Practice Free SY0-701 Exam Online Questions
Question #21
An organization experiences a cybersecurity incident involving a command-and-control server.
Which of the following logs should be analyzed to identify the impacted host? (Select two).
- A . Application
- B . Authentication
- C . DHCP
- D . Network
- E . Firewall
- F . Database
Correct Answer: C,E
C,E
Explanation:
To identify the impacted host in a command-and-control (C2) server incident, the following logs should be analyzed:
DHCP logs: These logs record IP address assignments. By reviewing DHCP logs, an organization can determine which host was assigned a specific IP address during the time of the attack.
Firewall logs: Firewall logs will show traffic patterns, including connections to external C2 servers. Analyzing these logs helps to identify the IP address and port numbers of the communicating host. Application, Authentication, and Database logs are less relevant in this context because they focus on internal processes and authentication events rather than network traffic involved in a C2 attack.
C,E
Explanation:
To identify the impacted host in a command-and-control (C2) server incident, the following logs should be analyzed:
DHCP logs: These logs record IP address assignments. By reviewing DHCP logs, an organization can determine which host was assigned a specific IP address during the time of the attack.
Firewall logs: Firewall logs will show traffic patterns, including connections to external C2 servers. Analyzing these logs helps to identify the IP address and port numbers of the communicating host. Application, Authentication, and Database logs are less relevant in this context because they focus on internal processes and authentication events rather than network traffic involved in a C2 attack.
Question #22
Which of the following would enable a data center to remain operational through a multiday power outage?
- A . Generator
- B . Uninterruptible power supply
- C . Replication
- D . Parallel processing
Correct Answer: A
Question #23
A company has begun labeling all laptops with asset inventory stickers and associating them with employee IDs.
Which of the following security benefits do these actions provide? (Choose two.)
- A . If a security incident occurs on the device, the correct employee can be notified.
- B . The security team will be able to send user awareness training to the appropriate device.
- C . Users can be mapped to their devices when configuring software MFA tokens.
- D . User-based firewall policies can be correctly targeted to the appropriate laptops.
- E . When conducting penetration testing, the security team will be able to target the desired laptops.
- F . Company data can be accounted for when the employee leaves the organization.
Correct Answer: A,F
A,F
Explanation:
Labeling all laptops with asset inventory stickers and associating them with employee IDs can provide several security benefits for a company.
Two of these benefits are:
A,F
Explanation:
Labeling all laptops with asset inventory stickers and associating them with employee IDs can provide several security benefits for a company.
Two of these benefits are:
Question #24
22.48.102 — 26/April/2023 22:01:16.03 GET "http://www.databaseInfo.com/index.html/../images" 404 16.22.48.102 — 26/April/2023 22:03:10.25 GET "http://www.databaseInfo.com/index.html/../passwords" 404 16.22.48.102 — 26/April/2023 22:05:11.22 GET "http://www.databaseInfo.com/index.html/../stored SQL queries" 404
Which of the following attacks is most likely being attempted?
- A . Denial of service
- B . Password spraying
- C . SQL injection
- D . Directory traversal
Correct Answer: D
D
Explanation:
The log entries show repeated attempts to access directories using patterns such as ../, which is a common directory traversal attack technique. Directory traversal (or path traversal) aims to access files and directories outside the web server’s root directory by manipulating file paths. The ../ sequence is used to move up one directory level, which attackers exploit to try and retrieve sensitive files.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 2.2: "Directory traversal attacks attempt to access files and directories outside of the web root by manipulating the file path with ../ sequences." Exam Objectives 2.2: “Given a scenario, analyze potential indicators associated with application attacks.”
D
Explanation:
The log entries show repeated attempts to access directories using patterns such as ../, which is a common directory traversal attack technique. Directory traversal (or path traversal) aims to access files and directories outside the web server’s root directory by manipulating file paths. The ../ sequence is used to move up one directory level, which attackers exploit to try and retrieve sensitive files.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 2.2: "Directory traversal attacks attempt to access files and directories outside of the web root by manipulating the file path with ../ sequences." Exam Objectives 2.2: “Given a scenario, analyze potential indicators associated with application attacks.”
Question #25
During a recent log review, an analyst discovers evidence of successful injection attacks.
Which of the following will best address this issue?
- A . Authentication
- B . Secure cookies
- C . Static code analysis
- D . Input validation
Correct Answer: D
D
Explanation:
Input validation (D)is the most effective way to prevent injection attacks, such as SQL injection, XSS, etc. It ensures that only correctly formatted and expected inputs are processed by the application. This is clearly identified under Domain 2.3: Application security techniques, where input validation is listed as aprimary defense against injection attacks.
Reference: CompTIA Security+ SY0-701 Objectives, Domain 2.3 C “Input validation: Prevents injection and malformed data attacks.”
D
Explanation:
Input validation (D)is the most effective way to prevent injection attacks, such as SQL injection, XSS, etc. It ensures that only correctly formatted and expected inputs are processed by the application. This is clearly identified under Domain 2.3: Application security techniques, where input validation is listed as aprimary defense against injection attacks.
Reference: CompTIA Security+ SY0-701 Objectives, Domain 2.3 C “Input validation: Prevents injection and malformed data attacks.”
Question #26
Which of the following automation use cases would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company?
- A . Provisioning resources
- B . Disabling access
- C . Reviewing change approvals
- D . Escalating permission requests
Correct Answer: B
B
Explanation:
Disabling access is an automation use case that would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company. Disabling access is the process of revoking or suspending the access rights of a user account, such as login credentials, email, VPN, cloud services, etc. Disabling access can prevent unauthorized or malicious use of the account by former employees or attackers who may have compromised the account. Disabling access can also reduce the attack surface and the risk of data breaches or leaks. Disabling access can be automated by using scripts, tools, or workflows that can trigger the action based on predefined events, such as employee termination, resignation, or transfer. Automation can ensure that the access is disabled in a timely, consistent, and efficient manner, without relying on manual intervention or human error.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 5: Identity and Access Management, page 2131. CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 5: Identity and Access Management, page 2132.
B
Explanation:
Disabling access is an automation use case that would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company. Disabling access is the process of revoking or suspending the access rights of a user account, such as login credentials, email, VPN, cloud services, etc. Disabling access can prevent unauthorized or malicious use of the account by former employees or attackers who may have compromised the account. Disabling access can also reduce the attack surface and the risk of data breaches or leaks. Disabling access can be automated by using scripts, tools, or workflows that can trigger the action based on predefined events, such as employee termination, resignation, or transfer. Automation can ensure that the access is disabled in a timely, consistent, and efficient manner, without relying on manual intervention or human error.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 5: Identity and Access Management, page 2131. CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 5: Identity and Access Management, page 2132.
Question #27
A company’s web filter is configured to scan the URL for strings and deny access when matches are found.
Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?
- A . encryption=off
- B . http://
- C . www.*.com
- D . :443
Correct Answer: B
B
Explanation:
A web filter is a device or software that can monitor, block, or allow web traffic based on predefined rules or policies. One of the common methods of web filtering is to scan the URL for strings and deny access when matches are found. For example, a web filter can block access to websites that contain the words “gambling”, “porn”, or “malware” in their URLs. A URL is a uniform resource locator that identifies the location and protocol of a web resource. A URL typically consists of the following components: protocol://domain:port/path?query#fragment.The protocol specifies the communication method used to access the web resource, such as HTTP, HTTPS, FTP, or SMTP. The domain is the name of the web server that hosts the web resource, such as www.google.com or www.bing.com. The port is an optional number that identifies the specific service or application running on the web server, such as 80 for HTTP or 443 for HTTPS. The path is the specific folder or file name of the web resource, such as /index.html or /images/logo.png. The query is an optional string that contains additional information or parameters for the web resource, such as ?q=security or ?lang=en. The fragment is an optional string that identifies a specific part or section of the web resource, such as #introduction or #summary.
To prohibit access to non-encrypted websites, an analyst should employ a search string that matches the protocol of non-encrypted web traffic, which is HTTP. HTTP stands for hypertext transfer protocol, and it is a standard protocol for transferring data between web servers and web browsers. However, HTTP does not provide any encryption or security for the data, which means that anyone who intercepts the web traffic can read or modify the data. Therefore, non-encrypted websites are vulnerable to eavesdropping, tampering, or spoofing attacks. To access a non-encrypted website, the URL usually starts with http://, followed by the domain name and optionally the port number. For example, http://www.example.com or http://www.example.com:80. By scanning the URL for the string http://, the web filter can identify and block non-encrypted websites.
The other options are not correct because they do not match the protocol of non-encrypted web traffic. Encryption=off is a possible query string that indicates the encryption status of the web resource, but it is not a standard or mandatory parameter. Https:// is the protocol of encrypted web traffic, which uses hypertext transfer protocol secure (HTTPS) to provide encryption and security for the data. Www.*.com is a possible domain name that matches any website that starts with www and ends with .com, but it does not specify the protocol. :443 is the port number of HTTPS, which is the protocol of encrypted web traffic.
Reference = CompTIA Security+ Study Guide (SY0-701), Chapter 2: Securing Networks, page 69. Professor Messer’s CompTIA SY0-701 Security+ Training Course, Section 2.1: Network Devices and Technologies, video: Web Filter (5:16).
B
Explanation:
A web filter is a device or software that can monitor, block, or allow web traffic based on predefined rules or policies. One of the common methods of web filtering is to scan the URL for strings and deny access when matches are found. For example, a web filter can block access to websites that contain the words “gambling”, “porn”, or “malware” in their URLs. A URL is a uniform resource locator that identifies the location and protocol of a web resource. A URL typically consists of the following components: protocol://domain:port/path?query#fragment.The protocol specifies the communication method used to access the web resource, such as HTTP, HTTPS, FTP, or SMTP. The domain is the name of the web server that hosts the web resource, such as www.google.com or www.bing.com. The port is an optional number that identifies the specific service or application running on the web server, such as 80 for HTTP or 443 for HTTPS. The path is the specific folder or file name of the web resource, such as /index.html or /images/logo.png. The query is an optional string that contains additional information or parameters for the web resource, such as ?q=security or ?lang=en. The fragment is an optional string that identifies a specific part or section of the web resource, such as #introduction or #summary.
To prohibit access to non-encrypted websites, an analyst should employ a search string that matches the protocol of non-encrypted web traffic, which is HTTP. HTTP stands for hypertext transfer protocol, and it is a standard protocol for transferring data between web servers and web browsers. However, HTTP does not provide any encryption or security for the data, which means that anyone who intercepts the web traffic can read or modify the data. Therefore, non-encrypted websites are vulnerable to eavesdropping, tampering, or spoofing attacks. To access a non-encrypted website, the URL usually starts with http://, followed by the domain name and optionally the port number. For example, http://www.example.com or http://www.example.com:80. By scanning the URL for the string http://, the web filter can identify and block non-encrypted websites.
The other options are not correct because they do not match the protocol of non-encrypted web traffic. Encryption=off is a possible query string that indicates the encryption status of the web resource, but it is not a standard or mandatory parameter. Https:// is the protocol of encrypted web traffic, which uses hypertext transfer protocol secure (HTTPS) to provide encryption and security for the data. Www.*.com is a possible domain name that matches any website that starts with www and ends with .com, but it does not specify the protocol. :443 is the port number of HTTPS, which is the protocol of encrypted web traffic.
Reference = CompTIA Security+ Study Guide (SY0-701), Chapter 2: Securing Networks, page 69. Professor Messer’s CompTIA SY0-701 Security+ Training Course, Section 2.1: Network Devices and Technologies, video: Web Filter (5:16).
Question #28
Which of the following should a security team do first before a new web server goes live?
- A . Harden the virtual host.
- B . Create WAF rules.
- C . Enable network intrusion detection.
- D . Apply patch management
Correct Answer: D
Question #29
Which of the following cryptographic methods is preferred for securing communications with limited computing resources?
- A . Hashing algorithm
- B . Public key infrastructure
- C . Symmetric encryption
- D . Elliptic curve cryptography
Correct Answer: B
Question #30
Which of the following would be most useful in determining whether the long-term cost to transfer a risk is less than the impact of the risk?
- A . ARO
- B . RTO
- C . RPO
- D . ALE
- E . SLE
Correct Answer: D
D
Explanation:
The Annual Loss Expectancy (ALE) is most useful in determining whether the long-term cost to transfer a risk is less than the impact of the risk. ALE is calculated by multiplying the SingleLoss Expectancy (SLE) by the Annualized Rate of Occurrence (ARO), which provides an estimate of the annual expected loss due to a specific risk, making it valuable for long-term financial planning and risk management decisions.
Reference: CompTIA Security+ SY0-701 course content and official CompTIA study resources.
D
Explanation:
The Annual Loss Expectancy (ALE) is most useful in determining whether the long-term cost to transfer a risk is less than the impact of the risk. ALE is calculated by multiplying the SingleLoss Expectancy (SLE) by the Annualized Rate of Occurrence (ARO), which provides an estimate of the annual expected loss due to a specific risk, making it valuable for long-term financial planning and risk management decisions.
Reference: CompTIA Security+ SY0-701 course content and official CompTIA study resources.