Practice Free SY0-701 Exam Online Questions
Which of the following would be the best way to block unknown programs from executing?
- A . Access control list
- B . Application allow list.
- C . Host-based firewall
- D . DLP solution
B
Explanation:
An application allow list is a security technique that specifies which applications are permitted to run on a system or a network. An application allow list can block unknown programs from executing by only allowing the execution of programs that are explicitly authorized and verified. An application allow list can prevent malware, unauthorized software, or unwanted applications from running and compromising the security of the system or the network12.
The other options are not the best ways to block unknown programs from executing:
Access control list: This is a security technique that specifies which users or groups are granted or denied access to a resource or an object. An access control list can control the permissions and privileges of users or groups, but it does not directly block unknown programs from executing13.
Host-based firewall: This is a security device that monitors and filters the incoming and outgoing network traffic on a single host or system. A host-based firewall can block or allow networkconnections based on predefined rules, but it does not directly block unknown programs from executing1.
DLP solution: This is a security system that detects and prevents the unauthorized transmission or leakage of sensitive data. A DLP solution can protect the confidentiality and integrity of data, but it does not directly block unknown programs from executing1.
= 1: CompTIA Security+ SY0-701 Certification Study Guide, page 972: Application Whitelisting C CompTIA Security+ SY0-701 C 3.5, video by Professor Messer3: CompTIA Security+ SY0-701 Certification Study Guide, page 98.: CompTIA Security+ SY0-701 Certification Study Guide, page 99.: CompTIA Security+ SY0-701 Certification Study Guide, page 100.
Which of the following allows a systems administrator to tune permissions for a file?
- A . Patching
- B . Access control list
- C . Configuration enforcement
- D . Least privilege
B
Explanation:
Detailed Access control lists (ACLs) allow administrators to fine-tune file permissions by specifying which users or groups have access to a file and defining the level of access.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 3: Security Architecture, Section: "Access Control Mechanisms".
A software developer wishes to implement an application security technique that will provide assurance of the application’s integrity.
Which of the following techniques will achieve this?
- A . Secure cookies
- B . Input validation
- C . Static analysis
- D . Code signing
D
Explanation:
Code signing (D) uses cryptographic digital signatures to confirm the integrity and authenticity of software code. It ensures that the code has not been altered after being signed, providing assurance that the application is trustworthy.
This aligns with CompTIA Security+ SY0-701 Domain 2.3: Application security techniques, which includes code signing as a method to validate code integrity.
Reference: CompTIA Security+ SY0-701 Objectives, Domain 2.3 C “Code signing: Validates integrity and origin of the software.”
The help desk receives multiple calls that machines with an outdated OS version are running slowly. Several users are seeing virus detection alerts.
Which of the following mitigation techniques should be reviewed first?
- A . Patching
- B . Segmentation
- C . Monitoring
- D . Isolation
A
Explanation:
The best first step is to review patching (A). Outdated OS versions often contain vulnerabilities that can be exploited by malware. Ensuring systems are up-to-date is a foundational cybersecurity practice.
This is highlighted in Domain 2.1: Given a scenario, analyze indicators of malicious activity and Domain 2.2, emphasizing the importance of “Patching” as part of system hardening and mitigation strategy.
Reference: CompTIA Security+ SY0-701 Objectives, Domain 2.2 C “Mitigation techniques: Patching.”
An organization maintains intellectual property that it wants to protect.
Which of the following concepts would be most beneficial to add to the company’s security awareness training program?
- A . Insider threat detection
- B . Simulated threats
- C . Phishing awareness
- D . Business continuity planning
An organization is looking to optimize its environment and reduce the number of patches necessary for operating systems.
Which of the following will best help to achieve this objective?
- A . Microservices
- B . Virtualization
- C . Real-time operating system
- D . Containers
Which of the following is a primary security concern for a company setting up a BYOD program?
- A . End of life
- B . Buffer overflow
- C . VM escape
- D . Jailbreaking
D
Explanation:
Jailbreaking is a primary security concern for a company setting up a BYOD (Bring Your Own Device) program. Jailbreaking is the process of removing the manufacturer’s or the carrier’s restrictions on a device, such as a smartphone or a tablet, to gain root access and install unauthorized or custom software. Jailbreaking can compromise the security of the device and the data stored on it, as well as expose it to malware, viruses, or hacking. Jailbreaking can also violate the warranty and the terms of service of the device, and make it incompatible with the company’s security policies and standards. Therefore, a company setting up a BYOD program should prohibit jailbreaking and enforce device compliance and encryption. = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 2, page 76. CompTIA Security+ SY0-701 Exam Objectives, Domain 2.4, page 11.
After a security incident, a systems administrator asks the company to buy a NAC platform.
Which of the following attack surfaces is the systems administrator trying to protect?
- A . Bluetooth
- B . Wired
- C . NFC
- D . SCADA
B
Explanation:
A NAC (network access control) platform is a technology that enforces security policies on devices that attempt to access a network. A NAC platform can verify the identity, role, and compliance of the devices, and grant or deny access based on predefined rules. A NAC platform can protect both wired and wireless networks, but in this scenario, the systems administrator is trying to protect the wired attack surface, which is the set of vulnerabilities that can be exploited through a physical connection to the network12.
: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 5, page 189; CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 5, page 237.
An unexpected and out-of-character email message from a Chief Executive Officer’s corporate account asked an employee to provide financial information and to change the recipient’s contact number.
Which of the following attack vectors is most likely being used?
- A . Business email compromise
- B . Phishing
- C . Brand impersonation
- D . Pretexting
A
Explanation:
Business Email Compromise (BEC)is a targeted phishing attack in which attackers impersonate executives or high-ranking officials (such as a CEO) to manipulate employees into transferring money or providing sensitive data. Since the request is coming from the CEO’s corporate email (possibly spoofed or compromised), this is a classic example of BEC.
Phishing (B)is a broader term but typically involvesmassfraudulent emails rather than targeted executive impersonation.
Brand impersonation (C)involves faking a company’s identity (e.g., fake PayPal emails).
Pretexting (D)involves social engineering tactics but does not necessarily involve email compromise.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Threats, Vulnerabilities, and Mitigations domain.
A security analyst discovers that a large number of employee credentials had been stolen and were being sold on the dark web. The analyst investigates and discovers that some hourly employee credentials were compromised, but salaried employee credentials were not affected.
Most employees clocked in and out while they were Inside the building using one of the kiosks connected to the network. However, some clocked out and recorded their time after leaving to go home. Only those who clocked in and out while Inside the building had credentials stolen. Each of the kiosks are on different floors, and there are multiple routers, since the business segments environments for certain business functions.
Hourly employees are required to use a website called acmetimekeeping.com to clock in and out. This website is accessible from the internet.
Which of the following Is the most likely reason for this compromise?
- A . A brute-force attack was used against the time-keeping website to scan for common passwords.
- B . A malicious actor compromised the time-keeping website with malicious code using an unpatched vulnerability on the site, stealing the credentials.
- C . The internal DNS servers were poisoned and were redirecting acmetimkeeping.com to malicious domain that intercepted the credentials and then passed them through to the real site
- D . ARP poisoning affected the machines in the building and caused the kiosks lo send a copy of all the submitted credentials to a machine.machine.
B
Explanation:
The scenario suggests that only the employees who used the kiosks inside the building had their credentials compromised. Since the time-keeping website is accessible from the internet, it is possible that a malicious actor exploited an unpatched vulnerability in the site, allowing them to inject malicious code that captured the credentials of those who logged in from the kiosks. This is a common attack vector for stealing credentials from web applications.
CompTIA Security+ SY0-701 Course Content: The course discusses web application vulnerabilities and how attackers can exploit them to steal credentials.