CompTIA Security+ SY0-701 Practice Test Engine Try These 765 Exam Questions [Q203-Q219]

Share

CompTIA Security+ SY0-701 Practice Test Engine: Try These 765 Exam Questions

Guaranteed Success in CompTIA Security+ SY0-701 Exam Dumps

NEW QUESTION # 203
Which of the following is the most effective way to protect an application server running software that is no longer supported from network threats?

  • A. Port security
  • B. Air gap
  • C. Screen subnet
  • D. Barricade

Answer: C

Explanation:
One of the most effective ways to protect an application server is to use a screened subnet. A screened subnet is a network segment that is isolated from both the internet and the internal network by two firewalls. The application server is placed in the screened subnet, also known as the demilitarized zone (DMZ), and only the necessary ports are opened for communication. This way, the application server is shielded from external attacks and internal breaches, and the impact of a compromise is minimized.


NEW QUESTION # 204
Which of the following is a reason environmental variables are a concern when reviewing potential system vulnerabilities?

  • A. The contents of environmental variables could affect the scope and impact of an exploited vulnerability.
  • B. Environmental variables define cryptographic standards for the system and could create vulnerabilities if deprecated algorithms are used.
  • C. In-memory environmental variable values can be overwritten and used by attackers to insert malicious code.
  • D. Environmental variables will determine when updates are run and could mitigate the likelihood of vulnerability exploitation.

Answer: A

Explanation:
Environmental variables store configuration settings, paths, and other system-related information that applications and processes use. If an attacker gains access to these variables, they could manipulate them to alter application behavior, gain unauthorized access, or escalate privileges.For example, an attacker could modify the PATH variable to execute malicious programs instead of legitimate ones. This can significantlyincrease the scope and impact of an exploited vulnerability, making it a major security concern.
Reference:CompTIA Security+ SY0-701 Official Study Guide, Security Architecture domain.


NEW QUESTION # 205
A security administrator identifies an application that is storing data using MD5. Which of the following best identifies the vulnerability likely present in the application?

  • A. Side loading
  • B. Malicious update
  • C. Cryptographic
  • D. Zero day

Answer: C

Explanation:
The vulnerability likely present in the application that is storing data using MD5 is a cryptographic vulnerability. MD5 is considered to be a weak hashing algorithm due to its susceptibility to collision attacks, where two different inputs produce the same hash output, compromising data integrity and security.
Cryptographic: Refers to vulnerabilities in cryptographic algorithms or implementations, such as the weaknesses in MD5.
Malicious update: Refers to the intentional injection of harmful updates, not related to the use of MD5.
Zero day: Refers to previously unknown vulnerabilities for which no patch is available, not specifically related to MD5.
Side loading: Involves installing software from unofficial sources, not directly related to the use of MD5.


NEW QUESTION # 206
An employee decides to take malicious action against an organization after being passed over for a promotion. Which of the following threats does the employee now represent?

  • A. Shadow IT
  • B. Nation-state
  • C. Hacktivist
  • D. Insider threat

Answer: D

Explanation:
An insider threat involves a person within the organization, such as an employee, who uses their access for malicious purposes, often due to personal grievances or dissatisfaction.


NEW QUESTION # 207
An incident response specialist must stop a malicious attack from expanding to other parts of an organization.
Which of the following should the incident response specialist perform first?

  • A. Simulation
  • B. Containment
  • C. Eradication
  • D. Recovery

Answer: B

Explanation:
Containment (C)is thefirst critical stepduring a security incident tostop the spreadof the attack. This could include isolating affected systems, disabling accounts, or blocking malicious traffic.
According to theIncident Response Lifecycle, the order is typically:Identification # Containment # Eradication # Recovery # Lessons Learned.
Reference: CompTIA Security+ SY0-701 Objectives, Domain 5.4 - "Incident response process: Containment as the immediate action."


NEW QUESTION # 208
Which of the following security control types does an acceptable use policy best represent?

  • A. Deterrent
  • B. Preventive
  • C. Corrective
  • D. Compensating

Answer: D

Explanation:
When a critical legacy server is segmented into a private network, the security control being used is compensating. Compensating controls are alternative measures put in place to satisfy a security requirement when the primary control is not feasible or practical. In this case, segmenting the legacy server into a private network serves as a compensating control to protect it from potential vulnerabilities that cannot be mitigated directly.
Compensating: Provides an alternative method to achieve the desired security outcome when the primary control is not possible.
Deterrent: Aims to discourage potential attackers but does not directly address segmentation.
Corrective: Used to correct or mitigate the impact of an incident after it has occurred.
Preventive: Aims to prevent security incidents but is not specific to the context of segmentation.


NEW QUESTION # 209
Which of the following is an example of a treatment strategy for a continuous risk?

  • A. Background checks for new employees
  • B. Branch protection as part of the CI/CD pipeline
  • C. Email gateway to block phishing attempts
  • D. Dual control requirements for wire transfers

Answer: C


NEW QUESTION # 210
Which of the following should a security administrator adhere to when setting up a new set of firewall rules?

  • A. Disaster recovery plan
  • B. Business continuity plan
  • C. Incident response procedure
  • D. Change management procedure

Answer: D

Explanation:
Explanation
A change management procedure is a set of steps and guidelines that a security administrator should adhere to when setting up a new set of firewall rules. A firewall is a device or software that can filter, block, or allow network traffic based on predefined rules or policies. A firewall rule is a statement that defines the criteria and action for a firewall to apply to a packet or a connection. For example, a firewall rule can allow or deny traffic based on the source and destination IP addresses, ports, protocols, or applications. Setting up a new set of firewall rules is a type of change that can affect the security, performance, and functionality of the network.
Therefore, a change management procedure is necessary to ensure that the change is planned, tested, approved, implemented, documented, and reviewed in a controlled and consistent manner. A change management procedure typically includes the following elements:
A change request that describes the purpose, scope, impact, and benefits of the change, as well as the roles and responsibilities of the change owner, implementer, and approver.
A change assessment that evaluates the feasibility, risks, costs, and dependencies of the change, as well as the alternatives and contingency plans.
A change approval that authorizes the change to proceed to the implementation stage, based on the criteria and thresholds defined by the change policy.
A change implementation that executes the change according to the plan and schedule, and verifies the results and outcomes of the change.
A change documentation that records the details and status of the change, as well as the lessons learned and best practices.
A change review that monitors and measures the performance and effectiveness of the change, and identifies any issues or gaps that need to be addressed or improved.
A change management procedure is important for a security administrator to adhere to when setting up a new set of firewall rules, as it can help to achieve the following objectives:
Enhance the security posture and compliance of the network by ensuring that the firewall rules are aligned with the security policies and standards, and that they do not introduce any vulnerabilities or conflicts.
Minimize the disruption and downtime of the network by ensuring that the firewall rules are tested and validated before deployment, and that they do not affect the availability or functionality of the network services or applications.
Improve the efficiency and quality of the network by ensuring that the firewall rules are optimized and updated according to the changing needs and demands of the network users and stakeholders, and that they do not cause any performance or compatibility issues.
Increase the accountability and transparency of the network by ensuring that the firewall rules are documented and reviewed regularly, and that they are traceable and auditable by the relevant authorities and parties.
The other options are not correct because they are not related to the process of setting up a new set of firewall rules. A disaster recovery plan is a set of policies and procedures that aim to restore the normal operations of an organization in the event of a system failure, natural disaster, or other emergency. An incident response procedure is a set of steps and guidelines that aim to contain, analyze, eradicate, and recover from a security incident, such as a cyberattack, data breach, or malware infection. A business continuity plan is a set of strategies and actions that aim to maintain the essential functions and operations of an organization during and after a disruptive event, such as a pandemic, power outage, or civil unrest. References = CompTIA Security+ Study Guide (SY0-701), Chapter 7: Resilience and Recovery, page 325. Professor Messer's CompTIA SY0-701 Security+ Training Course, Section 1.3: Security Operations, video: Change Management (5:45).


NEW QUESTION # 211
A security administrator receives multiple reports about the same suspicious email. Which of the following is the most likely reason for the malicious email's continued delivery?

  • A. Employees are using shadow IT solutions for email.
  • B. Information from reported emails is not being used to tune email filtering tools.
  • C. Employees are forwarding personal emails to company email addresses.
  • D. Employees are flagging legitimate emails as spam.

Answer: B

Explanation:
If reported email data is not used to update and tune filtering tools, the malicious email can continue bypassing defenses and reaching other users' inboxes.


NEW QUESTION # 212
A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?

  • A. Critical
  • B. Sensitive
  • C. Private
  • D. Public

Answer: B


NEW QUESTION # 213
Which of the following aspects of the data management life cycle is most directly impacted by local and international regulations?

  • A. Sanitization
  • B. Destruction
  • C. Certification
  • D. Retention

Answer: D

Explanation:
Detailed Explanation:
Retention policies dictate how long data must be stored to comply with local and international regulations.
Non-compliance can result in legal and financial penalties. Reference: CompTIA Security+ SY0-701 Study Guide, Domain 5: Security Program Management, Section: "Data Retention and Legal Requirements".


NEW QUESTION # 214
A company uses a cloud-based server for file storage and wants to ensure the security of its data in transit. Which of the following should the company use to secure this type of communication?
(Choose two.)

  • A. TLS certificates
  • B. Virtual private network
  • C. Encryption key management
  • D. HTTPS
  • E. WPA2 encryption
  • F. Digital signatures

Answer: A,D

Explanation:
TLS certificates:
TLS (Transport Layer Security) is the standard protocol for encrypting data in transit over networks. Certificates authenticate the server and establish a secure, encrypted channel.
HTTPS:
HTTPS is HTTP over TLS/SSL. It ensures that data sent between clients (like web browsers) and the cloud server is encrypted and protected from eavesdropping or tampering.


NEW QUESTION # 215
Which of the following can best contribute to prioritizing patch applications?

  • A. CVSS
  • B. SCAP
  • C. OSINT
  • D. CVE

Answer: A


NEW QUESTION # 216
Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.
INSTRUCTIONS
Not all attacks and remediation actions will be used.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Answer:

Explanation:

Explanation:
Web serverBotnet Enable DDoS protectionUser RAT Implement a host-based IPSDatabase server Worm Change the default application passwordExecutive KeyloggerDisable vulnerable servicesApplication Backdoor Implement 2FA using push notification A screenshot of a computer program Description automatically generated with low confidence


NEW QUESTION # 217
Which of the following is used to add extra complexity before using a one-way data transformation algorithm?

  • A. Data masking
  • B. Key stretching
  • C. Salting
  • D. Steganography

Answer: C

Explanation:
Explanation
Salting is the process of adding extra random data to a password or other data before applying a one-way data transformation algorithm, such as a hash function. Salting increases the complexity and randomness of the input data, making it harder for attackers to guess or crack the original data using precomputed tables or brute force methods. Salting also helps prevent identical passwords from producing identical hash values, which could reveal the passwords to attackers who have access to the hashed data. Salting is commonly used to protect passwords stored in databases or transmitted over networks. References = Passwords technical overview Encryption, hashing, salting - what's the difference?
Salt (cryptography)


NEW QUESTION # 218
Which of the following is the most likely motivation for a hacktivist?

  • A. Corporate espionage
  • B. Financial gain
  • C. Philosophical beliefs
  • D. Service disruption

Answer: C

Explanation:
Hacktivists are individuals or groups who use hacking to promote a political agenda, social cause, or philosophical beliefs. Their primary motivation is not personal gain but rather to draw attention to, or protest against, perceived injustices or causes.
Reference:
CompTIA Security+ SY0-701 Official Study Guide, Domain 2.1: "Hacktivists are motivated by ideology or political/social causes." Exam Objectives 2.1: "Compare and contrast different types of threat actors."


NEW QUESTION # 219
......

Test Engine to Practice SY0-701 Test Questions: https://www.preppdf.com/CompTIA/SY0-701-prepaway-exam-dumps.html

CompTIA SY0-701 Daily Practice Exam New 2026 Updated 765 Questions: https://drive.google.com/open?id=1avYGr6zE9iDLhA45l-ddlcreymZUM8yH