Discount Offer
Go Back on SY0-701 Exam
Available in 1, 3, 6 and 12 Months Free Updates Plans
PDF: $15 $60

Test Engine: $20 $80

PDF + Engine: $25 $99



Pass exam with Dumps4free or we will provide you with three additional months of access for FREE.

SY0-701 Practice Test


Page 12 out of 78 Pages

An administrator must replace an expired SSL certificate. Which of the following does the administrator need to create the new SSL certificate?


A. CSR


B. OCSP


C. Key


D. CRL





A.
  CSR

Explanation: A Certificate Signing Request (CSR) is a request sent to a certificate authority (CA) to issue an SSL certificate. The CSR contains information like the public key, which will be part of the certificate.
References: Security+ SY0-701 Course Content, Security+ SY0-601 Book.

A security consultant needs secure, remote access to a client environment. Which of the following should the security consultant most likely use to gain access?


A. EAP


B. DHCP


C. IPSec


D. NAT





C.
  IPSec

Explanation: IPSec is a protocol suite that provides secure communication over IP networks. IPSec can be used to create virtual private networks (VPNs) that encrypt and authenticate the data exchanged between two or more parties. IPSec can also provide data integrity, confidentiality, replay protection, and access control. A security consultant can use IPSec to gain secure, remote access to a client environment by establishing a VPN tunnel with the client’s network. References: CompTIA Security+ Study Guide: Exam SY0- 701, 9th Edition, Chapter 8: Secure Protocols and Services, page 385 1

An employee receives a text message from an unknown number claiming to be the company's Chief Executive Officer and asking the employee to purchase several gift cards. Which of the following types of attacks does this describe?


A. Vishing


B. Smishing


C. Pretexting


D. Phishing





B.
  Smishing

Explanation: Smishing is a type of phishing attack that uses text messages or common messaging apps to trick victims into clicking on malicious links or providing personal information. The scenario in the question describes a smishing attack that uses pretexting, which is a form of social engineering that involves impersonating someone else to gain trust or access. The unknown number claims to be the company’s CEO and asks the employee to purchase gift cards, which is a common scam tactic. Vishing is a similar type of attack that uses phone calls or voicemails, while phishing is a broader term that covers any email-based attack. References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 771; Smishing vs. Phishing: Understanding the Differences2

A company is required to use certified hardware when building networks. Which of the following best addresses the risks associated with procuring counterfeit hardware?


A. A thorough analysis of the supply chain


B. A legally enforceable corporate acquisition policy


C. A right to audit clause in vendor contracts and SOWs


D. An in-depth penetration test of all suppliers and vendors





A.
  A thorough analysis of the supply chain

Explanation: Counterfeit hardware is hardware that is built or modified without the authorization of the original equipment manufacturer (OEM). It can pose serious risks to network quality, performance, safety, and reliability12. Counterfeit hardware can also contain malicious components that can compromise the security of the network and the data that flows through it3. To address the risks associated with procuring counterfeit hardware, a company should conduct a thorough analysis of the supply chain, which is the network of entities involved in the production, distribution, and delivery of the hardware. By analyzing the supply chain, the company can verify the origin, authenticity, and integrity of the hardware, and identify any potential sources of counterfeit or tampered products. A thorough analysis of the supply chain can include the following steps:
Establishing a trusted relationship with the OEM and authorized resellers Requesting documentation and certification of the hardware from the OEM or authorized resellers Inspecting the hardware for any signs of tampering, such as mismatched labels, serial numbers, or components Testing the hardware for functionality, performance, and security Implementing a tracking system to monitor the hardware throughout its lifecycle Reporting any suspicious or counterfeit hardware to the OEM and law enforcement agencies.
References = 1: Identify Counterfeit and Pirated Products - Cisco, 2: What Is Hardware Security? Definition, Threats, and Best Practices, 3: Beware of Counterfeit Network Equipment - TechNewsWorld, : Counterfeit Hardware: The Threat and How to Avoid It

A user would like to install software and features that are not available with a smartphone's default software. Which of the following would allow the user to install unauthorized software and enable new features?


A. SOU


B. Cross-site scripting


C. Jailbreaking


D. Side loading





C.
  Jailbreaking

Explanation: Jailbreaking is the process of removing restrictions imposed by the manufacturer on a smartphone, allowing the user to install unauthorized software and features not available through official app stores. This action typically voids the warranty and can introduce security risks by bypassing built-in protections.
SOU (Statement of Understanding) is not related to modifying devices.
Cross-site scripting is a web-based attack technique, unrelated to smartphone software.
Side loading refers to installing apps from unofficial sources but without necessarily removing built-in restrictions like jailbreaking does.


Page 12 out of 78 Pages
Previous