Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ompTIA Security+ Certification SY0-701 > Random Question 61 - 80 > Flashcards

Random Question 61 - 80 Flashcards

1
Q

Question 61:

A company wants to implement a secure file transfer protocol between its internal servers and remote offices while ensuring data confidentiality and integrity. Which of the following protocols should be used?
{
“protocol”: [
{
“name”: “SFP”,
“description”: “Secure File Transfer Protocol”
},
{
“name”: “FTP”,
“description”: “File Transfer Protocol”
}
]
}

Options:

A. SFTP.

B. FTP.

C. SCP.

D. HTTPS.

E. SMTP.

A

Correct Answer: A

Explanation: SFTP uses SSH for secure file transfers, ensuring both confidentiality and integrity of data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Question 62:

You are tasked with configuring a network to ensure that sensitive data is protected from unauthorized access using IPsec tunnels. Which of the following steps should you take?

tunnel_config:
- protocol: ESP
encryption: AES-256-CBC
authentication: SHA384

Options:
A. Use TCP as the transport protocol.

B. Configure ESP with AES-128-CBC for encryption.

C. Use UDP as the transport protocol.

D. Configure ESP with AES-256-CBC and SHA384 for authentication.

E. Disable IPsec to allow free communication.

A

**Correct Answer: D **

Explanation: Using ESP (Encapsulating Security Payload) with AES-256-CBC encryption and SHA384 for authentication ensures secure data transfer over the IPsec.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Question 63:
Your organization is transitioning to a Zero Trust Architecture. You need to configure access control policies to ensure that only authorized users can access sensitive resources.

{
“access_control”: {
“application_id”: “app1”,
“permissions”: [
{“user _role”: “admin”, “allowed _actions”: [“read”,”write”] },
{“user _role”: “viewer”, “allowed _actions”: [“read”] }
]
}
}

Options:

A. Assign admin role to all users.

B. Restrict access based on user roles and necessary permissions.

C. Allow read/write actions for everyone.

D. Grant write-only permissions to users who need them.

E. Remove all permissions and re-evaluate every request.

A

Correct Answer: B, D

Explanation: Least privilege requires granting only the minimum necessary permissions; admin role should have both read and write access while viewers should have only read access. Write-only permissions can be granted as needed but must align with the principle of least privilege.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Question 64:
You are configuring a network security policy for a hybrid cloud environment that requires strict data governance and compliance adherence. You need to ensure that all communications between on-premises resources and cloud services use secure channels.
{
“security_policy”: {
“cloud_provider”: “AWS”,
“encryption_method”: “TLS1.2”,
“communication_type”: [“data_transfer”, “API_calls”]
}
}

Options:

A. Use TLS1.0 for on-premises to cloud communications.

B. Enable data transfer and API calls encryption.

C. Configure no specific security measures.

D. Limit cloud provider to a single vendor only.

E. Disable all network traffic between on-premises and cloud.

A

Correct Answer: B

Explanation: Using TLS1.2 ensures secure communication, and enabling both data transfer and API calls encryption is necessary for compliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Question 65:

Your organization wants to implement a password policy that aligns with industry best practices to enhance account security. Which of the following steps should be included in your policy?

{
“password_policy”: {
“min_length”: 12,
“require_special _characters”: true,
“expire_after _days”: 90
}
}

Options:
A. Set minimum password length to 8 characters.

B. Require special characters in passwords.

C. Disable password expiration for all users.

D. Allow passwords to contain common words only.

E. Enforce a 12-character minimum length.

A

Correct Answer: B, E

Explanation: Requiring special characters and setting a minimum password length of 12 characters are key components of strong password policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Question 66:

You need to configure network security settings for an organization’s remote access solution to ensure that all user sessions are encrypted and secure. Which of the following actions should you take?

{
“remote_access”: {
“encryption_protocol”: “TLS1.3”,
“authentication_method”: [“two _factor_auth”
“certificates”]
}
}

Options:

A. Use TLS1.2 for encryption.

B. Enable two-factor authentication and certificate-based login.

C. Disable all remote access sessions.

D. Allow clear-text password transmission.

E. Configure a single-factor authentication method.

A

Correct Answer: B

Explanation: Using TLS1.3 for encryption and enabling both two-factor authentication and certificates provide robust security for remote access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Question 67:
You are tasked with securing a hybrid cloud environment that involves both on-premises infrastructure and AWS services. You need to ensure secure data transfer between these environments while adhering to compliance requirements.

{
“security_policy”: {
“cloud_provider”: “AWS”,
“data_transfer_encryption”: true,
“compliance_standards”: [“PCI-DSS”, “GDPR”]
}
}

Options:

A. Disable data transfer encryption.

B. Enable data transfer encryption using TLS1.2.

C. Exclude compliance standards for simplicity.

D. Use only AWS services without on-premises integration.

E. Implement no security measures.

A

**Correct Answer: B, E **

Explanation: Enabling data transfer encryption ensures secure communication, but implementing no security measures is not advisable for compliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Question 68:

Your organization needs to implement a strong password policy that aligns with industry best practices. Which of the following steps should be included in your policy?

{
“password_policy”: {
“min _length”: 12,
“require_special_characters”: true,
“expire_after _days”: 90
}
}
Options:
A. Set minimum password length to 8 characters.

B. Require special characters in passwords.

C. Disable password expiration for all users.

D. Allow common words and easily guessable phrases.

E. Enforce a 12-character minimum length.

A

Correct Answer: B, E

Explanation: Requiring special characters and setting a minimum password length of 12 characters are key components of strong password policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Question 9:

You are setting up a firewall rule to protect sensitive data from unauthorized access in a multi-tenant environment.
Which of the following rules should you implement?
{
“firewall _rules”: {
“protocol”: “TCP”,
“source_ip_range”: [“192.168.0.0/24”],
“destination_ip_range”: [“172.31.0.0/16”],
“port_range”: [80, 443]
}
}

Options:
A. Allow all IP ranges and protocols.

B. Block all traffic to the destination range.

C. Permit TCP protocol from a specific source IP range to a specific destination range on certain ports.

D. Disable firewall rules for simplicity.

E. Apply random port ranges.

A

Correct Answer: C

Explanation: Permitting TCP traffic from a specific source IP range to a specific destination range on specific ports is the correct approach for securing sensitive.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Question 70:

A company is migrating its critical applications to a cloud environment and needs to ensure high availability and disaster recovery. Which two strategies should be implemented?
Options:

A. Implementing cold storage for backups.

B. Utilizing multi-region deployments.

C. Configuring load balancers with health checks.

D. Enforcing strict access controls using IAM policies.

E. Deploying a single cloud instance for efficiency.

A

Correct Answer: B, C

Explanation: Multi-region deployments ensure high availability and disaster recovery by distributing resources across multiple geographic locations. Load balancers with health checks help maintain service continuity and monitor application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Question 71:

An organization is facing frequent security incidents due to misconfigured network devices. Which two configuration steps should be prioritized to enhance network security?

Options:
A. Disabling unnecessary services on servers.

B. Regularly updating firmware and software on devices.

C. Configuring default deny firewall rules.

D. Implementing strong password policies for end-users.

E. Conducting bi-weekly security audits.

A

Correct Answer: B, C

Explanation: Regularly updating firmware and software ensures that network devices are protected against known vulnerabilities. Default deny firewall rules help prevent unauthorized access by blocking all traffic not explicitly allowed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Question 72:

A security analyst is tasked with setting up a secure communication channel for internal messaging between departments. Which configuration should be used?

apiVersion: v1
kind: Secret
metadata:
name: internal-messaging-secret
type: Opaque
data:
password: cGFzc3dvcmQ=

Options:

A. Using an Ingress controller.

B. Creating a Kubernetes secret with encrypted data.

C. Implementing a DMZ for external communications.

D. Deploying a virtual private network (VPN) tunnel.

E. Enforcing strict email policies.

A

Correct Answer: B

Explanation:

A Kubernetes secret can be used to securely store and manage sensitive information such as passwords. The provided YAML snippet creates a secret with an encrypted password.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Question 73:

A network administrator needs to configure a firewall rule for a new service that requires both inbound and outbound traffic. Which configuration should be used?

  • action: allow
    ip_protocol: TCP
    port_range_min: 80
    port_range_max: 80
  • action: deny
    ip_protocol: TCP
    port_range_min: 443
    port_range_max: 443

Options:

A. Allow all inbound traffic.

B. Deny all outbound traffic.

C. Allow specific inbound and outbound ports.

D. Deny specific inbound and outbound ports.

E. Allow all traffic.

A

Correct Answer: C

Explanation:

The configuration should allow specific inbound (80) and outbound (443) TCP ports, ensuring that only necessary traffic is permitted while blocking others.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Question 74:

A company wants to implement a Zero Trust Architecture for its cloud services. Which two measures are essential in ZTA?

Options:

A. Multi-factor authentication (MFA)

B. Network segmentation

C. Regular security audits

D. Intrusion detection systems (IDS)

E. Strong password policies

A

Correct Answer: A, B

Explanation:

Multi-factor authentication and network segmentation are fundamental to Zero Trust Architecture, ensuring that only authorized entities can access resources while maintaining strict controls on internal traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Question 75:

In implementing a Zero Trust architecture, which of the following best represents the fundamental principle of the Data Plane?

Options:

A. Manages authentication and authorization decisions.

B. Handles the actual movement of data packets.

C. Implements security policies and procedures.

D. Monitors user access patterns.

A

Correct Answer: B

Explanation:

The Data Plane in Zero Trust architecture is responsible for the actual movement and processing of data packets after access decisions have been made by the Control Plane.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Question 76:

In a complex network scenario, an organization needs to ensure that sensitive data stored in the cloud is protected. Which two measures should be implemented?

Options:

A. Data loss prevention (DLP) policies

B. Regular security audits

C. Multi-factor authentication (MFA)

D. Data encryption at rest and in transit

E. Intrusion detection systems (IDS)

A

Correct Answer: A, D

Explanation:

Implementing data encryption and DLP policies ensures that sensitive data is protected both when stored and when

17
Q

Question 77:
Implementing secure authentication mechanisms is crucial for maintaining system integrity. You are tasked with configuring a multi-factor authentication (MFA) solution using Auth 2.0 for your organization’s web application.
{
“auth_mechanism”: “OAuth 2.0”,
“factors”: [
{
“factor_id”: “email”,
“description”: “Email verification”
},
{
“factor_id”: “top”,
“description”: “One-time password via SMS”
}
]
}

Options:

A. Use the ‘auth_mechanism’ field to specify OAuth 2.0.

B. Set up email as a factor for authentication.

C. Enable one-time passwords (OTP) through SMS as an additional factor.

D. Configure biometric factors like fingerprint scan.

E. Integrate with third-party MFA providers.

A

Correct Answer: A, B, C

Explanation:

The ‘auth_mechanism’ field must specify OAuth 2.0 for the MFA solution. Email and OTP via SMS are valid factors that can be configured as part of the MFA process.

18
Q

Question 78:

In a complex network scenario, an organization needs to ensure that only authorized users from specific departments can access certain resources. Which two strategies should be implemented?

Options:

A. Enforcing multi-factor authentication (MFA) for all users.

B. Implementing role-based access control (RBAC).

C. Regularly changing default passwords.

D. Deploying a web application firewall (WAF).

E. Conducting security awareness training.

A

Correct Answer: A, B

Explanation: Role-based access control ensures that only authorized users have access to specific resources based on their roles within the organization. Multi-factor authentication adds an extra layer of security by requiring more than one method of verification.

19
Q

Question 79:

You need to secure a web application from common attack vectors like SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF). Which of the following measures should you implement?

Options:

A. Use parameterized queries in database interactions.

B. Implement input validation for all user inputs.

C. Set up a Content Security Policy (CSP) header.

D. Regularly update server software to patch known vulnerabilities.

E. Disable HTTP access

A

Correct Answer: A, B, C, D

Explanation:

Parameterized queries help prevent SQL injection;
1. input validation protects against XSS and 2. CSRF attacks; 3. CSP headers enhance security by controlling allowed sources of content; 4. Regularly updating software patches fixes known.

20
Q

Question 80:

Your organization is transitioning to a Zero Trust Architecture. You are asked to implement least privilege access controls for a critical application.

{
“access_control”: {
“application_id”: “app1”,
“permissions”: [
{“user_role”: “admin”, “allowed _actions”: [“read”, “write”] },
{“user _role”: “viewer”, “allowed _actions”: [“read”] }
]
}
}

Options:

A. Assign admin role to all users.

B. Restrict access based on user roles and necessary permissions.

C. Allow read/write actions for everyone.

D. Grant write-only permissions to users who need them.

E. Remove all permissions and re-evaluate every request.

A

Correct Answer: B, D

Explanation: Least privilege requires granting only the minimum necessary permissions; admin role should have both read and write access while viewers should have only read access. Write-only permissions can be granted as needed but must align with the principle of least privilege.

ompTIA Security+ Certification SY0-701 (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions