Untitled Quiz
28 Questions
5 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Match the certificate characteristic to the description:

CRL = A list of invalidated certificates CSR = Send the public key to be signed CA = Deploy and manage certificates OCSP = The browser checks for a revoked certificate

A security administrator has performed an audit of the organization’s production web servers, and the results have identified default configurations, web services running from a privileged account, and inconsistencies with SSL certificates. Which of the following would be the BEST way to resolve these issues?

  • Enable HTTPS
  • Server hardening (correct)
  • Multi-factor authentication
  • Run operating system updates
  • A shipping company stores information in small regional warehouses around the country. The company maintains an IPS at each warehouse to watch for suspicious traffic patterns. Which of the following would BEST describe the security control used at the warehouse?

  • Compensating
  • Directive
  • Detective (correct)
  • Deterrent
  • The Vice President of Sales has asked the IT team to create daily backups of the sales data. The Vice President is an example of a:

    <p>Data owner</p> Signup and view all the answers

    A security engineer is preparing to conduct a penetration test of a third-party website. Part of the preparation involves reading through social media posts for information about this site. Which of the following describes this practice?

    <p>OSINT</p> Signup and view all the answers

    A company would like to orchestrate the response when a virus is detected on company devices. Which of the following would be the BEST way to implement this function?

    <p>Escalation scripting</p> Signup and view all the answers

    A user in the accounting department has received a text message from the CEO. The message requests payment by cryptocurrency for a recently purchased tablet. Which of the following would BEST describe this attack?

    <p>Smishing</p> Signup and view all the answers

    A company has been informed of a hypervisor vulnerability that could allow users on one virtual machine to access resources on another virtual machine. Which of the following would BEST describe this vulnerability?

    <p>Escape</p> Signup and view all the answers

    While working from home, users are attending a project meeting over a web conference. When typing in the meeting link, the browser is unexpectedly directed to a different website than the web conference. Users in the office do not have any issues accessing the conference site. Which of the following would be the MOST likely reason for this issue?

    <p>DNS poisoning</p> Signup and view all the answers

    A company is launching a new internal application that will not start until a username and password is entered and a smart card is plugged into the computer. Which of the following BEST describes this process?

    <p>Authentication</p> Signup and view all the answers

    An online retailer is planning a penetration test as part of their PCI DSS validation. A third-party organization will be performing the test, and the online retailer has provided the Internet-facing IP addresses for their public web servers. No other details were provided. What penetration testing methodology is the online retailer using?

    <p>Partially known environment</p> Signup and view all the answers

    A manufacturing company produces radar used by commercial and military organizations. A recently proposed policy change would allow the use of mobile devices inside the facility. Which of the following would be the MOST significant threat vector issue associated with this change in policy?

    <p>Loss of intellectual property</p> Signup and view all the answers

    Which of the following would be the BEST way for an organization to verify the digital signature provided by an external email server?

    <p>Check the DKIM record</p> Signup and view all the answers

    A company is using older operating systems for their web servers and are concerned of their stability during periods of high use. Which of the following should the company use to maximize the uptime and availability of this service?

    <p>Load balancer</p> Signup and view all the answers

    A user in the accounting department would like to email a spreadsheet with sensitive information to a list of third-party vendors. Which of the following would be the BEST way to protect the data in this email?

    <p>Asymmetric encryption</p> Signup and view all the answers

    A system administrator would like to segment the network to give the marketing, accounting, and manufacturing departments their own private network. The network communication between departments would be restricted for additional security. Which of the following should be configured on this network?

    <p>VLAN</p> Signup and view all the answers

    A technician at an MSP has been asked to manage devices on third-party private network. The technician needs command line access to internal routers, switches, and firewalls. Which of the following would provide the necessary access?

    <p>Jump server</p> Signup and view all the answers

    A transportation company is installing new wireless access points in their corporate office. The manufacturer estimates the access points will operate an average of 100,000 hours before a hardware-related outage. Which of the following describes this estimate?

    <p>MTBF</p> Signup and view all the answers

    A security administrator is creating a policy to prevent the disclosure of credit card numbers in a customer support application. Users of the application would only be able to view the last four digits of a credit card number. Which of the following would provide this functionality?

    <p>Masking</p> Signup and view all the answers

    A user is authenticating through the use of a PIN and a fingerprint. Which of the following would describe these authentication factors?

    <p>Something you know, something you are</p> Signup and view all the answers

    A security administrator is configuring the authentication process used by technicians when logging into wireless access points and switches. Instead of using local accounts, the administrator would like to pass all login requests to a centralized database. Which of the following would be the BEST way to implement this requirement?

    <p>AAA</p> Signup and view all the answers

    A recent audit has determined that many IT department accounts have been granted Administrator access. The audit recommends replacing these permissions with limited access rights. Which of the following would describe this policy?

    <p>Least privilege</p> Signup and view all the answers

    A recent security audit has discovered usernames and passwords which can be easily viewed in a packet capture. Which of the following did the audit identify?

    <p>Insecure protocols</p> Signup and view all the answers

    Before deploying a new application, a company is performing an internal audit to ensure all of their servers are configured with the appropriate security features. Which of the following would BEST describe this process?

    <p>Due care</p> Signup and view all the answers

    An organization has previously purchased insurance to cover a ransomware attack, but the costs of maintaining the policy have increased above the acceptable budget. The company has now decided to cancel the insurance policies and address potential ransomware issues internally. Which of the following would best describe this action?

    <p>Acceptance</p> Signup and view all the answers

    Which of these threat actors would be MOST likely to install a company's internal application on a public cloud provider?

    <p>Shadow IT</p> Signup and view all the answers

    An IPS report shows a series of exploit attempts were made against externally facing web servers. The system administrator of the web servers has identified a number of unusual log entries on each system. Which of the following would be the NEXT step in the incident response process?

    <p>Disconnect the web servers from the network</p> Signup and view all the answers

    A security administrator is viewing the logs on a laptop in the shipping and receiving department and identifies these events:

    8:55:30 AM | D:\Downloads\ChangeLog-5.0.4.scr | Quarantine Success 9:22:54 AM | C:\Program Files\Photo Viewer\ViewerBase.dll | Quarantine Failure 9:44:05 AM | C:\Sales\Sample32.dat | Quarantine Success

    Which of the following would BEST describe the circumstances surrounding these events?

    <p>The antivirus application identified three viruses and quarantined two viruses</p> Signup and view all the answers

    Study Notes

    CompTIA SY0-701 Security+ Practice Exams

    • This book provides three practice exams for the CompTIA Security+ certification exam (SY0-701).
    • The exams are designed to simulate the format and difficulty level of the actual Security+ exam.
    • The exams contain performance-based and multiple-choice questions.
    • The book includes detailed answers and explanations for each question.
    • There are links to video training for every question.

    About the Author

    • James "Professor" Messer is an IT security professional with experience in supercomputer operations, system administration, network management, and IT security.
    • He is the founder and CEO of Messer Studios, a leading publisher of IT certification training materials.
    • Professor Messer's training has reached over 185 million video views from over 850,000 subscribers.

    How to Use the Book

    • Take one exam at a time.
    • Use a timer for each exam to simulate the actual exam time of 90 minutes.
    • Write down your answers on a separate sheet of paper.
    • Use the quick answer page to check your answers.
    • Use the detailed answer pages to understand why answers were correct or incorrect, along with video links for further information.

    Scoring the Practice Exams

    • Scoring less than 63/90 questions correct indicates more study needed in the exam objectives from the book to meet the standard.
    • 63 to 72 questions correct suggests further focused study.
    • 73 to 81 suggests additional study in targeted areas.
    • More than 81 correct answers shows readiness for the actual exam.

    Content of Practice Exam A

    • The exams cover performance-based tasks and multiple-choice questions.
    • Topics include: attack types, security controls at various locations, authentication factors, firewall rule configurations for a given scenario.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    More Like This

    Untitled Quiz
    6 questions

    Untitled Quiz

    AdoredHealing avatar
    AdoredHealing
    Untitled Quiz
    37 questions

    Untitled Quiz

    WellReceivedSquirrel7948 avatar
    WellReceivedSquirrel7948
    Untitled Quiz
    55 questions

    Untitled Quiz

    StatuesquePrimrose avatar
    StatuesquePrimrose
    Untitled Quiz
    18 questions

    Untitled Quiz

    RighteousIguana avatar
    RighteousIguana
    Use Quizgecko on...
    Browser
    Browser