ERASED TEST, YOU MAY BE INTERESTED ON Comptia S+ SY0-701 September 2024 v1
COMMENTS | STATISTICS | RECORDS |
---|
TAKE THE TEST
Title of test:
Comptia S+ SY0-701 September 2024 v1 Description: Security + Author: Rabelani Other tests from this author Creation Date: 14/09/2024 Category: Computers Number of questions: 90 |
Share the Test:
New Comment
No comments about this test.
Content:
A company hired a security manager from outside the organization to lead security operations. Which of the following actions should the
security manager perform first in this new role? Establish a security baseline. Review security policies. Adopt security benchmarks. Perform a user ID revalidation. A company is decommissioning its physical servers and replacing them with an architecture that will reduce the number of individual operating systems. Which of the following strategies should the company use to achieve this security requirement? Microservices Containerization Virtualization Infrastructure as code. Which of the following security controls is most likely being used when a critical legacy server is segmented into a private network? Deterrent Corrective Compensating Preventive. A company that is located in an area prone to hurricanes is developing a disaster recovery plan and looking at site considerations that allow the company to immediately continue operations. Which of the following is the best type of site for this company? Cold Tertiary Warm Hot. A security administrator identifies an application that is storing data using MD5. Which of the following best identifies the vulnerability likely present in the application? Cryptographic Malicious update Zero day Side loading. A security engineer needs to configure an NGFW to minimize the impact of the increasing number of various traffic types during attacks. Which of the following types of rules is the engineer the most likely to configure? Signature-based Behavioral-based URL-based Agent-based. A network administrator is working on a project to deploy a load balancer in the company's cloud environment. Which of the following fundamental security requirements does this project fulfill? Privacy Integrity Confidentiality Availability. During a recent breach, employee credentials were compromised when a service desk employee issued an MFA bypass code to an attacker who called and posed as an employee. Which of the following should be used to prevent this type of incident in the future? Hardware token MFA Biometrics Identity proofing Least privilege. To improve the security at a data center, a security administrator implements a CCTV system and posts several signs about the possibility of being filmed. Which of the following best describe these types of controls? (Select two). Preventive Deterrent Corrective Directive Compensating Detective. A manager receives an email that contains a link to receive a refund. After hovering over the link, the manager notices that the domain's URL points to a suspicious link. Which of the following security practices helped the manager to identify the attack? End user training Policy review URL scanning Plain text email. A security administrator is deploying a DLP solution to prevent the exfiltration of sensitive customer data. Which of the following should the administrator do first? Block access to cloud storage websites Create a rule to block outgoing email attachments Apply classifications to the data Remove all user permissions from shares on the file server. Which of the following describes a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system? SIEM DLP IDS SNMP. Which of the following are cases in which an engineer should recommend the decommissioning of a network device? (Select two). The device has been moved from a production environment to a test environment The device is configured to use cleartext passwords The device is moved to an isolated segment on the enterprise network The device is moved to a different location in the enterprise The device's encryption level cannot meet organizational standards The device is unable to receive authorized updates. An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period. Which of the following data policies is the administrator carrying out? Compromise Retention Analysis Transfer Inventory. A systems administrator is working on a solution with the following requirements: ? Provide a secure zone. ? Enforce a company-wide access control policy. ? Reduce the scope of threats. Which of the following is the systems administrator setting up? Zero Trust AAA Non-repudiation CIA. A security administrator needs a method to secure data in an environment that includes some form of checks so that the administrator can track any changes. Which of the following should the administrator set up to achieve this goal? SPF GPO NAC FIM. Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities? Preparation Recovery Lessons learned Analysis. A company is discarding a classified storage array and hires an outside vendor to complete the disposal. Which of the following should the company request from the vendor? Certification Inventory list Classification Proof of ownership. Which of the following would be the best ways to ensure only authorized personnel can access a secure facility? (Select two). Fencing Video surveillance Badge access Access control vestibule Sign-in sheet Sensor. A company's marketing department collects, modifies, and stores sensitive customer data. The infrastructure team is responsible for securing the data while in transit and at rest. Which of the following data roles describes the customer? Processor Custodian Subject Owner. Malware spread across a company's network after an employee visited a compromised industry blog. Which of the following best describes this type of attack? Impersonation Disinformation Watering-hole Smishing. After a recent ransomware attack on a company's system, an administrator reviewed the log files.Which of the following control types did the administrator use? Compensating Detective Preventive Corrective. Which of the following agreement types defines the time frame in which a vendor needs to respond? SOW SLA MOA MOU. A Chief Information Security Officer wants to monitor the company's servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal? Logging all NetFlow traffic into a SIEM Deploying network traffic sensors on the same subnet as the servers Logging endpoint and OS-specific security logs Enabling full packet capture for traffic entering and exiting the servers. A client demands at least 99.99% uptime from a service provider's hosted security services. Which ofthe following documents includes the information the service provider should return to the client? MOA SOW MOU SLA. A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing? Cross-site scripting Buffer overflow Jailbreaking Side loading. Which of the following practices would be best to prevent an insider from introducing malicious code into a company's development process? Code scanning for vulnerabilities Open-source component usage Quality assurance testing Peer review and approval. A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users. Which of the following would be a good use case for this task? Off-the-shelf software Orchestration Baseline Policy enforcement. After an audit, an administrator discovers all users have access to confidential data on a file server. Which of the following should the administrator use to restrict access to the data quickly? Group Policy Content filtering Data loss prevention Access control lists. A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO's report? Insider threat Hacktivist Nation-state Organized crime. A small business uses kiosks on the sales floor to display product information for customers. A security team discovers the kiosks use end-of-life operating systems. Which of the following is the security team most likely to document as a security implication of the current architecture? Patch availability Product software compatibility Ease of recovery Cost of replacement. A company is developing a critical system for the government and storing project information on a fileshare. Which of the following describes how this data will most likely be classified? (Select two). Private Confidential Public Operational Urgent Restricted. After reviewing the following vulnerability scanning report: Server:192.168.14.6 Service: Telnet Port: 23 Protocol: TCP Status: Open Severity: High Vulnerability: Use of an insecure network protocol A security analyst performs the following test: nmap -p 23 192.168.14.6 ?script telnet-encryption PORT STATE SERVICE REASON 23/tcp open telnet syn-ack I telnet encryption: | _ Telnet server supports encryption Which of the following would the security analyst conclude for this reported vulnerability? It is a false positive. A rescan is required. It is considered noise. Compensating controls exist. A security consultant needs secure, remote access to a client environment. Which of the following should the security consultant most likely use to gain access? EAP DHCP IPSec NAT. Which of the following best practices gives administrators a set period to perform changes to an operational system to ensure availability and minimize business impacts? Impact analysis. Scheduled downtime. Backout plan. Change management boards. Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software? Configure all systems to log scheduled tasks Collect and monitor all traffic exiting the network Block traffic based on known malicious signatures Install endpoint management software on all systems. After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training? Insider threat Email phishing Social engineering Executive whaling. Which of the following exercises should an organization use to improve its incident response process? Tabletop Replication Failover Recovery. Which of the following is used to validate a certificate when it is presented to a user? OCSP CSR CA CRC. A newly identified network access vulnerability has been found in the OS of legacy loT devices. Which of the following would best mitigate this vulnerability quickly? Insurance Patching Segmentation Replacement. A bank insists all of its vendors must prevent data loss on stolen laptops. Which of the following strategies is the bank requiring? Encryption at rest Masking Data classification Permission restrictions. Which of the following would be best suited for constantly changing environments? RTOS Containers Embedded systems SCADA. security analyst scans a company's public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend? Changing the remote desktop port to a non-standard number Setting up a VPN and placing the jump server inside the firewall Using a proxy for web connections from the remote desktop server Connecting the remote server to the domain and increasing the password length. Which of the following involves an attempt to take advantage of database misconfigurations? Buffer overflow SQL injection VM escape Memory injection. An organization would like to store customer data on a separate part of the network that is not accessible to users on the main corporate network. Which of the following should the administrator use to accomplish this goal? Segmentation Isolation Patching Encryption. Which of the following is used to quantitatively measure the criticality of a vulnerability? CVE CVSS CIA CERT. A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system? Default credentials Non-segmented network Supply chain vendor Vulnerable software. Which of the following security concepts is the best reason for permissions on a human resources Fileshare to follow the principle of least privilege? Integrity Availability Confidentiality Non-repudiation. Security controls in a data center are being reviewed to ensure data is properly protected and that human life considerations are included. Which of the following best describes how the controls should be set up? Remote access points should fail closed Logging controls should fail open Safety controls should fail open Logical security controls should fail closed. Which of the following is the most common data loss path for an air-gapped network? Bastion host Unsecured Bluetooth Unpatched OS Removable devices. Which of the following can best protect against an employee inadvertently installing malware on a company system? Host-based firewall System isolation Least privilege Application allow list. An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee internet traffic. Which of the following will help achieve these objectives? Deploying a SASE solution to remote employees Building a load-balanced VPN solution with redundant internet Purchasing a low-cost SD-WAN solution for VPN traffic Using a cloud provider to create additional VPN concentrators. A company's end users are reporting that they are unable to reach external websites. After reviewing the performance data for the DNS severs, the analyst discovers that the CPU, disk, and memory usage are minimal, but the network interface is flooded with inbound traffic. Network logs show only a small number of DNS queries sent to this server. Which of the following best describes what the security analyst is seeing? Concurrent session usage Secure DNS cryptographic downgrade On-path resource consumption Reflected denial of service. A systems administrator wants to prevent users from being able to access data based on their responsibilities. The administrator also wants to apply the required access structure via a simplified format. Which of the following should the administrator apply to the site recovery resource group? RBAC ACL SAML GPO. One of a company's vendors sent an analyst a security bulletin that recommends a BIOS update. Which of the following vulnerability types is being addressed by the patch? Virtualization Firmware Application Operating system. A security analyst locates a potentially malicious video file on a server and needs to identify both the creation date and the file's creator. Which of the following actions would most likely give the security analyst the information required? Obtain the file's SHA-256 hash Use hexdump on the file's contents Check endpoint logs Query the file's metadata. After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network. Which of the following is the most appropriate to disable? Console access Routing protocols VLANs Web-based administration. Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider? Software as a service Infrastructure as code Internet of Things Software-defined networking. An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits. Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks? ACL DLP IDS IPS. During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Once the password is created, the company will grant the employee access to other company-owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user's intranet account? (Select two). Federation Identity proofing Password complexity Default password changes Password manager Open authentication. An administrator is reviewing a single server's security logs and discovers the following; Which of the following best describes the action captured in this log file? Brute-force attack Privilege escalation Failed password audit Forgotten password by the user. A security engineer is implementing FDE for all laptops in an organization. Which of the following are the most important for the engineer to consider as part of the planning process? (Select two). Key escrow TPM presence Digital signatures Data tokenization Public key management Certificate authority linking. A hacker gained access to a system via a phishing attempt that was a direct result of a user clicking a suspicious link. The link laterally deployed ransomware, which laid dormant for multiple weeks, across the network. Which of the following would have mitigated the spread? IPS IDS WAF UAT. A security modern may have occurred on the desktop PC of an organization's Chief Executive Officer (CEO) A duplicate copy of the CEO's hard drive must be stored securely to ensure appropriate forensic processes and the chain of custody are followed. Which of the following should be performed to accomplish this task? Install a new hard drive in the CEO's PC, and then remove the old hard drive and place it in a tamper-evident bag Connect a write blocker to the hard drive Then leveraging a forensic workstation, utilize the dd command m a live Linux environment to create a duplicate copy Remove the CEO's hard drive from the PC, connect to the forensic workstation, and copy all the contents onto a remote fileshare while the CEO watches Refrain from completing a forensic analysts of the CEO's hard drive until after the incident is confirmed, duplicating the hard drive at this stage could destroy evidence. A security analyst is investigation an incident that was first reported as an issue connecting to network shares and the internet, While reviewing logs and tool output, the analyst sees the following: Which of the following attacks has occurred? IP conflict Pass-the-hash MAC flooding Directory traversal ARP poisoning. A security analyst is performing a packet capture on a series of SOAP HTTP requests for a security assessment. The analyst redirects the output to a file After the capture is complete, the analyst needs to review the first transactions quickly and then search the entire series of requests for a particular string Which of the following would be BEST to use to accomplish the task? (Select TWO). head Tcpdump grep rail curl openssi dd. A network administrator has been asked to design a solution to improve a company's security posture The administrator is given the following, requirements? • The solution must be inline in the network • The solution must be able to block known malicious traffic • The solution must be able to stop network-based attacks Which of the following should the network administrator implement to BEST meet these requirements? HIDS NIDS HIPS NIPS. A security analyst sees the following log output while reviewing web logs: Which of the following mitigation strategies would be BEST to prevent this attack from being successful? Secure cookies Input validation Code signing Stored procedures. A security administrator checks the table of a network switch, which shows the following output: Which of the following is happening to this switch? MAC Flooding DNS poisoning MAC cloning ARP poisoning. Which of the following job roles would sponsor data quality and data entry initiatives that ensure business and regulatory requirements are met? The data owner The data processor The data steward The data privacy officer. A security engineer needs to enhance MFA access to sensitive areas in a building. A key card and fingerprint scan are already in use. Which of the following would add another factor of authentication? Hard token Retina scan SMS text Keypad PIN. Which of the following would be BEST to establish between organizations to define the responsibilities of each party outline the key deliverables and include monetary penalties for breaches to manage third-party risk? An ARO An MOU An SLA A BPA. A security analyst discovers several .jpg photos from a cellular phone during a forensics investigation involving a compromised system. The analyst runs a forensics tool to gather file metadata. Which of the following would be part of the images if all the metadata is still intact? The GPS location When the file was deleted The total number of print jobs The number of copies made. A recent malware outbreak across a subnet included successful rootkit installations on many PCs, ensuring persistence by rendering remediation efforts ineffective. Which of the following would BEST detect the presence of a rootkit in the future? FDE NIDS EDR DLP. An organization's RPO for a critical system is two hours. The system is used Monday through Friday, from 9:00 am to 5:00 pm. Currently, the organization performs a full backup every Saturday that takes four hours to complete. Which of the following additional backup implementations would be the BEST way for the analyst to meet the business requirements? Incremental backups Monday through Friday at 6:00 p.m and differential backups hourly. Full backups Monday through Friday at 6:00 p.m and incremental backups hourly. incremental backups Monday through Friday at 6:00 p.m and full backups hourly. Full backups Monday through Friday at 6:00 p.m and differential backups hourly. A financial analyst is expecting an email containing sensitive information from a client. When the email arrives, the analyst receives an error and is unable to open the encrypted message. Which of the following is the MOST likely cause of the issue? The S/MME plug-in is not enabled The SLL certificate has expired Secure IMAP was not implemented POP3S is not supported. A critical file server is being upgraded and the systems administrator must determine which RAID level the new server will need to achieve parity and handle two simultaneous disk failures. Which of the following RAID levels meets this requirements? RAID 0+1 RAID 2 RAID 5 RAID 6. A forensics investigator is examining a number of unauthorized payments the were reported on the company's website. Some unusual log entries show users received an email for an unwanted mailing list and clicked on a link to attempt to unsubscribe. One of the users reported the email to the phishing team, and the forwarded email revealed the link to be: Which of the following will the forensics investigator MOST likely determine has occurred? SQL injection CSRF XSS XSRF. An organization hired a consultant to assist with an active attack, and the consultant was able to identify the compromised accounts and computers. Which of the following is the consultant MOST likely to recommend to prepare for eradication? Quarantining the compromised accounts and computers, only providing them with network access Segmenting the compromised accounts and computers into a honeynet so as to not alert the attackers Isolating the compromised accounts and computers, cutting off all network and internet access Logging off and deleting the compromised accounts and computers to eliminate attacker access. Under GDPR, which of the following is MOST responsible for the protection of privacy and website user rights? The data protection officer The data processor The data owner The data controller. An organization has been experiencing outages during holiday sales and needs to ensure availability of its point-of-sale systems The IT administrator has been asked to improve both server-data fault tolerance and site availability under high consumer load Which of the following are the BEST options to accomplish this objective'? (Select TWO) Load balancing Incremental backups UPS RAID Dual power supply NIC teaming. A network engineer needs to create a plan for upgrading the wireless infrastructure in a large office Priority must be given to areas that are currently experiencing latency and connection issues. Which of the following would be the BEST resource for determining the order of priority? Nmapn Heat maps Network diagrams Wireshark. A security analyst needs to produce a document that details how a security incident occurred, the steps that were taken for recovery, and how future incidents can be avoided. During which of the following stages of the response process will this activity take place? Recovery Identification Lessons learned Preparation. Which of the following provides the BEST protection for sensitive information and data stored in cloud-based services but still allows for full functionality and searchability of data within the cloudbase services? Data encryption Data masking Anonymization Tokenization. A Chief Information Security Officer (CISO) is concerned about the organization's ability to continue business operation in the event of a prolonged DDoS attack on its local datacenter that consumes database resources. Which of the following will the CISO MOST likely recommend to mitigate this risk? Upgrade the bandwidth available into the datacenter Implement a hot-site failover location Switch to a complete SaaS offering to customers Implement a challenge response test on all end-user queries. A security analyst receives the configuration of a current VPN profile and notices the authentication is only applied to the IP datagram portion of the packet. Which of the following should the analyst implement to authenticate the entire packet? AH ESP SRTP LDAP. A technician needs to prevent data loss in a laboratory. The laboratory is not connected to any external networks. Which of the following methods would BEST prevent data? (Select TWO) VPN Drive encryption Network firewall File-level encryption USB blocker MFA. Local guidelines require that all information systems meet a minimum-security baseline to be compliant. Which of the following can security administrators use to assess their system configurations against the baseline? SOAR playbook Security control matrix Risk management framework Benchmarks. A network engineer is troubleshooting wireless network connectivity issues that were reported by users. The issues are occurring only in the section of the building that is closest to the parking lot.Users are intermittently experiencing slow speeds when accessing websites and are unable to connect to network drives. The issues appear to increase when laptop users return desks after using their devices in other areas of the building. There have also been reports of users being required to enter their credentials on web pages in order to gain access to them. Which of the following is the MOST likely cause of this issue? An external access point is engaging in an evil-twin attack. The signal on the WAP needs to be increased in that section of the building. The certificates have expired on the devices and need to be reinstalled. The users in that section of the building are on a VLAN that is being blocked by the firewall. An engineer wants to access sensitive data from a corporate-owned mobile device. Personal data is not allowed on the device. Which of the following MDM configurations must be considered when the engineer travels for business? Screen locks Application management Geofencing Containerization. |
Report abuse