SY0-701 Free Questions

Question #1

An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days.

Which of the following types of sites is the best for this scenario?

A . Real-time recovery
B . Hot
C . Cold
D . Warm

Reveal Solution Hide Solution

Question #2

An administrator notices that several users are logging in from suspicious IP addresses. After speaking with the users, the administrator determines that the employees were not logging in from those IP addresses and resets the affected users’ passwords.

Which of the following should the administrator implement to prevent this type of attack from succeeding in the future?

A . Multifactor authentication
B . Permissions assignment
C . Access management
D . Password complexity

Reveal Solution Hide Solution

Question #3

Which of the following threat actors is the most likely to use large financial resources to attack critical systems located in other countries?

A . Insider
B . Unskilled attacker
C . Nation-state
D . Hacktivist

Reveal Solution Hide Solution

Question #4

An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification.

Which of the following social engineering techniques are being attempted? (Choose two.)

A . Typosquatting
B . Phishing
C . Impersonation
D . Vishing
E . Smishing
F . Misinformation

Reveal Solution Hide Solution

Correct Answer: B E
B E

Explanation:

Smishing is a type of social engineering technique that uses text messages (SMS) to trick victims into revealing sensitive information, clicking malicious links, or downloading malware. Smishing messages often appear to come from legitimate sources, such as banks, government agencies, or service providers, and use urgent or threatening language to persuade the recipients to take action12. In this scenario, the text message that claims to be from the payroll department is an example of smishing.

Impersonation is a type of social engineering technique that involves pretending to be someone else, such as an authority figure, a trusted person, or a colleague, to gain the trust or cooperation of the target. Impersonation can be done through various channels, such as phone calls, emails, text messages, or in-person visits, and can be used to obtain information, access, or money from the victim34. In this scenario, the text message that pretends to be from the payroll department is an example of impersonation.

A) Typosquatting is a type of cyberattack that involves registering domain names that are similar to popular or well-known websites, but with intentional spelling errors or different extensions. Typosquatting aims to exploit the common mistakes that users make when typing web addresses, and redirect them to malicious or fraudulent sites that may steal their information, install malware, or display ads56. Typosquatting is not related to text messages or credential verification.

B) Phishing is a type of social engineering technique that uses fraudulent emails to trick recipients into revealing sensitive information, clicking malicious links, or downloading malware. Phishing emails often mimic the appearance and tone of legitimate organizations, such as banks, retailers, or service providers, and use deceptive or urgent language to persuade the recipients to take action78. Phishing is not related to text messages or credential verification.

D) Vishing is a type of social engineering technique that uses voice calls to trick victims into revealing sensitive information, such as passwords, credit card numbers, or bank account details. Vishing calls

often appear to come from legitimate sources, such as law enforcement, government agencies, or technical support, and use scare tactics or false promises to persuade the recipients to comply9. Vishing is not related to text messages or credential verification.

F. Misinformation is a type of social engineering technique that involves spreading false or misleading information to influence the beliefs, opinions, or actions of the target. Misinformation can be used to manipulate public perception, create confusion, damage reputation, or promote an agenda. Misinformation is not related to text messages or credential verification.

Reference = 1: What is Smishing? | Definition and Examples | Kaspersky 2: Smishing – Wikipedia 3: Impersonation Attacks: What Are They and How Do You Protect Against Them? 4: Impersonation – Wikipedia 5: What is Typosquatting? | Definition and Examples | Kaspersky 6: Typosquatting – Wikipedia 7: What is Phishing? | Definition and Examples | Kaspersky 8: Phishing – Wikipedia 9: What is Vishing? | Definition and Examples | Kaspersky: Vishing – Wikipedia: What is Misinformation? | Definition and Examples | Britannica: Misinformation – Wikipedia

Question #5

A company’s web filter is configured to scan the URL for strings and deny access when matches are found.

Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?

A . encryption=off
B . http://
C . www.*.com
D . :443

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

A web filter is a device or software that can monitor, block, or allow web traffic based on predefined rules or policies. One of the common methods of web filtering is to scan the URL for strings and deny access when matches are found. For example, a web filter can block access to websites that contain the words “gambling”, “porn”, or “malware” in their URLs. A URL is a uniform resource locator that identifies the location and protocol of a web resource. A URL typically consists of the following components: protocol://domain:port/path?query#fragment. The protocol specifies the communication method used to access the web resource, such as HTTP, HTTPS, FTP, or SMTP. The domain is the name of the web server that hosts the web resource, such as www.google.com or www.bing.com. The port is an optional number that identifies the specific service or application running on the web server, such as 80 for HTTP or 443 for HTTPS. The path is the specific folder or file name of the web resource, such as /index.html or /images/logo.png. The query is an optional string that contains additional information or parameters for the web resource, such as ?q=security or ?lang=en. The fragment is an optional string that identifies a specific part or section of the web resource, such as #introduction or #summary.

To prohibit access to non-encrypted websites, an analyst should employ a search string that matches the protocol of non-encrypted web traffic, which is HTTP. HTTP stands for hypertext transfer protocol,

and it is a standard protocol for transferring data between web servers and web browsers. However, HTTP does not provide any encryption or security for the data, which means that anyone who intercepts the web traffic can read or modify the data. Therefore, non-encrypted websites are vulnerable to eavesdropping, tampering, or spoofing attacks. To access a non-encrypted website, the URL usually starts with http://, followed by the domain name and optionally the port number. For example, http://www.example.com or http://www.example.com:80. By scanning the URL for the string http://, the web filter can identify and block non-encrypted websites.

The other options are not correct because they do not match the protocol of non-encrypted web traffic. Encryption=off is a possible query string that indicates the encryption status of the web resource, but it is not a standard or mandatory parameter. Https:// is the protocol of encrypted web traffic, which uses hypertext transfer protocol secure (HTTPS) to provide encryption and security for the data. Www.*.com is a possible domain name that matches any website that starts with www and ends with .com, but it does not specify the protocol. :443 is the port number of HTTPS, which is the protocol of encrypted web traffic.

Reference = CompTIA Security+ Study Guide (SY0-701), Chapter 2: Securing Networks, page 69. Professor Messer’s CompTIA SY0-701 Security+ Training Course, Section 2.1: Network Devices and Technologies, video: Web Filter (5:16).

Question #6

4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization’s network.

Which of the following fulfills this request?

A . access-list inbound deny ig source 0.0.0.0/0 destination 10.1.4.9/32
B . access-list inbound deny ig source 10.1.4.9/32 destination 0.0.0.0/0
C . access-list inbound permit ig source 10.1.4.9/32 destination 0.0.0.0/0
D . access-list inbound permit ig source 0.0.0.0/0 destination 10.1.4.9/32

Reveal Solution Hide Solution

Question #7

Which of the following describes the reason root cause analysis should be conducted as part of incident response?

A . To gather loCs for the investigation
B . To discover which systems have been affected
C . To eradicate any trace of malware on the network
D . To prevent future incidents of the same nature

Reveal Solution Hide Solution

Question #8

A security analyst is reviewing the following logs:

Which of the following attacks is most likely occurring?

A . Password spraying
B . Account forgery
C . Pass-t he-hash
D . Brute-force

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

Password spraying is a type of brute force attack that tries common passwords across several accounts to find a match. It is a mass trial-and-error approach that can bypass account lockout protocols. It can give hackers access to personal or business accounts and information. It is not a targeted attack, but a high-volume attack tactic that uses a dictionary or a list of popular or weak passwords12.

The logs show that the attacker is using the same password ("password123") to attempt to log in to different accounts ("admin", "user1", "user2", etc.) on the same web server. This is a typical pattern of password spraying, as the attacker is hoping that at least one of the accounts has a weak password that matches the one they are trying. The attacker is also using a tool called Hydra, which is one of the most popular brute force tools, often used in cracking passwords for network authentication3. Account forgery is not the correct answer, because it involves creating fake accounts or credentials to impersonate legitimate users or entities. There is no evidence of account forgery in the logs, as the attacker is not creating any new accounts or using forged credentials.

Pass-the-hash is not the correct answer, because it involves stealing a hashed user credential and using it to create a new authenticated session on the same network. Pass-the-hash does not require the attacker to know or crack the password, as they use the stored version of the password to initiate a new session4. The logs show that the attacker is using plain text passwords, not hashes, to try to log in to the web server.

Brute-force is not the correct answer, because it is a broader term that encompasses different types of attacks that involve trying different variations of symbols or words until the correct password is found. Password spraying is a specific type of brute force attack that uses a single common password against multiple accounts5. The logs show that the attacker is using password spraying, not brute force in general, to try to gain access to the web server.

Reference = 1: Password spraying: An overview of password spraying attacks … – Norton, 2: Security: Credential Stuffing vs. Password Spraying – Baeldung, 3: Brute Force Attack: A definition + 6 types to know | Norton, 4: What is a Pass-the-Hash Attack? – CrowdStrike, 5: What is a Brute Force Attack? | Definition, Types & How It Works – Fortinet

Question #9

A company’s legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries.

Which of the following is the most effective way to limit this access?

A . Data masking
B . Encryption
C . Geolocation policy
D . Data sovereignty regulation

Reveal Solution Hide Solution

Question #10

An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device.

Which of the following best describes the user’s activity?

A . Penetration testing
B . Phishing campaign
C . External audit
D . Insider threat

Reveal Solution Hide Solution

[email protected]

Monday - Sunday 9:00am - 6:00pm

CompTIA SY0-701 Real Exam Questions

The questions for SY0-701 were last updated at Dec 08,2024.

[email protected]

Monday - Sunday 9:00am - 6:00pm