C Certs Club
Home
Oracle SAP Microsoft Cisco CompTIA Fortinet Salesforce Nutanix Linux Foundation Amazon View All Vendors →
Login Register

CompTIA SY0-701 - CompTIA Security+ Certification Certification Exam

Download Exam View Entire Exam
Page: 1 / 1
Question #1 (Topic: demo questions)

Which of the following scenarios describes a possible business email compromise attack?

A.
An employee receives a gift card request in an email that has an executive's name in the display
field of the email.
B.
Employees who open an email attachment receive messages demanding payment in order to
access files.
C.
A service desk employee receives an email from the HR director asking for log-in credentials to a
cloud administrator account.
D.
An employee receives an email with a link to a phishing site that is designed to look like the
company's email portal.
Correct Answer: A
Explanation:
A business email compromise (BEC) attack is a type of phishing attack that targets employees who
have access to company funds or sensitive information. The attacker impersonates a trusted person,
such as an executive, a vendor, or a client, and requests a fraudulent payment, a wire transfer, or
confidential data. The attacker often uses social engineering techniques, such as urgency, pressure,
or familiarity, to convince the victim to comply with the request12.
In this scenario, option A describes a possible BEC attack, where an employee receives a gift card
request in an email that has an executive’s name in the display field of the email. The email may look
like it is coming from the executive, but the actual email address may be spoofed or compromised.
The attacker may claim that the gift cards are needed for a business purpose, such as rewarding
employees or clients, and ask the employee to purchase them and send the codes. This is a common
tactic used by BEC attackers to steal money from unsuspecting victims34.
Option B describes a possible ransomware attack, where malicious software encrypts the files on a
device and demands a ransom for the decryption key. Option C describes a possible credential
harvesting attack, where an attacker tries to obtain the login information of a privileged account by
posing as a legitimate authority. Option D describes a possible phishing attack, where an attacker
tries to lure the victim to a fake website that mimics the company’s email portal and capture their
credentials. These are all types of cyberattacks, but they are not examples of BEC
attacks.
Reference = 1: Business Email Compromise - CompTIA Security+ SY0-701 - 2.2 2: CompTIA
Security+ SY0-701 Certification Study Guide 3: Business Email Compromise: The 12 Billion Dollar
Scam 4: TOTAL: CompTIA Security+ Cert (SY0-701) 
Question #2 (Topic: demo questions)

A data administrator is configuring authentication for a SaaS application and would like to reduce the
number of credentials employees need to maintain. The company prefers to use domain credentials
to access new SaaS applications. Which of the following methods would allow this functionality?

A.
SSO
B.
LEAP
C.
MFA
D.
PEAP
Correct Answer: A
Explanation:
SSO stands for single sign-on, which is a method of authentication that allows users to access
multiple applications or services with one set of credentials. SSO reduces the number of credentials
employees need to maintain and simplifies the login process. SSO can also improve security by
reducing the risk of password reuse, phishing, and credential theft. SSO can be implemented using
various protocols, such as SAML, OAuth, OpenID Connect, and Kerberos, that enable the exchange of
authentication information between different domains or systems. SSO is commonly used for
accessing SaaS applications, such as Office 365, Google Workspace, Salesforce, and others, using
domain credentials123.
B . LEAP stands for Lightweight Extensible Authentication Protocol, which is a Cisco proprietary
protocol that provides authentication for wireless networks. LEAP is not related to SaaS applications
or domain credentials4.
C . MFA stands for multi-factor authentication, which is a method of authentication that requires
users to provide two or more pieces of evidence to prove their identity. MFA can enhance security by
adding an extra layer of protection beyond passwords, such as tokens, biometrics, or codes. MFA is
not related to SaaS applications or domain credentials, but it can be used in conjunction with SSO.
D . PEAP stands for Protected Extensible Authentication Protocol, which is a protocol that provides
secure authentication for wireless networks. PEAP uses TLS to create an encrypted tunnel between
the client and the server, and then uses another authentication method, such as MS-CHAPv2 or EAP￾GTC, to verify the user’s identity. PEAP is not related to SaaS applications or domain credentials.
Reference = 1: Security+ (SY0-701) Certification Study Guide | CompTIA IT Certifications 2: What is
Single Sign-On (SSO)? - Definition from WhatIs.com 3: Single sign-on - Wikipedia 4: Lightweight
Extensible Authentication Protocol - Wikipedia : What is Multi-Factor Authentication (MFA)? -
Definition from WhatIs.com : Protected Extensible Authentication Protocol
Question #3 (Topic: demo questions)

An employee clicked a link in an email from a payment website that asked the employee
to update contact information. The employee entered the log-in information but received
a “page not found” error message. Which of the following types of social engineering
attacks occurred?

A.
Brand impersonation

B.
Pretexting
C.
Typosquatting
D.
Phishing
Correct Answer: D
Explanation:
Phishing is a type of social engineering attack that involves sending fraudulent emails that appear to
be from legitimate sources, such as payment websites, banks, or other trusted entities. The goal of
phishing is to trick the recipients into clicking on malicious links, opening malicious attachments, or
providing sensitive information, such as log-in credentials, personal data, or financial details. In this
scenario, the employee received an email from a payment website that asked the employee to
update contact information. The email contained a link that directed the employee to a fake website
that mimicked the appearance of the real one. The employee entered the log-in information, but
received a “page not found” error message. This indicates that the employee fell victim to a phishing
attack, and the attacker may have captured the employee’s credentials for the payment
website.
Reference = Other Social Engineering Attacks – CompTIA Security+ SY0-701 – 2.2, CompTIA
Security+: Social Engineering Techniques & Other Attack … - NICCS, [CompTIA Security+ Study Guide
with over 500 Practice Test Questions: Exam SY0-701, 9th Edition]


Question #4 (Topic: demo questions)

Which of the following is used to add extra complexity before using a one-way data transformation
algorithm?

A.
Key stretching
B.
Data masking
C.
Steganography
D.
Salting
Correct Answer: D
Explanation:
Salting is the process of adding extra random data to a password or other data before applying a one￾way data transformation algorithm, such as a hash function. Salting increases the complexity and
randomness of the input data, making it harder for attackers to guess or crack the original data using
precomputed tables or brute force methods. Salting also helps prevent identical passwords from
producing identical hash values, which could reveal the passwords to attackers who have access to
the hashed data. Salting is commonly used to protect passwords stored in databases or transmitted
over networks. Reference =
Passwords technical overview
Encryption, hashing, salting – what’s the difference?
Salt (cryptography
Question #5 (Topic: demo questions)

Which of the following threat actors is the most likely to be hired by a foreign government to attack
critical systems located in other countries?

A.
Hacktivist
B.
Whistleblower
C.
Organized crime
D.
Unskilled attacker
Correct Answer: C
Explanation:
Organized crime is a type of threat actor that is motivated by financial gain and often operates across
national borders. Organized crime groups may be hired by foreign governments to conduct
cyberattacks on critical systems located in other countries, such as power grids, military networks, or
financial institutions. Organized crime groups have the resources, skills, and connections to carry out
sophisticated and persistent attacks that can cause significant damage and
disruption12.
Reference = 1: Threat Actors - CompTIA Security+ SY0-701 - 2.1 2: CompTIA Security+
SY0-701 Certification Study Guide
Download Exam
Page: 1 / 1
Next Page