• Home
  • Articles
  • Updated CompTIA SY0-701 Dumps – Check Free SY0-701 Exam Dumps (2024) [Q53-Q78]

Updated CompTIA SY0-701 Dumps – Check Free SY0-701 Exam Dumps (2024) [Q53-Q78]

Share

Updated CompTIA SY0-701 Dumps – Check Free SY0-701 Exam Dumps (2024)

Updated SY0-701 exam with CompTIA Real Exam Questions

NEW QUESTION # 53
Several employees received a fraudulent text message from someone claiming to be the Chief Executive Officer (CEO). The message stated:
"I'm in an airport right now with no access to email. I need you to buy gift cards for employee recognition awards. Please send the gift cards to following email address." Which of the following are the best responses to this situation? (Choose two).

  • A. Have the CEO change phone numbers.
  • B. Cancel current employee recognition gift cards.
  • C. Issue a general email warning to the company.
  • D. Implement mobile device management.
  • E. Add a smishing exercise to the annual company training.
  • F. Conduct a forensic investigation on the CEO's phone.

Answer: C,E

Explanation:
This situation is an example of smishing, which is a type of phishing that uses text messages (SMS) to entice individuals into providing personal or sensitive information to cybercriminals. The best responses to this situation are to add a smishing exercise to the annual company training and to issue a general email warning to the company. A smishing exercise can help raise awareness and educate employees on how to recognize and avoid smishing attacks. An email warning can alert employees to the fraudulent text message and remind them to verify the identity and legitimacy of any requests for information or money. Reference = What Is Phishing | Cybersecurity | CompTIA, Phishing - SY0-601 CompTIA Security+ : 1.1 - Professor Messer IT Certification Training Courses


NEW QUESTION # 54
A systems administrator is configuring a site-to-site VPN between two branch offices. Some of the settings have already been configured correctly. The systems administrator has been provided the following requirements as part of completing the configuration:
* Most secure algorithms should be selected
* All traffic should be encrypted over the VPN
* A secret password will be used to authenticate the two VPN concentrators




Answer:

Explanation:
See the Explanation part for all the Solution.
Explanation:
To configure the site-to-site VPN between the two branch offices according to the provided requirements, here are the detailed steps and settings that need to be applied to the VPN concentrators:
Requirements:
* Most secure algorithms should be selected.
* All traffic should be encrypted over the VPN.
* A secret password will be used to authenticate the two VPN concentrators.
VPN Concentrator 1 Configuration:
Phase 1:
* Peer IP address: 5.5.5.10 (The IP address of VPN Concentrator 2)
* Auth method: PSK (Pre-Shared Key)
* Negotiation mode: MAIN
* Encryption algorithm: AES256
* Hash algorithm: SHA256
* DH key group: 14
Phase 2:
* Mode: Tunnel
* Protocol: ESP (Encapsulating Security Payload)
* Encryption algorithm: AES256
* Hash algorithm: SHA256
* Local network/mask: 192.168.1.0/24
* Remote network/mask: 192.168.2.0/24
VPN Concentrator 2 Configuration:
Phase 1:
* Peer IP address: 5.5.5.5 (The IP address of VPN Concentrator 1)
* Auth method: PSK (Pre-Shared Key)
* Negotiation mode: MAIN
* Encryption algorithm: AES256
* Hash algorithm: SHA256
* DH key group: 14
Phase 2:
* Mode: Tunnel
* Protocol: ESP (Encapsulating Security Payload)
* Encryption algorithm: AES256
* Hash algorithm: SHA256
* Local network/mask: 192.168.2.0/24
* Remote network/mask: 192.168.1.0/24
Summary:
* Peer IP Address: Set to the IP address of the remote VPN concentrator.
* Auth Method: PSK for using a pre-shared key.
* Negotiation Mode: MAIN for the initial setup.
* Encryption Algorithm: AES256, which is a strong and secure algorithm.
* Hash Algorithm: SHA256, which provides strong hashing.
* DH Key Group: 14 for strong Diffie-Hellman key exchange.
* Phase 2 Protocol: ESP for encryption and integrity.
* Local and Remote Networks: Properly configure the local and remote network addresses to match each branch office subnet.
By configuring these settings on both VPN concentrators, the site-to-site VPN will meet the requirements for strong security algorithms, encryption of all traffic, and authentication using a pre-shared key.


NEW QUESTION # 55
Which of the following security control types does an acceptable use policy best represent?

  • A. Preventive
  • B. Detective
  • C. Corrective
  • D. Compensating

Answer: A

Explanation:
Preventive - an acceptable use policy enforces rules to users to use company resources.
example - company A states that in order to access files in the company server you must connect to your company VPN when working from home. This prevents you from connecting from an insecure network.


NEW QUESTION # 56
Which of the following is the best reason to complete an audit in a banking environment?

  • A. Service-level requirement
  • B. Self-assessment requirement
  • C. Organizational change
  • D. Regulatory requirement

Answer: D

Explanation:
Explanation
A regulatory requirement is a mandate imposed by a government or an authority that must be followed by an organization or an individual. In a banking environment, audits are often required by regulators to ensure compliance with laws, standards, and policies related to security, privacy, and financial reporting. Audits help to identify and correct any gaps or weaknesses in the security posture and the internal controls of the organization.
References:
Official CompTIA Security+ Study Guide (SY0-701), page 507
Security+ (Plus) Certification | CompTIA IT Certifications 2


NEW QUESTION # 57
A user is attempting to patch a critical system, but the patch fails to transfer. Which of the following access controls is most likely inhibiting the transfer?

  • A. Attribute-based
  • B. Time of day
  • C. Role-based
  • D. Least privilege

Answer: D

Explanation:
The least privilege principle states that users and processes should only have the minimum level of access required to perform their tasks. This helps to prevent unauthorized or unnecessary actions that could compromise security. In this case, the patch transfer might be failing because the user or process does not have the appropriate permissions to access the critical system or the network resources needed for the transfer. Applying the least privilege principle can help to avoid this issue by granting the user or process the necessary access rights for the patching activity. References: CompTIA Security+ Study Guide: Exam SY0-
701, 9th Edition, page 931


NEW QUESTION # 58
Which of the following risk management strategies should an enterprise adopt first if a legacy application is critical to business operations and there are preventative controls that are not yet implemented?

  • A. Transfer
  • B. Accept
  • C. Mitigate
  • D. Avoid

Answer: C

Explanation:
Mitigate is the risk management strategy that involves reducing the likelihood or impact of a risk. If a legacy application is critical to business operations and there are preventative controls that are not yet implemented, the enterprise should adopt the mitigate strategy first to address the existing vulnerabilities and gaps in the application. This could involve applying patches, updates, or configuration changes to the application, or adding additional layers of security controls around the application. Accept, transfer, and avoid are other risk management strategies, but they are not the best options for this scenario. Accept means acknowledging the risk and accepting the consequences without taking any action. Transfer means shifting the risk to a third party, such as an insurance company or a vendor. Avoid means eliminating the risk by removing the source or changing the process. These strategies may not be feasible or desirable for a legacy application that is critical to business operations and has no preventative controls in place. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 1221; A Risk-Based Framework for Legacy System Migration and Deprecation2


NEW QUESTION # 59
A client asked a security company to provide a document outlining the project, the cost, and the completion time frame. Which of the following documents should the company provide to the client?

  • A. SOW
  • B. SLA
  • C. MSA
  • D. BPA

Answer: A

Explanation:
An ISOW is a document that outlines the project, the cost, and the completion time frame for a security company to provide a service to a client. ISOW stands for Information Security Operations Work, and it is a type of contract that specifies the scope, deliverables, milestones, and payment terms of a security project. An ISOW is usually used for one-time or short-term projects that have a clear and defined objective and outcome. For example, an ISOW can be used for a security assessment, a penetration test, a security audit, or a security training.
The other options are not correct because they are not documents that outline the project, the cost, and the completion time frame for a security company to provide a service to a client. A MSA is a master service agreement, which is a type of contract that establishes the general terms and conditions for a long-term or ongoing relationship between a security company and a client. A MSA does not specify the details of each individual project, but rather sets the framework for future projects that will be governed by separate statements of work (SOWs). A SLA is a service level agreement, which is a type of contract that defines the quality and performance standards for a security service provided by a security company to a client. A SLA usually includes the metrics, targets, responsibilities, and penalties for measuring and ensuring the service level. A BPA is a business partnership agreement, which is a type of contract that establishes the roles and expectations for a strategic alliance between two or more security companies that collaborate to provide a joint service to a client. A BPA usually covers the objectives, benefits, risks, and obligations of the partnership. Reference = CompTIA Security+ Study Guide (SY0-701), Chapter 8: Governance, Risk, and Compliance, page 387. Professor Messer's CompTIA SY0-701 Security+ Training Course, Section 8.2: Compliance and Controls, video: Contracts and Agreements (5:12).


NEW QUESTION # 60
A security practitioner completes a vulnerability assessment on a company's network and finds several vulnerabilities, which the operations team remediates. Which of the following should be done next?

  • A. Rescan the network.
  • B. Submit a report.
  • C. Conduct an audit.
  • D. Initiate a penetration test.

Answer: A


NEW QUESTION # 61
A security analyst is reviewing the following logs:

Which of the following attacks is most likely occurring?

  • A. Password spraying
  • B. Brute-force
  • C. Pass-t he-hash
  • D. Account forgery

Answer: A

Explanation:
Password spraying is a type of brute force attack that tries common passwords across several accounts to find a match. It is a mass trial-and-error approach that can bypass account lockout protocols. It can give hackers access to personal or business accounts and information. It is not a targeted attack, but a high-volume attack tactic that uses a dictionary or a list of popular or weak passwords12.
The logs show that the attacker is using the same password ("password123") to attempt to log in to different accounts ("admin", "user1", "user2", etc.) on the same web server. This is a typical pattern of password spraying, as the attacker is hoping that at least one of the accounts has a weak password that matches the one they are trying. The attacker is also using a tool called Hydra, which is one of the most popular brute force tools, often used in cracking passwords for network authentication3.
Account forgery is not the correct answer, because it involves creating fake accounts or credentials to impersonate legitimate users or entities. There is no evidence of account forgery in the logs, as the attacker is not creating any new accounts or using forged credentials.
Pass-the-hash is not the correct answer, because it involves stealing a hashed user credential and using it to create a new authenticated session on the same network. Pass-the-hash does not require the attacker to know or crack the password, as they use the stored version of the password to initiate a new session4. The logs show that the attacker is using plain text passwords, not hashes, to try to log in to the web server.
Brute-force is not the correct answer, because it is a broader term that encompasses different types of attacks that involve trying different variations of symbols or words until the correct password is found. Password spraying is a specific type of brute force attack that uses a single common password against multiple accounts5. The logs show that the attacker is using password spraying, not brute force in general, to try to gain access to the web server. Reference = 1: Password spraying: An overview of password spraying attacks ... - Norton, 2: Security: Credential Stuffing vs. Password Spraying - Baeldung, 3: Brute Force Attack: A definition + 6 types to know | Norton, 4: What is a Pass-the-Hash Attack? - CrowdStrike, 5: What is a Brute Force Attack? | Definition, Types & How It Works - Fortinet


NEW QUESTION # 62
A security analyst finds a rogue device during a monthly audit of current endpoint assets that are connected to the network. The corporate network utilizes 002.1X for access control. To be allowed on the network, a device must have a Known hardware address, and a valid user name and password must be entered in a captive portal. The following is the audit report:

Which of the following is the most likely way a rogue device was allowed to connect?

  • A. A user performed a MAC cloning attack with a personal device.
  • B. An administrator bypassed the security controls for testing.
  • C. A DMCP failure caused an incorrect IP address to be distributed
  • D. DNS hijacking let an attacker intercept the captive portal traffic.

Answer: A

Explanation:
The most likely way a rogue device was able to connect to the network is through a MAC cloning attack. In this attack, a personal device copies the MAC address of an authorized device, bypassing the 802.1X access control that relies on known hardware addresses for network access. The matching MAC addresses in the audit report suggest that this technique was used to gain unauthorized network access.
References =
* CompTIA Security+ SY0-701 Course Content: Domain 03 Security Architecture.
* CompTIA Security+ SY0-601 Study Guide: Chapter on Network Security and MAC Address Spoofing.


NEW QUESTION # 63
Employees located off-site must have access to company resources in order to complete their assigned tasks These employees utilize a solution that allows remote access without interception concerns. Which of the following best describes this solution?

  • A. VPN
  • B. NGFW
  • C. Security zone
  • D. Proxy server

Answer: A

Explanation:
A Virtual Private Network (VPN) is the best solution to allow remote employees secure access to company resources without interception concerns. A VPN establishes an encrypted tunnel over the internet, ensuring that data transferred between remote employees and the company is secure from eavesdropping.
* Proxy server helps with web content filtering and anonymization but does not provide encrypted access.
* NGFW (Next-Generation Firewall) enhances security but is not the primary tool for enabling remote access.
* Security zone is a network segmentation technique but does not provide remote access capabilities.


NEW QUESTION # 64
Which of the following security controls is most likely being used when a critical legacy server is segmented into a private network?

  • A. Preventive
  • B. Compensating
  • C. Corrective
  • D. Deterrent

Answer: B

Explanation:
When a critical legacy server is segmented into a private network, the security control being used is compensating. Compensating controls are alternative measures put in place to satisfy a security requirement when the primary control is not feasible or practical. In this case, segmenting the legacy server into a private network serves as a compensating control to protect it from potential vulnerabilities that cannot be mitigated directly.
Compensating: Provides an alternative method to achieve the desired security outcome when the primary control is not possible.
Deterrent: Aims to discourage potential attackers but does not directly address segmentation.
Corrective: Used to correct or mitigate the impact of an incident after it has occurred.
Preventive: Aims to prevent security incidents but is not specific to the context of segmentation.


NEW QUESTION # 65
A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?

  • A. Transfer
  • B. Accept
  • C. Avoid
  • D. Mitigate

Answer: A


NEW QUESTION # 66
An administrator discovers that some files on a database server were recently encrypted. The administrator sees from the security logs that the data was last accessed by a domain user. Which of the following best describes the type of attack that occurred?

  • A. Social engineering
  • B. Unauthorized attacker
  • C. Watering-hole
  • D. Insider threat

Answer: D

Explanation:
Explanation
An insider threat is a type of attack that originates from someone who has legitimate access to an organization's network, systems, or data. In this case, the domain user who encrypted the files on the database server is an example of an insider threat, as they abused their access privileges to cause harm to the organization. Insider threats can be motivated by various factors, such as financial gain, revenge, espionage, or sabotage.
References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 1: General Security Concepts, page 251. CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 1: General Security Concepts, page 252.


NEW QUESTION # 67
Which of the following most impacts an administrator's ability to address CVEs discovered on a server?

  • A. Risk tolerance
  • B. Patch availability
  • C. Rescanning requirements
  • D. Organizational impact

Answer: B

Explanation:
Patch availability most impacts an administrator's ability to address Common Vulnerabilities and Exposures (CVEs) discovered on a server. If a patch is not available for a discovered vulnerability, the administrator cannot remediate the issue directly through patching, which leaves the system exposed until a patch is released.
Patch availability: Directly determines whether a discovered vulnerability can be fixed promptly. Without available patches, administrators must look for other mitigation strategies.
Rescanning requirements: Important for verifying the effectiveness of patches but secondary to the availability of the patches themselves.
Organizational impact: Considers the potential consequences of vulnerabilities but does not directly impact the ability to apply patches.
Risk tolerance: Influences how the organization prioritizes addressing vulnerabilities but does not affect the actual availability of patches.


NEW QUESTION # 68
An employee clicked a link in an email from a payment website that asked the employee to update contact information. The employee entered the log-in information but received a "page not found" error message. Which of the following types of social engineering attacks occurred?

  • A. Typosquatting
  • B. Brand impersonation
  • C. Phishing
  • D. Pretexting

Answer: C

Explanation:
Phishing is a type of social engineering attack that involves sending fraudulent emails that appear to be from legitimate sources, such as payment websites, banks, or other trusted entities. The goal of phishing is to trick the recipients into clicking on malicious links, opening malicious attachments, or providing sensitive information, such as log-in credentials, personal data, or financial details. In this scenario, the employee received an email from a payment website that asked the employee to update contact information. The email contained a link that directed the employee to a fake website that mimicked the appearance of the real one. The employee entered the log-in information, but received a "page not found" error message. This indicates that the employee fell victim to a phishing attack, and the attacker may have captured the employee's credentials for the payment website. Reference = Other Social Engineering Attacks - CompTIA Security+ SY0-701 - 2.2, CompTIA Security+: Social Engineering Techniques & Other Attack ... - NICCS, [CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition]


NEW QUESTION # 69
A bank insists all of its vendors must prevent data loss on stolen laptops. Which of the following strategies is the bank requiring?

  • A. Encryption at rest
  • B. Masking
  • C. Permission restrictions
  • D. Data classification

Answer: A

Explanation:
Encryption at rest is a strategy that protects data stored on a device, such as a laptop, by converting it into an unreadable format that can only be accessed with a decryption key or password. Encryption at rest can prevent data loss on stolen laptops by preventing unauthorized access to the data, even if the device is physically compromised. Encryption at rest can also help comply with data privacy regulations and standards that require data protection. Masking, data classification, and permission restrictions are other strategies that can help protect data, but they may not be sufficient or applicable for data stored on laptops. Masking is a technique that obscures sensitive data elements, such as credit card numbers, with random characters or symbols, but it is usually used for data in transit or in use, not at rest. Data classification is a process that assigns labels to data based on its sensitivity and business impact, but it does not protect the data itself. Permission restrictions are rules that define who can access, modify, or delete data, but they may not prevent unauthorized access if the laptop is stolen and the security controls are bypassed. Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 17-18, 372-373


NEW QUESTION # 70
A systems administrator is looking for a low-cost application-hosting solution that is cloud-based. Which of the following meets these requirements?

  • A. SDN
  • B. Serverless framework
  • C. Type 1 hvpervisor
  • D. SD-WAN

Answer: B

Explanation:
A serverless framework is a cloud-based application-hosting solution that meets the requirements of low-cost and cloud-based. A serverless framework is a type of cloud computing service that allows developers to run applications without managing or provisioning any servers. The cloud provider handles the server-side infrastructure, such as scaling, load balancing, security, and maintenance, and charges the developer only for the resources consumed by the application. A serverless framework enables developers to focus on the application logic and functionality, and reduces the operational costs and complexity of hosting applications.
Some examples of serverless frameworks are AWS Lambda, Azure Functions, and Google Cloud Functions.
A type 1 hypervisor, SD-WAN, and SDN are not cloud-based application-hosting solutions that meet the requirements of low-cost and cloud-based. A type 1 hypervisor is a software layer that runs directly on the hardware and creates multiple virtual machines that can run different operating systems and applications. A type 1 hypervisor is not a cloud-based service, but a virtualization technology that can be used to create private or hybrid clouds. A type 1 hypervisor also requires the developer to manage and provision the servers and the virtual machines, which can increase the operational costs and complexity of hosting applications. Some examples of type 1 hypervisors are VMware ESXi, Microsoft Hyper-V, and Citrix XenServer.
SD-WAN (Software-Defined Wide Area Network) is a network architecture that uses software to dynamically route traffic across multiple WAN connections, such as broadband, LTE, or MPLS. SD-WAN is not a cloud-based service, but a network optimization technology that can improve the performance, reliability, and security of WAN connections. SD-WAN can be used to connect remote sites or users to cloud-based applications, but it does not host the applications itself. Some examples of SD-WAN vendors are Cisco, VMware, and Fortinet.
SDN (Software-Defined Networking) is a network architecture that decouples the control plane from the data plane, and uses a centralized controller to programmatically manage and configure the network devices and traffic flows. SDN is not a cloud-based service, but a network automation technology that can enhance the scalability, flexibility, and efficiency of the network. SDN can be used to create virtual networks or network functions that can support cloud-based applications, but it does not host the applications itself. Some examples of SDN vendors are OpenFlow, OpenDaylight, and OpenStack.
References = CompTIA Security+ SY0-701 Certification Study Guide, page 264-265; Professor Messer's CompTIA SY0-701 Security+ Training Course, video 3.1 - Cloud and Virtualization, 7:40 - 10:00; [Serverless Framework]; [Type 1 Hypervisor]; [SD-WAN]; [SDN].


NEW QUESTION # 71
Which of the following teams combines both offensive and defensive testing techniques to protect an organization's critical systems?

  • A. Purple
  • B. Blue
  • C. Yellow
  • D. Red

Answer: A

Explanation:
Purple is the team that combines both offensive and defensive testing techniques to protect an organization's critical systems. Purple is not a separate team, but rather a collaboration between the red team and the blue team. The red team is the offensive team that simulates attacks and exploits vulnerabilities in the organization's systems. The blue team is the defensive team that monitors and protects the organization's systems from real and simulated threats. The purple team exists to ensure and maximize the effectiveness of the red and blue teams by integrating the defensive tactics and controls from the blue team with the threats and vulnerabilities found by the red team into a single narrative that improves the overall security posture of the organization. Red, blue, and yellow are other types of teams involved in security testing, but they do not combine both offensive and defensive techniques. The yellow team is the team that builds software solutions, scripts, and other programs that the blue team uses in the security testing. Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 1331; Penetration Testing: Understanding Red, Blue, & Purple Teams3


NEW QUESTION # 72
A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users. Which of the following would be a good use case for this task?

  • A. Off-the-shelf software
  • B. Orchestration
  • C. Baseline
  • D. Policy enforcement

Answer: B

Explanation:
Orchestration is the process of automating multiple tasks across different systems and applications. It can help save time and reduce human error by executing predefined workflows and scripts. In this case, the systems administrator can use orchestration to create accounts for a large number of end users without having to manually enter their information and assign permissions.


NEW QUESTION # 73
Which of the following is most likely associated with introducing vulnerabilities on a corporate network by the deployment of unapproved software?

  • A. Script kiddies
  • B. Shadow IT
  • C. Hacktivists
  • D. Competitors

Answer: B

Explanation:
Shadow IT refers to the use of information technology systems, devices, software, applications, and services without explicit IT department approval. This is the most likely cause of introducing vulnerabilities on a corporate network by deploying unapproved software, as such software may not have been vetted for security compliance, increasing the risk of vulnerabilities.
References =
* CompTIA Security+ SY0-701 Course Content: The concept of Shadow IT is discussed as a significant risk due to the introduction of unapproved and potentially vulnerable software into the corporate network.


NEW QUESTION # 74
After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training?

  • A. Insider threat
  • B. Executive whaling
  • C. Email phishing
  • D. Social engineering

Answer: D

Explanation:
Social engineering is the practice of manipulating people into performing actions or divulging confidential information, often by impersonating someone else or creating a sense of urgency or trust. The suspicious caller in this scenario was trying to use social engineering to trick the user into giving away credit card information by pretending to be the CFO and asking for a payment. The user recognized this as a potential scam and reported it to the IT help desk. The other topics are not relevant to this situation. Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 19 1


NEW QUESTION # 75
A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations. Which of the following should the hosting provider consider first?

  • A. Risks from hackers residing in other countries
  • B. Local data protection regulations
  • C. Time zone differences in log correlation
  • D. Impacts to existing contractual obligations

Answer: B

Explanation:
Local data protection regulations are the first thing that a cloud-hosting provider should consider before expanding its data centers to new international locations. Data protection regulations are laws or standards that govern how personal or sensitive data is collected, stored, processed, and transferred across borders.
Different countries or regions may have different data protection regulations, such as the General Data Protection Regulation (GDPR) in the European Union, the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, or the California Consumer Privacy Act (CCPA) in the United States.
A cloud-hosting provider must comply with the local data protection regulations of the countries or regions where it operates or serves customers, or else it may face legal penalties, fines, or reputational damage.
Therefore, a cloud-hosting provider should research and understand the local data protection regulations of the new international locations before expanding its data centers there. References = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 7, page 269.
CompTIA Security+ SY0-701 Exam Objectives, Domain 5.1, page 14.


NEW QUESTION # 76
An engineer moved to another team and is unable to access the new team's shared folders while still being able to access the shared folders from the former team. After opening a ticket, the engineer discovers that the account was never moved to the new group. Which of the following access controls is most likely causing the lack of access?

  • A. Discretionary
  • B. Time of day
  • C. Role-based
  • D. Least privilege

Answer: C


NEW QUESTION # 77
Which of the following is the best way to secure an on-site data center against intrusion from an insider?

  • A. Access badge
  • B. Motion sensor
  • C. Video surveillance
  • D. Bollards

Answer: A

Explanation:
To secure an on-site data center against intrusion from an insider, the best measure is to use an access badge system. Access badges control who can enter restricted areas by verifying their identity and permissions, thereby preventing unauthorized access from insiders.
Access badge: Provides controlled and monitored access to restricted areas, ensuring that only authorized personnel can enter.
Bollards: Provide physical barriers to prevent vehicle access but do not prevent unauthorized personnel entry.
Motion sensor: Detects movement but does not control or restrict access.
Video surveillance: Monitors and records activity but does not physically prevent intrusion.


NEW QUESTION # 78
......

Actual SY0-701 Exam Recently Updated Questions with Free Demo: https://prep4sure.real4dumps.com/SY0-701-prep4sure-exam.html

Related Articles

more
CompTIA SY0-701 Certification Practice Exam

We are an official authorized large company offering exam prep, real test dumps and latest dumps which can help you pass exam surely. Your money is guaranteed and will be refunded if you fail the exam.

Latest Exam Questions

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 Real4dumps NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy