SY0-701 CompTIA Security+ PDF Questions 2025

DownloadCompTIASecurity+SY0-701Dumpsforpreparation
2/20
1.Whichofthefollowingthreatactorsisthemostlikelytobehiredbyaforeigngovernmenttoattack
criticalsystemslocatedinothercountries?
A.Hacktivist
B.Whistleblower
C.Organizedcrime
D.Unskilledattacker
Answer:C
Explanation:
Organizedcrimeisatypeofthreatactorthatismotivatedbyfinancialgainandoftenoperatesacross
nationalborders.Organizedcrimegroupsmaybehiredbyforeigngovernmentstoconductcyberattacks
oncriticalsystemslocatedinothercountries,suchaspowergrids,militarynetworks,orfinancial
institutions.Organizedcrimegroupshavetheresources,skills,andconnectionstocarryoutsophisticated
andpersistentattacksthatcancausesignificantdamageanddisruption12.
Reference=
1:ThreatActors-CompTIASecurity+SY0-701-2.1
2:CompTIASecurity+SY0-701CertificationStudyGuide
2.Whichofthefollowingisusedtoaddextracomplexitybeforeusingaone-waydatatransformation
algorithm?
A.Keystretching
B.Datamasking
C.Steganography
D.Salting
Answer:D
Explanation:
Saltingistheprocessofaddingextrarandomdatatoapasswordorotherdatabeforeapplyingaone-way
datatransformationalgorithm,suchasahashfunction.Saltingincreasesthecomplexityandrandomness
oftheinputdata,makingitharderforattackerstoguessorcracktheoriginaldatausingprecomputed
tablesorbruteforcemethods.Saltingalsohelpspreventidenticalpasswordsfromproducingidentical
hashvalues,whichcouldrevealthepasswordstoattackerswhohaveaccesstothehasheddata.Salting
iscommonlyusedtoprotectpasswordsstoredindatabasesortransmittedovernetworks.
Reference=
Passwordstechnicaloverview
Encryption,hashing,salting–what’sthedifference?
Salt(cryptography)
3.Anemployeeclickedalinkinanemailfromapaymentwebsitethataskedtheemployeetoupdate
contactinformation.Theemployeeenteredthelog-ininformationbutreceiveda“pagenotfound”error
message.
Whichofthefollowingtypesofsocialengineeringattacksoccurred?
A.Brandimpersonation
B.Pretexting
C.Typosquatting
D.Phishing

DownloadCompTIASecurity+SY0-701Dumpsforpreparation
3/20
Answer:D
Explanation:
Phishingisatypeofsocialengineeringattackthatinvolvessendingfraudulentemailsthatappeartobe
fromlegitimatesources,suchaspaymentwebsites,banks,orothertrustedentities.Thegoalofphishing
istotricktherecipientsintoclickingonmaliciouslinks,openingmaliciousattachments,orproviding
sensitiveinformation,suchaslog-incredentials,personaldata,orfinancialdetails.Inthisscenario,the
employeereceivedanemailfromapaymentwebsitethataskedtheemployeetoupdatecontact
information.Theemailcontainedalinkthatdirectedtheemployeetoafakewebsitethatmimickedthe
appearanceoftherealone.Theemployeeenteredthelog-ininformation,butreceiveda“pagenotfound”
errormessage.Thisindicatesthattheemployeefellvictimtoaphishingattack,andtheattackermay
havecapturedtheemployee’scredentialsforthepaymentwebsite.
Reference=OtherSocialEngineeringAttacks–CompTIASecurity+SY0-701–2.2,CompTIASecurity+:
SocialEngineeringTechniques&OtherAttack…-NICCS,[CompTIASecurity+StudyGuidewithover
500PracticeTestQuestions:ExamSY0-701,9thEdition]
4.AdataadministratorisconfiguringauthenticationforaSaaSapplicationandwouldliketoreducethe
numberofcredentialsemployeesneedtomaintain.Thecompanypreferstousedomaincredentialsto
accessnewSaaSapplications.
Whichofthefollowingmethodswouldallowthisfunctionality?
A.SSO
B.LEAP
C.MFA
D.PEAP
Answer:A
Explanation:
SSOstandsforsinglesign-on,whichisamethodofauthenticationthatallowsuserstoaccessmultiple
applicationsorserviceswithonesetofcredentials.SSOreducesthenumberofcredentialsemployees
needtomaintainandsimplifiestheloginprocess.SSOcanalsoimprovesecuritybyreducingtheriskof
passwordreuse,phishing,andcredentialtheft.SSOcanbeimplementedusingvariousprotocols,such
asSAML,OAuth,OpenIDConnect,andKerberos,thatenabletheexchangeofauthenticationinformation
betweendifferentdomainsorsystems.SSOiscommonlyusedforaccessingSaaSapplications,suchas
Office365,GoogleWorkspace,Salesforce,andothers,usingdomaincredentials123.
B.LEAPstandsforLightweightExtensibleAuthenticationProtocol,whichisaCiscoproprietaryprotocol
thatprovidesauthenticationforwirelessnetworks.LEAPisnotrelatedtoSaaSapplicationsordomain
credentials4.
C.MFAstandsformulti-factorauthentication,whichisamethodofauthenticationthatrequiresusersto
providetwoormorepiecesofevidencetoprovetheiridentity.MFAcanenhancesecuritybyaddingan
extralayerofprotectionbeyondpasswords,suchastokens,biometrics,orcodes.MFAisnotrelatedto
SaaSapplicationsordomaincredentials,butitcanbeusedinconjunctionwithSSO.
D.PEAPstandsforProtectedExtensibleAuthenticationProtocol,whichisaprotocolthatprovidessecure
authenticationforwirelessnetworks.PEAPusesTLStocreateanencryptedtunnelbetweentheclient
andtheserver,andthenusesanotherauthenticationmethod,suchasMS-CHAPv2orEAP-GTC,to
verifytheuser’sidentity.PEAPisnotrelatedtoSaaSapplicationsordomaincredentials.
Reference=1:Security+(SY0-701)CertificationStudyGuide|CompTIAITCertifications2:Whatis

DownloadCompTIASecurity+SY0-701Dumpsforpreparation
4/20
SingleSign-On(SSO)?-DefinitionfromWhatIs.com3:Singlesign-on-Wikipedia4:Lightweight
ExtensibleAuthenticationProtocol-Wikipedia:WhatisMulti-FactorAuthentication(MFA)?-Definition
fromWhatIs.com:ProtectedExtensibleAuthenticationProtocol-Wikipedia
5.Whichofthefollowingscenariosdescribesapossiblebusinessemailcompromiseattack?
A.Anemployeereceivesagiftcardrequestinanemailthathasanexecutive'snameinthedisplayfieldof
theemail.
B.Employeeswhoopenanemailattachmentreceivemessagesdemandingpaymentinordertoaccess
files.
C.AservicedeskemployeereceivesanemailfromtheHRdirectoraskingforlog-incredentialstoacloud
administratoraccount.
D.Anemployeereceivesanemailwithalinktoaphishingsitethatisdesignedtolooklikethecompany's
emailportal.
Answer:A
Explanation:
Abusinessemailcompromise(BEC)attackisatypeofphishingattackthattargetsemployeeswhohave
accesstocompanyfundsorsensitiveinformation.Theattackerimpersonatesatrustedperson,suchas
anexecutive,avendor,oraclient,andrequestsafraudulentpayment,awiretransfer,orconfidentialdata.
Theattackeroftenusessocialengineeringtechniques,suchasurgency,pressure,orfamiliarity,to
convincethevictimtocomplywiththerequest12.
Inthisscenario,optionAdescribesapossibleBECattack,whereanemployeereceivesagiftcard
requestinanemailthathasanexecutive’snameinthedisplayfieldoftheemail.Theemailmaylooklike
itiscomingfromtheexecutive,buttheactualemailaddressmaybespoofedorcompromised.The
attackermayclaimthatthegiftcardsareneededforabusinesspurpose,suchasrewardingemployees
orclients,andasktheemployeetopurchasethemandsendthecodes.Thisisacommontacticusedby
BECattackerstostealmoneyfromunsuspectingvictims34.
OptionBdescribesapossibleransomwareattack,wheremalicioussoftwareencryptsthefilesona
deviceanddemandsaransomforthedecryptionkey.OptionCdescribesapossiblecredentialharvesting
attack,whereanattackertriestoobtainthelogininformationofaprivilegedaccountbyposingasa
legitimateauthority.OptionDdescribesapossiblephishingattack,whereanattackertriestolurethe
victimtoafakewebsitethatmimicsthecompany’semailportalandcapturetheircredentials.Theseare
alltypesofcyberattacks,buttheyarenotexamplesofBEC
attacks.
Reference=
1:BusinessEmailCompromise-CompTIASecurity+SY0-701-2.2
2:CompTIASecurity+SY0-701CertificationStudyGuide
3:BusinessEmailCompromise:The12BillionDollarScam
4:TOTAL:CompTIASecurity+Cert(SY0-701)|Udemy
6.Acompanypreventeddirectaccessfromthedatabaseadministrators’workstationstothenetwork
segmentthatcontainsdatabaseservers.
Whichofthefollowingshouldadatabaseadministratorusetoaccessthedatabaseservers?
A.Jumpserver
B.RADIUS

DownloadCompTIASecurity+SY0-701Dumpsforpreparation
5/20
C.HSM
D.Loadbalancer
Answer:A
Explanation:
Ajumpserverisadeviceorvirtualmachinethatactsasanintermediarybetweenauser’sworkstation
andaremotenetworksegment.Ajumpservercanbeusedtosecurelyaccessserversordevicesthatare
notdirectlyreachablefromtheuser’sworkstation,suchasdatabaseservers.Ajumpservercanalso
provideauditlogsandaccesscontrolfortheremoteconnections.Ajumpserverisalsoknownasajump
boxorajumphost12.
RADIUSisaprotocolforauthentication,authorization,andaccountingofnetworkaccess.RADIUSisnot
adeviceoramethodtoaccessremoteservers,butratherawaytoverifytheidentityandpermissionsof
usersordevicesthatrequestnetworkaccess34.
HSMisanacronymforHardwareSecurityModule,whichisaphysicaldevicethatprovidessecure
storageandgenerationofcryptographickeys.HSMsareusedtoprotectsensitivedataandapplications,
suchasdigitalsignatures,encryption,andauthentication.HSMsarenotusedtoaccessremoteservers,
butrathertoenhancethesecurityofthedataandapplicationsthatresideonthem5.
Aloadbalancerisadeviceorsoftwarethatdistributesnetworktrafficacrossmultipleserversordevices,
basedoncriteriasuchasavailability,performance,orcapacity.Aloadbalancercanimprovethescalability,
reliability,andefficiencyofnetworkservices,suchaswebservers,applicationservers,ordatabase
servers.Aloadbalancerisnotusedtoaccessremoteservers,butrathertooptimizethedeliveryofthe
servicesthatrunonthem.
Reference=Howtoaccessaremoteserverusingajumphost
Jumpserver
RADIUS
RemoteAuthenticationDial-InUserService(RADIUS)
HardwareSecurityModule(HSM)
[WhatisanHSM?]
[Loadbalancing(computing)]
[WhatisLoadBalancing?]
7.Anorganization’sinternet-facingwebsitewascompromisedwhenanattackerexploitedabuffer
overflow.
Whichofthefollowingshouldtheorganizationdeploytobestprotectagainstsimilarattacksinthefuture?
A.NGFW
B.WAF
C.TLS
D.SD-WAN
Answer:B
Explanation:
Abufferoverflowisatypeofsoftwarevulnerabilitythatoccurswhenanapplicationwritesmoredatatoa
memorybufferthanitcanhold,causingtheexcessdatatooverwriteadjacentmemorylocations.Thiscan
leadtounexpectedbehavior,suchascrashes,errors,orcodeexecution.Abufferoverflowcanbe
exploitedbyanattackertoinjectmaliciouscodeorcommandsintotheapplication,whichcan
compromisethesecurityandfunctionalityofthesystem.Anorganization’sinternet-facingwebsitewas

DownloadCompTIASecurity+SY0-701Dumpsforpreparation
6/20
compromisedwhenanattackerexploitedabufferoverflow.Tobestprotectagainstsimilarattacksinthe
future,theorganizationshoulddeployawebapplicationfirewall(WAF).AWAFisatypeoffirewallthat
monitorsandfiltersthetrafficbetweenawebapplicationandtheinternet.AWAFcandetectandblock
commonwebattacks,suchasbufferoverflows,SQLinjections,cross-sitescripting(XSS),andmore.A
WAFcanalsoenforcesecuritypoliciesandrules,suchasinputvalidation,outputencoding,and
encryption.AWAFcanprovidealayerofprotectionforthewebapplication,preventingattackersfrom
exploitingitsvulnerabilitiesandcompromisingitsdata.
Reference=BufferOverflows–CompTIASecurity+SY0-701–2.3,WebApplicationFirewalls–CompTIA
Security+SY0-701–2.4,[CompTIASecurity+StudyGuidewithover500PracticeTestQuestions:Exam
SY0-701,9thEdition]
8.AnadministratornoticesthatseveralusersarelogginginfromsuspiciousIPaddresses.Afterspeaking
withtheusers,theadministratordeterminesthattheemployeeswerenotlogginginfromthoseIP
addressesandresetstheaffectedusers’passwords.
Whichofthefollowingshouldtheadministratorimplementtopreventthistypeofattackfromsucceeding
inthefuture?
A.Multifactorauthentication
B.Permissionsassignment
C.Accessmanagement
D.Passwordcomplexity
Answer:A
Explanation:
ThecorrectanswerisAbecausemultifactorauthentication(MFA)isamethodofverifyingauser’sidentity
byrequiringmorethanonefactor,suchassomethingtheuserknows(e.g.,password),somethingthe
userhas(e.g.,token),orsomethingtheuseris(e.g.,biometric).MFAcanpreventunauthorizedaccess
eveniftheuser’spasswordiscompromised,astheattackerwouldneedtoprovideanotherfactortologin.
Theotheroptionsareincorrectbecausetheydonotaddresstherootcauseoftheattack,whichisweak
authentication.Permissionsassignment(B)istheprocessofgrantingordenyingaccesstoresources
basedontheuser’sroleoridentity.Accessmanagement©istheprocessofcontrollingwhocanaccess
whatandunderwhatconditions.Passwordcomplexity(D)istherequirementofusingstrongpasswords
thatarehardtoguessorcrack,butitdoesnotpreventanattackerfromusingastolenpassword.
Reference=Youcanlearnmoreaboutmultifactorauthenticationandothersecurityconceptsinthe
followingresources:
CompTIASecurity+SY0-701CertificationStudyGuide,Chapter1:GeneralSecurityConcepts1
ProfessorMesser’sCompTIASY0-701Security+TrainingCourse,Section1.2:SecurityConcepts2
Multi-factorAuthentication–SY0-601CompTIASecurity+:2.43
TOTAL:CompTIASecurity+Cert(SY0-701)|Udemy,Section3:IdentityandAccessManagement,
Lecture15:MultifactorAuthentication4
CompTIASecurity+CertificationSY0-601:TheTotalCourse[Video],Chapter3:IdentityandAccount
Management,Section2:EnablingMultifactorAuthentication5
9.Anemployeereceivesatextmessagethatappearstohavebeensentbythepayrolldepartmentandis
askingforcredentialverification.
Whichofthefollowingsocialengineeringtechniquesarebeingattempted?(Choosetwo.)

DownloadCompTIASecurity+SY0-701Dumpsforpreparation
7/20
A.Typosquatting
B.Phishing
C.Impersonation
D.Vishing
E.Smishing
F.Misinformation
Answer:B,E
Explanation:
Smishingisatypeofsocialengineeringtechniquethatusestextmessages(SMS)totrickvictimsinto
revealingsensitiveinformation,clickingmaliciouslinks,ordownloadingmalware.Smishingmessages
oftenappeartocomefromlegitimatesources,suchasbanks,governmentagencies,orserviceproviders,
anduseurgentorthreateninglanguagetopersuadetherecipientstotakeaction12.Inthisscenario,the
textmessagethatclaimstobefromthepayrolldepartmentisanexampleofsmishing.
Impersonationisatypeofsocialengineeringtechniquethatinvolvespretendingtobesomeoneelse,
suchasanauthorityfigure,atrustedperson,oracolleague,togainthetrustorcooperationofthetarget.
Impersonationcanbedonethroughvariouschannels,suchasphonecalls,emails,textmessages,or
in-personvisits,andcanbeusedtoobtaininformation,access,ormoneyfromthevictim34.Inthis
scenario,thetextmessagethatpretendstobefromthepayrolldepartmentisanexampleof
impersonation.
A.Typosquattingisatypeofcyberattackthatinvolvesregisteringdomainnamesthataresimilarto
popularorwell-knownwebsites,butwithintentionalspellingerrorsordifferentextensions.Typosquatting
aimstoexploitthecommonmistakesthatusersmakewhentypingwebaddresses,andredirectthemto
maliciousorfraudulentsitesthatmaystealtheirinformation,installmalware,ordisplayads56.
Typosquattingisnotrelatedtotextmessagesorcredentialverification.B.Phishingisatypeofsocial
engineeringtechniquethatusesfraudulentemailstotrickrecipientsintorevealingsensitiveinformation,
clickingmaliciouslinks,ordownloadingmalware.Phishingemailsoftenmimictheappearanceandtone
oflegitimateorganizations,suchasbanks,retailers,orserviceproviders,andusedeceptiveorurgent
languagetopersuadetherecipientstotakeaction78.Phishingisnotrelatedtotextmessagesor
credentialverification.
D.Vishingisatypeofsocialengineeringtechniquethatusesvoicecallstotrickvictimsintorevealing
sensitiveinformation,suchaspasswords,creditcardnumbers,orbankaccountdetails.Vishingcalls
oftenappeartocomefromlegitimatesources,suchaslawenforcement,governmentagencies,or
technicalsupport,andusescaretacticsorfalsepromisestopersuadetherecipientstocomply9.Vishing
isnotrelatedtotextmessagesorcredentialverification.
F.Misinformationisatypeofsocialengineeringtechniquethatinvolvesspreadingfalseormisleading
informationtoinfluencethebeliefs,opinions,oractionsofthetarget.Misinformationcanbeusedto
manipulatepublicperception,createconfusion,damagereputation,orpromoteanagenda.
Misinformationisnotrelatedtotextmessagesorcredentialverification.
Reference=
1:WhatisSmishing?|DefinitionandExamples|Kaspersky
2:Smishing-Wikipedia
3:ImpersonationAttacks:WhatAreTheyandHowDoYouProtectAgainstThem?
4:Impersonation-Wikipedia
5:WhatisTyposquatting?|DefinitionandExamples|Kaspersky

DownloadCompTIASecurity+SY0-701Dumpsforpreparation
8/20
6:Typosquatting-Wikipedia
7:WhatisPhishing?|DefinitionandExamples|Kaspersky
8:Phishing-Wikipedia
9:WhatisVishing?|DefinitionandExamples|Kaspersky:Vishing-Wikipedia:WhatisMisinformation?|
DefinitionandExamples|Britannica:Misinformation-Wikipedia
10.SeveralemployeesreceivedafraudulenttextmessagefromsomeoneclaimingtobetheChief
ExecutiveOfficer(CEO).
Themessagestated:
“I’minanairportrightnowwithnoaccesstoemail.Ineedyoutobuygiftcardsforemployeerecognition
awards.Pleasesendthegiftcardstofollowingemailaddress.”
Whichofthefollowingarethebestresponsestothissituation?(Choosetwo).
A.Cancelcurrentemployeerecognitiongiftcards.
B.Addasmishingexercisetotheannualcompanytraining.
C.Issueageneralemailwarningtothecompany.
D.HavetheCEOchangephonenumbers.
E.ConductaforensicinvestigationontheCEO'sphone.
F.Implementmobiledevicemanagement.
Answer:B,C
Explanation:
Thissituationisanexampleofsmishing,whichisatypeofphishingthatusestextmessages(SMS)to
enticeindividualsintoprovidingpersonalorsensitiveinformationtocybercriminals.Thebestresponsesto
thissituationaretoaddasmishingexercisetotheannualcompanytrainingandtoissueageneralemail
warningtothecompany.Asmishingexercisecanhelpraiseawarenessandeducateemployeesonhow
torecognizeandavoidsmishingattacks.Anemailwarningcanalertemployeestothefraudulenttext
messageandremindthemtoverifytheidentityandlegitimacyofanyrequestsforinformationormoney.
Reference=WhatIsPhishing|Cybersecurity|CompTIA,Phishing–SY0-601CompTIASecurity+:1.1-
ProfessorMesserITCertificationTrainingCourses
11.Acompanyisrequiredtousecertifiedhardwarewhenbuildingnetworks.
Whichofthefollowingbestaddressestherisksassociatedwithprocuringcounterfeithardware?
A.Athoroughanalysisofthesupplychain
B.Alegallyenforceablecorporateacquisitionpolicy
C.ArighttoauditclauseinvendorcontractsandSOWs
D.Anin-depthpenetrationtestofallsuppliersandvendors
Answer:A
Explanation:
Counterfeithardwareishardwarethatisbuiltormodifiedwithouttheauthorizationoftheoriginal
equipmentmanufacturer(OEM).Itcanposeseriousriskstonetworkquality,performance,safety,and
reliability12.Counterfeithardwarecanalsocontainmaliciouscomponentsthatcancompromisethe
securityofthenetworkandthedatathatflowsthroughit3.Toaddresstherisksassociatedwithprocuring
counterfeithardware,acompanyshouldconductathoroughanalysisofthesupplychain,whichisthe
networkofentitiesinvolvedintheproduction,distribution,anddeliveryofthehardware.Byanalyzingthe
supplychain,thecompanycanverifytheorigin,authenticity,andintegrityofthehardware,andidentify

DownloadCompTIASecurity+SY0-701Dumpsforpreparation
9/20
anypotentialsourcesofcounterfeitortamperedproducts.Athoroughanalysisofthesupplychaincan
includethefollowingsteps:EstablishingatrustedrelationshipwiththeOEMandauthorizedresellers
RequestingdocumentationandcertificationofthehardwarefromtheOEMorauthorizedresellers
Inspectingthehardwareforanysignsoftampering,suchasmismatchedlabels,serialnumbers,or
components
Testingthehardwareforfunctionality,performance,andsecurity
Implementingatrackingsystemtomonitorthehardwarethroughoutitslifecycle
ReportinganysuspiciousorcounterfeithardwaretotheOEMandlawenforcement
agenciesReference=1:IdentifyCounterfeitandPiratedProducts-Cisco,2:WhatIsHardware
Security?Definition,Threats,andBestPractices,3:BewareofCounterfeitNetworkEquipment-
TechNewsWorld,:CounterfeitHardware:TheThreatandHowtoAvoidIt
12.Whichofthefollowingprovidesthedetailsaboutthetermsofatestwithathird-partypenetration
tester?
A.Rulesofengagement
B.Supplychainanalysis
C.Righttoauditclause
D.Duediligence
Answer:A
Explanation:
Rulesofengagementarethedetailedguidelinesandconstraintsregardingtheexecutionofinformation
securitytesting,suchaspenetrationtesting.Theydefinethescope,objectives,methods,andboundaries
ofthetest,aswellastherolesandresponsibilitiesofthetestersandtheclients.Rulesofengagement
helptoensurethatthetestisconductedinalegal,ethical,andprofessionalmanner,andthattheresults
areaccurateandreliable.Rulesofengagementtypicallyincludethefollowingelements:
Thetypeandscopeofthetest,suchasblackbox,whitebox,orgraybox,andthetargetsystems,
networks,applications,ordata.
Theclientcontactdetailsandthecommunicationchannelsforreportingissues,incidents,oremergencies
duringthetest.
Thetestingteamcredentialsandtheauthorizedtoolsandtechniquesthattheycanuse.
Thesensitivedatahandlingandencryptionrequirements,suchashowtostore,transmit,ordisposeof
anydataobtainedduringthetest.
Thestatusmeetingandreportschedules,formats,andrecipients,aswellastheconfidentialityand
non-disclosureagreementsforthetestresults.
Thetimelineanddurationofthetest,andthehoursofoperationandtestingwindows.
Theprofessionalandethicalbehaviorexpectationsforthetesters,suchasavoidingunnecessarydamage,
disruption,ordisclosureofinformation.
Supplychainanalysis,righttoauditclause,andduediligencearenotrelatedtothetermsofatestwitha
third-partypenetrationtester.Supplychainanalysisistheprocessofevaluatingthesecurityandrisk
postureofthesuppliersandpartnersinabusinessnetwork.Righttoauditclauseisaprovisionina
contractthatgivesonepartytherighttoauditanotherpartytoverifytheircompliancewiththecontract
termsandconditions.Duediligenceistheprocessofidentifyingandaddressingthecyberrisksthata
potentialvendororpartnerbringstoanorganization.
Reference=https://www.yeahhub.com/every-penetration-tester-you-should-know-about-this-rules-

DownloadCompTIASecurity+SY0-701Dumpsforpreparation
10/20
of-engagement/
https://bing.com/search?q=rules+of+engagement+penetration+testing
13.Apenetrationtesterbeginsanengagementbyperformingportandservicescansagainsttheclient
environmentaccordingtotherulesofengagement.
Whichofthefollowingreconnaissancetypesisthetesterperforming?
A.Active
B.Passive
C.Defensive
D.Offensive
Answer:A
Explanation:
Activereconnaissanceisatypeofreconnaissancethatinvolvessendingpacketsorrequeststoatarget
andanalyzingtheresponses.Activereconnaissancecanrevealinformationsuchasopenports,services,
operatingsystems,andvulnerabilities.However,activereconnaissanceisalsomorelikelytobedetected
bythetargetoritssecuritydevices,suchasfirewallsorintrusiondetectionsystems.Portandservice
scansareexamplesofactivereconnaissancetechniques,astheyinvolveprobingthetargetforspecific
information.
Reference=CompTIASecurity+CertificationExamObjectives,Domain1.1:Givenascenario,conduct
reconnaissanceusingappropriatetechniquesand
tools.CompTIASecurity+StudyGuide(SY0-701),Chapter2:ReconnaissanceandIntelligence
Gathering,page47.CompTIASecurity+CertificationExamSY0-701PracticeTest1,Question1.
14.Whichofthefollowingisrequiredforanorganizationtoproperlymanageitsrestoreprocessinthe
eventofsystemfailure?
A.IRP
B.DRP
C.RPO
D.SDLC
Answer:B
Explanation:
Adisasterrecoveryplan(DRP)isasetofpoliciesandproceduresthataimtorestorethenormal
operationsofanorganizationintheeventofasystemfailure,naturaldisaster,orotheremergency.
ADRPtypicallyincludesthefollowingelements:
Ariskassessmentthatidentifiesthepotentialthreatsandimpactstotheorganization’scriticalassetsand
processes.
Abusinessimpactanalysisthatprioritizestherecoveryofthemostessentialfunctionsanddata.A
recoverystrategythatdefinestherolesandresponsibilitiesoftherecoveryteam,theresourcesandtools
needed,andthestepstofollowtorestorethesystem.
AtestingandmaintenanceplanthatensurestheDRPisupdatedandvalidatedregularly.ADRPis
requiredforanorganizationtoproperlymanageitsrestoreprocessintheeventofsystemfailure,asit
providesaclearandstructuredframeworkforrecoveringfromadisasterandminimizingthedowntime
anddataloss.
Reference=CompTIASecurity+StudyGuide(SY0-701),Chapter7:ResilienceandRecovery,page325.

DownloadCompTIASecurity+SY0-701Dumpsforpreparation
11/20
15.Whichofthefollowingvulnerabilitiesisassociatedwithinstallingsoftwareoutsideofamanufacturer’s
approvedsoftwarerepository?
A.Jailbreaking
B.Memoryinjection
C.Resourcereuse
D.Sideloading
Answer:D
Explanation:
Sideloadingistheprocessofinstallingsoftwareoutsideofamanufacturer’sapprovedsoftwarerepository.
Thiscanexposethedevicetopotentialvulnerabilities,suchasmalware,spyware,orunauthorized
access.Sideloadingcanalsobypasssecuritycontrolsandpoliciesthatareenforcedbythemanufacturer
ortheorganization.Sideloadingisoftendonebyuserswhowanttoaccessapplicationsorfeaturesthat
arenotavailableorallowedontheirdevices.
Reference=Sideloading-CompTIASecurity+VideoTraining|InterfaceTechnicalTraining,Security+
(Plus)Certification|CompTIAITCertifications,LoadBalancers–CompTIASecurity+SY0-501–2.1,
CompTIASecurity+SY0-601CertificationStudyGuide.
16.Asecurityanalystisreviewingthefollowinglogs:
Whichofthefollowingattacksismostlikelyoccurring?
A.Passwordspraying
B.Accountforgery
C.Pass-the-hash
D.Brute-force
Answer:A
Explanation:
Passwordsprayingisatypeofbruteforceattackthattriescommonpasswordsacrossseveralaccounts
tofindamatch.Itisamasstrial-and-errorapproachthatcanbypassaccountlockoutprotocols.Itcan
givehackersaccesstopersonalorbusinessaccountsandinformation.Itisnotatargetedattack,buta
high-volumeattacktacticthatusesadictionaryoralistofpopularorweakpasswords12.
Thelogsshowthattheattackerisusingthesamepassword("password123")toattempttologinto
differentaccounts("admin","user1","user2",etc.)onthesamewebserver.Thisisatypicalpatternof
passwordspraying,astheattackerishopingthatatleastoneoftheaccountshasaweakpasswordthat
matchestheonetheyaretrying.TheattackerisalsousingatoolcalledHydra,whichisoneofthemost
popularbruteforcetools,oftenusedincrackingpasswordsfornetworkauthentication3.Accountforgery
isnotthecorrectanswer,becauseitinvolvescreatingfakeaccountsorcredentialstoimpersonate
legitimateusersorentities.Thereisnoevidenceofaccountforgeryinthelogs,astheattackerisnot
creatinganynewaccountsorusingforgedcredentials.
Pass-the-hashisnotthecorrectanswer,becauseitinvolvesstealingahashedusercredentialandusing

DownloadCompTIASecurity+SY0-701Dumpsforpreparation
12/20
ittocreateanewauthenticatedsessiononthesamenetwork.Pass-the-hashdoesnotrequirethe
attackertoknoworcrackthepassword,astheyusethestoredversionofthepasswordtoinitiateanew
session4.Thelogsshowthattheattackerisusingplaintextpasswords,nothashes,totrytologintothe
webserver.
Brute-forceisnotthecorrectanswer,becauseitisabroadertermthatencompassesdifferenttypesof
attacksthatinvolvetryingdifferentvariationsofsymbolsorwordsuntilthecorrectpasswordisfound.
Passwordsprayingisaspecifictypeofbruteforceattackthatusesasinglecommonpasswordagainst
multipleaccounts5.Thelogsshowthattheattackerisusingpasswordspraying,notbruteforceingeneral,
totrytogainaccesstothewebserver.
Reference=1:Passwordspraying:Anoverviewofpasswordsprayingattacks…-Norton,2:Security:
CredentialStuffingvs.Password
Spraying-Baeldung,3:BruteForceAttack:Adefinition+6typestoknow|Norton,4:Whatisa
Pass-the-HashAttack?-CrowdStrike,5:WhatisaBruteForceAttack?|Definition,Types&HowItWorks
-Fortinet
17.AnanalystisevaluatingtheimplementationofZeroTrustprincipleswithinthedataplane.
Whichofthefollowingwouldbemostrelevantfortheanalysttoevaluate?
A.Securedzones
B.Subjectrole
C.Adaptiveidentity
D.Threatscopereduction
Answer:D
Explanation:
Thedataplane,alsoknownastheforwardingplane,isthepartofthenetworkthatcarriesusertrafficand
data.Itisresponsibleformovingpacketsfromonedevicetoanotherbasedontheroutingandswitching
decisionsmadebythecontrolplane.ThedataplaneisacriticalcomponentoftheZeroTrustarchitecture,
asitiswheremostoftheattacksandbreachesoccur.Therefore,implementingZeroTrustprinciples
withinthedataplanecanhelptoimprovethesecurityandresilienceofthenetwork.
OneofthekeyprinciplesofZeroTrustistoassumebreachandminimizetheblastradiusandsegment
access.Thismeansthatthenetworkshouldbedividedintosmallerandisolatedsegmentsorzones,each
withitsownsecuritypoliciesandcontrols.Thisway,ifonesegmentiscompromised,theattackercannot
easilymovelaterallytoothersegmentsandaccessmoreresourcesordata.Thisprincipleisalsoknown
asthreatscopereduction,asitreducesthescopeandimpactofapotentialthreat.
Theotheroptionsarenotasrelevantforthedataplaneasthreatscopereduction.Securedzonesarea
conceptrelatedtothecontrolplane,whichisthepartofthenetworkthatmakesroutingandswitching
decisions.Subjectroleisaconceptrelatedtotheidentityplane,whichisthepartofthenetworkthat
authenticatesandauthorizesusersanddevices.Adaptiveidentityisaconceptrelatedtothepolicyplane,
whichisthepartofthenetworkthatdefinesandenforcesthesecuritypoliciesandrules.
Reference=https://bing.com/search?q=Zero+Trust+data+plane
https://learn.microsoft.com/en-us/security/zero-trust/deploy/data
18.Anengineerneedstofindasolutionthatcreatesanaddedlayerofsecuritybypreventing
unauthorizedaccesstointernalcompanyresources.
Whichofthefollowingwouldbethebestsolution?

DownloadCompTIASecurity+SY0-701Dumpsforpreparation
13/20
A.RDPserver
B.Jumpserver
C.Proxyserver
D.Hypervisor
Answer:B
Explanation:
=Ajumpserverisaserverthatactsasanintermediarybetweenauserandatargetsystem.Ajump
servercanprovideanaddedlayerofsecuritybypreventingunauthorizedaccesstointernalcompany
resources.Ausercanconnecttothejumpserverusingasecureprotocol,suchasSSH,andthenaccess
thetargetsystemfromthejumpserver.Thisway,thetargetsystemisisolatedfromtheexternalnetwork
andonlyaccessiblethroughthejumpserver.Ajumpservercanalsoenforcesecuritypolicies,suchas
authentication,authorization,logging,andauditing,ontheuser’sconnection.Ajumpserverisalsoknown
asabastionhostorajumpbox.
Reference=CompTIASecurity+CertificationExamObjectives,Domain3.3:Givenascenario,implement
securenetworkarchitectureconcepts.CompTIASecurity+StudyGuide(SY0-701),Chapter3:Network
ArchitectureandDesign,page101.OtherNetworkAppliances–SY0-601CompTIASecurity+:3.3,Video
3:03.CompTIASecurity+CertificationExamSY0-701PracticeTest1,Question2.
19.Acompany’swebfilterisconfiguredtoscantheURLforstringsanddenyaccesswhenmatchesare
found.
Whichofthefollowingsearchstringsshouldananalystemploytoprohibitaccesstonon-encrypted
websites?
A.encryption=off\
B.http://
C.www.*.com
D.:443
Answer:B
Explanation:
Awebfilterisadeviceorsoftwarethatcanmonitor,block,orallowwebtrafficbasedonpredefinedrules
orpolicies.OneofthecommonmethodsofwebfilteringistoscantheURLforstringsanddenyaccess
whenmatchesarefound.Forexample,awebfiltercanblockaccesstowebsitesthatcontainthewords
“gambling”,“porn”,or“malware”intheirURLs.AURLisauniformresourcelocatorthatidentifiesthe
locationandprotocolofawebresource.
AURLtypicallyconsistsofthefollowingcomponents:protocol://domain:port/path?query#fragment.The
protocolspecifiesthecommunicationmethodusedtoaccessthewebresource,suchasHTTP,HTTPS,
FTP,orSMTP.Thedomainisthenameofthewebserverthathoststhewebresource,suchas
www.google.comorwww.bing.com.Theportisanoptionalnumberthatidentifiesthespecificserviceor
applicationrunningonthewebserver,suchas80forHTTPor443forHTTPS.Thepathisthespecific
folderorfilenameofthewebresource,suchas/index.htmlor/images/logo.png.Thequeryisanoptional
stringthatcontainsadditionalinformationorparametersforthewebresource,suchas?q=security
or?lang=en.Thefragmentisanoptionalstringthatidentifiesaspecificpartorsectionoftheweb
resource,suchas#introductionor#summary.
Toprohibitaccesstonon-encryptedwebsites,ananalystshouldemployasearchstringthatmatchesthe
protocolofnon-encryptedwebtraffic,whichisHTTP.HTTPstandsforhypertexttransferprotocol,anditis

DownloadCompTIASecurity+SY0-701Dumpsforpreparation
14/20
astandardprotocolfortransferringdatabetweenwebserversandwebbrowsers.However,HTTPdoes
notprovideanyencryptionorsecurityforthedata,whichmeansthatanyonewhointerceptstheweb
trafficcanreadormodifythedata.Therefore,non-encryptedwebsitesarevulnerabletoeavesdropping,
tampering,orspoofingattacks.Toaccessanon-encryptedwebsite,theURLusuallystartswithhttp://,
followedbythedomainnameandoptionallytheportnumber.Forexample,http://www.example.comor
http://www.example.com:80.ByscanningtheURLforthestringhttp://,thewebfiltercanidentifyand
blocknon-encryptedwebsites.
Theotheroptionsarenotcorrectbecausetheydonotmatchtheprotocolofnon-encryptedwebtraffic.
Encryption=offisapossiblequerystringthatindicatestheencryptionstatusofthewebresource,butitis
notastandardormandatoryparameter.Https://istheprotocolofencryptedwebtraffic,whichuses
hypertexttransferprotocolsecure(HTTPS)toprovideencryptionandsecurityforthedata.Www.*.comis
apossibledomainnamethatmatchesanywebsitethatstartswithwwwandendswith.com,butitdoes
notspecifytheprotocol.:443istheportnumberofHTTPS,whichistheprotocolofencryptedwebtraffic.
Reference=CompTIASecurity+StudyGuide(SY0-701),Chapter2:SecuringNetworks,page69.
ProfessorMesser’sCompTIASY0-701Security+TrainingCourse,Section2.1:NetworkDevicesand
Technologies,video:WebFilter(5:16).
20.Duringasecurityincident,thesecurityoperationsteamidentifiedsustainednetworktrafficfroma
maliciousIPaddress:10.1.4.9.AsecurityanalystiscreatinganinboundfirewallruletoblocktheIP
addressfromaccessingtheorganization’snetwork.
Whichofthefollowingfulfillsthisrequest?
A.access-listinbounddenyigsource0.0.0.0/0destination10.1.4.9/32
B.access-listinbounddenyigsource10.1.4.9/32destination0.0.0.0/0
C.access-listinboundpermitigsource10.1.4.9/32destination0.0.0.0/0
D.access-listinboundpermitigsource0.0.0.0/0destination10.1.4.9/32
Answer:B
Explanation:
Afirewallruleisasetofcriteriathatdetermineswhethertoallowordenyapackettopassthroughthe
firewall.Afirewallruleconsistsofseveralelements,suchastheaction,theprotocol,thesourceaddress,
thedestinationaddress,andtheportnumber.Thesyntaxofafirewallrulemayvarydependingonthe
typeandvendorofthefirewall,butthebasiclogicisthesame.Inthisquestion,thesecurityanalystis
creatinganinboundfirewallruletoblocktheIPaddress10.1.4.9fromaccessingtheorganization’s
network.Thismeansthattheactionshouldbedeny,theprotocolshouldbeany(origforIP),thesource
addressshouldbe10.1.4.9/32(whichmeansasingleIPaddress),thedestinationaddressshouldbe
0.0.0.0/0(whichmeansanyIPaddress),andtheportnumbershouldbeany.
Therefore,thecorrectfirewallruleis:
access-listinbounddenyigsource10.1.4.9/32destination0.0.0.0/0
ThisrulewillmatchanypacketthathasthesourceIPaddressof10.1.4.9anddropit.Theotheroptions
areincorrectbecausetheyeitherhavethewrongaction,thewrongsourceaddress,orthewrong
destinationaddress.Forexample,optionAhasthesourceanddestinationaddressesreversed,which
meansthatitwillblockanypacketthathasthedestinationIPaddressof10.1.4.9,whichisnotthe
intendedgoal.OptionChasthewrongaction,whichispermit,whichmeansthatitwillallowthepacketto
passthroughthefirewall,whichisalsonottheintendedgoal.OptionDhasthesameproblemasoptionA,
withthesourceanddestinationaddressesreversed.

DownloadCompTIASecurity+SY0-701Dumpsforpreparation
15/20
Reference=FirewallRules–CompTIASecurity+SY0-401:1.2,Firewalls–SY0-601CompTIASecurity+
:3.3,Firewalls–CompTIASecurity+SY0-501,UnderstandingFirewallRules–CompTIANetwork+
N10-005:5.5,ConfiguringWindowsFirewall–CompTIAA+220-1102–1.6.
21.Acompanyneedstoprovideadministrativeaccesstointernalresourceswhileminimizingthetraffic
allowedthroughthesecurityboundary.
Whichofthefollowingmethodsismostsecure?
A.Implementingabastionhost
B.Deployingaperimeternetwork
C.InstallingaWAF
D.Utilizingsinglesign-on
Answer:A
Explanation:
Abastionhostisaspecial-purposeserverthatisdesignedtowithstandattacksandprovidesecure
accesstointernalresources.Abastionhostisusuallyplacedontheedgeofanetwork,actingasa
gatewayorproxytotheinternalnetwork.Abastionhostcanbeconfiguredtoallowonlycertaintypesof
traffic,suchasSSHorHTTP,andblockallothertraffic.Abastionhostcanalsorunsecuritysoftwaresuch
asfirewalls,intrusiondetectionsystems,andantivirusprogramstomonitorandfilterincomingand
outgoingtraffic.Abastionhostcanprovideadministrativeaccesstointernalresourcesbyrequiringstrong
authenticationandencryption,andbyloggingallactivitiesforauditingpurposes12.
Abastionhostisthemostsecuremethodamongthegivenoptionsbecauseitminimizesthetraffic
allowedthroughthesecurityboundaryandprovidesasinglepointofcontrolanddefense.Abastionhost
canalsoisolatetheinternalnetworkfromdirectexposuretotheinternetorotheruntrustednetworks,
reducingtheattacksurfaceandtheriskofcompromise3.
Deployingaperimeternetworkisnotthecorrectanswer,becauseaperimeternetworkisanetwork
segmentthatseparatestheinternalnetworkfromtheexternalnetwork.Aperimeternetworkusuallyhosts
public-facingservicessuchaswebservers,emailservers,orDNSserversthatneedtobeaccessible
fromtheinternet.Aperimeternetworkdoesnotprovideadministrativeaccesstointernalresources,but
ratherprotectsthemfromunauthorizedaccess.Aperimeternetworkcanalsoincreasethecomplexityand
costofnetworkmanagementandsecurity4.
InstallingaWAFisnotthecorrectanswer,becauseaWAFisasecuritytoolthatprotectswebapplications
fromcommonweb-basedattacksbymonitoring,filtering,andblockingHTTPtraffic.AWAFcanprevent
attackssuchascross-sitescripting,SQLinjection,orfileinclusion,amongothers.AWAFdoesnot
provideadministrativeaccesstointernalresources,butratherprotectsthemfromwebapplication
vulnerabilities.AWAFisalsonotacomprehensivesolutionfornetworksecurity,asitonlyoperatesatthe
applicationlayeranddoesnotprotectagainstothertypesofattacksorthreats5.
Utilizingsinglesign-onisnotthecorrectanswer,becausesinglesign-onisamethodofauthentication
thatallowsuserstoaccessmultiplesites,services,orapplicationswithoneusernameandpassword.
Singlesign-oncansimplifythesign-inprocessforusersandreducethenumberofpasswordstheyhave
torememberandmanage.Singlesign-ondoesnotprovideadministrativeaccesstointernalresources,
butratherenablesaccesstovariousresourcesthattheuserisauthorizedtouse.Singlesign-oncanalso
introducesecurityrisksiftheuser’scredentialsarecompromisedorifthesinglesign-onprovideris
breached6.
Reference=1:Bastionhost-Wikipedia,2:14BestPracticestoSecureSSHBastionHost-

DownloadCompTIASecurity+SY0-701Dumpsforpreparation
16/20
goteleport.com,3:TheImportanceOfBastionHostsInNetworkSecurity,4:Whatisthenetwork
perimeter?|Cloudflare,5:WhatisaWAF?|WebApplicationFirewallexplained,6:[Whatissingle
sign-on(SSO)?-DefinitionfromWhatIs.com]
22.AsecurityanalystisreviewingalertsintheSIEMrelatedtopotentialmaliciousnetworktrafficcoming
fromanemployee’scorporatelaptop.Thesecurityanalysthasdeterminedthatadditionaldataaboutthe
executablerunningonthemachineisnecessarytocontinuetheinvestigation.
Whichofthefollowinglogsshouldtheanalystuseasadatasource?
A.Application
B.IPS/IDS
C.Network
D.Endpoint
Answer:D
Explanation:
Anendpointlogisafilethatcontainsinformationabouttheactivitiesandeventsthatoccuronan
end-userdevice,suchasalaptop,desktop,tablet,orsmartphone.Endpointlogscanprovidevaluable
dataforsecurityanalysts,suchastheprocessesrunningonthedevice,thenetworkconnections
established,thefilesaccessedormodified,theuseractionsperformed,andtheapplicationsinstalledor
updated.Endpointlogscanalsorecordthedetailsofanyexecutablefilesrunningonthedevice,suchas
thename,path,size,hash,signature,andpermissionsoftheexecutable.
Anapplicationlogisafilethatcontainsinformationabouttheeventsthatoccurwithinasoftware
application,suchaserrors,warnings,transactions,orperformancemetrics.Applicationlogscanhelp
developersandadministratorstroubleshootissues,optimizeperformance,andmonitoruserbehavior.
However,applicationlogsmaynotprovideenoughinformationabouttheexecutablefilesrunningonthe
device,especiallyiftheyaremaliciousorunknown.
AnIPS/IDSlogisafilethatcontainsinformationaboutthenetworktrafficthatismonitoredandanalyzed
byanintrusionpreventionsystem(IPS)oranintrusiondetectionsystem(IDS).IPS/IDSlogscanhelp
securityanalystsidentifyandblockpotentialattacks,suchasexploitattempts,denial-of-service(DoS)
attacks,ormaliciousscans.However,IPS/IDSlogsmaynotprovideenoughinformationaboutthe
executablefilesrunningonthedevice,especiallyiftheyareencrypted,obfuscated,oruselegitimate
protocols.
Anetworklogisafilethatcontainsinformationaboutthenetworkactivityandcommunicationthatoccurs
betweendevices,suchasIPaddresses,ports,protocols,packets,orbytes.Networklogscanhelp
securityanalystsunderstandthenetworktopology,trafficpatterns,andbandwidthusage.
However,networklogsmaynotprovideenoughinformationabouttheexecutablefilesrunningonthe
device,especiallyiftheyarehidden,spoofed,oruseproxyservers.
Therefore,thebestlogtypetouseasadatasourceforadditionalinformationabouttheexecutable
runningonthemachineistheendpointlog,asitcanprovidethemostrelevantanddetaileddataabout
theexecutablefileanditsbehavior.
Reference=
https://www.crowdstrike.com/cybersecurity-101/observability/application-log/
https://owasp.org/www-project-proactive-controls/v3/en/c9-security-logging
23.Acyberoperationsteaminformsasecurityanalystaboutanewtacticmaliciousactorsareusingto

DownloadCompTIASecurity+SY0-701Dumpsforpreparation
17/20
compromisenetworks.
SIEMalertshavenotyetbeenconfigured.
Whichofthefollowingbestdescribeswhatthesecurityanalystshoulddotoidentifythisbehavior?
A.[Digitalforensics
B.E-discovery
C.Incidentresponse
D.Threathunting
Answer:D
Explanation:
Threathuntingistheprocessofproactivelysearchingforsignsofmaliciousactivityorcompromiseina
network,ratherthanwaitingforalertsorindicatorsofcompromise(IOCs)toappear.Threathuntingcan
helpidentifynewtactics,techniques,andprocedures(TTPs)usedbymaliciousactors,aswellasuncover
hiddenorstealthythreatsthatmayhaveevadeddetectionbysecuritytools.Threathuntingrequiresa
combinationofskills,tools,andmethodologies,suchashypothesisgeneration,datacollectionand
analysis,threatintelligence,andincidentresponse.Threathuntingcanalsohelpimprovethesecurity
postureofanorganizationbyprovidingfeedbackandrecommendationsforsecurityimprovements.
Reference=CompTIASecurity+CertificationExamObjectives,Domain4.1:Givenascenario,analyze
potentialindicatorsofmaliciousactivity.CompTIASecurity+StudyGuide(SY0-701),Chapter4:Threat
DetectionandResponse,page153.ThreatHunting–SY0-701CompTIASecurity+:4.1,Video3:18.
CompTIASecurity+CertificationExamSY0-701PracticeTest1,Question3.
24.Acompanypurchasedcyberinsurancetoaddressitemslistedontheriskregister.
Whichofthefollowingstrategiesdoesthisrepresent?
A.Accept
B.Transfer
C.Mitigate
D.Avoid
Answer:B
Explanation:
Cyberinsuranceisatypeofinsurancethatcoversthefinanciallossesandliabilitiesthatresultfrom
cyberattacks,suchasdatabreaches,ransomware,denial-of-service,phishing,ormalware.Cyber
insurancecanhelpacompanyrecoverfromthecostsofrestoringdata,repairingsystems,paying
ransoms,compensatingcustomers,orfacinglegalactions.Cyberinsuranceisoneofthepossible
strategiesthatacompanycanusetoaddresstheitemslistedontheriskregister.Ariskregisterisa
documentthatrecordstheidentifiedrisks,theirprobability,impact,andmitigationstrategiesforaproject
oranorganization.
Thefourcommonriskmitigationstrategiesare:
Accept:Thecompanyacknowledgestheriskanddecidestoaccepttheconsequenceswithouttakingany
actiontoreduceoreliminatetherisk.Thisstrategyisusuallychosenwhentheriskisloworthecostof
mitigationistoohigh.
Transfer:Thecompanytransferstherisktoathirdparty,suchasaninsurancecompany,avendor,ora
partner.Thisstrategyisusuallychosenwhentheriskishighorthecompanylackstheresourcesor
expertisetohandletherisk.
Mitigate:Thecompanyimplementscontrolsormeasurestoreducethelikelihoodorimpactoftherisk.

DownloadCompTIASecurity+SY0-701Dumpsforpreparation
18/20
Thisstrategyisusuallychosenwhentheriskismoderateorthecostofmitigationisreasonable.Avoid:
Thecompanyeliminatestheriskbychangingthescope,plan,ordesignoftheprojectortheorganization.
Thisstrategyisusuallychosenwhentheriskisunacceptableorthecostofmitigationistoohigh.
Bypurchasingcyberinsurance,thecompanyistransferringtherisktotheinsurancecompany,whichwill
coverthefinanciallossesandliabilitiesincaseofacyberattack.Therefore,thecorrectanswerisB.
Transfer.
Reference=CompTIASecurity+StudyGuide(SY0-701),Chapter8:Governance,Risk,andCompliance,
page377.ProfessorMesser’sCompTIASY0-701Security+TrainingCourse,Section8.1:Risk
Management,video:RiskMitigationStrategies(5:37).
25.Asecurityadministratorwouldliketoprotectdataonemployees’laptops.
Whichofthefollowingencryptiontechniquesshouldthesecurityadministratoruse?
A.Partition
B.Asymmetric
C.Fulldisk
D.Database
Answer:C
Explanation:
Fulldiskencryption(FDE)isatechniquethatencryptsallthedataonaharddrive,includingtheoperating
system,applications,andfiles.FDEprotectsthedatafromunauthorizedaccessincasethelaptopislost,
stolen,ordisposedofwithoutpropersanitization.FDErequirestheusertoenterapassword,aPIN,a
smartcard,orabiometricfactortounlockthedriveandbootthesystem.FDEcanbeimplementedby
usingsoftwaresolutions,suchasBitLocker,FileVault,orVeraCrypt,orbyusinghardwaresolutions,such
asself-encryptingdrives(SEDs)orTrustedPlatformModules(TPMs).FDEisarecommendedencryption
techniqueforlaptopsandothermobiledevicesthatstoresensitivedata.Partitionencryptionisa
techniquethatencryptsonlyaspecificpartitionorvolumeonaharddrive,leavingtherestofthedrive
unencrypted.PartitionencryptionislesssecurethanFDE,asitdoesnotprotecttheentiredriveandmay
leavetracesofdataonunencryptedareas.PartitionencryptionisalsolessconvenientthanFDE,asit
requirestheusertomountandunmounttheencryptedpartitionmanually.
Asymmetricencryptionisatechniquethatusesapairofkeys,onepublicandoneprivate,toencryptand
decryptdata.Asymmetricencryptionismainlyusedforsecuringcommunication,suchasemail,web,or
VPN,ratherthanforencryptingdataatrest.Asymmetricencryptionisalsoslowerandmore
computationallyintensivethansymmetricencryption,whichisthetypeofencryptionusedbyFDEand
partitionencryption.
Databaseencryptionisatechniquethatencryptsdatastoredinadatabase,suchastables,columns,
rows,orcells.Databaseencryptioncanbedoneattheapplicationlevel,thedatabaselevel,orthefile
systemlevel.Databaseencryptionisusefulforprotectingdatafromunauthorizedaccessbydatabase
administrators,hackers,ormalware,butitdoesnotprotectthedatafromphysicaltheftorlossofthe
devicethathoststhedatabase.
Reference=DataEncryption–CompTIASecurity+SY0-401:4.4,CompTIASecurity+CheatSheetand
PDF|ZeroToMastery,CompTIASecurity+SY0-601CertificationCourse-Cybr,ApplicationHardening–
SY0-601CompTIASecurity+:3.2.
26.Whichofthefollowingsecuritycontroltypesdoesanacceptableusepolicybestrepresent?

DownloadCompTIASecurity+SY0-701Dumpsforpreparation
19/20
A.Detective
B.Compensating
C.Corrective
D.Preventive
Answer:D
Explanation:
Anacceptableusepolicy(AUP)isasetofrulesthatgovernhowuserscanaccessanduseacorporate
networkortheinternet.TheAUPhelpscompaniesminimizetheirexposuretocybersecuritythreatsand
limitotherrisks.TheAUPalsoservesasanoticetousersaboutwhattheyarenotallowedtodoand
protectsthecompanyagainstmisuseoftheirnetwork.Usersusuallyhavetoacknowledgethatthey
understandandagreetotherulesbeforeaccessingthenetwork1.
AnAUPbestrepresentsapreventivesecuritycontroltype,becauseitaimstodeterorstoppotential
securityincidentsfromoccurringinthefirstplace.Apreventivecontrolisproactiveandanticipates
possiblethreatsandvulnerabilities,andimplementsmeasurestopreventthemfromexploitingorharming
thesystemorthedata.Apreventivecontrolcanbephysical,technical,oradministrativeinnature2.
Someexamplesofpreventivecontrolsare:
Locks,fences,orguardsthatpreventunauthorizedphysicalaccesstoafacilityoradevice
Firewalls,antivirussoftware,orencryptionthatpreventunauthorizedlogicalaccesstoanetworkora
system
Policies,procedures,ortrainingthatpreventunauthorizedorinappropriateactionsorbehaviorsbyusers
oremployees
AnAUPisanexampleofanadministrativepreventivecontrol,becauseitdefinesthepoliciesand
proceduresthatusersmustfollowtoensurethesecurityandproperuseofthenetworkandtheIT
resources.AnAUPcanpreventusersfromengaginginactivitiesthatcouldcompromisethesecurity,
performance,oravailabilityofthenetworkorthesystem,suchas:Downloadingorinstallingunauthorized
ormalicioussoftware
AccessingorsharingsensitiveorconfidentialinformationwithoutauthorizationorencryptionUsingthe
networkorthesystemforpersonal,illegal,orunethicalpurposes
BypassingordisablingsecuritycontrolsormechanismsConnectingunsecuredorunapproveddevicesto
thenetwork
ByenforcinganAUP,acompanycanpreventorreducethelikelihoodofsecuritybreaches,dataloss,
legalliability,orreputationaldamagecausedbyuseractionsorinactions3.
Reference=1:HowtoCreateanAcceptableUsePolicy-CoreTech,2:[SecurityControlTypes:
Preventive,Detective,Corrective,andCompensating],3:WhyYouNeedACorporateAcceptableUse
Policy-CompTIA
27.AnITmanagerinformstheentirehelpdeskstaffthatonlytheITmanagerandthehelpdeskleadwill
haveaccesstotheadministratorconsoleofthehelpdesksoftware.
WhichofthefollowingsecuritytechniquesistheITmanagersettingup?
A.Hardening
B.Employeemonitoring
C.Configurationenforcement
D.Leastprivilege
Answer:D

DownloadCompTIASecurity+SY0-701Dumpsforpreparation
20/20
Explanation:
Theprincipleofleastprivilegeisasecurityconceptthatlimitsaccesstoresourcestotheminimumlevel
neededforauser,aprogram,oradevicetoperformalegitimatefunction.Itisacybersecuritybest
practicethatprotectshigh-valuedataandassetsfromcompromiseorinsiderthreat.Leastprivilegecan
beappliedtodifferentabstractionlayersofacomputingenvironment,suchasprocesses,systems,or
connecteddevices.However,itisrarelyimplementedinpractice.
Inthisscenario,theITmanagerissettinguptheprincipleofleastprivilegebyrestrictingaccesstothe
administratorconsoleofthehelpdesksoftwaretoonlytwoauthorizedusers:theITmanagerandthehelp
desklead.Thisway,theITmanagercanpreventunauthorizedoraccidentalchangestothesoftware
configuration,data,orfunctionalitybyotherhelpdeskstaff.Theotherhelpdeskstaffwillonlyhave
accesstothenormaluserinterfaceofthesoftware,whichissufficientforthemtoperformtheirjob
functions.
Theotheroptionsarenotcorrect.Hardeningistheprocessofsecuringasystembyreducingitssurface
ofvulnerability,suchasbyremovingunnecessarysoftware,changingdefaultpasswords,ordisabling
unnecessaryservices.Employeemonitoringisthesurveillanceofworkers’activity,suchasbytracking
webbrowsing,applicationuse,keystrokes,orscreenshots.Configurationenforcementistheprocessof
ensuringthatasystemadherestoapredefinedsetofsecuritysettings,suchasbyapplyingapatch,a
policy,oratemplate.
Reference=
https://en.wikipedia.org/wiki/Principle_of_least_privilege
https://en.wikipedia.org/wiki/Principle_of_least_privilege
28.Whichofthefollowingisthemostlikelytobeusedtodocumentrisks,responsibleparties,and
thresholds?
A.Risktolerance
B.Risktransfer
C.Riskregister
D.Riskanalysis
Answer:C
Explanation:
Ariskregisterisadocumentthatrecordsandtrackstherisksassociatedwithaproject,system,or
organization.Ariskregistertypicallyincludesinformationsuchastheriskdescription,theriskowner,the
riskprobability,theriskimpact,therisklevel,theriskresponsestrategy,andtheriskstatus.Ariskregister
canhelpidentify,assess,prioritize,monitor,andcontrolrisks,aswellascommunicatethemtorelevant
stakeholders.Ariskregistercanalsohelpdocumenttherisktoleranceandthresholdsofanorganization,
whicharetheacceptablelevelsofriskexposureandthecriteriaforescalatingormitigatingrisks.
Reference=CompTIASecurity+CertificationExamObjectives,Domain5.1:Explaintheimportanceof
policies,plans,andproceduresrelatedtoorganizationalsecurity.CompTIASecurity+StudyGuide
(SY0-701),Chapter5:Governance,Risk,andCompliance,page211.CompTIASecurity+Certification
Guide,Chapter2:RiskManagement,page33.CompTIASecurity+CertificationExamSY0-701Practice
Test1,Question4.