Text preview & study summary
CompTIA Security+ SY0-701 - Domains 1 and 2 Threats Attacks Cryptography
A free sample of 5 questions from this quiz, shown in full with answer choices and explanations. No interactivity — everything is visible on this page for study and review.
Want to test your knowledge? Launch the Interactive Exam Simulator
Question 1
A company uses TLS 1.3 to encrypt web traffic. Which of the following BEST describes the purpose of TLS in this context?
Explanation
TLS (Transport Layer Security) provides: 1) Encryption of data in transit (confidentiality), 2) Server authentication via certificates (integrity/authenticity), 3) Optional mutual authentication (client + server certificates). TLS 1.3 is the current standard, removing support for weak ciphers.
Question 2
A company is moving to a zero-trust architecture. An employee on the internal network requests access to a sensitive database. Under zero trust, what must happen before access is granted?
Explanation
Zero trust rejects the "trust but verify" model. Under zero trust: 1) Verify explicitly (authenticate identity every request), 2) Use least privilege access (just enough access, just in time), 3) Assume breach (monitor and log everything). Location on internal network grants no inherent trust.
Question 3
During a penetration test, a tester exploits a vulnerability that was publicly disclosed 3 years ago with a CVSS score of 9.8. The system was not patched because it was "on an isolated network." The tester reached it via a misconfigured jump server. What vulnerability management failure does this represent?
Explanation
This represents multiple security failures: 1) An unpatched, publicly-known critical vulnerability (CVSS 9.8) — patch management failure, and 2) A network assumed isolated that was reachable via a misconfigured jump server — defense in depth/network segmentation failure.
Question 4
A company is concerned about sensitive data being exfiltrated through DNS queries. An attacker could encode stolen data in DNS lookup requests. What is this technique called?
Explanation
DNS tunneling encodes data (malware commands, exfiltrated files) within DNS query and response packets to communicate covertly. DNS traffic is often allowed through firewalls without deep inspection, making it a common C2 and data exfiltration channel.
Question 5
A security analyst is reviewing a web server and finds that the server responds to HTTP OPTIONS requests, revealing supported methods including PUT and DELETE. What is the security risk?
Explanation
Exposing HTTP methods like PUT (upload files) and DELETE (delete files) via the OPTIONS method reveals attack vectors. If the server doesn't properly restrict these methods, attackers can upload malicious files or delete web content. HTTP methods should be restricted to only what's needed.
