Free SY0-701 Sample Questions — CompTIA Security+ 2023

Which of the following should be used to ensure an attacker is unable to read the contents of a mobile device's drive if the device is lost?

• A. TPM
• B. ECC
• C. FDE
• D. HSM

A penetration tester finds an unused Ethernet port during an on-site penetration test. Upon plugging a device into the unused port, the penetration tester notices that the machine is assigned an IP address, allowing the tester to enumerate the local network. Which of the following should an administrator implement in order to prevent this situation from happening in the future?

• A. Port security
• B. Transport Layer Security
• C. Proxy server
• D. Security zones

Which of the following phases of the incident response process attempts to minimize disruption?

• A. Recovery
• B. Containment
• C. Preparation
• D. Analysis

A security administrator needs a method to secure data in an environment that includes some form of checks so track any changes. Which of the following should the administrator set up to achieve this goal?

• A. SPF
• B. GPO
• C. NAC
• D. FIM

A company must ensure sensitive data at rest is rendered unreadable. Which of the following will the company most likely use?

• A. Hashing
• B. Tokenization
• C. Encryption
• D. Segmentation

Which of the following would enable a data center to remain operational through a multiday power outage?

• A. Generator
• B. Uninterruptible power supply
• C. Replication
• D. Parallel processing

An alert references attacks associated with a zero-day exploit. An analyst places a bastion host in the network to reduce the risk of the exploit. Which of the following types of controls is the analyst implementing?

• A. Compensating
• B. Detective
• C. Operational
• D. Physical

Which of the following should a company use to provide proof of external network security testing?

• A. Business impact analysis
• B. Supply chain analysis
• C. Vulnerability assessment
• D. Third-party attestation

Which of the following are the first steps an analyst should perform when developing a heat map? (Choose two.)

• A. Methodically walk around the office noting Wi-Fi signal strength
• B. Log in to each access point and check the settings
• C. Create or obtain a layout of the office
• D. Measure cable lengths between access points
• E. Review access logs to determine the most active devices
• F. Remove possible impediments to radio transmissions

After a security incident, a systems administrator asks the company to buy a NAC platform. Which of the following attack surfaces is the systems administrator trying to protect?

• A. Bluetooth
• B. Wired
• C. NFC
• D. SCADA

A company's end users are reporting that they are unable to reach external websites. After reviewing the performance data for the DNS severs, the analyst discovers that the CPU, disk, and memory usage are minimal, but the network interface is flooded with inbound traffic. Network logs show only a small number of DNS queries sent to this server. Which of the following best describes what the security analyst is seeing?

• A. Concurrent session usage
• B. Secure DNS cryptographic downgrade
• C. On-path resource consumption
• D. Reflected denial of service

A security team receives reports about high latency and complete network unavailability throughout most of the office building. Flow logs from the campus switches show high traffic on TCP 445. Which of the following is most likely the root cause of this incident?

• A. Buffer overflow
• B. NTP amplification attack
• C. Worm
• D. DoS attack

A security team is setting up a new environment for hosting the organization's on-premises software application as a cloud-based service. Which of the following should the team ensure is in place in order for the organization to follow security best practices?

• A. Virtualization and isolation of resources
• B. Network segmentation
• C. Data encryption
• D. Strong authentication policies

A systems administrator wants to prevent users from being able to access data based on their responsibilities. The administrator also wants to apply the required access structure via a simplified format. Which of the following should the administrator apply to the site recovery resource group?

• A. RBAC
• B. ACL
• C. SAML
• D. GPO

A company's accounting department receives an urgent payment message from the company's bank domain with instructions to wire transfer funds. The sender requests that the transfer be completed as soon as possible. Which of the following attacks is described?

• A. Business email compromise
• B. Vishing
• C. Spear phishing
• D. Impersonation

A security analyst learns that an attack vector, which was used as a part of a recent incident, was a well-known IoT device exploit. The analyst needs to review logs to identify the time of initial exploit. Which of the following logs should the analyst review first?

• A. Endpoint
• B. Application
• C. Firewall
• D. NAC

During an investigation, an incident response team attempts to understand the source of an incident. Which of the following incident response activities describes this process?

• A. Analysis
• B. Lessons learned
• C. Detection
• D. Containment

Which of the following best practices gives administrators a set period to perform changes to an operational system to ensure availability and minimize business impacts?

• A. Impact analysis
• B. Scheduled downtime
• C. Backout plan
• D. Change management boards

Which of the following is used to improve security and overall functionality without losing critical application data?

• A. Reformatting
• B. Decommissioning
• C. Patching
• D. Encryption

A systems administrator uses a key to encrypt a message being sent to a peer in a different branch office. The peer then uses the same key to decrypt the message. Which of the following describes this example?

• A. Symmetric
• B. Asymmetric
• C. Hashing
• D. Salting