Free SY0-701 Exam Braindumps

- (Exam Topic 1)
A security analyst reviews a company’s authentication logs and notices multiple authentication failures. The authentication failures are from different usernames that share the same source IP address. Which of the password attacks is MOST likely happening?

1. A. Dictionary
2. B. Rainbow table
3. C. Spraying
4. D. Brute-force

Correct Answer: C
Detailed
Password spraying is an attack where an attacker tries a small number of commonly used passwords against a large number of usernames. The goal of password spraying is to avoid detection by avoiding too many failed login attempts for any one user account. The fact that different usernames are being attacked from the same IP address is a strong indication that a password spraying attack is underway.

- (Exam Topic 2)
The most recent vulnerability scan flagged the domain controller with a critical vulnerability. The systems administrator researched the vulnerability and discovered the domain controller does not run the associated application with the vulnerability. Which of the following steps should the administrator take next?

1. A. Ensure the scan engine is configured correctly.
2. B. Apply a patch to the domain controller.
3. C. Research the CVE.
4. D. Document this as a false positive.

Correct Answer: D
A false positive is a result that indicates a problem when there is no actual problem. In this case, the vulnerability scan flagged the domain controller with a critical vulnerability, but the domain controller does not run the application that is vulnerable. Therefore, the scan result is inaccurate and should be documented as a false positive.
* A. Ensure the scan engine is configured correctly. This is not the next step, because the scan engine may be configured correctly and still produce false positives due to various factors, such as outdated signatures, network latency, or misconfigured devices.
* B. Apply a patch to the domain controller. This is not the next step, because applying a patch to a system that does not have the vulnerability may cause unnecessary problems or conflicts.
* C. Research the CVE. This is not the next step, because the systems administrator already researched the vulnerability and discovered that it does not affect the domain controller.
* D. Document this as a false positive. This is the correct answer, because documenting false positives helps to improve the accuracy and efficiency of future scans and audits.
Reference: CompTIA Security+ Study Guide (PDF) - Netwrix, page 14.

- (Exam Topic 1)
A security incident has been resolved Which of the following BEST describes the importance of the final phase of the incident response plan?

1. A. It examines and documents how well the team responded discovers what caused the incident, and determines how the incident can be avoided in the future
2. B. It returns the affected systems back into production once systems have been fully patched, data restored and vulnerabilities addressed
3. C. It identifies the incident and the scope of the breach how it affects the production environment, and the ingress point
4. D. It contains the affected systems and disconnects them from the network, preventing further spread of the attack or breach

Correct Answer: A
The final phase of an incident response plan is the post-incident activity, which involves examining and documenting how well the team responded, discovering what caused the incident, and determining how the incident can be avoided in the future. References: CompTIA Security+ Certification Exam Objectives - 2.5 Given a scenario, analyze potential indicators to determine the type of attack. Study Guide: Chapter 5, page 225.

- (Exam Topic 2)
A company has installed badge readers for building access but is finding unau-thorized individuals roaming the hallways Of the following is the most likely cause?

1. A. Shoulder surfing
2. B. Phishing
3. C. Tailgating
4. D. Identity fraud

Correct Answer: C
Tailgating is a physical security threat that occurs when an unauthorized person follows an authorized person into a restricted area without proper identification or authorization. It can cause unauthorized individuals to roam the hallways after gaining access through badge readers installed for building access.

- (Exam Topic 2)
An organization's corporate offices were destroyed due to a natural disaster, so the organization is now setting up offices in a temporary work space. Which of the following will the organization most likely consult?

1. A. The business continuity plan
2. B. The risk management plan
3. C. The communication plan
4. D. The incident response plan

Correct Answer: A
A business continuity plan is a document or a process that outlines how an organization can continue its critical operations and functions in the event of a disruption or disaster. It can include strategies and procedures for recovering or relocating resources, personnel, data, etc., to ensure minimal downtime and impact. The organization will most likely consult the business continuity plan when setting up offices in a temporary work space after its corporate offices were destroyed due to a natural disaster.