ERASED TEST, YOU MAY BE INTERESTED ON Comptia S+ SY0-701 September 2024 v3
COMMENTS | STATISTICS | RECORDS |
---|
TAKE THE TEST
Title of test:
Comptia S+ SY0-701 September 2024 v3 Description: Security + Author: Rabelani Other tests from this author Creation Date: 18/09/2024 Category: Computers Number of questions: 90 |
Share the Test:
New Comment
RS.CARTER ( uploaded 2 months ) Did anyone took an exam using this test? Please comment how it went. |
Content:
Which of the following threat actors is the most likely to be hired by a foreign government to attack critical systems located in other countries? Hacktivist Whistleblower Organized crime Unskilled attacker. An employee clicked a link in an email from a payment website that asked the employee to update contact information. The employee entered the log-in information but received a page not found error message. Which of the following types of social engineering attacks occurred? Brand impersonation Pretexting Typosquatting Phishing. An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal? Access list outbound permit 0.0.0.0 0 0.0.0.0/0 port 53 Access list outbound deny 10.50.10.25 32 0.0.0.0/0 port 53 Access list outbound permit 0.0.0.0/0 10.50.10.25 32 port 53 Access list outbound deny 0.0.0.0 0 0.0.0.0/0 port 53 Access list outbound permit 0.0.0.0 0 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0 10.50.10.25 32 port 53 Access list outbound permit 10.50.10.25 32 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0.0.0.0.0.0/0 port 53. A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality? SSO LEAP MFA PEAP. A company prevented direct access from the database administrators workstations to the network segment that contains database servers. Which of the following should a database administrator use to access the database servers? Jump server RADIUS HSM Load balancer. An organizations internet-facing website was compromised when an attacker exploited a buffer overflow. Which of the following should the organization deploy to best protect against similar attacks in the future? NGFW WAF TLS SD-WAN. An administrator notices that several users are logging in from suspicious IP addresses. After speaking with the users, the administrator determines that the employees were not logging in from those IP addresses and resets the affected users passwords. Which of the following should the administrator implement to prevent this type of attack from succeeding in the future? Multifactor authentication Permissions assignment Access management Password complexity. A company is required to use certified hardware when building networks. Which of the following best addresses the risks associated with procuring counterfeit hardware? A thorough analysis of the supply chain A legally enforceable corporate acquisition policy A right to audit clause in vendor contracts and SOWs An in-depth penetration test of all suppliers and vendors. Which of the following vulnerabilities is associated with installing software outside of a manufacturers approved software repository? Jailbreaking Memory injection Resource reuse Side loading. Which of the following vulnerabilities is associated with installing software outside of a manufacturers approved software repository? IRP DRP RPO SDLC. A security analyst is reviewing the following logs: Which of the following attacks is most likely occurring? Password spraying Account forgery Pass-t he-hash Brute-force. An engineer needs to find a solution that creates an added layer of security by preventing unauthorized access to internal company resources. Which of the following would be the best solution? RDP server Jump server Proxy server Hypervisor. During a security incident, the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization?s network. Which of the following fulfills this request? access-list inbound deny ig source 0.0.0.0/0 destination 10.1.4.9 access-list inbound deny ig source 10.1.4.9 destination 0.0.0.0/0 access-list inbound permit ig source 10.1.4.9 destination 0.0.0.0/0 access-list inbound permit ig source 0.0.0.0/0 destination 10.1.4.9. A company needs to provide administrative access to internal resources while minimizing the traffic allowed through the security boundary. Which of the following methods is most secure? Implementing a bastion host Deploying a perimeter network Installing a WAF Utilizing single sign-on. An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software. Which of the following security techniques is the IT manager setting up? Hardening Employee monitoring Configuration enforcement Least privilege. Which of the following is the most likely to be used to document risks, responsible parties, and thresholds? Risk tolerance Risk transfer Risk register Risk analysis. Which of the following should a security administrator adhere to when setting up a new set of firewall rules? Disaster recovery plan Incident response procedure Business continuity plan Change management procedure. Which of the following threat actors is the most likely to use large financial resources to attack critical systems located in other countries? Insider Unskilled attacker Nation-state Hacktivist. Which of the following enables the use of an input field to run commands that can view or manipulate data? Cross-site scripting Side loading Buffer overflow SQL injection. A technician wants to improve the situational and environmental awareness of existing users as they transition from remote to in-office work. Which of the following is the best option? Send out periodic security reminders. Update the content of new hire documentation. Modify the content of recurring training. Implement a phishing campaign. A newly appointed board member with cybersecurity knowledge wants the board of directors to receive a quarterly report detailing the number of incidents that impacted the organization. The systems administrator is creating a way to present the data to the board of directors. Which of the following should the systems administrator use? Packet captures Vulnerability scans Metadata Dashboard. A systems administrator receives the following alert from a file integrity monitoring tool: The hash of the cmd.exe file has changed. The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred? The end user changed the file permissions. A cryptographic collision was detected. A snapshot of the file system was taken. A rootkit was deployed. Which of the following roles, according to the shared responsibility model, is responsible for securing the company?s database in an IaaS model for a cloud environment? Client Third-party vendor Cloud provider DBA. A security team is reviewing the findings in a report that was delivered after a third party performed a penetration test. One of the findings indicated that a web application form field is vulnerable to cross-site scripting. Which of the following application security techniques should the security analyst recommend the developer implement to prevent this vulnerability? Secure cookies Version control Input validation Code signing. Which of the following must be considered when designing a high-availability network? (Choose two). Ease of recovery Ability to patch Physical isolation Responsiveness Attack surface Extensible authentication. Which of the following describes the reason root cause analysis should be conducted as part of incident response? To gather loCs for the investigation To discover which systems have been affected To eradicate any trace of malware on the network To prevent future incidents of the same nature. Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment? Fines Audit findings Sanctions Reputation damage. A company's legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access? Data masking Encryption Geolocation policy Data sovereignty regulation. Which of the following is a hardware-specific vulnerability? Firmware version Buffer overflow SQL injection Cross-site scripting. While troubleshooting a firewall configuration, a technician determines that a deny any policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable. Which of the following actions would prevent this issue? Documenting the new policy in a change request and submitting the request to change management Testing the policy in a non-production environment before enabling the policy in the production network Disabling any intrusion prevention signatures on the 'deny any* policy prior to enabling the new policy Including an 'allow any1 policy above the 'deny any* policy. An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is the best for this scenario? Real-time recovery Hot Cold Warm. A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy? Enumeration Sanitization Destruction Inventory. A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data? Private Critical Sensitive Public. A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate? Testing input validation on the user input fields Performing code signing on company-developed software Performing static code analysis on the software Ensuring secure cookies are use. During an investigation, an incident response team attempts to understand the source of an incident.Which of the following incident response activities describes this process? Analysis Lessons learned Detection Containment. A security practitioner completes a vulnerability assessment on a company's network and finds several vulnerabilities, which the operations team remediates. Which of the following should be done next? Conduct an audit. Initiate a penetration test. Rescan the network. Submit a report. An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device. Which of the following best describes the users activity? Penetration testing Phishing campaign External audit Insider threat. Which of the following allows for the attribution of messages to individuals? Adaptive identity Non-repudiation Authentication Access logs. Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified? Automation Compliance checklist Attestation Manual audit. An organization recently updated its security policy to include the following statement: Regular expressions are included in source code to remove special characters such as $, |, ;. &, `, and ? from variables set by forms in a web application. Which of the following best explains the security technique the organization adopted by making this addition to the policy? Identify embedded keys Code debugging Input validation Static code analysis. Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses? Compensating control Network segmentation Transfer of risk SNMP traps. The management team notices that new accounts that are set up manually do not always have correct access or permissions. Which of the following automation techniques should a systems administrator use to streamline account creation? Guard rail script Ticketing workflow Escalation script User provisioning script. A company is planning to set up a SIEM system and assign an analyst to review the logs on a weekly basis. Which of the following types of controls is the company setting up? Corrective Preventive Detective Deterrent. A systems administrator is looking for a low-cost application-hosting solution that is cloud-based.Which of the following meets these requirements? Serverless framework Type 1 hvpervisor SD-WAN SDN. A security operations center determines that the malicious activity detected on a server is normal. Which of the following activities describes the act of ignoring detected activity in the future? Tuning Aggregating Quarantining Archiving. security analyst reviews domain activity logs and notices the following: Which of the following is the best explanation for what the security analyst has discovered? The user jsmith's account has been locked out. A keylogger is installed on jsmith's workstation. An attacker is attempting to brute force jsmith's account. Ransomware has been deployed in the domain. Which of the following is a primary security concern for a company setting up a BYOD program? End of life Buffer overflow VM escape Jailbreaking. Which of the following is the most likely to be included as an element of communication in a security awareness program? Reporting phishing attempts or other suspicious activities Detecting insider threats using anomalous behavior recognition Verifying information when modifying wire transfer data Performing social engineering as part of third-party penetration testing. HOTSPOT Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation. INSTRUCTIONS Not all attacks and remediation actions will be used. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button. Web server > Botnet > Enable DDoS protection User > RAT > Implement a host-based IPS Database server > Worm > Change the default application password Executive > Keylogger > Disable remote access services Application > Backdoor > Conduct code review Web server > Botnet > Enable DDoS protection User > RAT > Implement a host-based IPS Database server > Worm > Change the default application password Executive > Keylogger > Implement 2FA using push notification Application > Backdoor > Conduct a code review Web server > Botnet > Enable DDoS protection User > RAT > Disable remote access services Database server > Worm > Change the default application password Executive > Keylogger > Implement a host-based IPS Application > Backdoor > Conduct a code review Web server > Botnet > Enable DDoS protection User > RAT > Disable remote access services Database server > Worm > Change the default application password Executive > Keylogger > Enable MFA Application > Backdoor > Conduct a code review. HOTSPOT You are security administrator investigating a potential infection on a network. Click on each host and firewall. Review all logs to determine which host originated the Infecton and then deny each remaining hosts clean or infected. 192.168.10.22 - origin - scans disabled on this host by svchost 192.168.10.37 - clean - scan found and quarantined svchost 192.168.10.41 - infected - heuristic pattern match but failed to quarantine svchost 10.10.9.12 - clean - scan found and quarantined svchost 10.10.9.18 - infected - heuristic pattern match but failed to quarantine svchost 192.168.10.22 Status: Clean Reasoning: The scan completed without finding any issues. 192.168.10.37 Status: Infected Reasoning: The scan found and quarantined the file svch0st.exe. 192.168.10.41 Status: Infected Reasoning: The scan found the file svch0st.exe but was unable to quarantine it. 10.10.9.12 Status: Origin Reasoning: The firewall log shows traffic from 10.10.9.12 to multiple IP addresses in the network, indicating it may have spread the infection. Additionally, the scan found and quarantined svch0st.exe. 10.10.9.18 Status: Infected Reasoning: The scan found the file svch0st.exe but was unable to quarantine it, similar to 192.168.10.41. - 192.168.10.22:Infected - 192.168.10.37:Origin - 192.168.10.41:Infected - 10.10.9.12:Infected - 10.10.9.18:Infected - 192.168.10.22:Infected Scheduled update disabled by svch0st.exe, no quarantine action - 192.168.10.37:Infected svch0st.exe quarantined - 192.168.10.41:Infected svch0st.exe detected and quarantined after initial failure - 10.10.9.12: Infected svch0st.exe quarantined - 10.10.9.18:Infected svch0st.exe detected and quarantined after initial failure. Which of the following would be the best way to handle a critical business application that is running on a legacy server? Segmentation Isolation Hardening Decommissioning. After a company was compromised, customers initiated a lawsuit. The company's attorneys have requested that the security team initiate a legal hold in response to the lawsuit. Which of the following describes the action the security team will most likely be required to take? Retain the emails between the security team and affected customers for 30 days. Retain any communications related to the security breach until further notice. Retain any communications between security members during the breach response. Retain all emails from the company to affected customers for an indefinite period of time. A security manager created new documentation to use in response to various types of security incidents. Which of the following is the next step the manager should take? Set the maximum data retention policy. Securely store the documents on an air-gapped network. Review the documents' data classification policy. Conduct a tabletop exercise with the team. Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked. Which of the following changes would allow users to access the site? Creating a firewall rule to allow HTTPS traffic Configuring the IPS to allow shopping Tuning the DLP rule that detects credit card data Updating the categorization in the content filter. An administrator discovers that some files on a database server were recently encrypted. The administrator sees from the security logs that the data was last accessed by a domain user. Which of the following best describes the type of attack that occurred? Insider threat Social engineering Watering-hole Unauthorized attacker. Which of the following automation use cases would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company? Provisioning resources Disabling access Reviewing change approvals Escalating permission requests. Which of the following automation use cases would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company? Ease of recovery Ability to patch Physical isolation Responsiveness Attack surface Extensible authentication. An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of .ryk. Which of the following types of infections is present on the systems? Virus Trojan Spyware Ransomware. A healthcare organization wants to provide a web application that allows individuals to digitally report health emergencies. Which of the following is the most important consideration during development? Scalability Availability Cost Ease of deployment. An organization wants a third-party vendor to do a penetration test that targets a specific device. The organization has provided basic information about the device. Which of the following best describes this kind of penetration test? Partially known environment Unknown environment Integrated Known environment. An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using? Smishing Disinformation Impersonating Whaling. An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate? Secured zones Subject role Adaptive identity Threat scope reduction. An organization is leveraging a VPN between its headquarters and a branch location. Which of the following is the VPN protecting? Data in use Data in transit Geographic restrictions Data sovereignty. The marketing department set up its own project management software without telling the appropriate departments. Which of the following describes this scenario? Shadow IT Insider threat Data exfiltration Service disruption. An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal? Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53 Access list outbound deny 10.50.10.25 0.0.0.0/0 port 53 Access list outbound permit 0.0.0.0/0 10.50.10.25 port 53 Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53 Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0 10.50.10.25 port 53 Access list outbound permit 10.50.10.25 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53. After a security incident, a systems administrator asks the company to buy a NAC platform. Which of the following attack surfaces is the systems administrator trying to protect? Bluetooth Wired NFC SCADA. Which of the following factors are the most important to address when formulating a training curriculum plan for a security awareness program? (Select two). Channels by which the organization communicates with customers The reporting mechanisms for ethics violations Threat vectors based on the industry in which the organization operates Secure software development training for all personnel Cadence and duration of training events Retraining requirements for individuals who fail phishing simulations. An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization? Exception Segmentation Risk transfer Compensating controls. A company recently implemented a patch management policy; however, vulnerability scanners have still been flagging several hosts, even after the completion of the patch process. Which of the following is the most likely cause of the issue? The vendor firmware lacks support. Zero-day vulnerabilities are being discovered. Third-party applications are not being patched. Code development is being outsourced. . A company that provides an online streaming service made its customers' personal data including names and email addresses publicly available in a cloud storage service. As a result, the company experienced an increase m the number of requests to delete user accounts. Which of the following best describes the consequence of tins data disclosure? Regulatory fines Reputation damage Increased insurance costs Financial loss . Which of the following is most likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented? An RTO report A risk register A business impact analysis An asset value register A disaster recovery plan. A company reduced the area utilized in its datacenter by creating virtual networking through automation and by creating provisioning routes and rules through scripting. Which of the following does this example describe? laC MSSP Containers SaaS. Which of the following must be in place before implementing a BCP? SLA AUP NDA BIA. An organization is moving away from the use of client-side and server-side certificates for EAR The company would like for the new EAP solution to have the ability to detect rogue access points. Which of the following would accomplish these requirements? PEAP EAP-FAST EAP-TLS EAP-TTLS . A newly purchased corporate WAP needs to be configured in the MOST secure manner possible. INSTRUCTIONS Please click on the below items on the network diagram and configure them accordingly: WAP DHCP Server AAA Server Wireless Controller LDAP Server If at any time you would like to bring back the initial state of the simulation, please click the Reset All button. Wireless Network (Mixed) Wireless Network Name (SSID) - (DEFAULT) Wireless Channel (11) Wireless SSID Broadcast (Disable) Security Mode (WPA2 Enterprise) Wireless Network (G) Wireless Network Name (SSID) - (DEFAULT) Wireless Channel (11) Wireless SSID Broadcast (Disable) Security Mode (Radius) Wireless Network (G) Wireless Network Name (SSID) - (DEFAULT) Wireless Channel (11) Wireless SSID Broadcast (Disable) Security Mode (WPA2 Professional) Wireless Network (G) Wireless Network Name (SSID) - (DEFAULT) Wireless Channel (9) Wireless SSID Broadcast (Disable) Security Mode (WPA2 PSK). A security analyst receives an alert from the company's S1EM that anomalous activity is coming from a local source IP address of 192 168 34.26 The Chief Information Security Officer asks the analyst to block the originating source Several days later another employee opens an internal ticket stating that vulnerability scans are no longer being performed property. The IP address the employee provides is 192 168.34 26. Which of the following describes this type of alert? True positive True negative False positive False negative . To reduce and limit software and infrastructure costs the Chief Information Officer has requested to move email services to the cloud. The cloud provider and the organization must have secunty controls to protect sensitive data Which of the following cloud services would best accommodate the request? laaS PaaS DaaS SaaS. A network engineer and a security engineer are discussing ways to monitor network operations. Which of the following is the BEST method? Disable Telnet and force SSH. Establish a continuous ping. Utilize an a gentless monitor. Enable SNMPv3 With passwords. . network engineer receives a call regarding multiple LAN-connected devices that are on the same switch. The devices have suddenly been experiencing speed and latency issues while connecting to network resources. The engineer enters the command show mac address-table and reviews the following output Which of the following best describes the attack that is currently in progress? MAC flooding Evil twin ARP poisoning DHCP spoofing . A company is moving to new location. The systems administrator has provided the following server room requirements to the facilities staff: Consistent power levels in case of brownouts or voltage spikes A minimum of 30 minutes runtime following a power outage Ability to trigger graceful shutdowns of critical systems Which of the following would BEST meet the requirements? Maintaining a standby, gas-powered generator Using large surge suppressors on computer equipment Configuring managed PDUs to monitor power levels Deploying an appropriately sized, network-connected UPS device . Given the following snippet of Python code: Which of the following types of malware MOST likely contains this snippet? Logic bomb Keylogger Backdoor Ransomware. Multiple beaconing activities to a malicious domain have been observed. The malicious domain is hosting malware from various endpoints on the network. Which of the following technologies would be best to correlate the activities between the different endpoints? Firewall SIEM IPS Protocol analyzer . A company has discovered unauthorized devices are using its WiFi network, and it wants to harden the access point to improve security. Which f the following configuration should an analysis enable To improve security? (Select TWO.) RADIUS PEAP WPS WEP-EKIP SSL WPA2-PSK . A security analyst is concerned about traffic initiated to the dark web from the corporate LAN. Which of the following networks should the analyst monitor? SFTP AIS Tor loC. A company recently experienced an attack during which its main website was Directed to the attacker's web server, allowing the attacker to harvest credentials from unsuspecting customers, Which of the following should the company implement to prevent this type of attack from occurring In the future? IPsec SSL/TLS ONSSEC SMIME. A bank set up a new server that contains customers' Pll. Which of the following should the bank use to make sure the sensitive data is not modified? Full disk encryption Network access control File integrity monitoring User behavior analytics. A security analyst developed a script to automate a trivial and repeatable task. Which of the following best describes the benefits of ensuring other team members understand how the script works? To reduce implementation cost To identify complexity To remediate technical debt To prevent a single point of failure. Which of the following best describes the practice of researching laws and regulations related to information security operations within a specific industry? Compliance reporting GDPR Due diligence Attestation. A business needs a recovery site but does not require immediate failover. The business also wants to reduce the workload required to recover from an outage. Which of the following recovery sites is the best option? Hot Cold Warm Geographically dispersed. Which of the following phases of an incident response involves generating reports? Recovery Preparation Lessons learned Containment. |
Report abuse