Security+ 701 Flashcards
Which of the following threat actors is the most likely to be hired by a foreign government to attack
critical systems located in other countries?
A. Hacktivist
B. Whistleblower
C. Organized crime
D. Unskilled attacker
Answer: C
Explanation:
Organized crime is a type of threat actor that is motivated by financial gain and often operates across
national borders. Organized crime groups may be hired by foreign governments to conduct
cyberattacks on critical systems located in other countries, such as power grids, military networks, or
financial institutions. Organized crime groups have the resources, skills, and connections to carry out
sophisticated and persistent attacks that can cause significant damage and
disruption12. Reference = 1: Threat Actors - CompTIA Security+ SY0-701 - 2.1 2:
Which of the following is used to add extra complexity before using a one-way data transformation
algorithm?
A. Key stretching
B. Data masking
C. Steganography
D. Salting
Answer: D
Explanation:
Salting is the process of adding extra random data to a password or other data before applying a one-
way data transformation algorithm, such as a hash function. Salting increases the complexity and
randomness of the input data, making it harder for attackers to guess or crack the original data using
precomputed tables or brute force methods. Salting also helps prevent identical passwords from
producing identical hash values, which could reveal the passwords to attackers who have access to
the hashed data. Salting is commonly used to protect passwords stored in databases or transmitted
over networks. Reference =
Passwords technical overview
Encryption, hashing, salting – what’s the difference?
Salt (cryptography)
An employee clicked a link in an email from a payment website that asked the employee to update
contact information. The employee entered the log-in information but received a “page not found”
error message. Which of the following types of social engineering attacks occurred?
A. Brand impersonation
B. Pretexting
C. Typosquatting
D. Phishin
Answer: D
Explanation:
Phishing is a type of social engineering attack that involves sending fraudulent emails that appear to
be from legitimate sources, such as payment websites, banks, or other trusted entities. The goal of
phishing is to trick the recipients into clicking on malicious links, opening malicious attachments, or
providing sensitive information, such as log-in credentials, personal data, or financial details. In this
scenario, the employee received an email from a payment website that asked the employee to
update contact information. The email contained a link that directed the employee to a fake website
that mimicked the appearance of the real one. The employee entered the log-in information, but
received a “page not found” error message. This indicates that the employee fell victim to a phishing
attack, and the attacker may have captured the employee’s credentials for the payment
website. Reference = Other Social Engineering Attacks – CompTIA Security+ SY0-701 – 2.2, CompTIA
Security+: Social Engineering Techniques & Other Attack … - NICCS, [CompTIA Sec
An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound
DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which of the
following firewall ACLs will accomplish this goal?
A. Access list outbound permit 0.0.0.0 0 0.0.0.0/0 port 53 Access list outbound deny 10.50.10.25 32
0.0.0.0/0 port 53
B. Access list outbound permit 0.0.0.0/0 10.50.10.25 32 port 53 Access list outbound deny 0.0.0.0 0
0.0.0.0/0 port 53
C. Access list outbound permit 0.0.0.0 0 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0
10.50.10.25 32 port 53
D. Access list outbound permit 10.50.10.25 32 0.0.0.0/0 port 53 Access list outbound deny
0.0.0.0.0.0.0.0.0/0 port 53
The correct answer is D because it allows only the device with the IP address 10.50.10.25 to send
outbound DNS requests on port 53, and denies all other devices from doing so. The other options are
incorrect because they either allow all devices to send outbound DNS requests (A and C), or they
allow no devices to send outbound DNS requests (B). Reference = You can learn more about firewall
ACLs and DNS in the following resources:
CompTIA Security+ SY0-701 Certification Study Guide, Chapter 4: Network Security1
Professor Messer’s CompTIA SY0-701 Security+ Training Course, Section 3.2: Firewall Rules2
TOTAL: CompTIA Security+ Cert (SY0-701) | Udemy, Section 6: Network Security, Lecture 28: Firewall
Rules3
A data administrator is configuring authentication for a SaaS application and would like to reduce the
number of credentials employees need to maintain. The company prefers to use domain credentials
to access new SaaS applications. Which of the following methods would allow this functionality?
A. SSO
B. LEAP
C. MFA
D. PEAP
Answer: A
Questions and Answers PDF 5/297
Explanation:
SSO stands for single sign-on, which is a method of authentication that allows users to access
multiple applications or services with one set of credentials. SSO reduces the number of credentials
employees need to maintain and simplifies the login process. SSO can also improve security by
reducing the risk of password reuse, phishing, and credential theft. SSO can be implemented using
various protocols, such as SAML, OAuth, OpenID Connect, and Kerberos, that enable the exchange of
authentication information between different domains or systems. SSO is commonly used for
accessing SaaS applications, such as Office 365, Google Workspace, Salesforce, and others, using
domain credentials123.
LEAP
Lightweight Extensible Authentication Protocol, which is a Cisco proprietary
protocol that provides authentication for wireless networks. LEAP is not related to SaaS applications
or domain credentials4.
MFA
multi-factor authentication, which is a method of authentication that requires
users to provide two or more pieces of evidence to prove their identity. MFA can enhance security by
adding an extra layer of protection beyond passwords, such as tokens, biometrics, or codes. MFA is
not related to SaaS applications or domain credentials, but it can be used in conjunction with SSO.
PEAP
Protected Extensible Authentication Protocol, which is a protocol that provides
secure authentication for wireless networks. PEAP uses TLS to create an encrypted tunnel between
the client and the server, and then uses another authentication method, such as MS-CHAPv2 or EAP-
GTC, to verify the user’s identity. PEAP is not related to SaaS applications or domain credentials.
Which of the following scenarios describes a possible business email compromise attack?
A. An employee receives a gift card request in an email that has an executive’s name in the display
field of the email.
B. Employees who open an email attachment receive messages demanding payment in order to
access files.
C. A service desk employee receives an email from the HR director asking for log-in credentials to a
cloud administrator account.
D. An employee receives an email with a link to a phishing site that is designed to look like the
company’s email portal.
Answer: A
A business email compromise (BEC) attack is a type of phishing attack that targets employees who
have access to company funds or sensitive information. The attacker impersonates a trusted person,
such as an executive, a vendor, or a client, and requests a fraudulent payment, a wire transfer, or
confidential data. The attacker often uses social engineering techniques, such as urgency, pressure,
or familiarity, to convince the victim to comply with the request12
A company prevented direct access from the database administrators’ workstations to the network
segment that contains database servers. Which of the following should a database administrator use
to access the database servers?
A. Jump server
B. RADIUS
C. HSM
D. Load balancer
Answer: A
Explanation:
A jump server is a device or virtual machine that acts as an intermediary between a user’s
workstation and a remote network segment. A jump server can be used to securely access servers or
devices that are not directly reachable from the user’s workstation, such as database servers. A jump
server can also provide audit logs and access control for the remote connections. A jump server is
also known as a jump box or a jump host12
RADIUS
protocol for authentication, authorization, and accounting of network access. RADIUS is
not a device or a method to access remote servers, but rather a way to verify the identity and
permissions of users or devices that request network access34.
HSM
acronym for Hardware Security Module, which is a physical device that provides secure
storage and generation of cryptographic keys. HSMs are used to protect sensitive data and
applications, such as digital signatures, encryption, and authentication. HSMs are not used to access
remote servers, but rather to enhance the security of the data and applications that reside on
them5
load balancer
device or software that distributes network traffic across multiple servers or
devices, based on criteria such as availability, performance, or capacity. A load balancer can improve
the scalability, reliability, and efficiency of network services, such as web servers, application servers,
or database servers. A load balancer is not used to access remote servers, but rather to optimize the
delivery of the services that run on them
An organization’s internet-facing website was compromised when an attacker exploited a buffer
overflow. Which of the following should the organization deploy to best protect against similar
attacks in the future?
A. NGFW
B. WAF
C. TLS
D. SD-WAN
Answer: B
Explanation:
A buffer overflow is a type of software vulnerability that occurs when an application writes more
data to a memory buffer than it can hold, causing the excess data to overwrite adjacent memory
locations. This can lead to unexpected behavior, such as crashes, errors, or code execution. A buffer
overflow can be exploited by an attacker to inject malicious code or commands into the application,
which can compromise the security and functionality of the system. An organization’s internet-facing
website was compromised when an attacker exploited a buffer overflow. To best protect against
similar attacks in the future, the organization should deploy a web application firewall (WAF). A WAF
is a type of firewall that monitors and filters the traffic between a web application and the internet. A
WAF can detect and block common web attacks, such as buffer overflows, SQL injections, cross-site
scripting (XSS), and more. A WAF can also enforce security policies and rules, such as input
validation, output encoding, and encryption. A WAF can provide a layer of protection for the web
application, preventing attackers from exploiting its vulnerabilities and compromising its
data. Reference = Buffer Overflows – CompTIA Security+ SY0-701 – 2.3, Web Application Firewalls –
CompTIA Security+ SY0-701 – 2.4,
An administrator notices that several users are logging in from suspicious IP addresses. After
speaking with the users, the administrator determines that the employees were not logging in from
those IP addresses and resets the affected users’ passwords. Which of the following should the
administrator implement to prevent this type of attack from succeeding in the future?
A. Multifactor authentication
B. Permissions assignment
C. Access management
D. Password complexity
Answer: A
Explanation:
The correct answer is A because multifactor authentication (MFA) is a method of verifying a user’s
identity by requiring more than one factor, such as something the user knows (e.g., password),
something the user has (e.g., token), or something the user is (e.g., biometric). MFA can prevent
unauthorized access even if the user’s password is compromised, as the attacker would need to
provide another factor to log in. The other options are incorrect because they do not address the root
cause of the attack, which is weak authentication. Permissions assignment (B) is the process of
granting or denying access to resources based on the user’s role or identity. Access management © is
the process of controlling who can access what and under what conditions. Password complexity (D)
is the requirement of using strong passwords that are hard to guess or crack, but it does not prevent
an attacker from using a stolen password.
An employee receives a text message that appears to have been sent by the payroll department and
is asking for credential verification. Which of the following social engineering techniques are being
attempted? (Choose two.)
A. Typosquatting
B. Phishing
C. Impersonation
D. Vishing
E. Smishing
F. Misinformation
Answer: B E
Explanation:
Smishing is a type of social engineering technique that uses text messages (SMS) to trick victims into
revealing sensitive information, clicking malicious links, or downloading malware. Smishing
messages often appear to come from legitimate sources, such as banks, government agencies, or
service providers, and use urgent or threatening language to persuade the recipients to take
action12. In this scenario, the text message that claims to be from the payroll department is an
example of smishing.
Impersonation is a type of social engineering technique that involves pretending to be someone else,
such as an authority figure, a trusted person, or a colleague, to gain the trust or cooperation of the
target. Impersonation can be done through various channels, such as phone calls, emails, text
messages, or in-person visits, and can be used to obtain information, access, or money from the
victim34. In this scenario, the text message that pretends to be from the payroll department is an
example of impersonation.
Typosquatting
type of cyberattack that involves registering domain names that are similar to
popular or well-known websites, but with intentional spelling errors or different extensions. Typosquatting aims to exploit the common mistakes that users make when typing web
addresses, and redirect them to malicious or fraudulent sites that may steal their information, install
malware, or display ads56. Typosquatting is not related to text messages or credential verification
Misinformation
type of social engineering technique that involves spreading false or
misleading information to influence the beliefs, opinions, or actions of the target. Misinformation
can be used to manipulate public perception, create confusion, damage reputation, or promote an
agenda . Misinformation is not related to text messages or credential verification.
Several employees received a fraudulent text message from someone claiming to be the Chief
Executive Officer (CEO). The message stated:
“I’m in an airport right now with no access to email. I need you to buy gift cards for employee
recognition awards. Please send the gift cards to following email address.”
Which of the following are the best responses to this situation? (Choose two).
A. Cancel current employee recognition gift cards.
B. Add a smishing exercise to the annual company training.
C. Issue a general email warning to the company.
D. Have the CEO change phone numbers.
E. Conduct a forensic investigation on the CEO’s phone.
F. Implement mobile device management
Answer: B, C
Explanation:
This situation is an example of smishing, which is a type of phishing that uses text messages (SMS) to
entice individuals into providing personal or sensitive information to cybercriminals. The best
responses to this situation are to add a smishing exercise to the annual company training and to issue
a general email warning to the company. A smishing exercise can help raise awareness and educate
employees on how to recognize and avoid smishing attacks. An email warning can alert employees to
the fraudulent text message and remind them to verify the identity and legitimacy of any requests
for information or money.
A company is required to use certified hardware when building networks. Which of the following
best addresses the risks associated with procuring counterfeit hardware?
A. A thorough analysis of the supply chain
B. A legally enforceable corporate acquisition policy
C. A right to audit clause in vendor contracts and SOWs
D. An in-depth penetration test of all suppliers and vendors
Answer: A
Explanation:
Questions and Answers PDF 13/297
Counterfeit hardware is hardware that is built or modified without the authorization of the original
equipment manufacturer (OEM). It can pose serious risks to network quality, performance, safety,
and reliability12. Counterfeit hardware can also contain malicious components that can compromise
the security of the network and the data that flows through it3. To address the risks associated with
procuring counterfeit hardware, a company should conduct a thorough analysis of the supply chain,
which is the network of entities involved in the production, distribution, and delivery of the
hardware. By analyzing the supply chain, the company can verify the origin, authenticity, and
integrity of the hardware, and identify any potential sources of counterfeit or tampered products. A
thorough analysis of the supply chain can include the following steps:
Establishing a trusted relationship with the OEM and authorized resellers
Requesting documentation and certification of the hardware from the OEM or authorized resellers
Inspecting the hardware for any signs of tampering, such as mismatched labels, serial numbers, or
components
Testing the hardware for functionality, performance, and security
Implementing a tracking system to monitor the hardware throughout its lifecycle
Which of the following provides the details about the terms of a test with a third-party penetration
tester?
A. Rules of engagement
B. Supply chain analysis
C. Right to audit clause
D. Due diligence
Rules of engagement are the detailed guidelines and constraints regarding the execution of
information security testing, such as penetration testing. They define the scope, objectives, methods,
and boundaries of the test, as well as the roles and responsibilities of the testers and the clients.
Rules of engagement help to ensure that the test is conducted in a legal, ethical, and professional
manner, and that the results are accurate and reliable. Rules of engagement typically include the
following elements:
The type and scope of the test, such as black box, white box, or gray box, and the target systems,
networks, applications, or data.
The client contact details and the communication channels for reporting issues, incidents, or
emergencies during the test.
The testing team credentials and the authorized tools and techniques that they can use.
The sensitive data handling and encryption requirements, such as how to store, transmit, or dispose
of any data obtained during the test.
The status meeting and report schedules, formats, and recipients, as well as the confidentiality and
non-disclosure agreements for the test results.
The timeline and duration of the test, and the hours of operation and testing windows.
The professional and ethical behavior expectations for the testers, such as avoiding unnecessary
damage, disruption, or disclosure of information
Supply chain analysis
Supply chain analysis is the process of evaluating the security
and risk posture of the suppliers and partners in a business network.
Right to audit clause
provision in a contract that gives one party the right to audit another party to verify their compliance
with the contract terms and conditions.
Due diligence
process of identifying and addressing the
cyber risks that a potential vendor or partner brings to an organization.