed on an externally facing web server in order to establish an encrypted connection?
- A . Public key
- B . Private Key
- C . Asymmetric key
- D . Symmetric key
Correct Answer: A
A
Explanation:
To establish an encrypted connection (such as HTTPS/TLS) with an externally facing web server, the server must deploy a public key as part of its digital certificate. Clients use the server’s public key to initiate secure communication, which is validated by certificate authorities. The server holds the matching private key, but it is the public key that must be made available for encrypted connections to be established.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 1.3: "A public key is made available to anyone and is used to establish secure connections with a web server." Exam Objectives 1.3: “Explain the importance of cryptographic concepts.”
A
Explanation:
To establish an encrypted connection (such as HTTPS/TLS) with an externally facing web server, the server must deploy a public key as part of its digital certificate. Clients use the server’s public key to initiate secure communication, which is validated by certificate authorities. The server holds the matching private key, but it is the public key that must be made available for encrypted connections to be established.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 1.3: "A public key is made available to anyone and is used to establish secure connections with a web server." Exam Objectives 1.3: “Explain the importance of cryptographic concepts.”
Question #196
Which of the following activities should a systems administrator perform to quarantine a potentially infected system?
- A . Move the device into an air-gapped environment.
- B . Disable remote log-in through Group Policy.
- C . Convert the device into a sandbox.
- D . Remote wipe the device using the MDM platform.
Correct Answer: A
A
Explanation:
Detailed Quarantining a potentially infected system by placing it into an air-gapped environment physically disconnects it from the network. This prevents the spread of malware while maintaining the integrity of forensic evidence.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 4: Security Operations, Section: "Incident Response and Containment".
A
Explanation:
Detailed Quarantining a potentially infected system by placing it into an air-gapped environment physically disconnects it from the network. This prevents the spread of malware while maintaining the integrity of forensic evidence.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 4: Security Operations, Section: "Incident Response and Containment".