CompTIA Security+ Certification - (SY0-701) Exam Questions
Total Questions
Last Updated
1st Try Guaranteed
Experts Verified
Question 1 Single Choice
Which of the following options correctly identifies examples of preventive security controls?
Explanation
Click "Show Answer" to see the explanation here
Password Policies enforce strong authentication measures to prevent unauthorized access and IPS (Intrusion Prevention Systems) actively monitor and block suspicious activities, making them both preventive controls.
Incorrect Answers Explained:
A. IDS (Intrusion Detection Systems) is a detective control, designed to identify and alert on potential security threats rather than prevent them. While Multi-factor Authentication is a form of preventive control, pairing it with IDS makes this option incorrect.
B. Firewalls serve as preventive controls by regulating network traffic based on security rules. However, Security Awareness Programs are administrative controls and not directly preventive, making this combination incorrect.
D. Password Policies are preventive controls, but IDS (Intrusion Detection Systems) is a detective control, making this option incorrect.
Explanation
Password Policies enforce strong authentication measures to prevent unauthorized access and IPS (Intrusion Prevention Systems) actively monitor and block suspicious activities, making them both preventive controls.
Incorrect Answers Explained:
A. IDS (Intrusion Detection Systems) is a detective control, designed to identify and alert on potential security threats rather than prevent them. While Multi-factor Authentication is a form of preventive control, pairing it with IDS makes this option incorrect.
B. Firewalls serve as preventive controls by regulating network traffic based on security rules. However, Security Awareness Programs are administrative controls and not directly preventive, making this combination incorrect.
D. Password Policies are preventive controls, but IDS (Intrusion Detection Systems) is a detective control, making this option incorrect.
Question 2 Single Choice
A software company processes online payments for its products and needs to store customer billing information securely. To securely store customer billing info, which method uses random values and a secure table for protection?
Explanation
Click "Show Answer" to see the explanation here
Tokenization replaces sensitive data like credit card information with randomly generated values (tokens). These tokens are mapped to the original data within a heavily protected lookup table, limiting the risk of direct exposure due to unauthorized access.
Incorrect Answers Explained:
A. Masking partially obscures data with placeholders (for ex: showing only the last 4 digits of a card number). This offers less comprehensive protection as parts of the original data remain directly visible.
B. Encryption encrypts data to protect its confidentiality during storage or transmission, making it unreadable without the decryption key. While it secures data against unauthorized access, encryption does not replace sensitive information with random values as tokenization does, nor does it utilize a secure lookup table for data retrieval, making it less effective for specific needs of obfuscating stored customer billing information.
C. Pseudonymization is a method that replaces sensitive data with artificial identifiers, which can partially obscure original data for privacy protection. However, unlike tokenization, pseudonymization does not use random values paired with a secure lookup table, making it less suited for scenarios requiring the enhanced protection of customer billing information through obfuscation.
Explanation
Tokenization replaces sensitive data like credit card information with randomly generated values (tokens). These tokens are mapped to the original data within a heavily protected lookup table, limiting the risk of direct exposure due to unauthorized access.
Incorrect Answers Explained:
A. Masking partially obscures data with placeholders (for ex: showing only the last 4 digits of a card number). This offers less comprehensive protection as parts of the original data remain directly visible.
B. Encryption encrypts data to protect its confidentiality during storage or transmission, making it unreadable without the decryption key. While it secures data against unauthorized access, encryption does not replace sensitive information with random values as tokenization does, nor does it utilize a secure lookup table for data retrieval, making it less effective for specific needs of obfuscating stored customer billing information.
C. Pseudonymization is a method that replaces sensitive data with artificial identifiers, which can partially obscure original data for privacy protection. However, unlike tokenization, pseudonymization does not use random values paired with a secure lookup table, making it less suited for scenarios requiring the enhanced protection of customer billing information through obfuscation.
Question 3 Single Choice
Which category of threat actor is commonly involved in activities aimed at monetary gain through mechanisms like ransomware deployment or unauthorized acquisition of sensitive data?
Explanation
Click "Show Answer" to see the explanation here
This category includes criminals who systematically engage in cyber activities with the intent of monetary gain through ransomware deployment or unauthorized access to sensitive data. They possess the sophistication and organizational structure to execute these operations at a significant scale.
Incorrect Answers Explained:
A. Insider threats come from individuals within an organization who may misuse their access to harm the organization. While some insider threats can lead to financial losses, they are not typically driven by the same profit motives as organized crime groups. Insider threats can involve sabotage, data theft, or espionage, often motivated by personal grievances or ideological reasons rather than organized criminal activities aimed at monetary gain.
B. Hacktivist is driven by ideological motivations, they use their skills to promote social or political causes, not for personal financial benefit.
D. Script Kiddies refers to inexperienced cyber attackers who use pre-written scripts or software developed by others to launch attacks without a deep understanding of the underlying technology. Script kiddies typically engage in hacking for bragging rights, curiosity, or minor personal gain, rather than the financial motives driving organized crime.
Explanation
This category includes criminals who systematically engage in cyber activities with the intent of monetary gain through ransomware deployment or unauthorized access to sensitive data. They possess the sophistication and organizational structure to execute these operations at a significant scale.
Incorrect Answers Explained:
A. Insider threats come from individuals within an organization who may misuse their access to harm the organization. While some insider threats can lead to financial losses, they are not typically driven by the same profit motives as organized crime groups. Insider threats can involve sabotage, data theft, or espionage, often motivated by personal grievances or ideological reasons rather than organized criminal activities aimed at monetary gain.
B. Hacktivist is driven by ideological motivations, they use their skills to promote social or political causes, not for personal financial benefit.
D. Script Kiddies refers to inexperienced cyber attackers who use pre-written scripts or software developed by others to launch attacks without a deep understanding of the underlying technology. Script kiddies typically engage in hacking for bragging rights, curiosity, or minor personal gain, rather than the financial motives driving organized crime.
Question 4 Single Choice
An enterprise's data storage systems have suddenly become inaccessible, with a note appearing on several employees' screens demanding a cryptocurrency transaction to restore access. What cybersecurity threat has the organization encountered?
Explanation
Click "Show Answer" to see the explanation here
This incident is characteristic of a ransomware attack, where malicious software encrypts files or entire systems, demanding payment for decryption keys. This type of malware specifically targets organizational data to cripple operations and extort money, representing a direct threat to information integrity and availability.
Incorrect Answers Explained:
A. Spyware is designed to gather information from a system without the user's consent, often for data theft. Unlike ransomware, it does not typically encrypt data or demand payment.
B. Adware automatically delivers or displays unwanted advertisements to a user. It is generally more annoying than harmful and does not involve encryption of data or ransom demands.
C. Spear Phishing is a targeted form of phishing that aims to deceive specific individuals into divulging sensitive information or downloading malware. While it can be a delivery mechanism for ransomware, the act of encrypting data and demanding a ransom is not spear phishing itself.
Explanation
This incident is characteristic of a ransomware attack, where malicious software encrypts files or entire systems, demanding payment for decryption keys. This type of malware specifically targets organizational data to cripple operations and extort money, representing a direct threat to information integrity and availability.
Incorrect Answers Explained:
A. Spyware is designed to gather information from a system without the user's consent, often for data theft. Unlike ransomware, it does not typically encrypt data or demand payment.
B. Adware automatically delivers or displays unwanted advertisements to a user. It is generally more annoying than harmful and does not involve encryption of data or ransom demands.
C. Spear Phishing is a targeted form of phishing that aims to deceive specific individuals into divulging sensitive information or downloading malware. While it can be a delivery mechanism for ransomware, the act of encrypting data and demanding a ransom is not spear phishing itself.
Question 5 Single Choice
A software development company is launching a suite of online productivity tools. Each tool will have its own subdomain (timemanage.softwarecompany.com, goals.softwarecompany.com, etc.). To streamline its security administration, which type of certificate would be most efficient?
Explanation
Click "Show Answer" to see the explanation here
A wildcard certificate enables encryption for a primary domain (softwarecompany.com) and all its subdomains. This allows the company to manage a single certificate, add/remove sub-tools as needed, and ensure encryption for customers with minimum administrative overhead.
Incorrect Answers Explained:
A. Extended Validation (EV) SSL Certificate offers superior authenticity and trust but won't streamline securing multiple subdomains as efficiently as a wildcard.
C. Self-Signed TLS Certificate can be generated by the organization itself without the need for a Certificate Authority (CA). While it can secure communication, it is not trusted by default by web browsers and may present warnings to users. It also does not provide the streamlined administrative benefit for multiple subdomains like a wildcard certificate.
D. Email TLS Certificate is also known as S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates, these are used primarily to encrypt and digitally sign email communications. While they enhance email security, they do not cover website encryption needs or the management of subdomains for web applications, making them an irrelevant choice for securing a suite of online productivity tools with various subdomains.
Explanation
A wildcard certificate enables encryption for a primary domain (softwarecompany.com) and all its subdomains. This allows the company to manage a single certificate, add/remove sub-tools as needed, and ensure encryption for customers with minimum administrative overhead.
Incorrect Answers Explained:
A. Extended Validation (EV) SSL Certificate offers superior authenticity and trust but won't streamline securing multiple subdomains as efficiently as a wildcard.
C. Self-Signed TLS Certificate can be generated by the organization itself without the need for a Certificate Authority (CA). While it can secure communication, it is not trusted by default by web browsers and may present warnings to users. It also does not provide the streamlined administrative benefit for multiple subdomains like a wildcard certificate.
D. Email TLS Certificate is also known as S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates, these are used primarily to encrypt and digitally sign email communications. While they enhance email security, they do not cover website encryption needs or the management of subdomains for web applications, making them an irrelevant choice for securing a suite of online productivity tools with various subdomains.
Question 6 Single Choice
A hospital is seeking to upgrade its wireless network to include TLS-based encryption for strong user authentication and to safeguard sensitive patient data. Which of the following protocols is best suited for this requirement?
Explanation
Click "Show Answer" to see the explanation here
PEAP creates a TLS-encrypted tunnel, enhancing privacy and security for the authentication process, ideal for sensitive healthcare settings.
This tunneling mechanism within PEAP offers strong protection against common wireless network attacks, such as man-in-the-middle attacks.
Incorrect Answers Explained:
A. WPA2-Enterprise delivers strong wireless security by focusing on network access control and authentication. It doesn't directly manage transport-layer security, which is where PEAP and its TLS tunneling come into play, enhancing data protection during transmission.
B. TKIP (Temporal Key Integrity Protocol) is an early encryption approach used with WPA, TKIP introduced improvements over WEP, such as key mixing. However, its vulnerabilities, identified over time, make it unsuitable for environments demanding high security, like healthcare.
D. WEP (Wired Equivalent Privacy) is an initial security standard for wireless networks, WEP's significant vulnerabilities quickly rendered it obsolete for protecting sensitive information. Its weak encryption can be easily breached, making it inappropriate for securing patient data in healthcare contexts.
Explanation
PEAP creates a TLS-encrypted tunnel, enhancing privacy and security for the authentication process, ideal for sensitive healthcare settings.
This tunneling mechanism within PEAP offers strong protection against common wireless network attacks, such as man-in-the-middle attacks.
Incorrect Answers Explained:
A. WPA2-Enterprise delivers strong wireless security by focusing on network access control and authentication. It doesn't directly manage transport-layer security, which is where PEAP and its TLS tunneling come into play, enhancing data protection during transmission.
B. TKIP (Temporal Key Integrity Protocol) is an early encryption approach used with WPA, TKIP introduced improvements over WEP, such as key mixing. However, its vulnerabilities, identified over time, make it unsuitable for environments demanding high security, like healthcare.
D. WEP (Wired Equivalent Privacy) is an initial security standard for wireless networks, WEP's significant vulnerabilities quickly rendered it obsolete for protecting sensitive information. Its weak encryption can be easily breached, making it inappropriate for securing patient data in healthcare contexts.
Question 7 Single Choice
A software company develops a new user registration system. To safeguard user passwords, they apply a technique that makes it significantly harder and more time-consuming for attackers to guess the passwords, even for weak or commonly used ones. Which of the following describes this technique?
Explanation
Click "Show Answer" to see the explanation here
Key Stretching deliberately slows down the process of checking potential passwords through repeated cryptographic hashing, making brute-force attacks much less effective, especially against simpler passwords.
Incorrect Answers Explained:
A. While Encryption offers protection for data, it's typically used for data in transit or at rest, not specifically for securing stored passwords. Passwords should be hashed before storing.
B. Salting, when it comes to password storage, adding unique random data (salt) to passwords before hashing increases security. However, salting alone doesn't significantly slow down brute-force attacks, which is the primary focus of key stretching.
C. Hashing is a fundamental process for password storage, but on its own doesn't sufficiently slow down determined attackers.
Explanation
Key Stretching deliberately slows down the process of checking potential passwords through repeated cryptographic hashing, making brute-force attacks much less effective, especially against simpler passwords.
Incorrect Answers Explained:
A. While Encryption offers protection for data, it's typically used for data in transit or at rest, not specifically for securing stored passwords. Passwords should be hashed before storing.
B. Salting, when it comes to password storage, adding unique random data (salt) to passwords before hashing increases security. However, salting alone doesn't significantly slow down brute-force attacks, which is the primary focus of key stretching.
C. Hashing is a fundamental process for password storage, but on its own doesn't sufficiently slow down determined attackers.
Question 8 Single Choice
When conducting a cyber assault, an adversary opts to use a few common passwords across numerous user accounts instead of attempting numerous passwords for one user account. Identify the attack being utilized here.
Explanation
Click "Show Answer" to see the explanation here
A spraying attack is characterized by an attacker's strategy of employing common passwords against a wide array of usernames. This method is particularly effective in bypassing security measures that lock accounts after several failed login attempts, thereby reducing the risk of detection.
Incorrect Answers Explained:
B. Brute Force Attack involves trying a large number of passwords on a single username to discover the correct one. It is more time-consuming and likely to trigger security alerts than a spraying attack.
C. Credential Stuffing attack involves using stolen account credentials to gain unauthorized access to user accounts through large-scale automated login requests directed at a web application. While it involves the use of known username-password pairs, it differs from a spraying attack in that the credentials are already known to be valid somewhere, rather than guessing common passwords across many accounts.
D. Phishing is a social engineering attack used to deceive users into disclosing sensitive information, such as usernames and passwords, typically through misleading emails or websites. Unlike a spraying attack, phishing does not involve automated password guessing but relies on tricking individuals into voluntarily providing their credentials.
Explanation
A spraying attack is characterized by an attacker's strategy of employing common passwords against a wide array of usernames. This method is particularly effective in bypassing security measures that lock accounts after several failed login attempts, thereby reducing the risk of detection.
Incorrect Answers Explained:
B. Brute Force Attack involves trying a large number of passwords on a single username to discover the correct one. It is more time-consuming and likely to trigger security alerts than a spraying attack.
C. Credential Stuffing attack involves using stolen account credentials to gain unauthorized access to user accounts through large-scale automated login requests directed at a web application. While it involves the use of known username-password pairs, it differs from a spraying attack in that the credentials are already known to be valid somewhere, rather than guessing common passwords across many accounts.
D. Phishing is a social engineering attack used to deceive users into disclosing sensitive information, such as usernames and passwords, typically through misleading emails or websites. Unlike a spraying attack, phishing does not involve automated password guessing but relies on tricking individuals into voluntarily providing their credentials.
Question 9 Single Choice
After installing a graphics program from a link that Maria found on a social media website, she noticed unexpected toolbars in her browser that she hadn't installed. What is the primary reason for this unwelcome software?
Explanation
Click "Show Answer" to see the explanation here
The core issue is bloatware, which is unwanted software installed without Maria's explicit consent, often bundled with other software installations. These unexpected toolbars in her browser are typical examples of bloatware, cluttering the system, and potentially altering settings without the user’s knowledge.
Incorrect Answers Explained:
A. Adware software primarily focuses on delivering advertisements. Although it can be intrusive, it's not the direct cause of installing additional, non-ad-related software like browser toolbars.
B. Spyware secretly monitors and collects data without consent. While it is a security threat, it does not directly account for the addition of new software or toolbars.
C. Ransomware encrypts files to demand a ransom. This malware does not relate to the scenario of installing unwanted software or toolbars.
Explanation
The core issue is bloatware, which is unwanted software installed without Maria's explicit consent, often bundled with other software installations. These unexpected toolbars in her browser are typical examples of bloatware, cluttering the system, and potentially altering settings without the user’s knowledge.
Incorrect Answers Explained:
A. Adware software primarily focuses on delivering advertisements. Although it can be intrusive, it's not the direct cause of installing additional, non-ad-related software like browser toolbars.
B. Spyware secretly monitors and collects data without consent. While it is a security threat, it does not directly account for the addition of new software or toolbars.
C. Ransomware encrypts files to demand a ransom. This malware does not relate to the scenario of installing unwanted software or toolbars.
Question 10 Single Choice
An e-commerce website frequently promotes flash sales with limited-time discounts. This brings in unexpected surges of customer traffic followed by periods of normal shopping activity. Which cloud computing principle offers the most efficient way to manage the web server resource requirements of this website?
Explanation
Click "Show Answer" to see the explanation here
Cloud elasticity allows dynamic scaling of computing resources (like memory, storage, bandwidth) based on fluctuating traffic demands. For flash sales, this means increasing capacity when needed to handle the surge, then releasing those resources once traffic reduces. This provides significant cost savings while ensuring reliable website performance.
Incorrect Answers Explained:
B. Expanding the Content Delivery Network (CDN): Improves content caching and can reduce origin server load but doesn't address varying computational resource needs caused by large sale traffic.
C. Serverless Computing allows applications to run without managing servers, automatically scaling and billing for actual usage. However, it focuses on application execution rather than managing web server resources directly, which might not be the most efficient for handling sudden traffic surges on its own.
D. Resource Pooling involves combining resources to serve multiple consumers using a multi-tenant model. While it is a cloud computing characteristic, on its own, it does not provide the immediate, automatic scaling up and down of resources specifically needed for flash sales traffic patterns like elasticity does.
Explanation
Cloud elasticity allows dynamic scaling of computing resources (like memory, storage, bandwidth) based on fluctuating traffic demands. For flash sales, this means increasing capacity when needed to handle the surge, then releasing those resources once traffic reduces. This provides significant cost savings while ensuring reliable website performance.
Incorrect Answers Explained:
B. Expanding the Content Delivery Network (CDN): Improves content caching and can reduce origin server load but doesn't address varying computational resource needs caused by large sale traffic.
C. Serverless Computing allows applications to run without managing servers, automatically scaling and billing for actual usage. However, it focuses on application execution rather than managing web server resources directly, which might not be the most efficient for handling sudden traffic surges on its own.
D. Resource Pooling involves combining resources to serve multiple consumers using a multi-tenant model. While it is a cloud computing characteristic, on its own, it does not provide the immediate, automatic scaling up and down of resources specifically needed for flash sales traffic patterns like elasticity does.
