Visit Official SkillCertPro Website :-
For a full set of 880+ questions. Go to
https://skillcertpro.tech/product/comptia-security-sy0-701-exam-questions/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.
Question 1:
Which of the following statements are true regarding Cloud-based security vulnerabilities? (Choose all the apply)
A. Secure APIs
B. Misconfigured Cloud Storage
C. Poor Access Control
D. Shared Tenancy
Answer: B, C, D
Explanation:
Misconfigured Cloud Storage is correct.
Cloud storage is a rich source of stolen data for cybercriminals. Despite the high stakes, organizations continue to make the mistake of misconfiguration of cloud storage which has cost many companies greatly.
Poor Access Control is correct.
Another prevalent cyberattack in the cloud has to do with vulnerabilities around access control. Often this is due to weak authentication or authorization methods or is linked to vulnerabilities that bypass these methods.
Shared Tenancy is correct.
Another rare security vulnerability in the cloud that takes a high level of skill to exploit; it’s called shared tenancy. As you are probably aware, cloud platforms involve a number of software and hardware components. Adversaries who are able to determine the
Software or hardware used in a cloud architecture could take advantage of known vulnerabilities and elevate privileges in the cloud.
Secure APIs is not considered as a cloud-based security vulnerability so it incorrect.
Question 2:
Which of the following features will you use to remotely clear your phones data in the event of losing your phone?
A. Push notifications
B. Remote wipe
C. Geofencing
D. Geolocation
Answer: B
Explanation:
Remote wipe is the correct answer. Remote wipe is a security feature for mobile device management that allows you to remotely clear data from a lost or stolen mobile device.
Geofencing is incorrect. Geofencing is a location-based service that businesses use to engage their audience by sending relevant messages to smartphone users who enter a pre-defined location or geographic area.
Companies send product offers or specific promotions to consumers smartphones when they trigger a search in a particular geographic location, enter a mall, neighborhood, or store.
Geolocation is incorrect. Geolocation refers to the use of location technologies such as GPS or IP addresses to identify and track the whereabouts of connected electronic devices. Because these devices are often carried on an individuals person, geolocation is often used to track the movements and location of people and surveillance.
Push notifications is incorrect. Push notifications are clickable pop-up messages that appear on your users browsers irrespective of which device they use or which browser they are on. Subscribers can be anywhere on the browser and still receive these messages as long as they are online or have their browsers running on their devices.
Browser push notifications are different from in-app notifications because in-app notifications appear only when triggered by an existing application on your mobile device, while browser push notifications can be triggered through browsers on any device as long as the user subscribes to receive your notifications. It is an instant mode of automated, direct communication between a website and its end users.
Question 3:
A hacker attacks a network with the aim of maintaining ongoing access to the targeted network rather than to get in and out as quickly as possible with the ultimate goal of stealing information over a long period of time. Which type of attack a hacker used in this case?
A. Advanced persistent threat (APT)
B. Insider threat
C. State actors
D. Hacktivism
Answer: A
Explanation:
The goal of most advanced persistent threat attacks is to achieve and maintain ongoing access to the targeted network rather than to get in and out as quickly as possible. Because a great deal of effort and resources usually go into carrying out APT attacks, hackers typically target high-value targets, such as nation-states and large corporations, with the ultimate goal of stealing information over a long period of time.
An insider threat is incorrect. Insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors, or business associates, who have inside information concerning the organization’s security practices, data, and computer systems.
Nation-State actors is incorrect. Nation-State actors aggressively target and gain persistent access to public and private sector networks to compromise, steal, change, or destroy information.
Hacktivism is incorrect. Hacktivism uses cyber-attacks based on political motivations who use cyber sabotage to promote a specific cause. As opposed to the hacking industry intent on data theft, hacktivism is not motivated by money and high visibility is key. Hacktivism’s are motivated by revenge, politics, ideology, protest and a desire to humiliate victims. Profit is not a factor.
Question 4:
The type of hackers that violates computer security systems without permission, stealing the data inside for their own personal gain or vandalizing the system is commonly known as:
A. Red-Hat hackers
B. Black-Hat hackers
C. Gray-Hat hackers
D. White-Hat hackers
Answer: B
Explanation:
Black-Hat Hackers is correct. Black-Hat hackers violate computer security for personal gain without permission (such as stealing credit card numbers or harvesting personal data for sale to identity thieves) or for pure maliciousness (such as creating a botnet and using that botnet to perform DDoS attacks against websites they don’t like.)
White-Hat Hackers is incorrect. White-hat hackers are the opposite of black-hat hackers. They’re the ethical hackers, experts in compromising computer security systems who use their abilities for good, ethical, and legal purposes rather than bad, unethical, and criminal purposes.
Gray-Hat Hackers is incorrect. A Gray-hat hacker falls somewhere between a black hat and a white hat. A gray hat doesn’t work for their own personal gain or to cause carnage, but they may technically commit crimes and do arguably unethical things.
Red-Hat Hackers is incorrect. Red hats hackers are the most sophisticated hackers of them all. Red hats are motivated by a desire to end black hat hackers but do not want to play by society’s rules.
Question 5:
Which of the following VPN solutions is used to connect two local area networks (LANs) utilized by businesses large and small that want to provide their employees with secure access to network resources?
A. Proxy server
B. Site-to-site
C. Split tunnel
D. Remote access
Answer: B
Explanation:
Site-to-site is the correct answer. The Site to Site VPN, known as point to point VPN, is used to connect two local area networks (LANs). Site to site VPNs are usually utilized by businesses large and small that want to provide their employees or business partners secure access to network resources. Usually, these network resources are files or access to programs that need to be protected.
Remote Access is incorrect. Remote Access (Personal) VPN is used to connect a personal user device to a remote server on a private network. Once a remote access VPN is connected, a user’s internet activity will go through the encrypted VPN tunnel to the remote server and access the internet from that remote server. That means that the internet website or application sees the remote server’s IP address instead of your personal devices IP address which provides a layer of privacy.
Split tunnel is incorrect. VPN split tunneling lets you route some of your device or app traffic through the encrypted VPN tunnel while other devices or apps access the internet directly. Use split tunneling to protect the traffic you choose, without losing access to local network devices.
Proxy server is incorrect. A proxy server is not a VPN solution, the proxy server acts as a gateway between you and the internet. It’s an intermediary server separating end users from the websites they browse. Proxy servers provide varying levels of functionality, security, and privacy depending on your use case, needs, or company policy. Proxy servers act as a firewall and web filter, provide shared network connections, and cache data to speed up common requests.
For a full set of 880+ questions. Go to
https://skillcertpro.tech/product/comptia-security-sy0-701-exam-questions/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.
Question 6:
_________________ Measures the predicted time that passes between one previous failures of a mechanical/electrical system to the next failure during normal operation. In simpler terms, it helps you predict how long an asset can run before the next unplanned breakdown happens.
A. Mean time to repair (MTTR)
B. Mean time between failures (MTBF)
C. Recovery Time Objective (RTO)
D. Recovery point objective (RPO)
Answer: B
Explanation:
Mean time between failures (MTBF) is the correct answer. MTBF measures the predicted time that passes between one previous failures of a mechanical/electrical system to the next failure during normal operation. In simpler terms, MTBF helps you predict how long an asset can run before the next unplanned breakdown happens.
Recovery point objective (RPO) is incorrect. Recovery point objective (RPO) describes a period of time in which an enterprise’s operations must be restored following a disruptive event, e.g., a cyberattack, natural disaster, or communications failure.
Mean time to repair (MTTR) is the correct answer. MTTR (mean time to recovery or mean time to repair) is the average time it takes to recover from a product or system failure. This includes the full time of the outage from the time the system or product fails to the time that it becomes fully operational again.
Recovery Time Objective (RTO) is incorrect. The Recovery Time Objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity.
Question 7:
Which of the following process describes how long businesses need to keep a piece of information (a record), where it’s stored, and how to dispose of the record when its time?
A. Retention policy
B. Business continuity plan
C. Incident response team
D. Disaster recovery plan
Answer: A
Explanation:
Retention policy is the correct answer. A retention policy is a key part of the lifecycle of a record. It describes how long business needs to keep a piece of information (a record), where it’s stored, and how to dispose of the record when its time.
Business continuity plan is incorrect. Business continuity planning is a strategy. It ensures continuity of operations with minimal service outage or downtime. It is designed to protect personnel or assets and make sure they can function quickly when a disaster strikes such as natural disasters or cyber-attacks.
Disaster recovery plan is incorrect. A business disaster recovery plan can restore data and critical applications in the event your systems are destroyed when disaster strikes.
The difference between a business continuity plan and a disaster recovery plan is:
A business continuity plan is a strategy businesses put in place to continue operating with minimal disruption in the event of a disaster. The disaster recovery plan refers more specifically to the steps and technologies for recovering from a disruptive event, especially as it pertains to restoring lost data, infrastructure failure, or other technological components.
Incident response team. An incident response team is a group of IT professionals in charge of preparing for and reacting to any type of organizational emergency. Responsibilities of an incident response team include developing an incident response plan, testing for and resolving system vulnerabilities, maintaining strong security best practices, and providing support for all incident handling measure
Question 8:
PC1 can ping the printer device on the Marketing team network but can’t ping the printer on the Sales team network. Assuming you are working on a Linux environment, which of the following commands will you type to get details about the route that packets go through from the PC1 to the printer on the Sales team network?
A. tracert
B. ifconfig
C. traceroute
D. dig
Answer: C
Explanation:
The traceroute is the correct command. The traceroute command is one of the key diagnostic tools for TCP/IP. It displays a list of all the routers that a packet must go through to get from the computer where traceroute is run to any other computer on the Internet.
To use traceroute, type the traceroute command followed by the hostname of the computer to which you want to trace the route.
For example, suppose that the printer on the Sales team network has an IP of 123.123.123.123 then you can use the command traceroute 123.123.123.123ifconfig is incorrect. The command ifconfig is used to view and change the configuration of the network interfaces on your system. It displays information about all network interfaces currently in operation.
dig is incorrect. The command dig is a network administration command-line tool for querying Domain Name System (DNS) name servers. It is useful for verifying and troubleshooting DNS problems and also to perform DNS lookups. The dig command replaces older tool such as nslookup and the host.
tracert is incorrect. The command tracert is a utility designed for displaying the time it takes for a packet of information to travel between a local computer and a destination IP address or domain. This answer can be considered as correct but the question says that you are working on a Linux environment, the command tracert is used on the Windows environment.
Question 9:
_________________ is the average time it takes to recover from a product or system failure. This includes the full time of the outage from the time the system or product fails to the time that it becomes fully operational again.
A. Recovery point objective (RPO)
B. Recovery Time Objective (RTO)
C. Mean time to repair (MTTR)
D. Mean time between failures (MTBF)
Answer: C
Explanation:
Mean time to repair (MTTR) is the correct answer. MTTR (mean time to recovery or mean time to repair) is the average time it takes to recover from a product or system failure. This includes the full time of the outage from the time the system or product fails to the time that it becomes fully operational again.
Recovery point objective (RPO) is incorrect. Recovery point objective (RPO) describes a period of time in which an enterprise’s operations must be restored following a disruptive event, e.g., a cyberattack, natural disaster, or communications failure.
Recovery Time Objective (RTO) is incorrect. The Recovery Time Objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity.
Mean time between failures (MTBF) is incorrect. MTBF measures the predicted time that passes between one previous failures of a mechanical/electrical system to the next failure during normal operation. In simpler terms, MTBF helps you predict how long an asset can run before the next unplanned breakdown happens.
Question 10:
Your company migrates its infrastructure to the public cloud because of the advantages the cloud offers. Which of the following options are considered advantages for using public cloud services? (Choose all that apply.)
A. Full-control
B. Near-unlimited scalability
C. High reliability
D. Lower costs
E. No maintenance
F. Secure data
Answer: B, C, D, E
Explanation:
Public clouds are the most common way of deploying cloud computing. The cloud resources like servers and storage are owned and operated by a third-party cloud service provider and delivered over the Internet. With a public cloud, all hardware, software, and other supporting infrastructure is owned and managed by the cloud provider.
Advantages of public clouds:
1. Lower costs no need to purchase hardware or software, and you pay only for the service you use.
2. No maintenance your service provider provides the maintenance.
3. Near-unlimited scalability on-demand resources are available to meet your business needs.
4. High reliability a vast network of servers ensures against failure.
Disadvantages of public clouds:
1. Loss of Control-When you outsource your technology to the public cloud, it’s out of your hands.
2. Insecure Data-When you entrust your data and applications to the public cloud, you have no real assurances that they will be safe.
For a full set of 880+ questions. Go to
https://skillcertpro.tech/product/comptia-security-sy0-701-exam-questions/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.