Free Access to CompTIA.SY0-701.v2025-01-03.q208 with Valid Practice Test (Page 34)

Request Exam Contact

Home
View All Exams
New QA's
Upload

PRACTICE EXAMS:

Oracle
Fortinet
Juniper
Microsoft
Cisco
Citrix
CompTIA
VMware
ISC
SAP
EMC
PMI
HP
Salesforce
Other

Oracle
Fortinet
Juniper
Microsoft
Cisco
Citrix
CompTIA
VMware
ISC
SAP
EMC
PMI
HP
Salesforce

Home
CompTIA Certification
SY0-701 Exam
CompTIA.SY0-701.v2025-01-03.q208 Dumps

««
«
…
29
30
31
32
33
34
35
36
37
38
…
»
»»

Question 161

A company is working with a vendor to perform a penetration test Which of the following includes an estimate about the number of hours required to complete the engagement?

A.SOW
B.BPA
C.SLA
D.NDA

Correct Answer: A

A statement of work (SOW) is a document that defines the scope, objectives, deliverables, timeline, and costs of a project or service. It typically includes an estimate of the number of hours required to complete the engagement, as well as the roles and responsibilities of the parties involved. A SOW is often used for penetration testing projects to ensure that both the client and the vendor have a clear and mutual understanding of what is expected and how the work will be performed. A business partnership agreement (BPA), a service level agreement (SLA), and a non-disclosure agreement (NDA) are different types of contracts that may be related to a penetration testing project, but they do not include an estimate of the number of hours required to complete the engagement. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 492; What to Look For in a Penetration Testing Statement of Work?

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 162

A security administrator recently reset local passwords and the following values were recorded in the system:

Which of the following in the security administrator most likely protecting against?

A.Account sharing
B.Weak password complexity
C.Pass-the-hash attacks
D.Password compromise

Correct Answer: C

The scenario shows MD5 hashed password values. The most likely reason the security administrator is focusing on these values is to protect against pass-the-hash attacks. In this type of attack, an attacker can use a captured hash to authenticate without needing to know the actual plaintext password. By managing and monitoring these hashes, the administrator can implement strategies to mitigate this type of threat.
References =
* CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations.
* CompTIA Security+ SY0-601 Study Guide: Chapter on Identity and Access Management.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 163

A systems administrator would like to deploy a change to a production system. Which of the following must the administrator submit to demonstrate that the system can be restored to a working state in the event of a performance issue?

A.Backout plan
B.Impact analysis
C.Test procedure
D.Approval procedure

Correct Answer: A

To demonstrate that the system can be restored to a working state in the event of a performance issue after deploying a change, the systems administrator must submit a backout plan. A backout plan outlines the steps to revert the system to its previous state if the new deployment causes problems.
Backout plan: Provides detailed steps to revert changes and restore the system to its previous state in case of issues, ensuring minimal disruption and quick recovery.
Impact analysis: Evaluates the potential effects of a change but does not provide steps to revert changes.
Test procedure: Details the steps for testing the change but does not address restoring the system to a previous state.
Approval procedure: Involves obtaining permissions for the change but does not ensure system recovery in case of issues.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 164

Which of the following risk management strategies should an enterprise adopt first if a legacy application is critical to business operations and there are preventative controls that are not yet implemented?

A.Mitigate
B.Accept
C.Transfer
D.Avoid

Correct Answer: A

Mitigate is the risk management strategy that involves reducing the likelihood or impact of a risk. If a legacy application is critical to business operations and there are preventative controls that are not yet implemented, the enterprise should adopt the mitigate strategy first to address the existing vulnerabilities and gaps in the application. This could involve applying patches, updates, or configuration changes to the application, or adding additional layers of security controls around the application. Accept, transfer, and avoid are other risk management strategies, but they are not the best options for this scenario. Accept means acknowledging the risk and accepting the consequences without taking any action. Transfer means shifting the risk to a third party, such as an insurance company or a vendor. Avoid means eliminating the risk by removing the source or changing the process. These strategies may not be feasible or desirable for a legacy application that is critical to business operations and has no preventative controls in place. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 1221; A Risk-Based Framework for Legacy System Migration and Deprecation2

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 165

An administrator discovers that some files on a database server were recently encrypted. The administrator sees from the security logs that the data was last accessed by a domain user. Which of the following best describes the type of attack that occurred?

A.Insider threat
B.Social engineering
C.Watering-hole
D.Unauthorized attacker

Correct Answer: A

An insider threat is a type of attack that originates from someone who has legitimate access to an organization's network, systems, or dat a. In this case, the domain user who encrypted the files on the database server is an example of an insider threat, as they abused their access privileges to cause harm to the organization. Insider threats can be motivated by various factors, such as financial gain, revenge, espionage, or sabotage.

Comment: *

Name: *

Email: *

Verification: *

insert code

««
«
…
29
30
31
32
33
34
35
36
37
38
…
»
»»

[×]

Download PDF File

Enter your email address to download CompTIA.SY0-701.v2025-01-03.q208 Dumps

Email:

Our website provides the Largest and the most Latest vendors Certification Exam materials around the world.

Using dumps we provide to Pass the Exam, we has the Valid Dumps with passing guranteed just which you need.

DMCA
About
Contact Us
Privacy Policy
Terms & Conditions

©2026 FreeQAs

www.freeqas.com materials do not contain actual questions and answers from Cisco's certification exams.

Web Analytics Made Easy - Statcounter