Visit here for our full CompTIA SY0-701 exam dumps and practice test questions.
Question 81
Which security principle ensures users are only granted permissions necessary to perform their job functions?
( A ) Defense in Depth
( B ) Principle of Least Privilege
( C ) Separation of Duties
( D ) Mandatory Access Control
Answer: B
Explanation:
The Principle of Least Privilege (PoLP) is a cornerstone of effective cybersecurity and information security management. It is based on the idea that users, applications, and processes should be granted only the access and permissions necessary to perform their specific duties, and nothing more. By limiting privileges in this way, organizations reduce the potential attack surface, minimizing opportunities for accidental or deliberate misuse of resources. This principle is distinct from broader security strategies, such as Defense in Depth, which involves layering multiple security controls; least privilege specifically focuses on limiting access to reduce exposure and prevent unauthorized actions.
Implementing least privilege requires a thorough understanding of organizational roles and responsibilities. Role-based access control (RBAC) is commonly used to define permissions according to job functions, ensuring that each user has access appropriate to their duties. Regular reviews and audits of permissions are essential to ensure that privileges do not accumulate over time or remain assigned to users who no longer require them. This process helps prevent situations where former employees, contractors, or service accounts retain unnecessary access, which could be exploited by attackers.
Combining least privilege with the principle of separation of duties further strengthens security. By ensuring that critical tasks require multiple individuals with distinct roles, organizations can prevent conflicts of interest and reduce the likelihood of insider threats. Additionally, privileged access management (PAM) solutions allow administrators to elevate permissions temporarily when necessary, providing flexibility while maintaining security.
The benefits of least privilege are far-reaching. It protects sensitive data, reduces the potential for lateral movement by attackers within a network, and limits the impact of compromised accounts. Regulatory standards and compliance frameworks often mandate least privilege as a fundamental control, emphasizing its role in both operational security and legal adherence. When properly implemented, the principle of least privilege not only mitigates risk but also encourages operational discipline, ensuring that access is carefully controlled, monitored, and adjusted according to evolving organizational needs. This makes it a foundational practice for maintaining a secure, resilient, and compliant IT environment.
Question 82
Which attack technique involves overwhelming a target system to make resources unavailable to legitimate users?
( A ) Man-in-the-Middle (MITM)
( B ) Denial of Service (DoS)
( C ) SQL Injection
( D ) Phishing
Answer: B
Explanation:
A Denial of Service (DoS) attack is a type of cyberattack aimed at rendering a system, network, or online service unavailable to its intended users. Unlike attacks such as Man-in-the-Middle (MITM), which compromise the confidentiality or integrity of information, DoS attacks specifically target the availability aspect of security, seeking to disrupt normal operations. Attackers accomplish this by overwhelming the target with excessive traffic, exploiting vulnerabilities, or exhausting critical system resources such as memory, processing power, or network bandwidth. The resulting disruption can prevent legitimate users from accessing applications, websites, or services, causing operational and financial damage.
A more advanced form of this attack is the Distributed Denial of Service (DDoS) attack, in which multiple compromised devices, often forming a botnet, are used simultaneously to amplify the volume of malicious traffic. By coordinating attacks across numerous sources, attackers can significantly increase the difficulty of mitigation, making standard security measures insufficient if not properly scaled. DDoS attacks can target servers, networks, or even specific applications, and their impact can range from temporary service interruptions to prolonged outages, reputational damage, and regulatory consequences.
Defending against DoS and DDoS attacks requires a combination of proactive and reactive strategies. Network traffic monitoring is essential to detect unusual spikes or patterns that indicate an ongoing attack. Firewalls, intrusion prevention systems, and rate-limiting mechanisms can help filter or block malicious requests, while content delivery networks (CDNs) can distribute traffic loads to absorb excessive demand. Additionally, resilient network architecture, redundancy, and failover systems improve overall system availability, ensuring critical services remain operational even under attack.
Effective mitigation also involves preparation and planning. Organizations should develop incident response procedures, conduct simulations to test their defenses, and maintain scalable infrastructure capable of handling unexpected traffic surges. Combining real-time monitoring, automated defenses, and well-documented response plans helps reduce the operational, financial, and reputational impact of DoS attacks. Understanding the methods attackers use and continuously adapting defenses allows businesses to maintain reliable service delivery and safeguard user trust in the face of potential disruptions.
Question 83
Which protocol is commonly used to secure email communications by encrypting messages in transit?
( A ) SMTP
( B ) S/MIME
( C ) FTP
( D ) POP3
Answer: B
Explanation:
S/MIME, or Secure/Multipurpose Internet Mail Extensions, is a cryptographic standard designed to provide robust security for email communications. It addresses key concerns such as confidentiality, integrity, and authentication, ensuring that sensitive messages remain protected from unauthorized access and tampering while in transit. Unlike standard email protocols like SMTP, which focus solely on the transmission of messages without offering any built-in security, S/MIME integrates encryption and digital signatures to safeguard both the content of emails and the identities of the senders. This makes it particularly valuable in environments where sensitive or regulated data is exchanged.
S/MIME relies on public key cryptography to encrypt email messages, meaning that a sender encrypts the message with the recipient’s public key, and only the recipient can decrypt it using their corresponding private key. This approach ensures that even if an email is intercepted during transmission, its content remains unreadable to unauthorized parties. In addition to encryption, S/MIME provides digital signatures that authenticate the sender’s identity and verify that the message has not been altered since it was signed. This combination of encryption and authentication helps prevent impersonation, spoofing, and message tampering, which are common threats in email communications.
Deploying S/MIME requires careful management of digital certificates, which serve as the foundation for public key infrastructure (PKI). Organizations must ensure that certificates are properly issued, installed in email clients, and renewed before expiration to maintain uninterrupted security. Users also need to be trained in secure handling of private keys, verifying certificate validity, and recognizing potential security warnings. Email infrastructure must be configured to support S/MIME consistently, and policies should enforce its use for all sensitive communications.
S/MIME is widely adopted in industries such as finance, healthcare, and government, where the protection of personal, financial, or classified data is mandated by regulatory standards. By implementing S/MIME, organizations can protect intellectual property, maintain compliance with data privacy regulations, and enhance trust in email communications. Its adoption reduces the risk of email-based attacks, including interception, impersonation, and unauthorized disclosure, ensuring that critical information remains secure throughout its lifecycle. Overall, S/MIME provides a critical layer of email security that strengthens both operational integrity and regulatory compliance for modern organizations.
Question 84
Which type of malware is designed to self-replicate and spread without user intervention across networks?
( A ) Trojan
( B ) Worm
( C ) Adware
( D ) Spyware
Answer: B
Explanation:
A worm is a type of malicious software program that has the unique ability to replicate and spread itself across computer networks without requiring direct user intervention. Unlike Trojans, which typically rely on users to download or execute them, worms operate autonomously, exploiting vulnerabilities in operating systems, applications, or network protocols to propagate from one system to another. This self-replicating nature allows worms to spread rapidly, often affecting large numbers of systems within a short period, potentially leading to significant operational disruption and security risks.
Worms can carry out a range of harmful actions once they infiltrate a system. They may consume excessive network bandwidth, slowing down network performance, or disrupt system functionality by deleting or corrupting files. Additionally, many worms are designed to install backdoors, giving attackers persistent access to compromised machines. Some worms serve as delivery mechanisms for additional malware payloads, including ransomware, spyware, or keyloggers, further amplifying their destructive potential. Their ability to propagate automatically means that even a single infected device can trigger widespread infection across an entire network if proper safeguards are not in place.
Preventing worm infections requires a multi-layered security approach. Effective patch management is critical, as worms frequently exploit unpatched vulnerabilities to gain access. Network segmentation can help contain infections, preventing worms from spreading freely across the entire organization. Intrusion detection and prevention systems are valuable for identifying unusual traffic patterns indicative of worm activity, while endpoint protection software can detect and block malware before it causes harm. User education also plays a role, as individuals should be trained to recognize suspicious activity and maintain good security hygiene.
Monitoring network traffic for anomalies is essential for early detection and rapid containment of worm outbreaks. Organizations should also develop incident response plans that outline procedures for isolating infected systems, eradicating malware, and restoring affected services. Understanding the behavior and attack vectors of worms allows enterprises to strengthen defenses, minimize downtime, and protect critical dat( A ) By combining proactive technical measures, user awareness, and structured response protocols, organizations can reduce the risk of widespread disruption and maintain the integrity and availability of their networks against the fast-moving threat posed by self-replicating malware.
Question 85
Which concept ensures that data remains accurate and unaltered during storage, processing, and transmission?
( A ) Confidentiality
( B ) Integrity
( C ) Availability
( D ) Authentication
Answer: B
Explanation:
Integrity is a core principle of information security that ensures data remains accurate, reliable, and unaltered throughout its entire lifecycle, from creation to storage, transmission, and eventual deletion. Unlike confidentiality, which focuses on preventing unauthorized access to information, integrity emphasizes the correctness and consistency of data, protecting it from both intentional tampering and accidental corruption. Maintaining integrity is essential because compromised or inaccurate data can lead to incorrect decisions, financial losses, regulatory violations, and reputational damage.
To protect data integrity, organizations employ a variety of technical and procedural controls. Cryptographic hash functions, for example, generate unique fixed-length values for data, allowing verification that content has not changed. Digital signatures not only verify the source of data but also ensure that messages or documents remain unaltered during transmission. Checksums and cyclic redundancy checks (CRC) provide additional mechanisms to detect errors in files or communications. File integrity monitoring tools continuously track changes to critical system files, configurations, or databases, alerting administrators to any unauthorized modifications. These mechanisms are particularly important in industries where accurate data is vital, such as healthcare, finance, government, and critical infrastructure sectors.
Strong access controls, including authentication, authorization, and role-based permissions, play a key role in preserving integrity by limiting the ability of unauthorized users to modify dat( A ) Regular audits and monitoring further ensure that any deviations from expected data states are identified and addressed promptly. Secure transmission protocols, such as TLS or VPNs, protect data in transit from interception or alteration. Organizations also develop policies and procedures that define how data should be handled, stored, and processed to maintain its consistency.
The importance of integrity extends beyond technical considerations. Maintaining data accuracy and consistency fosters trust among stakeholders, ensures compliance with legal and regulatory requirements, and supports reliable operational processes. By combining technical controls, procedural safeguards, and ongoing monitoring, organizations can uphold the integrity of their information, ensuring that it remains trustworthy, accurate, and resistant to both malicious attacks and accidental errors. Prioritizing integrity, alongside confidentiality and availability, strengthens the overall security posture and operational resilience of an organization.
Question 86
Which type of wireless encryption protocol is considered the most secure for Wi-Fi networks?
( A ) WEP
( B ) WPA
( C ) WPA2
( D ) WPA3
Answer: D
Explanation:
WPA3, or Wi-Fi Protected Access 3, is the most recent standard for securing wireless networks, designed to address the vulnerabilities and limitations of earlier protocols such as WEP, WPA, and WPA2. While WEP was quickly rendered obsolete due to weak encryption and susceptibility to attacks, and WPA/WPA2 provided improvements with stronger encryption algorithms, certain weaknesses remained, particularly in protecting weak passwords and ensuring forward secrecy. WPA3 overcomes these shortcomings by incorporating advanced security mechanisms that provide more robust protection for modern Wi-Fi networks.
One of the key enhancements in WPA3 is the use of Simultaneous Authentication of Equals (SAE), a more secure method for key exchange that replaces the Pre-Shared Key (PSK) approach used in WPA2. SAE is resistant to offline dictionary and brute-force attacks, making it significantly harder for attackers to guess passwords and gain unauthorized access. Additionally, WPA3 ensures forward secrecy, meaning that even if a network’s encryption key is compromised in the future, past communications remain secure and cannot be decrypted retroactively.
WPA3 also introduces individualized data encryption, which encrypts traffic between each device and the access point independently. This prevents other connected devices on the same network from eavesdropping on communications, enhancing privacy in shared or public Wi-Fi environments. For open networks, such as those found in coffee shops or airports, WPA3 uses Opportunistic Wireless Encryption (OWE) to provide encryption without requiring a password, offering an extra layer of protection for users who might otherwise be vulnerable to passive attacks.
For enterprises, WPA3 supports stronger authentication methods and can be combined with enterprise-grade solutions to secure networks for employees, IoT devices, and sensitive applications. Adoption requires configuring access points to enforce WPA3 protocols and educating users on best practices for password management and network security. By implementing WPA3, organizations benefit from modern cryptographic standards, enhanced resistance to sophisticated attacks, and improved confidentiality and integrity of wireless communications. The standard represents a significant step forward in securing increasingly complex network environments where threats continue to evolve rapidly.
Question 87
Which technique involves manipulating website input fields to execute scripts in another user’s browser?
( A ) SQL Injection
( B ) Cross-Site Scripting (XSS)
( C ) Cross-Site Request Forgery (CSRF)
( D ) Session Hijacking
Answer: B
Explanation:
Cross-Site Scripting (XSS) is a common web security vulnerability that enables attackers to inject malicious scripts into web pages viewed by unsuspecting users. Unlike SQL injection, which targets backend databases, or command injection that manipulates server-side commands, XSS primarily exploits client-side behavior in web browsers. When a user accesses a page containing a malicious script, the browser executes it, potentially allowing attackers to steal sensitive information such as cookies, session tokens, or other personal dat( A ) XSS can also be used to manipulate webpage content, redirect users to harmful websites, or perform actions on behalf of the victim without their knowledge.
There are three main categories of XSS attacks. Stored XSS occurs when malicious scripts are permanently saved on a server, for instance in a database, forum post, or comment section. This type of XSS affects anyone who views the infected content, making it particularly dangerous. Reflected XSS happens when a script is immediately returned by the server in response to a user request, such as clicking a specially crafted link or submitting a form. DOM-based XSS, on the other hand, exploits vulnerabilities in client-side scripts, manipulating the Document Object Model (DOM) without sending data back to the server. Each type requires distinct mitigation strategies but shares the common goal of preventing unauthorized script execution.
Preventing XSS attacks involves implementing multiple security measures. Input validation ensures that user-provided data conforms to expected formats, while output encoding safely renders content in the browser. Content Security Policies (CSP) can restrict the sources from which scripts are executed, adding another layer of defense. Secure coding practices, including proper session management and authentication, reduce the risk of exposure. Organizations should also conduct regular security testing, including automated vulnerability scans and manual code reviews, to identify potential XSS issues.
Additional defenses include deploying web application firewalls (WAFs) that can detect and block malicious payloads before they reach users. Educating developers about secure coding principles and maintaining an ongoing vulnerability management program are essential to sustaining a strong security posture. By proactively addressing XSS risks, organizations can protect sensitive user information, prevent account compromise, and maintain trust in their web applications, ensuring a safer browsing experience for all users.
Question 88
Which security control focuses on preventing, detecting, and responding to cyber threats in real-time?
( A ) Administrative Control
( B ) Technical Control
( C ) Physical Control
( D ) Detective Control
Answer: B
Explanation:
Technical controls are a critical component of cybersecurity, representing security measures that are implemented through technology to protect systems, networks, and data from unauthorized access, misuse, or compromise. Unlike administrative controls, which focus on organizational policies, procedures, and guidelines, or physical controls, which protect tangible assets such as buildings, servers, or access points, technical controls operate directly at the system, application, and network levels. Their purpose is to enforce security policies automatically, ensuring that protective measures are consistently applied without relying solely on human intervention. These controls are designed to prevent, detect, and respond to cyber threats in real-time, providing organizations with proactive and reactive defenses against a wide range of attacks.
Examples of technical controls are diverse and cover multiple layers of IT infrastructure. Firewalls control incoming and outgoing network traffic based on predefined security rules, while intrusion detection and prevention systems monitor network activity to identify suspicious behavior and, when configured, can automatically block potential threats. Encryption safeguards sensitive data by converting it into unreadable formats that can only be decrypted by authorized users, protecting confidentiality during storage and transmission. Antivirus and anti-malware software scan for malicious programs, preventing their execution and alerting administrators to infections. Access controls, including user authentication mechanisms and role-based permissions, restrict system access to only authorized personnel, and multifactor authentication adds an additional layer of verification to reduce the risk of credential compromise.
Implementing technical controls effectively requires careful planning, proper configuration, and regular updates to address emerging threats. Integration with monitoring platforms allows for centralized visibility and analysis of security events, enabling organizations to identify anomalies, investigate incidents, and respond promptly. Technical controls also support regulatory compliance by demonstrating adherence to security standards and frameworks. By leveraging these technologies, organizations not only enhance their overall security posture but also reduce the likelihood and impact of cyber incidents. When combined with administrative and physical controls, technical controls form a layered defense strategy that strengthens operational resilience, safeguards critical assets, and ensures continuity of business operations in the face of evolving cyber threats.
Question 89
Which type of attack deceives users into disclosing confidential information by masquerading as a trusted entity?
( A ) Phishing
( B ) Vishing
( C ) Smishing
( D ) Tailgating
Answer: A
Explanation:
Phishing is a type of social engineering attack in which cybercriminals attempt to deceive individuals into divulging sensitive or confidential information. Unlike smishing, which targets users through SMS messages, or vishing, which employs voice calls, phishing primarily relies on email or web-based communication channels to reach its victims. Attackers often craft messages that appear legitimate, using official logos, branding, or familiar email addresses to create a sense of trust. These messages frequently contain urgent requests, warnings, or threats to provoke immediate action, encouraging recipients to click on malicious links, download infected attachments, or submit personal information on spoofed websites.
Phishing attacks can vary in scope and sophistication. General phishing campaigns aim to reach large numbers of users indiscriminately, hoping some will fall for the scam, whereas spear-phishing targets specific individuals or organizations. In spear-phishing, attackers gather information about their targets, such as job roles, recent activities, or personal interests, to create highly personalized and convincing messages. This targeted approach increases the likelihood of success and can lead to significant consequences, including credential theft, financial fraud, and unauthorized access to corporate networks.
Mitigating phishing attacks requires a combination of user awareness, technical safeguards, and organizational policies. Employee education and training programs help individuals recognize suspicious messages, verify sender authenticity, and avoid risky behaviors online. Technical measures such as email filtering, anti-phishing software, secure web gateways, and domain verification tools help detect and block malicious communications before they reach users. Strong authentication mechanisms, including multifactor authentication, add another layer of protection by preventing attackers from accessing accounts even if credentials are compromised. Continuous monitoring of network activity, suspicious login attempts, and anomalous behaviors allows organizations to respond quickly to potential breaches.
By implementing a layered defense strategy that combines education, technology, and incident response planning, organizations can significantly reduce the risk posed by phishing attacks. Understanding phishing techniques, staying vigilant against evolving tactics, and fostering a culture of security awareness enable businesses to protect sensitive data, prevent financial losses, and safeguard their reputation against deceptive cyber threats.
Question 90
Which security framework is widely adopted for managing IT risks and establishing security governance in organizations?
( A ) NIST Cybersecurity Framework
( B ) ISO/IEC 27001
( C ) COBIT
( D ) CIS Controls
Answer: A
Explanation:
The NIST Cybersecurity Framework is a widely recognized set of guidelines designed to help organizations manage cybersecurity risks and establish effective governance over their information systems. Unlike ISO/IEC 27001, which primarily emphasizes the creation of formal information security management systems, or COBIT, which is focused on IT governance and control objectives, the NIST framework offers a practical and flexible approach that can be adapted to organizations of any size or sector. It is designed to provide a structured method for identifying, managing, and mitigating risks while aligning cybersecurity activities with broader business objectives.
The framework is organized around five core functions: Identify, Protect, Detect, Respond, and Recover. The Identify function helps organizations gain a clear understanding of their assets, systems, data, and potential risks, enabling informed decision-making and resource allocation. Protect focuses on implementing safeguards such as access controls, encryption, and awareness training to ensure that critical systems and data are secured against threats. The Detect function emphasizes continuous monitoring and the ability to recognize anomalous activities or potential security events as early as possible. Respond involves establishing processes and plans to contain, analyze, and mitigate incidents effectively, while the Recover function ensures that organizations can restore critical operations and services after an attack or disruption, minimizing operational and financial impact.
Implementing the NIST Cybersecurity Framework involves performing risk assessments, developing and enforcing policies, deploying technical controls, monitoring systems for suspicious activity, and conducting incident response exercises. Its adaptability allows organizations to scale and prioritize actions according to their risk exposure, regulatory obligations, and resource availability. Many organizations in both public and private sectors adopt the framework due to its ability to integrate with other standards, enhance regulatory compliance, and provide a common language for cybersecurity practices.
By following the NIST Cybersecurity Framework, organizations can improve resilience against evolving threats, standardize security practices across departments, and ensure that cybersecurity strategies are closely aligned with overall business objectives. It promotes proactive threat management, supports continuous improvement, and helps organizations maintain operational continuity and stakeholder trust in an increasingly complex digital environment.
Question 91
A network administrator wants to prevent unauthorized devices from connecting to the corporate Wi-Fi. Which of the following methods is BEST suited for this purpose?
( A ) MAC filtering
( B ) WEP encryption
( C ) SSID broadcasting
( D ) Port forwarding
Answer: A
Explanation:
MAC filtering is a network security technique used to control access to a network by allowing or denying devices based on their unique hardware identifiers, known as Media Access Control (MAC) addresses. Every network interface card (NIC) in a device has a distinct MAC address, which serves as a unique identifier on a local network. By implementing MAC filtering, network administrators can create a list of approved MAC addresses that are permitted to connect to the network while blocking all others, providing an additional layer of security against unauthorized access. This method is particularly useful for small networks or environments where device access can be tightly managed.
It is important to note that MAC filtering differs significantly from other network security measures. For example, WEP encryption, although historically used for securing Wi-Fi networks, is outdated and vulnerable to attacks, and it does not inherently control which devices can connect based on their identity. Similarly, SSID broadcasting simply announces the network’s name to nearby devices but offers no authentication or access control. Port forwarding, on the other hand, is a technique used to allow external traffic to reach specific devices within a network and does not provide any mechanism to restrict unauthorized devices from connecting.
While MAC filtering can effectively restrict access, it is not foolproof because MAC addresses can be spoofed by attackers with sufficient technical knowledge. Therefore, it is most effective when combined with stronger security measures, such as modern encryption standards like WPA3, strong passwords, and network segmentation. By integrating MAC filtering into a broader, layered security strategy, organizations can improve control over which devices are allowed on the network, reduce exposure to unauthorized access, and enhance overall network security.
In practice, implementing MAC filtering requires maintaining an updated list of authorized devices and regularly monitoring network access to detect and respond to potential intrusions. Although it is a relatively simple control compared to more advanced security solutions, MAC filtering contributes to a holistic approach to network security, helping organizations manage access, protect sensitive information, and maintain a secure and controlled network environment.
Question 92
Which of the following BEST describes the primary purpose of a SIEM solution in an organization?
( A ) Encrypt data in transit
( B ) Monitor and correlate security events
( C ) Block phishing emails
( D ) Perform vulnerability scans
Answer: B
Explanation:
A Security Information and Event Management (SIEM) system is a comprehensive cybersecurity solution designed to provide centralized monitoring, analysis, and management of security-related data across an organization’s IT infrastructure. SIEM systems collect logs and events from a wide variety of sources, including servers, firewalls, routers, intrusion detection systems, applications, and endpoint devices. This centralized aggregation allows organizations to gain a unified view of their security posture, enabling the detection of threats that may not be apparent when examining individual systems in isolation.
Once the data is collected, a SIEM system applies correlation rules, pattern analysis, and advanced analytics to identify anomalous or potentially malicious activity. By detecting unusual behaviors, such as unexpected logins, unauthorized access attempts, or abnormal network traffic, SIEM systems can alert security teams to incidents in real time. This proactive detection capability is essential for preventing breaches, minimizing damage, and reducing response times. Unlike basic logging tools, SIEM provides context and correlation, allowing security personnel to distinguish between routine events and actual security threats.
It is important to understand what functions a SIEM system does not perform directly. Encrypting data in transit is a network security measure unrelated to SIEM, as it focuses on protecting data communication rather than event monitoring. Similarly, blocking phishing emails is typically handled by email security gateways or anti-phishing solutions, not by SIEM itself. Vulnerability scanning, which identifies weaknesses in systems and software, is part of vulnerability management, whereas SIEM continuously monitors for security events and correlates them for threat detection.
SIEM systems are also vital for compliance and governance. Many regulatory frameworks require organizations to maintain logs, monitor access, and report on security incidents. By providing centralized log management, audit trails, and automated reporting, SIEM helps organizations meet these compliance requirements efficiently. Additionally, SIEM enables security teams to detect insider threats, uncover persistent attack patterns, and generate actionable intelligence for incident response. By integrating SIEM into their security operations, organizations enhance situational awareness, improve threat detection, and strengthen overall cybersecurity resilience, making it an indispensable tool for modern enterprise security management.
Question 93
Which of the following attacks involves an attacker inserting malicious scripts into web pages viewed by other users?
( A ) SQL injection
( B ) Cross-site scripting (XSS)
( C ) Phishing
( D ) Man-in-the-middle
Answer: B
Explanation:
Cross-site scripting (XSS) is a type of vulnerability that allows attackers to inject malicious scripts into web pages, which are then executed in the browsers of other users visiting the affected pages. The scripts can be used to steal session cookies, redirect users to malicious sites, or manipulate page content for fraudulent purposes. SQL injection (option A) is a separate type of attack targeting databases by inserting malicious SQL queries. Phishing (option C) is a social engineering attack designed to trick users into revealing sensitive information. Man-in-the-middle attacks (option D) involve intercepting communications between two parties but do not directly inject scripts into web content. XSS attacks can be categorized into stored, reflected, and DOM-based variants, each with different persistence and impact on users. Proper input validation, output encoding, and content security policies are essential countermeasures to prevent XSS vulnerabilities and protect end-users from malicious script execution.
Question 94
An organization is implementing multi-factor authentication (MFA) for all remote access. Which of the following represents the STRONGEST combination of factors?
( A ) Password and security question
( B ) Password and one-time code via mobile app
( C ) Fingerprint scan and password
( D ) Smart card and PIN
Answer: D
Explanation:
Multi-factor authentication (MFA) improves security by requiring two or more independent credentials from different categories: something you know (e.g., password, PIN), something you have (e.g., smart card, token), and something you are (e.g., fingerprint, biometric). Option D combines a smart card (something you have) with a PIN (something you know), representing two distinct factor types and providing strong authentication. Option A relies on two elements from the same category (something you know), making it weaker. Option B combines a password and a one-time code from a mobile app, which is better but still more susceptible to mobile-based attacks if the device is compromised. Option C combines a fingerprint (something you are) and a password (something you know), which is strong, but biometric systems can have higher false acceptance rates compared to a hardware-backed smart card solution. Implementing MFA significantly reduces the likelihood of unauthorized access, as attackers would need to compromise multiple authentication factors, making brute-force attacks or credential theft far less effective.
Question 95
Which of the following BEST defines the concept of least privilege?
A Users have unlimited access to all resources
B Users have access only to the resources required to perform their job
( C ) Users can modify system settings without restrictions
( D ) Users are granted administrative privileges by default
Answer: B
Explanation:
The principle of least privilege dictates that users and systems should be granted only the minimum access necessary to perform their assigned tasks. This reduces the risk of accidental or intentional misuse of sensitive resources. By limiting access, organizations can prevent privilege escalation attacks, data leakage, and unnecessary exposure of critical systems. Option A, giving unlimited access, violates this principle and increases risk. Option C, allowing unrestricted system modifications, exposes the environment to configuration errors and malicious activity. Option D, granting administrative privileges by default, is also contrary to least privilege and leads to unnecessary attack surfaces. Implementing least privilege typically involves role-based access control (RBAC), auditing, and continuous monitoring to ensure access aligns with job responsibilities. This principle is foundational to modern cybersecurity frameworks and regulatory compliance standards, as it minimizes both insider and external threats by ensuring users cannot access resources beyond what is essential for their duties.
Question 96
Which of the following is the MOST effective method to prevent data exfiltration over email?
( A ) Implement DLP policies
( B ) Enable antivirus on endpoints
( C ) Use a stronger firewall
( D ) Disable VPN access
Answer: A
Explanation:
Data Loss Prevention (DLP) solutions are specifically designed to monitor, detect, and block unauthorized transmission of sensitive data outside an organization. DLP can enforce rules to prevent confidential information from being sent via email, cloud services, removable media, or other channels. Antivirus software (option B) protects against malware but does not prevent intentional data exfiltration. Strong firewalls (option C) control network traffic but are ineffective at inspecting content for sensitive information being sent legitimately or illegitimately. Disabling VPN access (option D) may limit remote access but does not address the root cause of data leakage. DLP can be implemented at the endpoint, network, or cloud level and often integrates with email systems to scan outgoing messages for patterns like credit card numbers, social security numbers, or proprietary dat( A ) By deploying DLP policies, organizations gain both proactive prevention and auditing capabilities, allowing them to mitigate accidental or malicious exfiltration while maintaining operational efficiency.
Question 97
Which of the following attacks leverages a system’s trust in a user to execute unauthorized commands?
( A ) Command injection
( B ) Social engineering
( C ) Cross-site request forgery (CSRF)
( D ) Password spraying
Answer: C
Explanation:
Cross-site request forgery (CSRF) exploits the trust a web application has in a user’s browser session to execute unauthorized actions on behalf of that user without their knowledge. For example, if a user is authenticated to a banking website, a malicious site could trigger a fund transfer request from the user’s session without explicit consent. Command injection (option A) involves executing arbitrary commands on a server and does not rely on session trust. Social engineering (option B) manipulates human behavior rather than technical session tokens. Password spraying (option D) is an authentication attack and does not leverage trust in an active session. CSRF attacks can have severe consequences, including unauthorized transactions, data modification, and privilege abuse. Mitigation strategies include using anti-CSRF tokens, validating user requests, implementing same-site cookies, and educating users to avoid interacting with untrusted websites while authenticated. Understanding CSRF highlights the importance of both technical safeguards and user awareness in maintaining application security.
Question 98
Which of the following BEST explains the purpose of network segmentation?
( A ) Reduce the number of devices on a network
( B ) Limit the spread of malware and improve security
( C ) Replace firewalls entirely
D Encrypt all network traffic
Answer: B
Explanation:
Network segmentation is a security technique used to divide a network into smaller, isolated segments or zones, each with defined security policies. This approach limits the lateral movement of attackers and malware, contains breaches, and reduces the overall attack surface. Segmentation can be implemented using VLANs, subnetting, or firewalls to control traffic between segments. Option A, reducing device count, is not the purpose of segmentation. Option C, replacing firewalls, is incorrect because segmentation complements rather than substitutes firewalls. Option D, encrypting traffic, is unrelated; encryption protects data confidentiality but does not segment a network. Effective segmentation enhances performance and security, isolates sensitive systems, and ensures compliance with regulatory standards such as PCI-DSS and HIPAA By limiting access between segments, organizations can contain threats, monitor traffic more efficiently, and apply targeted security policies tailored to specific types of systems or users.
Question 99
A company is required to comply with privacy regulations that mandate logging access to sensitive dat( A ) Which of the following BEST meets this requirement?
( A ) Implement an audit trail
( B ) Enable automatic software updates
( C ) Use VPN connections for all users
( D ) Configure a DMZ
Answer: A
Explanation:
An audit trail records all access and modifications to sensitive systems and data, creating a detailed log of user actions. This capability supports accountability, incident investigation, and regulatory compliance by providing evidence of who accessed what and when. Enabling automatic software updates (option B) enhances security but does not track user activity. VPN connections (option C) secure remote communications but do not provide logging of data access. Configuring a DMZ (option D) protects publicly facing systems but does not create audit logs for sensitive dat( A ) Audit trails are essential for compliance with regulations such as GDPR, HIPAA, and SOX, as they allow organizations to demonstrate control over access and ensure that sensitive data is handled appropriately. Comprehensive logging should include user identity, timestamps, data accessed, and the nature of the operation performed, enabling both proactive monitoring and post-incident forensic analysis.
Question 100
Which of the following security controls provides protection against ransomware by allowing systems to revert to a previous known-good state?
( A ) Backup and recovery solutions
( B ) Intrusion detection system
( C ) Email filtering
( D ) Multi-factor authentication
Answer: A
Explanation:
Backup and recovery solutions are critical for defending against ransomware attacks, as they enable organizations to restore systems and data to a previous, uncompromised state. Ransomware typically encrypts or locks data, demanding payment for recovery. Having reliable backups allows organizations to bypass the ransom and restore operations quickly. Intrusion detection systems (option B) detect suspicious activity but do not inherently recover compromised data Email filtering (option C) can prevent malicious payloads but cannot recover affected files. Multi-factor authentication (option D) enhances access security but does not mitigate ransomware’s effects on data Best practices involve maintaining offline or immutable backups, testing restore procedures regularly, and combining these solutions with preventive measures such as endpoint protection, network segmentation, and user training. A comprehensive backup and recovery strategy ensures business continuity, minimizes downtime, and provides resilience against ransomware attacks.
