CompTIA Security+ Certification Exam SY0-701 Practice Test 16

Question 1

Which of the following answers refers to a deprecated wireless authentication protocol developed by Cisco?

A) PEAP
B) EAP-TTLS

C) LEAP
D) EAP-TLS

Answer 1

C) LEAP

Question 2

Which of the answers listed below refers to an open standard wireless network authentication protocol that enhances security by encapsulating authentication process within an encrypted TLS tunnel?

A) PEAP
B) EAP
C) LEAP
D) RADIUS

Answer 2

A)

Question 2

Which of the programming aspects listed below are critical in the secure application development process? (Select 2 answers)

A) Patch management
B) Input validation
C) Password protection
D) Error and exception handling
E) Application whitelisting

Answer 2

B) Input validation
D) Error and exception handling

Question 3

A situation in which a web form field accepts data other than expected (e.g., server commands) is an example of:

A) Zero-day vulnerability

B) Improper input validation
C) Default configuration
D) Improper error handling

Answer 3

B) Improper input validation

Question 4

Which of the following answers refers to a countermeasure against code injection?

A) Fuzzing
B) Input validation
C) Code signing
D) Normalization

Answer 4

B) Input validation

Question 5

Which of the terms listed below refers to an automated or manual code review process aimed at discovering logic and syntax errors in the application’s source code?

A) Input validation
B) Dynamic code analysis

C) Fuzzing
D) Static code analysis

Answer 5

D) Static code analysis

Question 5

The term “Secure cookie” refers to a type of HTTP cookie that is transmitted over an encrypted HTTPS connection, which helps prevent the cookie from being intercepted or tampered with during transit.

A) True
B)

Answer 5

A) True

Question 6

The term “Static code analysis” refers to the process of discovering application runtime errors.

A)
B) False

Answer 6

B) False

Question 6

A dynamic code analysis allows for detecting application flaws without the need for actual execution of the application code.

A)
B) False

Answer 6

B) False

Question 7

What is the purpose of code signing? (Select 2 answers)

A) Disables code reuse
B) Confirms the application’s source of origin
C) Enables application installation
D) Validates the application’s integrity
E) Protects the application against unauthorized use

Answer 7

D) Validates the application’s integrity
B) Confirms the application’s source of origin

Question 8

Which of the following answers refers to a Windows-specific feature for handling exceptions, errors, and abnormal conditions in software?

A) EPC
B) SEH
C) EH
D) EXR

Answer 8

B) SEH

Question 8

The practice of finding vulnerabilities in an application by feeding it incorrect input is called:

A) Normalization
B) Hardening
C) Dynamic code analysis

D) Fuzzing

Answer 8

D)Fuzzing

Question 9

In computer security, a mechanism for safe execution of untested code or untrusted applications is referred to as:

A) Sideloading
B) Virtualization
C) Sandboxing
D) Stress testing

Answer 9

C) Sandboxing

Question 10

Address Space Layout Randomization (ASLR) is an OS security technique that randomizes the location of key data areas in memory. The purpose of ASLR is to prevent attackers from predicting the location of specific code or data in memory, which adds a layer of defense against memory-based attacks, such as buffer overflows.

A) True
B) False

Answer 10

A) True

Question 11

A type of user identification mechanism used as a countermeasure against automated software (such as network bots) is known as:

A) MFA
B) CAPTCHA
C) SSO
D) NIDS

Answer 11

B) CAPTCHA

Question 12

Which of the answers listed below refers to a hardware monitoring and asset tracking method?

A) Barcode labels
B) QR codes
C) RFID tags
D) GPS tracking
E) All of the above

Answer 12

E) All of the above

Question 13

Which of the following wireless technologies enables identification and tracking of tags attached to objects?

A) GPS
B) IR
C) RFID
D) NFC

Answer 13

C) RFID

Question 14

Which type of software enables monitoring and tracking of mobile devices?

A) MDM
B) GPS
C) NFC
D) GSM

Answer 14

A) MDM

Question 15

One of the ways to prevent data recovery from a storage drive is to overwrite its contents. The data overwriting technique is used by drive wipe utilities which might employ different methods (including multiple overwriting rounds) to decrease the likelihood of data retrieval. As an example, a disk sanitization utility might overwrite the data on the drive with the value of one in the first pass, change that value to zero in the second pass, and finally perform a few more passes, overwriting the contents with random characters.

A) True
B) False

Answer 15

A) True

Question 16

Which of the destruction tools/methods listed below allow(s) for secure disposal of physical documents? (Select all that apply)

A) Shredding
B) Overwriting
C) Burning
D) Formatting
E) Degaussing

Answer 16

A) Shredding
C) Burning

Question 17

Which of the following methods provides the most effective way for permanent removal of data stored on a magnetic drive?

A) Cryptographic erasure
B) Data overwriting
C) Degaussing
D) Low-level formatting

Answer 17

C) Degaussing

Question 18

Certificate of destruction is a document issued by companies that conduct secure device/document disposal. The certificate verifies proper asset destruction and can be used for auditing purposes. In case of device disposal, the document includes a list of all the items that have been destroyed along with their serial numbers. It may also describe the destruction method, specify location (on-site/off-site), or list the names of witnesses who oversaw the entire process.

A) True
B) False

Answer 18

A) True

Question 19

Vulnerability scanning: (Select all that apply)

A) Identifies lack of security controls
B) Actively tests security controls
C) Identifies common misconfigurations
D) Exploits vulnerabilities
E) Passively tests security controls

Answer 19

A) Identifies lack of security controls

C) Identifies common misconfigurations

E) Passively tests security controls

Question 19

Which policy typically specifies the period during which certain types of data must be stored prior to disposal?

A) Data protection policy
B) Data classification policy
C) Data backup policy
D) Data retention policy

Answer 19

D) Data retention policy

Question 19

Which of the answers listed below refer to the characteristic features of static code analysis? (Select 3 answers)

A) Involves examining the code without executing it

B) Often used early in the development process

C) Examines code structure, syntax, and semantics to detect issues like syntax errors, coding standards violations, security vulnerabilities, and bugs

D) Typically used later in the software development lifecycle

E)Involves executing the code and analyzing its behavior at runtime

F)Analyzes runtime properties like memory usage, performance, and error handling to identify issues such as memory leaks, performance bottlenecks, and runtime errors

Answer 19

A) Involves examining the code without executing it

B) Often used early in the development process

C) Examines code structure, syntax, and semantics to detect issues like syntax errors, coding standards violations, security vulnerabilities, and bugs