Random Question 41 - 60 Flashcards
CompTIA SY0-701
Question 51:
An organization’s incident response team receives an alert about unauthorized access attempts. Upon investigation, they find the attack started with a legitimate-looking email containing a link to a document about bonus payments, followed by unusual Power Shell activity. Which attack technique was MOST likely used?
Options:
A. Pass-the-hash attack
B. SQL injection
C. Spear phishing with social engineering
D. Man-in-the-middle attack
Correct Answer: C
Explanation: The scenario describes a targeted spear phishing attack using social engineering techniques (bonus payments as bait) followed by malicious PowerShell execution, which is a common post-exploitation activity after successful
Question 52:
A security administrator is reviewing the following risk management configuration:
’'’json
{
“risk_threshold”: “medium”
“auto_mitigation”: true,
“exceptions_require”: “senior _approval”,
“compliance_check”: “continuous”
}
‘’’
Which security framework component does this BEST align with?
Options:
A. NIST SP 800-53 Physical Controls
B. ISO 27001 Asset Management
C. COBIT Governance Framework
D. Zero Trust Architecture
Correct Answer: C
Explanation: The configuration shows governance-focused controls with risk thresholds, approval processes, and continuous compliance monitoring, which directly aligns with COBIT’s governance framework approach to risk management and oversight.
Question 53:
A security analyst is reviewing the following firewall rule:
‘“yaml
- action: allow
source: 10.0.0.0/24
destination: any
service: tcp/443
log: true
‘’’
Which of the following accurately describes the impact of this rule?
A. It allows all HTTPS traffic from the 10.0.0.0/24 subnet to any destination
B. It blocks all traffic except HTTPS from the 10.0.0.0/24 subnet
C. It allows only encrypted traffic from any source to the 10.0.0.0/24 subnet
D. It logs all HTTPS traffic but does not allow or block anything
Correct Answer: A
Explanation: The rule allows TCP traffic on port 443 (HTTPS) from the 10.0.0.0/24 subnet to any destination, and logs the traffic.
Question 54:
An organization is implementing a zero trust architecture. Which TWO of the following actions align most closely with zero trust principles? (Choose two.)
A. Implementing strong perimeter defenses.
B. Assuming all network traffic is potentially malicious.
C. Granting least privilege access to resources.
D. Relying on VPN for remote access security.
E. Continuously verifying and validating every access attempt.
**Correct Answer: B, E **
Explanation: Zero trust assumes all traffic is potentially malicious (B) and requires continuous verification for every access attempt (E), rather than relying on perimeter defenses or VPNs alone.
Question 55:
A security team is investigating a potential data exfiltration attempt. They notice large amounts of data being transferred to an unknown IP address over port 53. What is the most likely explanation for this activity?
A. Normal DNS queries
B. DNS tunneling
C. DNSSEC validation
D. Zone transfer attack
Correct Answer: B
Explanation: Large data transfers over port 53 (typically used for DNS) likely indicate DNS tunneling, a technique often used for data exfiltration that hides data in DNS queries and responses.
Question 56:
A security analyst is investigating a potential data breach. The following log snippet was captured:
’’‘*json
{
“timestamp”: “2023-11-15T14:23:17Z”,
“src_ip”: “192.168.1.100”,
“dst_ip”: “203.0.113.50”
“protocol”: “TCP”,
“dst_port”: 4444,
“payload_size”: 1024
}
‘’’
Which of the following best describes the potential threat indicated by this log entry?
A. SQL injection attack
B. DDoS attack
C. Command and control communication
D. DNS tunneling
Correct Answer: C
Explanation: The log entry suggests command and control (C2) communication. The destination port 4444 is often associated with malware C2 servers, and the consistent payload size of 1024 bytes indicates potential encoded communication.
Question 57:
An organization is implementing a Zero Trust architecture. Which TWO of the following actions align best with Zero Trust principles? (Choose two.)
A. Implementing network segmentation based on user roles
B. Granting full access to internal network resources for all employees
C. Enforcing multi-factor authentication for all user access attempts
D. Utilizing a single sign-on solution across all applications
E. Continuously monitoring and logging all network activities
Correct Answer: C, E
Explanation: Zero Trust principles include enforcing strong authentication (MFA) and continuous monitoring. Network segmentation (A) is good but not specific to Zero Trust. Full access (B) contradicts Zero Trust. SSO (D) alone doesn’t ensure Zero Trust.
Question 58:
Which of the following best describes the concept of “security through obscurity” and its role in a comprehensive security strategy?
A. It’s a primary defense mechanism that should be the foundation of all security plans.
B. It’s an outdated concept that has no place in modern cybersecurity.
C. It can provide an additional layer of defense but shouldn’t be relied upon as a sole security measure.
D. It’s the practice of hiding all system information to prevent any potential attacks
Correct Answer: C
Explanation: Security through obscurity can add a layer of defense by making it harder for attackers to gather information, but it shouldn’t be the primary security measure.
A comprehensive strategy should include multiple layers of security controls.
Question 49:
A security analyst is investigating a potential data breach. The analyst discovers the following log entry:
‘yaml
- timestamp: “2023-11-15T14:30:22Z”
source_ip: “192.168.1.100”
destination_ip: “203.0.113.50”
protocol: “TCP”
destination_port: 22
payload_size: 1024000
What type of attack does this log entry most likely indicate?
A. SQL injection
B. Cross-site scripting (XSS)
C. Data exfiltration
D. Denial of Service (DoS)
Correct Answer: C
Explanation: The log shows a large payload (1MB) being sent to an external IP over port 22 (SSH), indicating likely data exfiltration.
Question 50:
An organization is implementing a new cloud-based Identity and Access Management (IAM) solution. Which two of the following should be included in the implementation plan? (Choose two.)
A. Configure multi-factor authentication for all user accounts
B. Implement a single sign-on (SSO) solution for all cloud services
C. Disable all legacy authentication protocols
D. Create separate admin accounts for each cloud service
E. Implement a password rotation policy of 30 days for all accounts
Correct Answer: A, B
Explanation: Multi-factor authentication (A) and single sign-on (B) are crucial for secure and efficient IAM in cloud environments. They enhance security while improving user
