Podcast
Questions and Answers
Match the certificate characteristic to the description:
Match the certificate characteristic to the description:
CRL = A list of invalidated certificates CSR = Send the public key to be signed CA = Deploy and manage certificates OCSP = The browser checks for a revoked certificate
A security administrator has performed an audit of the organization’s production web servers, and the results have identified default configurations, web services running from a privileged account, and inconsistencies with SSL certificates. Which of the following would be the BEST way to resolve these issues?
A security administrator has performed an audit of the organization’s production web servers, and the results have identified default configurations, web services running from a privileged account, and inconsistencies with SSL certificates. Which of the following would be the BEST way to resolve these issues?
A shipping company stores information in small regional warehouses around the country. The company maintains an IPS at each warehouse to watch for suspicious traffic patterns. Which of the following would BEST describe the security control used at the warehouse?
A shipping company stores information in small regional warehouses around the country. The company maintains an IPS at each warehouse to watch for suspicious traffic patterns. Which of the following would BEST describe the security control used at the warehouse?
The Vice President of Sales has asked the IT team to create daily backups of the sales data. The Vice President is an example of a:
The Vice President of Sales has asked the IT team to create daily backups of the sales data. The Vice President is an example of a:
Signup and view all the answers
A security engineer is preparing to conduct a penetration test of a third-party website. Part of the preparation involves reading through social media posts for information about this site. Which of the following describes this practice?
A security engineer is preparing to conduct a penetration test of a third-party website. Part of the preparation involves reading through social media posts for information about this site. Which of the following describes this practice?
Signup and view all the answers
A company would like to orchestrate the response when a virus is detected on company devices. Which of the following would be the BEST way to implement this function?
A company would like to orchestrate the response when a virus is detected on company devices. Which of the following would be the BEST way to implement this function?
Signup and view all the answers
A user in the accounting department has received a text message from the CEO. The message requests payment by cryptocurrency for a recently purchased tablet. Which of the following would BEST describe this attack?
A user in the accounting department has received a text message from the CEO. The message requests payment by cryptocurrency for a recently purchased tablet. Which of the following would BEST describe this attack?
Signup and view all the answers
A company has been informed of a hypervisor vulnerability that could allow users on one virtual machine to access resources on another virtual machine. Which of the following would BEST describe this vulnerability?
A company has been informed of a hypervisor vulnerability that could allow users on one virtual machine to access resources on another virtual machine. Which of the following would BEST describe this vulnerability?
Signup and view all the answers
While working from home, users are attending a project meeting over a web conference. When typing in the meeting link, the browser is unexpectedly directed to a different website than the web conference. Users in the office do not have any issues accessing the conference site. Which of the following would be the MOST likely reason for this issue?
While working from home, users are attending a project meeting over a web conference. When typing in the meeting link, the browser is unexpectedly directed to a different website than the web conference. Users in the office do not have any issues accessing the conference site. Which of the following would be the MOST likely reason for this issue?
Signup and view all the answers
A company is launching a new internal application that will not start until a username and password is entered and a smart card is plugged into the computer. Which of the following BEST describes this process?
A company is launching a new internal application that will not start until a username and password is entered and a smart card is plugged into the computer. Which of the following BEST describes this process?
Signup and view all the answers
An online retailer is planning a penetration test as part of their PCI DSS validation. A third-party organization will be performing the test, and the online retailer has provided the Internet-facing IP addresses for their public web servers. No other details were provided. What penetration testing methodology is the online retailer using?
An online retailer is planning a penetration test as part of their PCI DSS validation. A third-party organization will be performing the test, and the online retailer has provided the Internet-facing IP addresses for their public web servers. No other details were provided. What penetration testing methodology is the online retailer using?
Signup and view all the answers
A manufacturing company produces radar used by commercial and military organizations. A recently proposed policy change would allow the use of mobile devices inside the facility. Which of the following would be the MOST significant threat vector issue associated with this change in policy?
A manufacturing company produces radar used by commercial and military organizations. A recently proposed policy change would allow the use of mobile devices inside the facility. Which of the following would be the MOST significant threat vector issue associated with this change in policy?
Signup and view all the answers
Which of the following would be the BEST way for an organization to verify the digital signature provided by an external email server?
Which of the following would be the BEST way for an organization to verify the digital signature provided by an external email server?
Signup and view all the answers
A company is using older operating systems for their web servers and are concerned of their stability during periods of high use. Which of the following should the company use to maximize the uptime and availability of this service?
A company is using older operating systems for their web servers and are concerned of their stability during periods of high use. Which of the following should the company use to maximize the uptime and availability of this service?
Signup and view all the answers
A user in the accounting department would like to email a spreadsheet with sensitive information to a list of third-party vendors. Which of the following would be the BEST way to protect the data in this email?
A user in the accounting department would like to email a spreadsheet with sensitive information to a list of third-party vendors. Which of the following would be the BEST way to protect the data in this email?
Signup and view all the answers
A system administrator would like to segment the network to give the marketing, accounting, and manufacturing departments their own private network. The network communication between departments would be restricted for additional security. Which of the following should be configured on this network?
A system administrator would like to segment the network to give the marketing, accounting, and manufacturing departments their own private network. The network communication between departments would be restricted for additional security. Which of the following should be configured on this network?
Signup and view all the answers
A technician at an MSP has been asked to manage devices on third-party private network. The technician needs command line access to internal routers, switches, and firewalls. Which of the following would provide the necessary access?
A technician at an MSP has been asked to manage devices on third-party private network. The technician needs command line access to internal routers, switches, and firewalls. Which of the following would provide the necessary access?
Signup and view all the answers
A transportation company is installing new wireless access points in their corporate office. The manufacturer estimates the access points will operate an average of 100,000 hours before a hardware-related outage. Which of the following describes this estimate?
A transportation company is installing new wireless access points in their corporate office. The manufacturer estimates the access points will operate an average of 100,000 hours before a hardware-related outage. Which of the following describes this estimate?
Signup and view all the answers
A security administrator is creating a policy to prevent the disclosure of credit card numbers in a customer support application. Users of the application would only be able to view the last four digits of a credit card number. Which of the following would provide this functionality?
A security administrator is creating a policy to prevent the disclosure of credit card numbers in a customer support application. Users of the application would only be able to view the last four digits of a credit card number. Which of the following would provide this functionality?
Signup and view all the answers
A user is authenticating through the use of a PIN and a fingerprint. Which of the following would describe these authentication factors?
A user is authenticating through the use of a PIN and a fingerprint. Which of the following would describe these authentication factors?
Signup and view all the answers
A security administrator is configuring the authentication process used by technicians when logging into wireless access points and switches. Instead of using local accounts, the administrator would like to pass all login requests to a centralized database. Which of the following would be the BEST way to implement this requirement?
A security administrator is configuring the authentication process used by technicians when logging into wireless access points and switches. Instead of using local accounts, the administrator would like to pass all login requests to a centralized database. Which of the following would be the BEST way to implement this requirement?
Signup and view all the answers
A recent audit has determined that many IT department accounts have been granted Administrator access. The audit recommends replacing these permissions with limited access rights. Which of the following would describe this policy?
A recent audit has determined that many IT department accounts have been granted Administrator access. The audit recommends replacing these permissions with limited access rights. Which of the following would describe this policy?
Signup and view all the answers
A recent security audit has discovered usernames and passwords which can be easily viewed in a packet capture. Which of the following did the audit identify?
A recent security audit has discovered usernames and passwords which can be easily viewed in a packet capture. Which of the following did the audit identify?
Signup and view all the answers
Before deploying a new application, a company is performing an internal audit to ensure all of their servers are configured with the appropriate security features. Which of the following would BEST describe this process?
Before deploying a new application, a company is performing an internal audit to ensure all of their servers are configured with the appropriate security features. Which of the following would BEST describe this process?
Signup and view all the answers
An organization has previously purchased insurance to cover a ransomware attack, but the costs of maintaining the policy have increased above the acceptable budget. The company has now decided to cancel the insurance policies and address potential ransomware issues internally. Which of the following would best describe this action?
An organization has previously purchased insurance to cover a ransomware attack, but the costs of maintaining the policy have increased above the acceptable budget. The company has now decided to cancel the insurance policies and address potential ransomware issues internally. Which of the following would best describe this action?
Signup and view all the answers
Which of these threat actors would be MOST likely to install a company's internal application on a public cloud provider?
Which of these threat actors would be MOST likely to install a company's internal application on a public cloud provider?
Signup and view all the answers
An IPS report shows a series of exploit attempts were made against externally facing web servers. The system administrator of the web servers has identified a number of unusual log entries on each system. Which of the following would be the NEXT step in the incident response process?
An IPS report shows a series of exploit attempts were made against externally facing web servers. The system administrator of the web servers has identified a number of unusual log entries on each system. Which of the following would be the NEXT step in the incident response process?
Signup and view all the answers
A security administrator is viewing the logs on a laptop in the shipping and receiving department and identifies these events:
8:55:30 AM | D:\Downloads\ChangeLog-5.0.4.scr | Quarantine Success
9:22:54 AM | C:\Program Files\Photo Viewer\ViewerBase.dll | Quarantine Failure
9:44:05 AM | C:\Sales\Sample32.dat | Quarantine Success
Which of the following would BEST describe the circumstances surrounding these events?
A security administrator is viewing the logs on a laptop in the shipping and receiving department and identifies these events:
8:55:30 AM | D:\Downloads\ChangeLog-5.0.4.scr | Quarantine Success 9:22:54 AM | C:\Program Files\Photo Viewer\ViewerBase.dll | Quarantine Failure 9:44:05 AM | C:\Sales\Sample32.dat | Quarantine Success
Which of the following would BEST describe the circumstances surrounding these events?
Signup and view all the answers
Study Notes
CompTIA SY0-701 Security+ Practice Exams
- This book provides three practice exams for the CompTIA Security+ certification exam (SY0-701).
- The exams are designed to simulate the format and difficulty level of the actual Security+ exam.
- The exams contain performance-based and multiple-choice questions.
- The book includes detailed answers and explanations for each question.
- There are links to video training for every question.
About the Author
- James "Professor" Messer is an IT security professional with experience in supercomputer operations, system administration, network management, and IT security.
- He is the founder and CEO of Messer Studios, a leading publisher of IT certification training materials.
- Professor Messer's training has reached over 185 million video views from over 850,000 subscribers.
How to Use the Book
- Take one exam at a time.
- Use a timer for each exam to simulate the actual exam time of 90 minutes.
- Write down your answers on a separate sheet of paper.
- Use the quick answer page to check your answers.
- Use the detailed answer pages to understand why answers were correct or incorrect, along with video links for further information.
Scoring the Practice Exams
- Scoring less than 63/90 questions correct indicates more study needed in the exam objectives from the book to meet the standard.
- 63 to 72 questions correct suggests further focused study.
- 73 to 81 suggests additional study in targeted areas.
- More than 81 correct answers shows readiness for the actual exam.
Content of Practice Exam A
- The exams cover performance-based tasks and multiple-choice questions.
- Topics include: attack types, security controls at various locations, authentication factors, firewall rule configurations for a given scenario.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.