Weekend Sale Limited Time 75% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple75

Pass the CompTIA Security+ SY0-701 Questions and answers with Dumpstech

Exam SY0-701 Premium Access

View all detail and faqs for the SY0-701 exam

Practice at least 50% of the questions to maximize your chances of passing.
Viewing page 14 out of 14 pages
Viewing questions 261-280 out of questions
Questions # 261:

Which of the following is a benefit of launching a bug bounty program? (Select two)

Options:

A.

Transference of risk to a third party

B.

Reduction in the number of zero-day vulnerabilities

C.

Increased security awareness for the workforce

D.

Reduced cost of managing the program

E.

Quicker discovery of vulnerabilities

F.

Improved patch management process

Questions # 262:

Employees located off-site must have access to company resources in order to complete their assigned tasks These employees utilize a solution that allows remote access without interception concerns. Which of the following best describes this solution?

Options:

A.

Proxy server

B.

NGFW

C.

VPN

D.

Security zone

Questions # 263:

Which of the following should a systems administrator use to decrease the company's hardware attack surface?

Options:

A.

Replication

B.

Isolation

C.

Centralization

D.

Virtualization

Questions # 264:

Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?

Options:

A.

Software as a service

B.

Infrastructure as code

C.

Internet of Things

D.

Software-defined networking

Questions # 265:

Which of the following is an example of memory injection?

Options:

A.

Two processes access the same variable, allowing one to cause a privilege escalation.

B.

A process receives an unexpected amount of data, which causes malicious code to be executed.

C.

Malicious code is copied to the allocated space of an already running process.

D.

An executable is overwritten on the disk, and malicious code runs the next time it is executed.

Questions # 266:

Which of the following would a systems administrator follow when upgrading the firmware of an organization's router?

Options:

A.

Software development life cycle

B.

Risk tolerance

C.

Certificate signing request

D.

Maintenance window

Questions # 267:

A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy?

Options:

A.

Enumeration

B.

Sanitization

C.

Destruction

D.

Inventory

Questions # 268:

An organization failed to account for the right-to-be-forgotten regulations. Which of the following impacts might this action have on the company?

Options:

A.

Fines

B.

Data breaches

C.

Revenue loss

D.

Blackmail

Questions # 269:

Which vulnerability is most likely mitigated by setting up an MDM platform?

Options:

A.

TPM

B.

Buffer overflow

C.

Jailbreaking

D.

SQL injection

Questions # 270:

A company wants to verify that the software the company is deploying came from the vendor the company purchased the software from. Which of the following is the best way for the company to confirm this information?

Options:

A.

Validate the code signature.

B.

Execute the code in a sandbox.

C.

Search the executable for ASCII strings.

D.

Generate a hash of the files.

Questions # 271:

Which of the following actions must an organization take to comply with a person's request for the right to be forgotten?

Options:

A.

Purge all personally identifiable attributes.

B.

Encrypt all of the data.

C.

Remove all of the person’s data.

D.

Obfuscate all of the person’s data.

Questions # 272:

An accounting clerk sent money to an attacker's bank account after receiving fraudulent instructions over the phone to use a new account. Which of the following would most likely prevent this activity in the future?

Options:

A.

Standardizing security incident reporting

B.

Executing regular phishing campaigns

C.

Implementing insider threat detection measures

D.

Updating processes for sending wire transfers

Questions # 273:

A security team is setting up a new environment for hosting the organization's on-premises software application as a cloud-based service. Which of the following should the team ensure is in place in order for the organization to follow security best practices?

Options:

A.

Visualization and isolation of resources

B.

Network segmentation

C.

Data encryption

D.

Strong authentication policies

Questions # 274:

Which of the following activities are associated with vulnerability management? (Select two).

Options:

A.

Reporting

B.

Prioritization

C.

Exploiting

D.

Correlation

E.

Containment

F.

Tabletop exercise

Questions # 275:

Which of the following is the final step of the modem response process?

Options:

A.

Lessons learned

B.

Eradication

C.

Containment

D.

Recovery

Questions # 276:

A security analyst reviews web server logs and sees the following entries:

16.22.48.102 -- 26/April/2023 22:00:04.33 GET "http://www.databaseInfo.com/index.html/* " 200

16.22.48.102 -- 26/April/2023 22:00:07.23 GET "http://www.databaseInfo.com/index.html/../ " 404

16.22.48.102 -- 26/April/2023 22:01:16.03 GET "http://www.databaseInfo.com/index.html/../images " 404

16.22.48.102 -- 26/April/2023 22:03:10.25 GET "http://www.databaseInfo.com/index.html/../passwords " 404

16.22.48.102 -- 26/April/2023 22:05:11.22 GET "http://www.databaseInfo.com/index.html/../storedSQLqueries " 404

Which of the following attacks is most likely being attempted?

Options:

A.

Denial of service

B.

Password spraying

C.

SQL injection

D.

Directory traversal

Questions # 277:

A certificate authority needs to post information about expired certificates. Which of the following would accomplish this task?

Options:

A.

TPM

B.

CRL

C.

PKI

D.

CSR

Questions # 278:

A security analyst wants to better understand the behavior of users and devices in order to gain visibility into potential malicious activities. The analyst needs a control to detect when actions deviate from a common baseline Which of the following should the analyst use?

Options:

A.

Intrusion prevention system

B.

Sandbox

C.

Endpoint detection and response

D.

Antivirus

Questions # 279:

Which of the following is the most important element when defining effective security governance?

Options:

A.

Discovering and documenting external considerations

B.

Developing procedures for employee onboarding and offboarding

C.

Assigning roles and responsibilities for owners, controllers, and custodians

D.

Defining and monitoring change management procedures

Questions # 280:

A systems administrator is working on a solution with the following requirements:

• Provide a secure zone.

• Enforce a company-wide access control policy.

• Reduce the scope of threats.

Which of the following is the systems administrator setting up?

Options:

A.

Zero Trust

B.

AAA

C.

Non-repudiation

D.

CIA

Viewing page 14 out of 14 pages
Viewing questions 261-280 out of questions