[2024] Pass Key features of SY0-701 Course with Updated 158 Questions [Q90-Q106]

admin January 13, 2024 0 Comments

4.5/5 - (12 votes)

[2024] Pass Key features of SY0-701 Course with Updated 158 Questions

SY0-701 Sample Practice Exam Questions 2024 Updated Verified

QUESTION 90
You are security administrator investigating a potential infection on a network.
Click on each host and firewall. Review all logs to determine which host originated the Infecton and then deny each remaining hosts clean or infected.

QUESTION 91
Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?

Risk tolerance

Risk transfer

Risk register

Risk analysis

QUESTION 92
Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?

Preparation

Recovery

Lessons learned

Analysis

Preparation is the phase in the incident response process when a security analyst reviews roles and responsibilities, as well as the policies and procedures for handling incidents. Preparation also involves gathering and maintaining the necessary tools, resources, and contacts for responding to incidents. Preparation can help a security analyst to be ready and proactive when an incident occurs, as well as to reduce the impact and duration of the incident.
Some of the activities that a security analyst performs during the preparation phase are:
Defining the roles and responsibilities of the incident response team members, such as the incident manager, the incident coordinator, the technical lead, the communications lead, and the legal advisor.
Establishing the incident response plan, which outlines the objectives, scope, authority, and procedures for responding to incidents, as well as the escalation and reporting mechanisms.
Developing the incident response policy, which defines the types and categories of incidents, the severity levels, the notification and reporting requirements, and the roles and responsibilities of the stakeholders.
Creating the incident response playbook, which provides the step-by-step guidance and checklists for handling specific types of incidents, such as denial-of-service, ransomware, phishing, or data breach.
Acquiring and testing the incident response tools, such as network and host-based scanners, malware analysis tools, forensic tools, backup and recovery tools, and communication and collaboration tools.
Identifying and securing the incident response resources, such as the incident response team, the incident response location, the evidence storage, and the external support.
Building and maintaining the incident response contacts, such as the internal and external stakeholders, the law enforcement agencies, the regulatory bodies, and the media.
References:
CompTIA Security+ SY0-701 Certification Study Guide, Chapter 6: Architecture and Design, Section
6.4: Secure Systems Design, p. 279-280
CompTIA Security+ SY0-701 Certification Exam Objectives, Domain 3: Architecture and Design, Objective 3.5: Given a scenario, implement secure network architecture concepts, Sub-objective:
Incident response, p. 16

QUESTION 93
Which of the following automation use cases would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company?

Provisioning resources

Disabling access

Reviewing change approvals

Escalating permission requests

QUESTION 94
A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the following best describes this step?

Capacity planning

Redundancy

Geographic dispersion

Tablet exercise

QUESTION 95
Which of the following roles, according to the shared responsibility model, is responsible for securing the company’s database in an IaaS model for a cloud environment?

Client

Third-party vendor

Cloud provider

DBA

QUESTION 96
Which of the following exercises should an organization use to improve its incident response process?

Tabletop

Replication

Failover

Recovery

QUESTION 97
An administrator is reviewing a single server’s security logs and discovers the following;

Which of the following best describes the action captured in this log file?

Brute-force attack

Privilege escalation

Failed password audit

Forgotten password by the user

QUESTION 98
A company is discarding a classified storage array and hires an outside vendor to complete the disposal.
Which of the following should the company request from the vendor?

Certification

Inventory list

Classification

Proof of ownership

QUESTION 99
During a security incident, the security operations team identified sustained network traffic from a malicious IP address:
10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization’s network. Which of the following fulfills this request?

access-list inbound deny ig source 0.0.0.0/0 destination 10.1.4.9/32

access-list inbound deny ig source 10.1.4.9/32 destination 0.0.0.0/0

access-list inbound permit ig source 10.1.4.9/32 destination 0.0.0.0/0

access-list inbound permit ig source 0.0.0.0/0 destination 10.1.4.9/32

QUESTION 100
Several employees received a fraudulent text message from someone claiming to be the Chief Executive Officer (CEO). The message stated:
“I’m in an airport right now with no access to email. I need you to buy gift cards for employee recognition awards. Please send the gift cards to following email address.” Which of the following are thebestresponses to this situation? (Choose two).

Cancel current employee recognition gift cards.

Add a smishing exercise to the annual company training.

Issue a general email warning to the company.

Have the CEO change phone numbers.

Conduct a forensic investigation on the CEO’s phone.

Implement mobile device management.

QUESTION 101
One of a company’s vendors sent an analyst a security bulletin that recommends a BIOS update. Which of the following vulnerability types is being addressed by the patch?

Virtualization

Firmware

Application

Operating system

QUESTION 102
A security analyst is reviewing the following logs:

Which of the following attacks ismostlikely occurring?

Password spraying

Account forgery

Pass-t he-hash

Brute-force

Password spraying is a type of brute force attack that tries common passwords across several accounts to find a match. It is a mass trial-and-error approach that can bypass account lockout protocols. It can give hackers access to personal or business accounts and information. It is not a targeted attack, but a high-volume attack tactic that uses a dictionary or a list of popular or weak passwords12.
The logs show that the attacker is using the same password (“password123”) to attempt to log in to different accounts (“admin”, “user1”, “user2”, etc.) on the same web server. This is a typical pattern of password spraying, as the attacker is hoping that at least one of the accounts has a weak password that matches the one they are trying. The attacker is also using a tool called Hydra, which is one of the most popular brute force tools, often used in cracking passwords for network authentication3.
Account forgery is not the correct answer, because it involves creating fake accounts or credentials to impersonate legitimate users or entities. There is no evidence of account forgery in the logs, as the attacker is not creating any new accounts or using forged credentials.
Pass-the-hash is not the correct answer, because it involves stealing a hashed user credential and using it to create a new authenticated session on the same network. Pass-the-hash does not require the attacker to know or crack the password, as they use the stored version of the password to initiate a new session4. The logs showthat the attacker is using plain text passwords, not hashes, to try to log in to the web server.
Brute-force is not the correct answer, because it is a broader term that encompasses different types of attacks that involve trying different variations of symbols or words until the correct password is found. Password spraying is a specific type of brute force attack that uses a single common password against multiple accounts5. The logs show that the attacker is using password spraying, not brute force in general, to try to gain access to the web server. References = 1: Password spraying: An overview of password spraying attacks … – Norton, 2: Security: Credential Stuffing vs. Password Spraying – Baeldung, 3: Brute Force Attack: A definition + 6 types to know | Norton, 4: What is a Pass-the-Hash Attack? – CrowdStrike, 5: What is a Brute Force Attack? | Definition, Types & How It Works – Fortinet

QUESTION 103
A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO’s report?

Insider threat

Hacktivist

Nation-state

Organized crime

QUESTION 104
An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device.
Which of the followingbestdescribes the user’s activity?

Penetration testing

Phishing campaign

External audit

Insider threat

QUESTION 105
A systems administrator wants to prevent users from being able to access data based on their responsibilities.
The administrator also wants to apply the required access structure via a simplified format. Which of the following should the administrator apply to the site recovery resource group?

RBAC

ACL

SAML

GPO

QUESTION 106
Which of the following factors are the most important to address when formulating a training curriculum plan for a security awareness program? (Select two).

Channels by which the organization communicates with customers

The reporting mechanisms for ethics violations

Threat vectors based on the industry in which the organization operates

Secure software development training for all personnel

Cadence and duration of training events

Retraining requirements for individuals who fail phishing simulations

The New SY0-701 2024 Updated Verified Study Guides & Best Courses: https://www.vcedumps.com/SY0-701-examcollection.html

Tags: SY0-701 certified questions, SY0-701 exam assessment, SY0-701 latest test notes, SY0-701 Practice Online, SY0-701 valid soft simulations

[2024] Pass Key features of SY0-701 Course with Updated 158 Questions [Q90-Q106]

Leave a Reply Cancel reply

SY0-701 Practice Tests

Related Certifications

Recent Posts

Categories

Archives