CompTIA Security+ SY0-701 Dumps in PDF

Free CompTIA SY0-701 Real Questions (page: 15)

Which of the following would a systems administrator follow when upgrading the firmware of an organization's router?

  1. Software development life cycle
  2. Risk tolerance
  3. Certificate signing request
  4. Maintenance window

Answer(s): D

Explanation:

A maintenance window is a pre-scheduled period when system or network changes, updates, or repairs are performed. By using a designated maintenance window, a systems administrator can minimize disruption to the organization's operations, as this window is typically chosen during a time when network usage is lower, reducing the impact on users.



The security team has been asked to only enable host A (10.2.2.7) and host B (10.3.9.9) to the new isolated network segment (10.9.8.14) that provides access to legacy devices. Access from all other hosts should be blocked. Which of the following entries would need to be added on the firewall?





Answer(s): C

Explanation:

Permit 10.2.2.7/32 to 10.9.8.14/27: This rule allows host A (10.2.2.7) specific access to the isolated network (10.9.8.14/27).
Permit 10.3.9.9/32 to 10.9.8.14/27: This rule allows host B (10.3.9.9) specific access to the isolated network (10.9.8.14/27).
Deny 0.0.0.0/0 to 10.9.8.14/27: This rule blocks access from all other IPs to the isolated network (10.9.8.14/27).



SIMULATION

A security analyst is creating the first draft of a network diagram for the company's new customer-facing payment application that will be hosted by a third-party cloud service provider.

INSTRUCTIONS

Click the ? to select the appropriate icons to create a secure, redundant web application. Then use the dropdown menu to select the appropriate subnet type. Every space in the diagram must be filled.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.



  1. See Explanation for the Answer.

Answer(s): A

Explanation:

The diagram should be filled in the way shown below.




WAF (Web Application Firewall) at the top to handle incoming traffic from the Internet Gateway.
Load Balancer for distributing traffic between instances.
Instances for handling the application workloads, ensuring multiple instances for redundancy.

Autoscaling Instance to adjust the number of instances based on demand dynamically.

In the middle of the diagram, you should select Private Subnet in the dropdown menu.

This choice is appropriate because the elements in the lower section, especially the Database instances, are part of the private subnet. Placing databases in a private subnet adds an additional layer of security, as it prevents direct internet access to sensitive data. The private subnet is also typically used for backend resources that don't need to be exposed publicly.



A systems administrator needs to ensure the secure communication of sensitive data within the organization's private cloud. Which of the following is the best choice for the administrator to implement?

  1. IPSec
  2. SHA-1
  3. RSA
  4. TGT

Answer(s): A

Explanation:

IPSec (Internet Protocol Security) is a suite of protocols designed to secure IP communications by authenticating and encrypting each IP packet in a communication session. It is widely used for securing data transfer in networks, including private clouds, by providing confidentiality, integrity, and authenticity of data.



Which of the following should an internal auditor check for first when conducting an audit of the organization's risk management program?

  1. Policies and procedures
  2. Asset management
  3. Vulnerability assessment
  4. Business impact analysis

Answer(s): A

Explanation:

Policies and procedures form the foundation of an organization's risk management program. They establish the framework and guidelines for managing risks across the organization, including roles, responsibilities, and the approach for identifying, assessing, and mitigating risks.
Without well-defined policies and procedures, it would be challenging to assess other areas of risk management effectively, as they are all built upon these foundational documents.
Asset management, vulnerability assessment, and business impact analysis are critical components of a risk management program, but they should follow a review of policies and procedures. These documents set the standards and processes that the organization uses to manage assets, assess vulnerabilities, and conduct impact analyses.



Which of the following activities are associated with vulnerability management? (Choose two.)

  1. Reporting
  2. Prioritization
  3. Exploiting
  4. Correlation
  5. Containment
  6. Tabletop exercise

Answer(s): A,B

Explanation:

Reporting involves documenting and communicating the findings of vulnerability scans and assessments. This allows stakeholders to be informed about existing vulnerabilities and track remediation efforts.
Prioritization is the process of ranking vulnerabilities based on their severity, impact, and exploitability, helping the organization address the most critical vulnerabilities first.



An administrator wants to perform a risk assessment without using proprietary company information. Which of the following methods should the administrator use to gather information?

  1. Network scanning
  2. Penetration testing
  3. Open-source intelligence
  4. Configuration auditing

Answer(s): C

Explanation:

Open-source intelligence (OSINT) involves collecting information from publicly available sources, such as websites, social media, news articles, and other publicly accessible databases. OSINT allows an administrator to gather valuable information about potential risks without using any proprietary or internal company information.



A systems administrator is concerned about vulnerabilities within cloud computing instances. Which of the following is most important for the administrator to consider when architecting a cloud computing environment?

  1. SQL injection
  2. TOC/TOU
  3. VM escape
  4. Tokenization
  5. Password spraying

Answer(s): C

Explanation:

In cloud computing, virtual machines (VMs) share physical resources. VM escape is a critical vulnerability where an attacker could break out of a virtualized environment and access the host system or other VMs running on the same physical hardware. This would pose a significant security risk, as it could allow attackers to compromise the entire cloud infrastructure.



Share your comments for CompTIA SY0-701 exam with other users:

S
San
11/14/2023 12:46:00 AM

goood helping

W
Wang
6/9/2022 10:05:00 PM

pay attention to questions. they are very tricky. i waould say about 80 to 85% of the questions are in this exam dump.

M
Mary
5/16/2023 4:50:00 AM

wish you would allow more free questions

T
thomas
9/12/2023 4:28:00 AM

great simulation

S
Sandhya
12/9/2023 12:57:00 AM

very g inood

A
Agathenta
12/16/2023 1:36:00 PM

q35 should be a

M
MD. SAIFUL ISLAM
6/22/2023 5:21:00 AM

sap c_ts450_2021

S
Satya
7/24/2023 3:18:00 AM

nice questions

S
sk
5/13/2023 2:10:00 AM

ecellent materil for unserstanding

G
Gerard
6/29/2023 11:14:00 AM

good so far

L
Limbo
10/9/2023 3:08:00 AM

this is way too informative

T
Tejasree
8/26/2023 1:46:00 AM

very helpfull

Y
Yolostar Again
10/12/2023 3:02:00 PM

q.189 - answers are incorrect.

S
Shikha Bakra
9/10/2023 5:16:00 PM

awesome job in getting these questions

K
Kevin
10/20/2023 2:01:00 AM

i cant find aws certified practitioner clf-c01 exam in aws website but i found aws certified practitioner clf-c02 exam. can everyone please verify the difference between the two clf-c01 and clf-c02? thank you

D
D Mario
6/19/2023 10:38:00 PM

grazie mille. i got a satisfactory mark in my exam test today because of this exam dumps. sorry for my english.

B
Bharat Kumar Saraf
10/31/2023 4:36:00 AM

some of the answers are incorrect. need to be reviewed.

J
JP
7/13/2023 12:21:00 PM

so far so good

K
Kiky V
8/8/2023 6:32:00 PM

i am really liking it

T
trying
7/28/2023 12:37:00 PM

thanks good stuff

E
exampei
10/4/2023 2:40:00 PM

need dump c_tadm_23

E
Eman Sawalha
6/10/2023 6:18:00 AM

next time i will write a full review

J
johnpaul
11/15/2023 7:55:00 AM

first time using this site

O
omiornil@gmail.com
7/25/2023 9:36:00 AM

please sent me oracle 1z0-1105-22 pdf

J
John
8/29/2023 8:59:00 PM

very helpful

K
Kvana
9/28/2023 12:08:00 PM

good info about oml

C
Checo Lee
7/3/2023 5:45:00 PM

very useful to practice

D
dixitdnoh@gmail.com
8/27/2023 2:58:00 PM

this website is very helpful.

S
Sanjay
8/14/2023 8:07:00 AM

good content

B
Blessious Phiri
8/12/2023 2:19:00 PM

so challenging

P
PAYAL
10/17/2023 7:14:00 AM

17 should be d ,for morequery its scale out

K
Karthik
10/12/2023 10:51:00 AM

nice question

G
Godmode
5/7/2023 10:52:00 AM

yes.

B
Bhuddhiman
7/30/2023 1:18:00 AM

good mateial

AI Tutor 👋 I’m here to help!