CompTIA
SY0-701
CompTIA Security+ Exam
, SY0-701
QUESTION: 1
Which of the following threat actors is the most likely to be hired by a foreign government to
attack critical systems located in other countries?
A. Hacktivist
B. Whistleblower
C. Organized crime
D. Unskilled attacker
Answer(s): C
QUESTION: 2
Which of the following is used to add extra complexity before using a one-way data
transformation algorithm?
A. Key stretching
B. Data masking
C. Steganography
D. Salting
Answer(s): D
QUESTION: 3
An employee clicked a link in an email from a payment website that asked the employee to
update contact information. The employee entered the log-in information but received a “page
not found” error message.
Which of the following types of social engineering attacks occurred?
A. Brand impersonation
B. Pretexting
C. Typosquatting
D. Phishing
Answer(s): D
QUESTION: 4
An enterprise is trying to limit outbound DNS traffic originating from its internal network.
Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25.
Which of the following firewall ACLs will accomplish this goal?
A. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53
Access list outbound deny 10.50.10.25/32 0.0.0.0/0 port 53
B. Access list outbound permit 0.0.0.0/0 10.50.10.25/32 port 53
2
, SY0-701
Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53
C. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53
Access list outbound deny 0.0.0.0/0 10.50.10.25/32 port 53
D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53
Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53
Answer(s): D
QUESTION: 5
A data administrator is configuring authentication for a SaaS application and would like to
reduce the number of credentials employees need to maintain. The company prefers to use
domain credentials to access new SaaS applications.
Which of the following methods would allow this functionality?
A. SSO
B. LEAP
C. MFA
D. PEAP
Answer(s): A
QUESTION: 6
Which of the following scenarios describes a possible business email compromise attack?
A. An employee receives a gift card request in an email that has an executive’s name in the
display field of the email.
B. Employees who open an email attachment receive messages demanding payment in order to
access files.
C. A service desk employee receives an email from the HR director asking for log-in credentials
to a cloud administrator account.
D. An employee receives an email with a link to a phishing site that is designed to look like the
company’s email portal.
Answer(s): A
QUESTION: 7
A company prevented direct access from the database administrators’ workstations to the
network segment that contains database servers.
Which of the following should a database administrator use to access the database servers?
A. Jump server
B. RADIUS
C. HSM
D. Load balancer
3
, SY0-701
Answer(s): A
QUESTION: 8
An organization’s internet-facing website was compromised when an attacker exploited a buffer
overflow.
Which of the following should the organization deploy to best protect against similar attacks in
the future?
A. NGFW
B. WAF
C. TLS
D. SD-WAN
Answer(s): B
QUESTION: 9
An administrator notices that several users are logging in from suspicious IP addresses. After
speaking with the users, the administrator determines that the employees were not logging in
from those IP addresses and resets the affected users’ passwords.
Which of the following should the administrator implement to prevent this type of attack from
succeeding in the future?
A. Multifactor authentication
B. Permissions assignment
C. Access management
D. Password complexity
Answer(s): A
QUESTION: 10
An employee receives a text message that appears to have been sent by the payroll department
and is asking for credential verification.
Which of the following social engineering techniques are being attempted? (Choose two.)
A. Typosquatting
B. Phishing
C. Impersonation
D. Vishing
E. Smishing
F. Misinformation
Answer(s): C, E
4
SY0-701
CompTIA Security+ Exam
, SY0-701
QUESTION: 1
Which of the following threat actors is the most likely to be hired by a foreign government to
attack critical systems located in other countries?
A. Hacktivist
B. Whistleblower
C. Organized crime
D. Unskilled attacker
Answer(s): C
QUESTION: 2
Which of the following is used to add extra complexity before using a one-way data
transformation algorithm?
A. Key stretching
B. Data masking
C. Steganography
D. Salting
Answer(s): D
QUESTION: 3
An employee clicked a link in an email from a payment website that asked the employee to
update contact information. The employee entered the log-in information but received a “page
not found” error message.
Which of the following types of social engineering attacks occurred?
A. Brand impersonation
B. Pretexting
C. Typosquatting
D. Phishing
Answer(s): D
QUESTION: 4
An enterprise is trying to limit outbound DNS traffic originating from its internal network.
Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25.
Which of the following firewall ACLs will accomplish this goal?
A. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53
Access list outbound deny 10.50.10.25/32 0.0.0.0/0 port 53
B. Access list outbound permit 0.0.0.0/0 10.50.10.25/32 port 53
2
, SY0-701
Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53
C. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53
Access list outbound deny 0.0.0.0/0 10.50.10.25/32 port 53
D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53
Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53
Answer(s): D
QUESTION: 5
A data administrator is configuring authentication for a SaaS application and would like to
reduce the number of credentials employees need to maintain. The company prefers to use
domain credentials to access new SaaS applications.
Which of the following methods would allow this functionality?
A. SSO
B. LEAP
C. MFA
D. PEAP
Answer(s): A
QUESTION: 6
Which of the following scenarios describes a possible business email compromise attack?
A. An employee receives a gift card request in an email that has an executive’s name in the
display field of the email.
B. Employees who open an email attachment receive messages demanding payment in order to
access files.
C. A service desk employee receives an email from the HR director asking for log-in credentials
to a cloud administrator account.
D. An employee receives an email with a link to a phishing site that is designed to look like the
company’s email portal.
Answer(s): A
QUESTION: 7
A company prevented direct access from the database administrators’ workstations to the
network segment that contains database servers.
Which of the following should a database administrator use to access the database servers?
A. Jump server
B. RADIUS
C. HSM
D. Load balancer
3
, SY0-701
Answer(s): A
QUESTION: 8
An organization’s internet-facing website was compromised when an attacker exploited a buffer
overflow.
Which of the following should the organization deploy to best protect against similar attacks in
the future?
A. NGFW
B. WAF
C. TLS
D. SD-WAN
Answer(s): B
QUESTION: 9
An administrator notices that several users are logging in from suspicious IP addresses. After
speaking with the users, the administrator determines that the employees were not logging in
from those IP addresses and resets the affected users’ passwords.
Which of the following should the administrator implement to prevent this type of attack from
succeeding in the future?
A. Multifactor authentication
B. Permissions assignment
C. Access management
D. Password complexity
Answer(s): A
QUESTION: 10
An employee receives a text message that appears to have been sent by the payroll department
and is asking for credential verification.
Which of the following social engineering techniques are being attempted? (Choose two.)
A. Typosquatting
B. Phishing
C. Impersonation
D. Vishing
E. Smishing
F. Misinformation
Answer(s): C, E
4
