Practice Free SY0-701 Exam Online Questions
Visitors to a secured facility are required to check in with a photo ID and enter the facility through an access control vestibule.
Which of the following but describes this form of security control?
- A . Physical
- B . Managerial
- C . Technical
- D . Operational
A
Explanation:
A physical security control is a device or mechanism that prevents unauthorized access to a physical location or asset. An access control vestibule, also known as a mantrap, is a physical security control that consists of a small space with two sets of interlocking doors, such that the first set of doors must close before the second set opens. This prevents unauthorized individuals from following authorized individuals into the facility, a practice known as piggybacking or tailgating. A photo ID check is another form of physical security control that verifies the identity of visitors. Managerial, technical, and operational security controls are not directly related to physical access, but rather to policies, procedures, systems, and processes that support security objectives.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 341; Mantrap (access control) – Wikipedia2
Which of the following is used to protect a computer from viruses, malware, and Trojans being installed and moving laterally across the network?
- A . IDS
- B . ACL
- C . EDR
- D . NAC
C
Explanation:
Endpoint detection and response (EDR) is a technology that monitors and analyzes the activity and behavior of endpoints, such as computers, laptops, mobile devices, and servers. EDR can help to detect and prevent malicious software, such as viruses, malware, and Trojans, from infecting the endpoints and spreading across the network. EDR can also provide visibility and response capabilities to contain and remediate threats. EDR is different from IDS, which is a network-based technology that monitors and alerts on network traffic anomalies. EDR is also different from ACL, which is a list of rules that control the access to network resources. EDR is also different from NAC, which is a technology that enforces policies on the network access of devices based on their identity and compliance status.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 2561
An administrator discovers that some files on a database server were recently encrypted. The administrator sees from the security logs that the data was last accessed by a domain user.
Which of the following best describes the type of attack that occurred?
- A . Insider threat
- B . Social engineering
- C . Watering-hole
- D . Unauthorized attacker
A
Explanation:
An insider threat is a type of attack that originates from someone who has legitimate access to an organization’s network, systems, or data. In this case, the domain user who encrypted the files on the database server is an example of an insider threat, as they abused their access privileges to cause harm to the organization. Insider threats can be motivated by various factors, such as financial gain, revenge, espionage, or sabotage.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 1: General Security Concepts, page 251. CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 1: General Security Concepts, page 252.
In which of the following will unencrypted PLC management traffic most likely be found?
- A . SDN
- B . IoT
- C . VPN
- D . SCADA
D
Explanation:
SCADA (Supervisory Control and Data Acquisition) systems commonly manage industrial equipment, including PLCs (Programmable Logic Controllers). Historically, SCADA environments often lack encryption for management traffic due to legacy equipment and protocols. This makes SCADA the most likely environment where unencrypted PLC management traffic can be observed.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 3.2, “SCADA systems often transmit management traffic for PLCs without encryption, making them susceptible to interception.” Exam Objectives 3.2: “Summarize security implications of embedded and specialized systems.”
Which of the following activities uses OSINT?
- A . Social engineering testing
- B . Data analysis of logs
- C . Collecting evidence of malicious activity
- D . Producing IOC for malicious artifacts
Which of the following is a social engineering attack in which a bad actor impersonates a web URL?
- A . Pretexting
- B . Misinformation
- C . Typosquatting
- D . Watering-hole
C
Explanation:
Typosquatting is a social engineering and cybersquatting technique in which attackers register domain names similar to legitimate ones, hoping users will make a typographical error and visit their malicious website instead.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 2.2: "Typosquatting involves registering misspelled versions of legitimate domain names to trick users."
Exam Objectives 2.2: “Given a scenario, analyze potential indicators associated with application attacks.”
Which of the following architectures is most suitable to provide redundancy for critical business processes?
- A . Network-enabled
- B . Server-side
- C . Cloud-native
- D . Multitenant
A security analyst discovers that a large number of employee credentials had been stolen and were being sold on the dark web. The analyst investigates and discovers that some hourly employee credentials were compromised, but salaried employee credentials were not affected.
Most employees clocked in and out while they were Inside the building using one of the kiosks connected to the network. However, some clocked out and recorded their time after leaving to go home. Only those who clocked in and out while Inside the building had credentials stolen. Each of the kiosks are on different floors, and there are multiple routers, since the business segments environments for certain business functions.
Hourly employees are required to use a website called acmetimekeeping.com to clock in and out. This website is accessible from the internet.
Which of the following Is the most likely reason for this compromise?
- A . A brute-force attack was used against the time-keeping website to scan for common passwords.
- B . A malicious actor compromised the time-keeping website with malicious code using an unpatched vulnerability on the site, stealing the credentials.
- C . The internal DNS servers were poisoned and were redirecting acmetimkeeping.com to malicious domain that intercepted the credentials and then passed them through to the real site
- D . ARP poisoning affected the machines in the building and caused the kiosks lo send a copy of all the submitted credentials to a machine.machine.
B
Explanation:
The scenario suggests that only the employees who used the kiosks inside the building had their credentials compromised. Since the time-keeping website is accessible from the internet, it is possible that a malicious actor exploited an unpatched vulnerability in the site, allowing them to inject malicious code that captured the credentials of those who logged in from the kiosks. This is a common attack vector for stealing credentials from web applications.
Reference =
CompTIA Security+ SY0-701 Course Content: The course discusses web application vulnerabilities and how attackers can exploit them to steal credentials.
Which of the following metrics impacts the backup schedule as part of the BIA?
- A . RTO
- B . RPO
- C . MTTR
- D . MTBF
B
Explanation:
Recovery Point Objective (RPO) defines the maximum acceptable amount of data loss measured in time. It directly impacts how frequently backups should occur to ensure data can be restored to a point no older than the RPO after a disruption.
Recovery Time Objective (RTO) (A) defines how quickly systems must be restored but does not dictate backup frequency. Mean Time To Repair (MTTR) (C) and Mean Time Between Failures (MTBF) (D) relate to system repair and reliability metrics, not backup schedules.
Understanding and defining RPO is a key part of the Business Impact Analysis (BIA) process covered in the Risk Management domain 【 6:Chapter 17†CompTIA Security+ Study Guide 】 .
During a SQL update of a database, a temporary field that was created was replaced by an attacker in order to allow access to the system.
Which of the following best describes this type of vulnerability?
- A . Race condition
- B . Memory injection
- C . Malicious update
- D . Side loading