SY0-701 Free Practice Test

A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?

1. A. Testing input validation on the user input fields
2. B. Performing code signing on company-developed software
3. C. Performing static code analysis on the software
4. D. Ensuring secure cookies are use

Correct Answer: B
Code signing is a technique that uses cryptography to verify the authenticity and integrity of the code created by the company. Code signing involves applying a digital signature to the code using a private key that only the company possesses. The digital signature can be verified by anyone who has the corresponding public key, which can be distributed through a trusted certificate authority. Code signing can prevent unauthorized modifications, tampering, or malware injection into the code, and it can also assure the users that the code is from a legitimate source. References = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 2, page 74. CompTIA Security+ (SY0-701) Certification Exam Objectives, Domain 3.2, page 11. Application Security – SY0-601 CompTIA Security+ : 3.2

Which of the following are cases in which an engineer should recommend the decommissioning of a network device? (Select two).

1. A. The device has been moved from a production environment to a test environment.
2. B. The device is configured to use cleartext passwords.
3. C. The device is moved to an isolated segment on the enterprise network.
4. D. The device is moved to a different location in the enterprise.
5. E. The device's encryption level cannot meet organizational standards.
6. F. The device is unable to receive authorized updates.

Correct Answer: E
An engineer should recommend the decommissioning of a network device when the device poses a security risk or a compliance violation to the enterprise environment. A device that cannot meet the encryption standards or receive authorized updates is vulnerable to attacks and breaches, and may expose sensitive data or compromise network integrity. Therefore, such a device should be removed from the network and replaced with a more secure and updated one.
References
✑ CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 2, Section 2.2, page 671
✑ CompTIA Security+ Practice Tests: Exam SY0-701, 3rd Edition, Chapter 2,
Question 16, page 512

A company is expanding its threat surface program and allowing individuals to security test
the company’s internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?

1. A. Open-source intelligence
2. B. Bug bounty
3. C. Red team
4. D. Penetration testing

Correct Answer: B
A bug bounty is a program that rewards security researchers for finding and reporting vulnerabilities in an application or system. Bug bounties are often used by companies to improve their security posture and incentivize ethical hacking. A bug bounty program typically defines the scope, rules, and compensation for the researchers. References = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 1, page 10. CompTIA Security+ (SY0-701) Certification Exam Objectives, Domain 1.1, page 2.

Which of the following is a hardware-specific vulnerability?

1. A. Firmware version
2. B. Buffer overflow
3. C. SQL injection
4. D. Cross-site scripting

Correct Answer: A
Firmware is a type of software that is embedded in a hardware device, such as a router, a printer, or a BIOS chip. Firmware controls the basic functions and operations of the device, and it can be updated or modified by the manufacturer or the user. Firmware version is a hardware-specific vulnerability, as it can expose the device to security risks if it is outdated, corrupted, or tampered with. An attacker can exploit firmware vulnerabilities to gain unauthorized access, modify device settings, install malware, or cause damage to the device or the network. Therefore, it is important to keep firmware updated and verify its integrity and authenticity. References = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 2, page 67. CompTIA Security+ SY0-701 Exam Objectives, Domain 2.1, page 10.

Several employees received a fraudulent text message from someone claiming to be the Chief Executive Officer (CEO). The message stated:
“I’m in an airport right now with no access to email. I need you to buy gift cards for employee recognition awards. Please send the gift cards to following email address.”
Which of the following are the best responses to this situation? (Choose two).

1. A. Cancel current employee recognition gift cards.
2. B. Add a smishing exercise to the annual company training.
3. C. Issue a general email warning to the company.
4. D. Have the CEO change phone numbers.
5. E. Conduct a forensic investigation on the CEO's phone.
6. F. Implement mobile device management.

Correct Answer: BC
This situation is an example of smishing, which is a type of phishing that uses text messages (SMS) to entice individuals into providing personal or sensitive information to cybercriminals. The best responses to this situation are to add a smishing exercise to the annual company training and to issue a general email warning to the company. A smishing exercise can help raise awareness and educate employees on how to recognize and avoid smishing attacks. An email warning can alert employees to the fraudulent text message and remind them to verify the identity and legitimacy of any requests for information or money. References = What Is Phishing | Cybersecurity | CompTIA, Phishing – SY0-601 CompTIA Security+ : 1.1 - Professor Messer IT Certification Training Courses