CompTIA Security+ Certification Exam SY0-701 Practice Test 19

Question 1

Which of the following answers refers to a policy framework that allows domain owners to specify how email receivers should handle emails that fail authentication checks?

A) DKIM
B) SPF
C) PEM
D) DMARC

Answer 1

D) DMARC

Question 2

Which of the answers listed below refers to an authentication method that enables the signing of an outbound email message with a digital signature?

A) SPF
B) DKIM
C) DMARC
D) PEM

Answer 2

B) DKIM

Question 3

Which of the following answers refers to an email authentication mechanism that allows domain owners to specify which IP addresses are authorized to send emails on behalf of their domain?

A) DMARC
B) PEM
C) DKIM
D) SPF

Answer 3

D) SPF

Question 4

Which of the answers listed below refers to a cryptographic standard (and a file format) used for the storage and transmission of private keys in email communications?

A) PEM
B) DMARC
C) SPF
D) DKIM

Answer 4

A) PEM

Question 5

Which of the following solutions would be the best choice for real-time protection against spam and phishing attacks?

A) Email client filter
B) Host-based AV software
C) Email security gateway
D) Cloud-based email service

Answer 5

C) Email security gateway

Question 6

Which of the answers listed below refers to the process of maintaining the integrity of files and data?

A) DLP
B) SIEM
C) FIM
D) SHA

Answer 6

C) FIM

Question 7

Which of the following answers refers to a solution that helps organizations mitigate risks associated with data breaches, insider threats, and compliance violations?

A) EDR
B) DLP
C) IAM
D) UTM

Answer 7

B) DLP

Question 8

Network Access Control (NAC) defines a set of rules enforced in a network that the clients attempting to access the network must comply with. With NAC, policies can be enforced before (pre-admission NAC) and/or after end-stations gain access to the network (post-admission NAC). NAC can be implemented with the use of agent software which can be installed on the client machine permanently (this type of software is referred to as permanent agent) or used only temporarily during checks (this type of software is known as dissolvable agent). Another implementation option is agentless NAC, where checks are performed remotely by an external security device without the need for any client software agents.

A) True
B) False

Answer 8

A) True

Question 9

Which of the answers listed below refers to a security solution that provides the capability for detection, analysis, response, and real-time monitoring of cyber threats at the device level?

A) SWG
B) CASB
C) EDR
D) NGFW

Answer 9

C) EDR

Question 10

Which of the following answers refers to a cybersecurity approach that focuses on recognizing and addressing potential threats originating from multiple sources?

A) XDR
B) WAF
C) EDR
D) SWG

Answer 10

A) XDR

Question 11

Which of the answers listed below refers to a cybersecurity approach aimed at identifying insider threats, compromised accounts, or malicious activity?

A) Threat intelligence
B) User behavior analytics
C) Security policies and procedures
D) Defense in depth

Answer 11

B) User behavior analytics

Question 12

Which of the following answers refers to a framework for managing access control to digital resources?

A) PAM
B) SSO
C) IAM
D) MFA

Answer 12

C) IAM

Question 13

Which of the terms listed below is used to describe the technical process of removing a user’s access to an organization’s systems and resources?

A) De-provisioning
B) Group Policy
C) IAM
D) Offboarding

Answer 13

A) De-provisioning

Question 14

A general characteristics of a standard user account is that it provides access to basic system resources but does not allow the user to make system changes.

A) True
B) False

Answer 14

A) True

Question 15

An authentication subsystem in which a single set of authentication credentials provides access to multiple systems across different organizations or security domains is referred to as:

A) Syndication
B) Federation
C) Association
D) Propagation

Answer 15

B) Federation

Question 16

An authentication subsystem that enables a user to access multiple, connected system components (such as separate hosts on a network) after a single login on only one of the components is known as:

A) NAC
B) SSO
C) AAA
D) MFA

Answer 16

B) SSO

Question 17

Which of the following answers refers to a protocol designed for accessing and managing information related to user accounts, groups, devices, and other resources within an organization?

A) SOAP
B) RDP
C) LDAP
D) SAML

Answer 17

C) LDAP

Question 18

OAuth is an open standard for:

A) Auditing
B) Authentication
C) Authorization
D) Attestation

Answer 18

C) Authorization

Question 19

OpenID Connect is a protocol used for:

A) Attestation
B) Authorization
C) Auditing
D) Authentication

Answer 19

D) Authentication

Question 20

A common implementation of identity and access controls used in federated SSO systems includes OpenID Connect and OAuth 2.0 used in conjunction to provide authentication and authorization services.

A) True
B) False

Answer 20

A) True

Question 21

What are the characteristic features of SAML? (Select 3 answers)

A) Enables only the exchange of SSO authorization data

B) Handles both authentication and authorization for SSO

C) Uses XML for data exchange

D) Commonly used in enterprise environments and legacy systems

E) Enables only the exchange of SSO authentication data

F) Uses JSON for data exchange

G) Specifically designed for web and mobile applications

Answer 21

B) Handles both authentication and authorization for SSO
C) Uses XML for data exchange
D) Commonly used in enterprise environments and legacy systems

Question 22

Which of the terms listed below refers to the process of confirming the integrity and compliance status of various components such as devices, software, configurations, and user privileges?

A) Attestation
B) Authentication
C) Auditing
D) Authorization

Question 23

Which of the following answers refer(s) to the Mandatory Access Control (MAC) model? (Select all that apply)

A) Users are not allowed to change access policies at their own discretion

B) Labels and clearance levels can only be applied and changed by an administrator

C) Every object has an owner who at his/her own discretion determines what kind of permissions other users can have to that object

D) Access to resources based on user identity

E) Every resource has a sensitivity label matching a clearance level assigned to a user

Answer 23

A) Users are not allowed to change access policies at their own discretion

B) Labels and clearance levels can only be applied and changed by an administrator

E) Every resource has a sensitivity label matching a clearance level assigned to a user

Question 24

Discretionary Access Control (DAC) is an access control model based on user identity. In DAC, every object has an owner who at his/her own discretion determines what kind of permissions other users can have for that object.

A) True
B) False

Answer 24

A) True

Question 25

Which type of control access model connects user permissions to their specific responsibilities?

A) DAC
B) RBAC
C) MAC
D) ABAC

Answer 25

B) RBAC