SY0-701 Free Practice Test

- (Exam Topic 2)
A company is moving to new location. The systems administrator has provided the following server room requirements to the facilities staff:
Consistent power levels in case of brownouts or voltage spikes
A minimum of 30 minutes runtime following a power outage
Ability to trigger graceful shutdowns of critical systems
Which of the following would BEST meet the requirements?

1. A. Maintaining a standby, gas-powered generator
2. B. Using large surge suppressors on computer equipment
3. C. Configuring managed PDUs to monitor power levels
4. D. Deploying an appropriately sized, network-connected UPS device

Correct Answer: D
A UPS (uninterruptible power supply) device is a battery backup system that can provide consistent power levels in case of brownouts or voltage spikes. It can also provide a minimum of 30 minutes runtime following a power outage, depending on the size and load of the device. A network-connected UPS device can also communicate with critical systems and trigger graceful shutdowns if the battery level is low or the power is not restored.

- (Exam Topic 2)
Given the following snippet of Python code:
Which of the following types of malware MOST likely contains this snippet?

1. A. Logic bomb
2. B. Keylogger
3. C. Backdoor
4. D. Ransomware

Correct Answer: A
A logic bomb is a type of malware that executes malicious code when certain conditions are met. A logic bomb can be triggered by various events, such as a specific date or time, a user action, a system configuration change, or a command from an attacker. A logic bomb can perform various malicious actions, such as deleting files, encrypting data, displaying messages, or launching other malware.
The snippet of Python code shows a logic bomb that executes a function called delete_all_files() when the current date is December 25th. The code uses the datetime module to get the current date and compare it with a predefined date object. If the condition is true, the code calls the delete_all_files() function, which presumably deletes all files on the system.
References: https://www.comptia.org/certifications/security#examdetails https://www.comptia.org/content/guides/comptia-security-sy0-601-exam-objectives https://www.kaspersky.com/resource-center/definitions/logic-bomb

- (Exam Topic 2)
Multiple beaconing activities to a malicious domain have been observed. The malicious domain is hosting malware from various endpoints on the network. Which of the following technologies would be best to correlate the activities between the different endpoints?

1. A. Firewall
2. B. SIEM
3. C. IPS
4. D. Protocol analyzer

Correct Answer: B
SIEM stands for Security Information and Event Management, which is a technology that collects, analyzes, and correlates data from multiple sources, such as firewall logs, IDS/IPS alerts, network devices, applications, and endpoints. SIEM provides real-time monitoring and alerting of security events, as well as historical analysis and reporting for compliance and forensic purposes.
A SIEM technology would be best to correlate the activities between the different endpoints that are beaconing to a malicious domain. A SIEM can detect the malicious domain by comparing it with threat intelligence feeds or known indicators of compromise (IOCs). A SIEM can also identify the endpoints that are communicating with the malicious domain by analyzing the firewall logs and other network traffic data. A SIEM can alert the security team of the potential compromise and provide them with relevant information for investigation and remediation.

- (Exam Topic 2)
Which of the following is the correct order of evidence from most to least volatile in forensic analysis?

1. A. Memory, disk, temporary filesystems, CPU cache
2. B. CPU cache, memory, disk, temporary filesystems
3. C. CPU cache, memory, temporary filesystems, disk
4. D. CPU cache, temporary filesystems, memory, disk

Correct Answer: C
The correct order of evidence from most to least volatile in forensic analysis is based on how quickly the evidence can be lost or altered if not collected or preserved properly. CPU cache is the most volatile type of evidence because it is stored in a small amount of memory on the processor and can be overwritten or erased very quickly. Memory is the next most volatile type of evidence because it is stored in RAM and can be lost when the system is powered off or rebooted. Temporary filesystems are less volatile than memory because they are stored on disk, but they can still be deleted or overwritten by other processes or users. Disk is the least volatile type of evidence because it is stored on permanent storage devices and can be recovered even after deletion or formatting, unless overwritten by new data. References:
https://www.comptia.org/blog/what-is-volatility-in-digital-forensics

- (Exam Topic 1)
A company has discovered unauthorized devices are using its WiFi network, and it wants to harden the access point to improve security. Which f the following configuration should an analysis enable
To improve security? (Select TWO.)

1. A. RADIUS
2. B. PEAP
3. C. WPS
4. D. WEP-EKIP
5. E. SSL
6. F. WPA2-PSK

Correct Answer: AF
To improve the security of the WiFi network and prevent unauthorized devices from accessing the network, the configuration options of RADIUS and WPA2-PSK should be enabled. RADIUS (Remote Authentication Dial-In User Service) is an authentication protocol that can be used to control access to the WiFi network. It can provide stronger authentication and authorization than WEP and WPA. WPA2-PSK (WiFi Protected Access 2 with Pre-Shared Key) is a security protocol that uses stronger encryption than WEP and WPA. It requires a pre-shared key (PSK) to be entered on each device that wants to access the network. This helps prevent unauthorized devices from accessing the network.