CompTIA Security+ Exam SY0-701 Dumps

Questions and Answers

What is the primary cause of workstations on the LAN becoming infected with malware?

• IPS
• Forward proxy
• HIDS
• Awareness training (correct)

Which biometric authentication method is based on recognizing the unique pattern of blood vessels in the retina?

• Gait
• Retina (correct)
• Signature
• Voice

Why are users on the LAN being tricked into clicking on malicious URLs?

• Lack of antivirus software
• Incorrect DNS settings
• Weak encryption protocols
• No internal controls exist to evaluate URL safety (correct)

What makes retina authentication virtually impossible to duplicate or bypass?

Unique pattern of blood vessels (C)

What is the common purpose of a RAT (Remote Access Trojan) when infecting a computer?

Stealthy unauthorized access (B)

What technology should be implemented to educate users about the risks associated with clicking on malicious URLs?

Awareness training (C)

What is the primary concern a company using drones for perimeter monitoring should have?

Privacy (A)

Why has the malware in the scenario evaded detection by traditional antivirus software?

Utilizes polymorphic techniques (A)

Which factor might raise privacy concerns when using drones for perimeter monitoring?

Collecting video and images of individuals (C)

What feature of a worm differentiates it from other types of malware?

Exploits system vulnerabilities to spread autonomously (D)

What security measure can a company using drones implement to address privacy concerns?

Restricting access to telemetry data (A)

How does adding a software application to the whitelist help resolve issues related to security policies blocking its execution?

Allows the program to run without any restrictions (A)

What is the primary role of the white team during a penetration testing exercise?

Providing oversight and support (A)

Which team determines the rules and guidelines of a penetration testing exercise?

Purple team (B)

What type of document did Ann receive from her mortgage company regarding sharing her PII?

Annual privacy notice (D)

In a penetration testing exercise, which team is responsible for monitoring the progress of the teams?

Green team (B)

What is the main purpose of an annual privacy notice from a financial institution?

Outlining the institution's privacy policy (B)

Which team in a penetration testing exercise is responsible for providing feedback on security measures?

Green team (B)

What is the primary concern the stakeholders have with the guest wireless network?

Minimizing disruptions during meetings (A)

Which aspect of the WAPs' configuration helps in restricting access to only the conference rooms?

Decreased power levels and antenna coverage (A)

How does configuring the guest wireless network on a separate VLAN protect the company's internal network?

It isolates guest traffic from company resources (D)

What security measure would be least effective in preventing visitors from accessing company resources?

Decreasing the power levels of access points (D)

Which action would be most appropriate if the company wanted to enhance security further without hindering visitor access?

Employing intrusion detection systems on the guest network (B)

What additional step could be taken to ensure that the guest wireless network remains isolated from the company's internal resources?

'Regular penetration testing on the guest network (A)

What is the main purpose of hacktivists using cyberattacks?

To disrupt services and expose information (D)

Which term describes a sovereign state with a centralized government and defined territory?

Nation-state (A)

Who are nation-state actors?

Individuals or groups conducting cyberattacks on behalf of a nation-state (C)

What are some reasons nation-state actors may target others?

For espionage, sabotage, influence, or retaliation (B)

What does SIEM stand for?

Security Information and Event Management (A)

How does SIEM help in cybersecurity?

By providing real-time monitoring and alerting of security events (B)

Flashcards

Awareness training

Educating users about the risks of clicking malicious URLs can be done by implementing awareness training programs to help them identify and avoid potential threats.

Retina authentication

Retina authentication uses a unique pattern of blood vessels in the retina to identify individuals, making it almost impossible to duplicate or bypass.

Remote Access Trojan (RAT)

A RAT (Remote Access Trojan) is designed to grant stealthy unauthorized access to an infected computer, allowing attackers to control it remotely.

Polymorphic malware

Polymorphic techniques allow malware to evade detection by antivirus software by constantly changing its structure and code, making it difficult to identify and block.

Worm

A worm is a type of malware that spreads autonomously by exploiting system vulnerabilities, replicating itself to infect multiple devices without user intervention.

Privacy concerns with drones

The primary concern regarding using drones for perimeter monitoring is protecting individual privacy, as drones collect video and images that may contain personally identifiable information.

Whitelist for software applications

Adding a software application to the whitelist allows it to execute without restrictions, resolving security policy issues that prevented it from running.

White team in penetration testing

The white team in a penetration testing exercise provides oversight and support, ensuring the exercise adheres to ethical guidelines and legal regulations.

Purple team in penetration testing

The purple team defines the rules and guidelines for the penetration testing exercise, ensuring a balanced approach between red and blue teams.

Annual privacy notice

An annual privacy notice from a financial institution outlines its privacy policy, informing customers about how their personal information is collected, used, shared, and protected.

Green team in penetration testing

The green team in penetration testing provides feedback on security measures, reviewing the effectiveness of existing controls and recommending improvements.

Hacktivists

Hacktivists use cyberattacks to disrupt services, expose confidential information, or advance political agendas.

Nation-state

A nation-state is a sovereign state with a centralized government and defined territory, often involved in international affairs.

Nation-state actors

Nation-state actors are individuals or groups conducting cyberattacks on behalf of a nation-state, often for espionage, sabotage, influence, or retaliation.

SIEM

SIEM stands for Security Information and Event Management, a technology that collects, analyzes, and correlates security data from various sources.

SIEM in cybersecurity

SIEM helps in cybersecurity by providing real-time monitoring of security events, detecting anomalies, generating alerts, and enabling faster incident response.

Lack of user awareness

The primary cause of workstations on the LAN becoming infected with malware is often a lack of user awareness and training, leading to them clicking on malicious URLs or downloading infected files.

Lack of URL safety controls

No internal controls exist to evaluate the safety of URLs clicked by LAN users, making them vulnerable to malicious websites and phishing attacks.

Privacy concerns

The primary concern regarding a company using drones for perimeter monitoring is protecting the privacy of individuals. Drones collect video and images that may contain personally identifiable information.

Guest wireless network VLAN

The guest wireless network should be configured on a separate VLAN to isolate guest traffic from company resources, preventing potential security breaches.

Intrusion detection systems (IDS) on guest network

Employing intrusion detection systems on the guest network can enhance security by identifying and alerting about suspicious activities, helping to protect the company's resources.

Penetration testing of guest network

Regular penetration testing on the guest network helps identify vulnerabilities and assess security risks, ensuring it remains isolated from the company's internal resources.

Restricted wireless access

Decreasing the power levels and antenna coverage of access points can restrict access to only the conference rooms, limiting the range of the guest wireless network.

Minimizing disruptions

Minimizing disruptions during meetings is the primary concern regarding the guest wireless network, ensuring visitors have access to Wi-Fi without impacting the company's internal network.