Menu
The new CompTIA Security+ SY0-701 exam has finally been released. CompTIA’s five Main Domains for the Security+ SY0-701 exam are listed below with their respective weights.
To download the official CompTIA Security+ SY0-701 exam objectives, click here.
Frank was contacted by phone a person claiming to be an executive vice president urgently requesting that his password be reset. He insisted on the security urgency at hand and informed Frank that his supervisor would be contacted unless he complied immediately. Frank suspected that this was a social engineering attack. Which principles of human manipulation did the attacker attempt on Frank? Choose three.
Explanation: Authority is a doubly correct answer here because the caller is made by someone impersonating an authority figure but also because of the threat to contact Frank’s supervisor. The threat consists of the threat to contact Frank’s supervisor. The urgency is referenced twice so clearly belongs to the correct choice. Neither trust nor scarcity apply in this scenario and Fright is a nonsense detractor as it is not a recognized category of human manipulation for social engineering.
Answer: Authority – Intimidation – Urgency
This question falls under Main Domain 2.0 Threats, Vulnerabilities, and Mitigations, and sub-objective 2.2 Explain common threat vectors and attack surfaces.
Alina works for a company whose domains are .domain.com and .domain.org. She has been tasked to acquire a digital certificate that will cover these domains as well as all the subdomains these main domains have.
Which of the following certificates would best fulfill the requirements?
Explanation: SAN – Subject Alternative Name allows different values to be associated with a single certificate. A SAN allows a single digital certificate to specify additional host names to be protected by that one certificate. It also allows a certificate to cover multiple IP addresses. A wildcard digital certificate can protect all first-level subdomains on an entire domain but they cannot apply to different domains so they can’t fulfill Alina’s requirements. A domain validation digital certificate will verify the identity of the entity that has control over a given domain name. NAXX is the nonsense detractor.
Answer: SAN
This question falls under Main Domain 4.0 Security Operations and sub-objective 4.1 Given a scenario, apply common security techniques to computing resources
Which PKI trust model assigns a single hierarchy with one master CA called the root, who signs all digital certificate authorities with a single key?
Explanation: A hierarchical trust model assigns a single hierarchy with one master CA called the root, who signs all digital certificate authorities with a single key. The distributed trust model has multiple CAs that sign digital certificates. With the bridge trust model, no single CA signs digital certificates, and yet the CA acts as a facilitator to interconnect all other CAs. Centralized trust model.
Answer: Hierarchical trust model.
This question falls under Main Domain 1.0 General Security Concepts and sub-objective 1.4 Explain the importance of using appropriate cryptographic solutions.
What is the primary distinction between a Certificate Policy (CP) and a Certificate Practice Statement (CPS)?
Explanation: A CP is a set of rules that provide recommended baseline security requirements for the use and operation of PKI components, while a CPS is a more technical document that describes how the CA uses and manages certificates.
Answer: A CP provides recommended baseline security requirements for the use and operation of PKI components.
This question falls under Main Domain 1.0 General Security Concepts, and sub-objective 1.4 Explain the importance of using appropriate cryptographic solutions.
Several steps can be taken to harden SCADA and ICS systems. Which of the following is not such a step?
Explanation: For proprietary protocols, the users are dependent on the company to fix vulnerabilities, and if the company does not prioritize security, users might be at risk. In such a situation your organization finds itself in the hands of the company that owns the protocol and so you relinquish some level of control over your own cybersecurity. Not a good way to harden your systems. All the other answers show steps that will contribute to hardening SCADA and ICS systems. The two acronyms stand for: Industrial control systems (ICSs) which enable machines to, without human involvement, control devices such as valves, pumps, and motors. Multiple ICSs are managed by Supervisory Control and Data Acquisition (SCADA).
Answer: As much as possible rely on proprietary protocols to protect the network.
This question falls under Main Domain 3.0 Security Architecture and sub-objective 3.1 Compare and contrast security implications of different architecture models.
You have been tasked to configure the VPN to preserve bandwidth. Which configuration would you choose?
Explanation: In a split tunnel configuration, only traffic destined for the corporate network is sent through the Virtual Private Network (VPN) tunnel. All other traffic, such as internet browsing, goes directly to the internet without passing through the VPN tunnel. This configuration preserves bandwidth as it doesn’t route unnecessary traffic through the corporate VPN. The full tunnel configuration has all traffic sent to the VPN so it does not minimize traffic. Neither Point-to-Point Tunneling nor Secure Socket Tunneling are tunnel configurations, they are both protocols.
Answer: Split tunnel
This question falls under Main Domain 3.0 Security Architecture and sub-objective 3.2 Given a scenario, apply security principles to secure enterprise infrastructure.
When it comes to cloud computing and security, which of the following statements is correct? Choose two.
Explanation: An SWG can be placed on endpoints and at the edge and also in in the cloud. An SSE does not include WAN technologies. Secrets management A SASE does not include SSE technologies. The many acronyms used in this question stand for: Secure Access Service Edge (SASE), Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), and Zero Trust Architecture (ZTA), Security Service Edge (SSE), Software As A Service (SaaS), and Wide Area Network (WAN).
Answer: Secrets management allows for improved administration of a microservices-based architecture.
This question falls under Main Domain 3.0 Security Architecture and sub-objective 3.2 Given a scenario, apply security principles to secure enterprise infrastructure.
Which of the following is not a characteristic of a vulnerability scan?
Explanation: Gaining unauthorized access to exploit vulnerabilities is an objective of penetration testing and not of a vulnerability scan. The three other characteristics are those of a vulnerability scan.
Answer: It, on occasion, will gain unauthorized access and exploit vulnerabilities.
This question falls under Main Domain 5.0 Security Program Management and Oversight and sub-objective 5.5 Explain types and purposes of audits and assessments.
A method used for improved redundancy is to put in place a server cluster. There a two kinds of server clusters symmetric and asymmetric clusters. Which of the following is true about asymmetrical clusters?
Explanation: Only in asymmetrical clusters does the standby server perform useful work in addition to supporting a failed server. The question applies to symmetrical clusters and on those the standby machine just stands by. Virtualization dramatically increases the number of server clusters that are needed for server redundancy is untrue. Because a virtualized image can rapidly be moved to another physical server the need for large physical clusters is now actually lessened. The standby server launches a copy of the virtual machine to the failed server is the nonsense detractor.
Answer: The standby server performs no useful work other than to be ready if it is needed.
This question falls under Main Domain 5.0 Security Program Management and Oversight and sub-objective 5.2 Explain elements of the risk management process.
Below is a description of IT assets typically found in modern enterprises. Which of these has the highest value and therefore justifies the most significant effort to secure?
Explanation: The proprietary databases contain the most unique data and therefore would be the hardest to replace assets would they be lost. Next is the custom-made order fulfillment system as it is proprietary and so probably fairly expensive to replace although not as unique as the data. The off-the-shelf software and hardware are the easiest and cheapest to replace.
Answer: Sales, marketing, production, and finance databases.
This question falls under Main Domain 4.0 Security Operations and sub-objective 4.2 Explain the security implications of proper hardware, software, and data asset management
By continuing to browse this site, you accept the use of cookies and similar technologies that will allow the use of your data by CertBlaster in order to produce audience statistics- see our privacy policy.