November

+

New Practice Questions

+

New Flashcards

CompTIA Security+ SY0-701 (V7)
+120 Questions
+23 Flashcards

CompTIA Security+ SY0-701 Protocol Acronyms (Flashcards)	View
What is the fundamental flaw in a security system that utilizes implicit trust zones as part of its network architecture?	View
A company is revising its network security strategy to align with a Zero Trust model. Which of the following principles should be the foundational guideline for the company's revised approach to network security?	View
In a Zero Trust security model, what is the primary role of a Policy Engine?	View
As the policy administrator for an organization that has adopted a Zero Trust Architecture, you must update an access-control rule for a senior developer who needs to connect to an isolated development enclave that hosts highly sensitive source-code repositories. The developer already authenticates with multi-factor authentication (MFA). According to Zero Trust principles, which additional step should you perform immediately before granting the session?	View
In the context of cybersecurity, what does the concept of 'Threat Scope Reduction' primarily involve?	View
Which Zero Trust concept continuously evaluates trust signals and adjusts a subject's permissions in real time, thereby shrinking the scope of potential threats?	View
Which of the following BEST describes how a Zero Trust security architecture handles access to organizational resources?	View
A security administrator is implementing a new remote access system based on the AAA (Authentication, Authorization, and Accounting) security framework. To ensure proper user access, what is the initial process that must be performed?	View
As an IT manager, you've been tasked with ensuring that electronic transactions between suppliers and your company cannot later be denied by either party. Which of the following security goals and concepts should you prioritize to meet this requirement?	View
A systems administrator is implementing a new authentication policy that requires users to provide their password and a six-digit code from a hardware token. Which of the following security concepts does this scenario BEST describe?	View
Which of the following authorization models uses a set of protocols designed for passing the authorization and authentication information of a user between different security domains?	View
The IT department of Enhanced Solutions is evaluating their current security posture compared to the industry's best practices to improve their security measures. They are assessing the difference between their current state and the desired state of security. Which process are they most likely engaging in?	View
Anna is a security administrator who has been tasked with ensuring that the company's online store remains accessible to customers at all times, even in the event of an unexpected traffic surge due to a flash sale. Which of the following is the primary security concept Anna should focus on to achieve this requirement?	View
An IT security team has implemented fake files in the organization's network to deceive and trap potential attackers. These resources appear operational and contain seemingly valuable data but are monitored closely for interaction to detect malicious activity. Which of the following best describes these fake resources?	View
A company's primary security measure for their sensitive server room is a biometric access control system. Due to a recent natural disaster, the biometric system is temporarily unavailable. Which of the following would be the BEST compensating control to implement immediately to ensure that only authorized personnel can access the server room while maintaining a similar level of security?	View
As a security administrator, you have been asked to implement a mechanism that can discover unauthorized access to company resources and alert the security team when such events occur. Which type of security control should you primarily focus on deploying?	View
An organization has implemented a type of security control that involves restoring system functionality and repairing the damage following a cyber attack. What type of security control does this best exemplify?	View
Which type of security control is primarily intended to discourage a potential attacker from attempting to breach a security perimeter?	View
Which type of security control is a firewall considered when it is configured to block unauthorized access to a network?	View
A security manager is developing a new information security program. The manager focuses first on creating a comprehensive risk assessment methodology, defining security policies, and establishing roles and responsibilities for personnel. Which category of security controls do these activities primarily represent?	View
A security administrator is updating the organization's risk register and must provide an example of a technical control to senior management for budgeting purposes. Which of the following actions would meet this requirement?	View
You need to enter a secure area at work. The door remains locked at all times, and only individuals with authorized credentials can unlock it and go inside. What type of security control is this?	View
You are working as a cybersecurity analyst for a 3rd party contractor. You have been brought in by an organization who believes they were hacked by a malicious actor. Their internal security team has hired you to determine the impact of the unauthorized access. At the time of the intrusion there were 5 servers online: DEV_APP_001, PRD_APP_002, PRD_DB_008, STG_DB_004 and FINANCE_009. What step should you take to begin the analysis?	View
Your employer has a large team of software developers with constantly changing codebases for dozens of internal applications. As a part of change control any code changes go through an automated vulnerability scanning process which checks for known vulnerabilities in frameworks, programming languages, dependencies and the code itself. Due to business pressure these scans have been largely ignored and there are currently over a thousand issues found by the automated scanning. You are tasked with working with the developers and remedying 100% of the issues. What should you do next?	View
A coworker identified a vulnerability in a third-party software solution hosted on-premises. The coworker is out sick and has asked you to remediate this issue as quickly as possible. You have found an official patch from the vendor's website. What is the NEXT procedural step you should take?	View
A financial services company is updating its business continuity plan. For its critical online transaction processing system, the management team has determined that the system can be unavailable for a maximum of one hour before causing unacceptable business disruption and financial loss. Which business continuity metric does this one-hour time limit represent?	View
As part of its business operations, a company must store customers' personal information. The company understands that a data breach is a significant risk. If a breach occurred, the company could not afford the financial loss. Therefore, it has decided to purchase cybersecurity insurance to cover potential damages. Which risk management strategy is the company using?	View
During a penetration test, an analyst types the string `' or 1=1--` into an e-commerce site's search box. Instead of returning one product, the application responds with every record in the customer table. Which type of attack or vulnerability is most likely being exploited to obtain confidential data from the database?	View
There is data within your company that is explicitly owned and controlled by the company. This data is important to the business operations of the company and is restricted from being shared outside of the company. Which term best describes the data classification for this data?	View
You are taking a walk around the neighborhood. You see a sign in one of your neighbor’s unfenced yards that reads “No trespassing!” in large red letters. The sign is what type of control?	View
You want to limit company losses and downtime in the event of data loss, so you implement a data backup and recovery strategy. Which type of security control does this strategy represent?	View
You recently purchased a new home. One of your first actions after taking ownership is to install a monitored alarm system that will sound a siren and notify a security company if an intruder enters the house. This system is an example of which type of security control?	View
Security controls can fit in to one of multiple different categories. An organization’s policies, procedures and guidance belong to which of these security control categories?	View
When using security controls, at times you will need additional controls to make up for the shortcoming of existing controls. This is called what kind of control?	View
A company implements a mandatory security awareness training program for all employees to combat threats like phishing and social engineering. This type of training is an example of which security control type?	View
During a risk assessment it was concluded that the value of an asset was less than the cost of the security control needed to protect it from an identified risk. Because of this, it has been decided not to use the control but still utilize the asset. What type of risk management strategy is being used?	View
You work for a company that processes customers' personal information as part of its business operations. This part of operations presents a risk to the company. What is this type of risk called?	View
After a risk assessment, a security team decides to apply new security controls to a system. The goal is to lower the likelihood of an incident occurring from a known risk. Which risk management strategy is being used?	View
Which risk management strategy is the only one that will completely eliminate the risk associated with an activity?	View
After conducting a risk analysis, a company defines the amount of risk it is willing to accept in pursuit of its objectives. Any risk level above this amount will require mitigation. What is this defined level of risk called?	View
Your employer recently instituted a new policy that requires employees to sign all internal email communications with their digital certificate. If each employee is using their own unique digital signature what will this provide for the company?	View
Data integrity is the concept that you can trust that a piece of data is complete and has not been altered or tampered with. Which of the following technologies can be used to ensure the integrity of data?	View
During an investigation what needs to be created and submitted in order for evidence to be admissible in court?	View
An American hospital discovers that attackers accessed one of its databases. Investigators estimate that records belonging to more than 500 patients have been exposed, triggering a legal obligation to notify both the affected individuals and local media outlets. Which type of data was most likely compromised?	View
Which containment technique would be the best response when a system is believed to be infected with malware?	View
During an audit as a third party security consultant you are told that the organization being audited conducts an exercise annually during which prominent IT staff and the security team gather in a meeting room and discuss how they would handle various security incidents and disaster scenarios. This exercise is then used to update any policies and playbooks. What type of exercise are they describing?	View
Crucial Technologies is creating an incident response capability. During which phase of the incident response process are the incident response team and their roles and responsibilities established?	View
A company has a legal obligation to store data related to former employees for a specific period. Which of the following documents would explicitly define this timeframe?	View
Crucial Technologies is planning on donating old laptops to a local charity. What process is most important for admins to perform to protect company information from disclosure once the laptops are reused?	View
Crucial Technologies employs software to restrict employees from accessing certain websites or receiving certain types of emails. They are employing what type of control?	View
A company wants to let employees work anywhere on its large corporate campus but prohibits removing company-issued mobile devices from the premises. Which mobile device management feature should the company deploy to enforce this requirement most effectively?	View
During a quarterly PKI audit, a security administrator needs to verify whether a single server certificate presented by an internal web application has been revoked. The administrator wants the fastest method that avoids downloading large revocation files and will return the status of only that specific certificate. Which mechanism should the administrator use?	View
Your organization has implemented an intrusion detection system (IDS) that first learns what "normal" network traffic looks like and then triggers an alert whenever current traffic deviates from that established baseline. Which IDS detection method is being used?	View
Your company’s network is configured to always check authentication/authorization each time a user tries to access data. The company is using which security model?	View
Your employer's security policies state that all externally facing servers should only be accessible via ports that are absolutely required. Generally, your company only has web servers that are accessible from outside the company's network. A recent security review showed that it was possible to ping several of these web servers. What protocol should be disabled using a firewall to ensure pings do not successfully contact the servers?	View
Which of the following options is a functionality or tool that disallows access to a wireless network based on the Layer 2 address of the client device?	View
A security administrator needs to block all incoming, unencrypted web traffic to a company's public web server at IP address 10.10.5.25. To accomplish this, the administrator is writing a new firewall rule. Which of the following rules will successfully implement this policy?	View
After a recent firewall change, several users report they can reach the internal intranet site but cannot browse any external websites. You discover that HTTPS traffic is being blocked. Which firewall port must be opened so users can securely access public websites again?	View
Which of the following options is a network device that can use VLANs to reduce collisions and the size of broadcast domains?	View
During an audit it is identified that a host providing FTP services has several additional ports open. The server is currently listening on 21, 20, 43, 80, and 3389. Your manager asks you to close any ports that are not required for FTP functionality. Which port or ports should remain open?	View
A network administrator for a company that uses Cisco equipment needs to implement a centralized authentication solution. The requirements are that usernames and passwords are not configured locally on each device, and the entire authentication payload must be encrypted during transit. Which of the following protocols meets all these requirements?	View
A company wants to reduce the number of login IDs and passwords their employees need to remember to access various company resources. Which authentication scheme should a security administrator recommend to achieve this?	View
An organization is implementing a new access control scheme to protect its highly sensitive data. The requirements state that access must be based on predefined security labels (e.g., Confidential, Secret, Top Secret) assigned to both resources and users. User discretion in granting access is strictly forbidden. Which access control model BEST fits these requirements?	View
Your company is in the process of rapid expansion. As they bring on more employees you look at the current security posture and come to the realization that the company needs to enhance its protection of sensitive information. Which of the following should you suggest for the company?	View
An organization wants to balance employee preference with enterprise security for its mobile fleet. The IT department has decided to purchase a selection of approved smartphone models from different manufacturers. Employees are then allowed to select one device from this catalog to use for work purposes. Which mobile deployment model does this scenario describe?	View
As a benefit to its employees, your employer issues company purchased phones that the employee can use for both company business and personal use. Which device deployment model is the company using?	View
Crucial Technologies is standing up a new web server. The website hosted on this server is required to be accessed by the general public as part of company operation. To provide security to internal company resources where should the server be placed on the network?	View
Your company has given you the responsibility to implement an appropriate access control scheme. The company wants to control access and permissions for employees based on job function. Which of the following should you use?	View
To save money, Crucial Technologies has decided to set up MDM so employees can use personal devices for their work devices. What type of device deployment model is being used?	View
As part of a secure development process, the security team is asked to examine the program's source code line by line to identify coding errors or potential vulnerabilities without running the software. Which type of application-security review is being performed?	View
What type of NIDS commonly uses artificial intelligence and data mining to identify malicious network traffic?	View
You are on the security team for a manufacturing company. The network architecture group wants to replace the appliance that currently intermediates all outbound web traffic from production servers. The device receives each server's HTTP/HTTPS request, forwards the request to the Internet using its own public IP address, and then returns the response. Because of this design, public web sites can see only the appliance's address, not the private IP of the originating server. Which type of network appliance is the team planning to replace?	View
Malicious activity has been affecting various systems on your network. You want to put a system in place that can monitor network traffic and attempt to take defensive action when network intrusions are detected. Which of the following should you use?	View
Your company has historically avoided issuing company-owned mobile or wireless devices. A new initiative now seeks to provide laptops to employees, but leadership requires that any data stored locally on the device be encrypted at all times. Which type of drive would meet this requirement?	View
You are a penetration tester for a network security consulting company. You are currently on-site at a customer's premises and are doing your first analysis of the customer's network security. You check if they are using Wi-Fi and find that they are using a deprecated protocol with known vulnerabilities. Which of the options is most likely being used?	View
A security administrator is evaluating three different biometric fingerprint scanners for a new access control system. Each vendor provides performance metrics, including false acceptance and false rejection rates. To determine which system offers the best overall accuracy, which of the following metrics should the administrator use for comparison?	View
You just got a new Microsoft Windows laptop. The laptop includes a biometric fingerprint scanner to log into the laptop in addition to your unique username. What type of multi-factor authentication is your fingerprint?	View
In a move to 2FA, Crucial Technologies has begun to require employees to log in using their username and password and an additional password that is generated by an authenticator and is valid for only a limited period. This is what type of authentication technology?	View
Your employer is planning to place wireless devices at the entrance of their retail locations. The devices will use WiFi to connect to the store's wireless network and use beams of light to detect when someone enters through the entrance. Other than WiFi, what type of wireless communication is being used?	View
As a freelance security consultant for a government agency, you are asked to deploy an isolated stand-alone server that closely imitates an existing production database but contains only harmless, fabricated records. All traffic to and from this decoy must be logged so analysts can study attacker TTPs. Which type of deception system should you implement?	View
Your security team is issuing new corporate laptops and requires that each device protect BitLocker full-disk encryption keys, user PINs, and other authentication secrets within a dedicated, tamper-resistant hardware component rather than system memory. Which of the following acronyms identifies the on-board chip that performs these secure cryptographic storage and attestation functions?	View
A new company policy requires hardware encryption for certain highly confidential systems. These existing systems do not already have a hardware component that can provide this functionality. What is the easiest way to implement this new policy?	View
When entering your company, you first enter a small area with a security desk where you must check-in with guard personnel before you are authorized access into the secure area. This area used for physical security is called what?	View
Which common use case of cryptographic concepts involves ensuring that a user cannot deny an action they performed?	View
Your employer has several thousand internal users all who need to access the internet on a daily basis to complete their work. What technology should be used to mask the internal IP addresses of these users and allow access to the internet through shared public IP addresses?	View
A network administrator needs to improve security by isolating traffic between the company's Engineering and Marketing departments. Both departments connect to the same physical switch. Which of the following solutions should the administrator implement to logically separate the two departments' networks?	View
You have joined a new enterprise as a member of the IT Security team. During on boarding you receive two computers, one with access to highly confidential systems and one with access to less critical data and the internet. You cannot send data or documents from one network to the other and have to manage separate credentials for each. What concept best defines this approach?	View
A financial services company needs to ensure its critical operations can resume as quickly as possible following a catastrophic event at its primary data center. To meet a recovery time objective (RTO) of less than one hour, which type of disaster recovery site should the company implement for the highest level of availability?	View
You are being asked by your company to setup a physical security control that involves physically isolating the company’s HR records network from the external facing network. This type of control is known as what?	View
What type of backup is a copy of the entire state of a system and it can be used to restore that system and other similar systems to that exact state/configuration?	View
A security administrator at a mid-size company is selecting an algorithm for secure email encryption that relies on a public/private key pair rather than a shared secret, to implement digital signatures as well. Which of the following algorithms satisfies this requirement?	View
A security analyst is reviewing the source code of a legacy application and discovers a function that is used to hash user passwords before storing them. The function consistently produces a 128-bit hash value. The organization's security policy requires migrating away from any algorithms known to be weak or deprecated. Which of the following hashing algorithms was most likely used in this legacy application?	View
Which of the following algorithms is a symmetric encryption algorithm?	View
You are conducting a penetration test on a web application recently purchased by the HR department of your employer. You find that when creating a new user account in the Web UI you can delete data from the database by entering '; DROP TABLE Users' into the field for the user account. What type of vulnerability have you discovered?	View
You have ordered a penetration test on the company's website from a third-party IT security consultant. Your web administration team has created a stand-alone test network to ensure the penetration test does not cause issues on the live website. Other than the IP address of the web server, you have not provided the penetration testers with any other information. What type of test best describes this scenario?	View
Your coworker is out sick due to an illness. In his absence you have received the results of a vulnerability scan he ordered from an external provider. Unfortunately your coworker did not give you any information on what type of scan was conducted or what methods were used. The results show that 3 injection vulnerabilities were identified but are only possible when attempted from an authenticated user account. Based on the information you have, what type of vulnerability scan was most likely completed?	View
You are responsible for application security for a small startup. You are responsible for conducting regular penetration tests. Recently the startup has faced some budget issues and lacks the funds to create a stand alone system to be used for vulnerability scanning applications. Due to this constraint you must conduct vulnerability scans on the live system (the same one being used by customers). What type of scan should be used to ensure vulnerabilities are found but not executed?	View
Your organization wants to evaluate its cybersecurity defenses. A penetration test will be performed without informing the personnel responsible for monitoring and response. Which type of team typically conducts this stealth assessment?	View
You are a network security technician at a mid-sized company. Your employer is planning for significant growth and the CIO has tasked you with implementing a system to consolidate all critical network device logs to a central location. The system should support logs from all routers, firewalls, switches and business critical servers and should send alerts in the event of security issues. What type of solution would best meet these requirements?	View
Which of the following options is a vendor-neutral standard for message logging?	View
You are a security analyst and have networking monitoring solutions in place to detect strange or potentially malicious traffic. One of these solutions has sent an alert saying it detected outgoing network traffic from the company's network that was routing to a well-known malicious endpoint. Of the following options which is the most likely to be the cause of this traffic?	View
A C-level executive has contacted the security team and asked if you can verify the authenticity of an email. The email appears to have come from a bank saying their password has been compromised. The executive states they don't use this bank. After some investigation you find this email went out to around fifty percent of internal email addresses. Which term correctly describes this attack scenario?	View
You are a super 1337 hacker who just discovered a vulnerability in an operating system. You do some research and find nothing online regarding this exploit and believe you are the first to find it. What option would be the correct classification of this vulnerability?	View
During a regular security scan of the network, you find that several user laptops are infected with the same malware. After cross-referencing the laptop users with the reverse proxy logs, you find that they all accessed an industry news website the day before. You believe your organization may have been specifically targeted. What type of attack best describes this scenario?	View
A security analyst is discussing cybersecurity with a family member who mentions a recent incident. The family member received an unsolicited phone call from someone claiming to be a support technician from a major software vendor. The caller convinced the family member that their computer was infected with a virus and guided them to install a "removal tool", which was actually malware. Which of the following social engineering attacks BEST describes this incident?	View
Your bank has contacted you and informed you they recognized an unusual login with your username and password on their website. As a precaution they have locked your account and stated the login came from a foreign country. You run a security scan on your PC which finds malware. The description of the malware states that it intercepts normal web traffic from your browser executable. What type of attack best describes this?	View
A smaller online retailer is experiencing huge numbers of requests on their websites. They are not running any major marketing campaigns and while seeing a lot of traffic are not seeing a rise in sales or logins. Eventually their web servers become overloaded and users are unable to load pages on the website. What type of attack most likely occurred?	View
You are a security consultant for a small company. The owner says attackers recently gained access to the company's email account. Soon after, the attackers took control of the company's website and say they will restore it only after they receive a payment. The hosting provider confirms that the web servers are healthy and no unusual logins have occurred, yet users cannot reach the company's site. Based on this information, which type of attack has most likely been carried out against the website?	View
You work for a large national realty company in the networking department. Recently your department received a help desk call from a smaller satellite office stating their WiFi is no longer working. The trouble ticket was escalated to you because company policy does not allow wireless networks. After further investigation you learn that an employee in the office setup a simple wireless router themselves. Which option best defines this situation?	View
Which option best describes the following situation: An attacker has intercepted network packets between a browser and web server. The attack then re-transmits the intercepted data to the web server hoping the server will respond with useful information (e.g. a session id, credit card information, etc.).	View
During routine security checks you discover that a wireless access point is setup on the outside of your employer's office building. The access point has the same SSID as the internal WiFi network but is unsecured to allow anyone access. What type of attack have you discovered?	View
A lazy programmer at a startup was recently fired for sleeping at their cubicle. Angry about being fired and wanting revenge, the programmer accessed the admin panel of the startup's website using a method they had previously programmed into the application before being dismissed. With access to the admin panel, the former employee was able to delete user accounts from the database, causing significant issues for the company. Which of the following options best describes the methodology of the attack?	View
You have been called to the office of the CEO for a confidential meeting. In the meeting the CEO informs you he 'has a virus that won't let him login without paying a fee.' You begin to investigate the issue and find that the CEO downloaded a file from a website a friend shared on a social media site. After downloading the file his computer restarted and now will not allow anyone to login unless they enter credit card information. Which option best describes the attack used in this scenario based on the information available?	View
Your employer allows BYOD because the company's software landscape is entirely based on SaaS applications on the internet. Recently, an employee's various accounts were accessed by a hacker. The user tells you they had different passwords for all of the applications. No one else has reported similar issues. After helping the user conduct a malware scan on their personal device, you find that they have malware that records input given to the PC by the user. What option best describes the type of malware found?	View
You are troubleshooting an outage of your employer's website. During the investigation you learn that a large-scale DDoS attack is causing widespread Internet disruption. Attackers are sending small DNS queries to open resolvers while spoofing the source IP address of the target. The resolvers reply with much larger responses that are directed at the spoofed address, overwhelming the victim's infrastructure. What type of attack is being carried out?	View
Which of the following terms describes an attacker trying to steal personal or sensitive information using a VoIP system?	View
You receive a call and the caller ID indicates that it is from your bank. You answer and are told that your account has been compromised. The person on the phone says that before they can proceed you need to verify your account number and security pin. What term best describes this type of social engineering attack?	View
After downsizing its IT department, your company terminated its system administrator. Exactly at midnight on the day after the administrator's last day, every network server's data was wiped. Forensic analysis shows that the former employee had embedded malicious code in the environment that activated at the specified time. Which term best describes this type of malware attack?	View
A security analyst is reviewing authentication logs and notices a high volume of failed login attempts from a single IP address. The attempts target many different user accounts, but all use a small set of common passwords like 'Password123' and 'Winter2025'. This 'low-and-slow' method appears designed to avoid individual account lockouts. Which type of password attack does this activity indicate?	View
An attacker has setup a fraudulent wireless access point on a company’s network that mimics one of the network’s legitimate access points. Through this fraudulent access point the attacker can gain access to the sensitive information transmitted by those who unwittingly connect to it. This fraudulent access point is known as what?	View

November

+

New Practice Questions

+

New Flashcards

CompTIA Security+ SY0-701 (V7)+120 Questions+23 Flashcards

CompTIA Security+ SY0-701 (V7)
+120 Questions
+23 Flashcards