




Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
CompTIA SY0-701 is the exam code for the "CompTIA Security+ 2024" certification exam. Leads4Pass shares the latest exam practice questions online to help you pass the exam.
Typology: Exercises
1 / 8
This page cannot be seen from the preview
Don't miss anything!
2024 Latest leads4pass SY0-701 PDF and VCE dumps Download
2024 Latest leads4pass SY0-701 PDF and VCE dumps Download
A systems administrator is looking for a low-cost application-hosting solution that is cloud- based. Which of the following meets these requirements?
A. Serverless framework
B. Type 1 hvpervisor
C. SD-WAN
D. SDN
Correct Answer: A
A serverless framework is a cloud-based application-hosting solution that meets the requirements of low-cost and cloud- based. A serverless framework is a type of cloud computing service that allows developers to run applications without managing or provisioning any servers. The cloud provider handles the server-side infrastructure, such as scaling, load balancing, security, and maintenance, and charges the developer only for the resources consumed by the application. A serverless framework enables developers to focus on the application logic and functionality, and reduces the operational costs and complexity of hosting applications. Some examples of serverless frameworks are AWS Lambda, Azure Functions, and Google Cloud Functions. A type 1 hypervisor, SD-WAN, and SDN are not cloud-based application- hosting solutions that meet the requirements of low-cost and cloud-based. A type 1 hypervisor is a software layer that runs directly on the hardware and creates multiple virtual machines that can run different operating systems and applications. A type 1 hypervisor is not a cloud-based service, but a virtualization technology that can be used to create private or hybrid clouds. A type 1 hypervisor also requires the developer to manage and provision the servers and the virtual machines, which can increase the operational costs and complexity of hosting applications. Some examples of type 1 hypervisors are VMware ESXi, Microsoft Hyper-V, and Citrix XenServer. SD-WAN (Software-Defined Wide Area Network) is a network architecture that uses software to dynamically route traffic across multiple WAN connections, such as broadband, LTE, or MPLS. SD-WAN is not a cloud-based service, but a network optimization technology that can improve the performance, reliability, and security of WAN connections. SD-WAN can be used to connect remote sites or users to cloud-based applications, but it does not host the applications itself. Some examples of SD-WAN vendors are Cisco, VMware, and Fortinet. SDN (Software-Defined Networking) is a network architecture that decouples the control plane from the data plane, and uses a centralized controller to programmatically manage and configure the network devices and traffic flows. SDN is not a cloud-based service, but a network automation technology that can enhance the scalability, flexibility, and efficiency of the network. SDN can be used to create virtual networks or network functions that can support cloud-based applications, but it does not host the applications itself. Some examples of SDN vendors are OpenFlow, OpenDaylight, and OpenStack.
References: CompTIA Security+ SY0-701 Certification Study Guide, page 264- 265; Professor Messer\'s CompTIA SY0-701 Security+ Training Course, video 3.1 - Cloud and Virtualization, 7:40 - 10:00; [Serverless Framework]; [Type 1 Hypervisor]; [SD-WAN]; [SDN].
A company\'s web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?
A. encryption=off\
B. http://
C. www.*.com
2024 Latest leads4pass SY0-701 PDF and VCE dumps Download
Which of the following describes the maximum allowance of accepted risk?
A. Risk indicator
B. Risk level
C. Risk score
D. Risk threshold
Correct Answer: D
Risk threshold is the maximum amount of risk that an organization is willing to accept for a given activity or decision. It is also known as risk appetite or risk tolerance. Risk threshold helps an organization to prioritize and allocate resources for risk management. Risk indicator, risk level, and risk score are different ways of measuring or expressing the likelihood and impact of a risk, but they do not describe the maximum allowance of accepted risk. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 34; Accepting Risk: Definition, How It Works, and Alternatives
Which of the following documents provides expectations at a technical level for quality, availability, and responsibilities?
A. EOL
B. SLA
C. MOU
D. EOSL
Correct Answer: B
A document that provides expectations at a technical level for quality, availability, and responsibilities is a Service Level Agreement (SLA). An SLA is a contract between a service provider and a customer that specifies the level of service that the provider will deliver. This typically includes technical details such as uptime, response times, and performance criteria. The SLA is used to ensure that the customer receives the level of service that they have agreed to and that the provider is held accountable for meeting those expectations. Options A, C, and D are not related to the technical level of service expectations. EOL refers to the end of life for a product or service, MOU is a memorandum of understanding, and EOSL is the end of service life.
Which of the following describes the reason root cause analysis should be conducted as part of incident response?
A. To gather loCs for the investigation
B. To discover which systems have been affected
C. To eradicate any trace of malware on the network
2024 Latest leads4pass SY0-701 PDF and VCE dumps Download
D. To prevent future incidents of the same nature
Correct Answer: D
Root cause analysis is a process of identifying and resolving the underlying factors that led to an incident. By conducting root cause analysis as part of incident response, security professionals can learn from the incident and implement corrective actions to prevent future incidents of the same nature. For example, if the root cause of a data breach was a weak password policy, the security team can enforce a stronger password policy and educate users on the importance of password security. Root cause analysis can also help to improve security processes, policies, and procedures, and to enhance security awareness and culture within the organization. Root cause analysis is not meant to gather loCs (indicators of compromise) for the investigation, as this is a task performed during the identification and analysis phases of incident response. Root cause analysis is also not meant to discover which systems have been affected or to eradicate any trace of malware on the network, as these are tasks performed during the containment and eradication phases of incident response.
References: CompTIA Security+ SY0-701 Certification Study Guide, page 424-425; Professor Messer\'s CompTIA SY0-701 Security+ Training Course, video 5.1 - Incident Response, 9:55 - 11:18.
After multiple on premises security solutions were migrated to the cloud, the incident response time increased. The analyst are spending a long time to trace information on different cloud consoles and correlating data in different formats. Which of the following can be used to optimize the incident response time?
A. CASB
B. VPC
C. SWG
D. CMS
Correct Answer: A
CASB vs SWG CASB is the more optimal solution for multiple on premises security solutions CASB services are explicitly designed to fit the needs of large enterprises You can access link and read about it: https://www.gend.co/blog/casb-or-swg-which-is-best-option-for-your-enterprise
An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of .ryk. Which of the following types of infections is present on the systems?
A. Virus
B. Trojan
C. Spyware
D. Ransomware
Correct Answer: D
2024 Latest leads4pass SY0-701 PDF and VCE dumps Download
A cyber operations team informs a security analyst about a new tactic malicious actors are using to compromise networks.
SIEM alerts have not yet been configured. Which of the following best describes what the security analyst should do to identify this behavior?
A. [Digital forensics
B. E-discovery
C. Incident response
D. Threat hunting
Correct Answer: D
Threat hunting is the process of proactively searching for signs of malicious activity or compromise in a network, rather than waiting for alerts or indicators of compromise (IOCs) to appear. Threat hunting can help identify new tactics, techniques, and procedures (TTPs) used by malicious actors, as well as uncover hidden or stealthy threats that may have evaded detection by security tools. Threat hunting requires a combination of skills, tools, and methodologies, such as hypothesis generation, data collection and analysis, threat intelligence, and incident response. Threat hunting can also help improve the security posture of an organization by providing feedback and recommendations for security improvements.
References: CompTIA Security+ Certification Exam Objectives, Domain 4.1: Given a scenario, analyze potential indicators of malicious activity. CompTIA Security+ Study Guide (SY0-701), Chapter 4: Threat Detection and Response, page
During a security incident, the security operations team identified sustained network traffic from a malicious IP address:
10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization\'s network.
Which of the following fulfills this request?
A. access-list inbound deny ig source 0.0.0.0/0 destination 10.1.4.9/
B. access-list inbound deny ig source 10.1.4.9/32 destination 0.0.0.0/
C. access-list inbound permit ig source 10.1.4.9/32 destination 0.0.0.0/
D. access-list inbound permit ig source 0.0.0.0/0 destination 10.1.4.9/
Correct Answer: B
A firewall rule is a set of criteria that determines whether to allow or deny a packet to pass through the firewall. A firewall
2024 Latest leads4pass SY0-701 PDF and VCE dumps Download
rule consists of several elements, such as the action, the protocol, the source address, the destination address, and the port number. The syntax of a firewall rule may vary depending on the type and vendor of the firewall, but the basic logic is the same. In this question, the security analyst is creating an inbound firewall rule to block the IP address 10.1.4. from accessing the organization\'s network. This means that the action should be deny, the protocol should be any (or ig for IP), the source address should be 10.1.4.9/32 (which means a single IP address), the destination address should be 0.0.0.0/0 (which means any IP address), and the port number should be any. Therefore, the correct firewall rule is: access-list inbound deny ig source 10.1.4.9/32 destination 0.0.0.0/0 This rule will match any packet that has the source IP address of 10.1.4.9 and drop it. The other options are incorrect because they either have the wrong action, the wrong source address, or the wrong destination address. For example, option A has the source and destination addresses reversed, which means that it will block any packet that has the destination IP address of 10.1.4.9, which is not the intended goal. Option C has the wrong action, which is permit, which means that it will allow the packet to pass through the firewall, which is also not the intended goal. Option D has the same problem as option A, with the source and destination addresses reversed.
References: Firewall Rules -CompTIA Security+ SY0-401: 1.2, Firewalls -SY0-601 CompTIA Security+ : 3.3, Firewalls -CompTIA Security+ SY0-501, Understanding Firewall Rules -CompTIA Network+ N10-005: 5.5, Configuring Windows Firewall -CompTIA A+ 220-1102 -1.6.
A user is attempting to patch a critical system, but the patch fails to transfer. Which of the following access controls is most likely inhibiting the transfer?
A. Attribute-based
B. Time of day
C. Role-based
D. Least privilege
Correct Answer: D
The least privilege principle states that users and processes should only have the minimum level of access required to perform their tasks. This helps to prevent unauthorized or unnecessary actions that could compromise security. In this case, the patch transfer might be failing because the user or process does not have the appropriate permissions to access the critical system or the network resources needed for the transfer. Applying the least privilege principle can help to avoid this issue by granting the user or process the necessary access rights for the patching activity.
References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page
Powered by TCPDF (www.tcpdf.org)
SY0-701 PDF Dumps | SY0-701 VCE Dumps | SY0-701 Practice Test 8 / 8