How Many Questions Of SY0-701 Study Guides

NEW QUESTION 1

Which of the following best describes the situation where a successfully onboarded employee who is using a fingerprint reader is denied access at the company's mam gate?

• A. Crossover error rate
• B. False match raw
• C. False rejection
• D. False positive

Answer: C

Explanation:
False rejection Short
A false rejection occurs when a biometric system fails to recognize an authorized user and denies access. This can happen due to poor quality of the biometric sample, environmental factors, or system errors. References: https://www.comptia.org/blog/what-is-biometrics

NEW QUESTION 2

Which of the following should be addressed first on security devices before connecting to the network?

• A. Open permissions
• B. Default settings
• C. API integration configuration
• D. Weak encryption

Answer: B

Explanation:
Before connecting security devices to the network, it is crucial to address default settings first. Manufacturers often ship devices with default settings that include default usernames, passwords, and configurations. These settings are widely known and can be easily exploited by attackers. Changing default settings helps to secure the device and prevent unauthorized access. Reference: CompTIA Security+ SY0-501 Exam Objectives, Section 3.2: "Given a scenario, implement secure systems design." (https://www.comptia.jp/pdf/Security%2B%20SY0-501%20Exam%20Objectives.pdf)

NEW QUESTION 3

After segmenting the network, the network manager wants to control the traffic between the segments. Which of the following should the manager use to control the network traffic?

• A. A DMZ
• B. A VPN a
• C. A VLAN
• D. An ACL

Answer: D

Explanation:
After segmenting the network, a network manager can use an access control list (ACL) to control the traffic between the segments. An ACL is a set of rules that permit or deny traffic based on its characteristics, such as the source and destination IP addresses, protocol type, and port number. References: CompTIA Security+ Certification Guide, Exam SY0-501

NEW QUESTION 4

A Chief Information Officer receives an email stating a database will be encrypted within 24 hours unless a payment of $20,000 is credited to the account mentioned In the email. This BEST describes a scenario related to:

• A. whaling.
• B. smishing.
• C. spear phishing
• D. vishing

Answer: C

Explanation:
The scenario of receiving an email stating a database will be encrypted unless a payment is made is an example of spear phishing. References: CompTIA Security+ Study Guide by Emmett Dulaney, Chapter 2: Threats, Attacks, and Vulnerabilities, Social Engineering

NEW QUESTION 5

A security analyst needs to recommend a solution that will allow current Active Directory accounts and groups to be used for access controls on both network and remote-access devices. Which of the
following should the analyst recommend? (Select two).

• A. TACACS+
• B. RADIUS
• C. OAuth
• D. OpenlD
• E. Kerberos
• F. CHAP

Answer: BE

Explanation:
RADIUS and Kerberos are two protocols that can be used to integrate Active Directory accounts and groups with network and remote-access devices. RADIUS is a protocol that provides centralized authentication, authorization, and accounting for network access. It can use Active Directory as a backend database to store user credentials and group memberships. Kerberos is a protocol that provides secure authentication and encryption for network services. It is the default authentication protocol for Active Directory and can be used by remote-access devices that support it.

NEW QUESTION 6

A help desk technician receives a phone call from someone claiming to be a part of the organization's cybersecurity incident response team. The caller asks the technician to verify the network's internal firewall IP address. Which of the following is the technician's best course of action?

• A. Direct the caller to stop by the help desk in person and hang up declining any further requests from the caller.
• B. Ask for the caller's name, verify the person's identity in the email directory, and provide the requested information over the phone.
• C. Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the organization's cybersecurity officer.
• D. Request the caller send an email for identity verification and provide the requested information via email to the caller.

Answer: C

Explanation:
This is the best course of action for the help desk technician because it can help prevent a potential social engineering attack. Social engineering is a technique that involves manipulating or deceiving people into revealing sensitive information or performing actions that compromise security. The caller may be impersonating a member of the organization’s cybersecurity incident response team to obtain the network’s internal firewall IP address, which could be used for further attacks. The help desk technician should not provide any information over the phone without verifying the caller’s identity and authorization. The help desk technician should also report the incident to the organization’s cybersecurity officer for investigation and response. References: https://www.comptia.org/blog/social-engineering-explained
https://www.certblaster.com/wp-content/uploads/2020/11/CompTIA-Security-SY0-601-Exam-Objectives-1.0.pd

NEW QUESTION 7

Which of the following provides a catalog of security and privacy controls related to the United States federal information systems?

• A. GDPR
• B. PCI DSS
• C. ISO 27000
• D. NIST 800-53

Answer: D

Explanation:
NIST 800-53 provides a catalog of security and privacy controls related to the United States federal information systems. References: CompTIA Security+ Study Guide, Exam SY0-601, 4th Edition, Chapter 3: Architecture and Design, pp. 123-125

NEW QUESTION 8

An organization has hired a red team to simulate attacks on its security pos-ture, which Of following will the blue team do after detecting an IOC?

• A. Reimage the impacted workstations.
• B. Activate runbooks for incident response.
• C. Conduct forensics on the compromised system,
• D. Conduct passive reconnaissance to gather information

Answer: B

Explanation:
A runbook is a set of predefined procedures and steps that guide an incident response team through the process of handling a security incident. It can help the blue team respond quickly and effectively to an indicator of compromise (IOC) by following the best practices and predefined actions for containment, eradication, recovery and lessons learned.

NEW QUESTION 9

An organization recently released a zero-trust policy that will enforce who is able to remotely access certain data. Authenticated users who access the data must have a need to know, depending on their level of permissions.
Which of the following is the first step the organization should take when implementing the policy?

• A. Determine a quality CASB solution.
• B. Configure the DLP policies by user groups.
• C. Implement agentless NAC on boundary devices.
• D. Classify all data on the file servers.

Answer: D

Explanation:
zero trust is a security strategy that assumes breach and verifies each request as though it originates from an untrusted network12. A zero trust policy is a set of “allow rules” that specify conditions for accessing certain resources3.
According to one source4, the first step in implementing a zero trust policy is to identify and classify all data and assets in the organization. This helps to determine the level of sensitivity and risk associated with each resource and apply appropriate access controls.
Classifying all data on the file servers is the first step in implementing a zero trust policy because it helps to determine the level of sensitivity and risk associated with each resource and apply appropriate access controls.
Reference: Zero Trust implementation guidance | Microsoft Learn

NEW QUESTION 10

An employee's company email is configured with conditional access and requires that MFA is enabled and used. An example of MFA is a phone call and:

• A. a push notification
• B. a password.
• C. an SMS message.
• D. an authentication application.

Answer: D

Explanation:
An authentication application can generate one-time passwords or QR codes that are time-based and unique to each user and device. It does not rely on network connectivity or SMS delivery, which can be intercepted or delayed. It also does not require the user to respond to a push notification, which can be accidentally approved or ignored.

NEW QUESTION 11

A security administrator is using UDP port 514 to send a syslog through an unsecure network to the SIEM server. Which of the following is the best way for the administrator to improve the process?

• A. Change the protocol to TCP.
• B. Add LDAP authentication to the SIEM server.
• C. Use a VPN from the internal server to the SIEM and enable DLP.
• D. Add SSL/TLS encryption and use a TCP 6514 port to send logs.

Answer: D

Explanation:
SSL/TLS encryption is a method of securing the syslog traffic by using cryptographic protocols to encrypt and authenticate the data. SSL/TLS encryption can prevent eavesdropping, tampering, or spoofing of the syslog messages. TCP 6514 is the standard port for syslog over TLS, as defined by RFC 5425. Using this port can ensure compatibility and interoperability with other syslog implementations that support TLS.

NEW QUESTION 12

A systems engineer is building a new system for production. Which of the following is the FINAL step to be performed prior to promoting to production?

• A. Disable unneeded services.
• B. Install the latest security patches.
• C. Run a vulnerability scan.
• D. Encrypt all disks.

Answer: C

Explanation:
Running a vulnerability scan is the final step to be performed prior to promoting a system to production. This allows any remaining security issues to be identified and resolved before the system is put into production. References: CompTIA Security+ Study Guide, Exam SY0-601, 4th Edition, Chapter 3

NEW QUESTION 13

A company would like to set up a secure way to transfer data between users via their mobile phones The company's top pnonty is utilizing technology that requires users to be in as close proximity as possible to each other. Which of the following connection methods would BEST fulfill this need?

• A. Cellular
• B. NFC
• C. Wi-Fi
• D. Bluetooth

Answer: B

Explanation:
NFC allows two devices to communicate with each other when they are in close proximity to each other, typically within 5 centimetres. This makes it the most secure connection method for the company's data transfer requirements.

NEW QUESTION 14

one of the attendees starts to notice delays in the connection. and the HTTPS site requests are reverting to HTTP. Which of the following BEST describes what is happening?

• A. Birthday collision on the certificate key
• B. DNS hacking to reroute traffic
• C. Brute force to the access point
• D. A SSL/TLS downgrade

Answer: D

Explanation:
The scenario describes a Man-in-the-Middle (MitM) attack where the attacker intercepts traffic and downgrades the secure SSL/TLS connection to an insecure HTTP connection. This type of attack is commonly known as SSL/TLS downgrade attack or a stripping attack. The attacker is able to see and modify the communication between the client and server.

NEW QUESTION 15

A store receives reports that shoppers’ credit card information is being stolen. Upon further analysis, those same shoppers also withdrew money from an ATM in that store.
The attackers are using the targeted shoppers’ credit card information to make online purchases. Which of the following attacks is the MOST probable cause?

• A. Identity theft
• B. RFID cloning
• C. Shoulder surfing
• D. Card skimming

Answer: D

Explanation:
The attackers are using card skimming to steal shoppers' credit card information, which they use to make online purchases. References:
CompTIA Security+ Study Guide Exam SY0-601, Chapter 5

NEW QUESTION 16
......