SY0-701 by CompTIA Valid Free Exam Practice Test

Question 1

Which of the following activities is the first stage in the incident response process?

A. Declaration B. Vacation C. Containment D. Detection

Correct Answer: D

Question 2

A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee's corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?

A. Endpoint B. Network C. IPS/IDS D. Application

Correct Answer: A

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 3

A company is planning a disaster recovery site and needs to ensure that a single natural disaster would not result in the complete loss of regulated backup data. Which of the following should the company consider?

A. Geographic dispersion B. Hot site C. Load balancing D. Platform diversity

Correct Answer: A

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 4

An engineer has ensured that the switches are using the latest OS, the servers have the latest patches, and the endpoints' definitions are up to date. Which of the following will these actions most effectively prevent?

A. Known exploits B. Zero-day attacks C. Insider threats D. End-of-life support

Correct Answer: A

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 5

A user is attempting to patch a critical system, but the patch fails to transfer. Which of the following access controls is most likely inhibiting the transfer?

A. Role-based B. Least privilege C. Attribute-based D. Time of day

Correct Answer: B

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 6

A security analyst wants to better understand the behavior of users and devices in order to gain visibility into potential malicious activities. The analyst needs a control to detect when actions deviate from a common baseline Which of the following should the analyst use?

A. Intrusion prevention system B. Sandbox C. Antivirus D. Endpoint detection and response

Correct Answer: D

Question 7

Which of the following are cases in which an engineer should recommend the decommissioning of a network device? (Select two).

A. The device's encryption level cannot meet organizational standards. B. The device is unable to receive authorized updates. C. The device has been moved from a production environment to a test environment. D. The device is moved to a different location in the enterprise. E. The device is moved to an isolated segment on the enterprise network. F. The device is configured to use cleartext passwords.

Correct Answer: A

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 8

An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Select two).

A. Database B. Firewall C. Network D. Authentication E. Application F. DHCP

Correct Answer: B,F

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 9

Which of the following is an example of memory injection?

A. Two processes access the same variable, allowing one to cause a privilege escalation. B. A process receives an unexpected amount of data, which causes malicious code to be executed. C. An executable is overwritten on the disk, and malicious code runs the next time it is executed. D. Malicious code is copied to the allocated space of an already running process.

Correct Answer: D

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 10

Various stakeholders are meeting to discuss their hypothetical roles and responsibilities in a specific situation, such as a security incident or major disaster. Which of the following best describes this meeting?

A. Continuity of operations planning B. Penetration test C. Tabletop exercise D. Simulation

Correct Answer: C

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 11

Company A jointly develops a product with Company B, which is located in a different country. Company A finds out that their intellectual property is being shared with unauthorized companies. Which of the following has been breached?

A. AUP B. SLA C. MOA D. SOW

Correct Answer: C

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 12

A visitor plugs a laptop into a network jack in the lobby and is able to connect to the company's network.
Which of the following should be configured on the existing network infrastructure to best prevent this activity?

A. Virtual private network B. Transport layer security C. Web application firewall D. Port security

Correct Answer: D

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 13

Which of the following must be considered when designing a high-availability network? (Select two).

A. Extensible authentication B. Ability to patch C. Ease of recovery D. Responsiveness E. Attack surface F. Physical isolation

Correct Answer: C,E

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

CompTIA Security+ Certification - SY0-701 Exam Practice Test