CompTIA Updated SY0-701 Exam Questions and Answers by naya

Whaling is a type of phishing attack that targets high-profile individuals, such as executives, celebrities, or politicians. The attacker impersonates someone with authority or influence and tries to trick the victim into performing an action, such as transferring money, revealing sensitive information, or clicking on a malicious link. Whaling is also called CEO fraud or business email compromise2.

Shadow IT is the term used to describe the use of unauthorized or unapproved IT resources within an organization. The marketing department set up its own project management software without telling the appropriate departments, such as IT, security, or compliance. This could pose a risk to the organization’s security posture, data integrity, and regulatory compliance1.

The correct answer is Compensating because a bastion host is being used as an alternative safeguard to reduce risk when a primary control cannot yet be fully implemented. In the context of the Security+ SY0-701 objectives, compensating controls are designed to provide protection when standard preventive controls are not available, effective, or feasible—such as during a zero-day exploit where no vendor patch or permanent fix exists.

A zero-day exploit represents a vulnerability that is actively being exploited before developers or vendors have released a fix. Since patching is not immediately possible, organizations must rely on compensating controls to limit exposure and reduce the likelihood or impact of exploitation. A bastion host is a hardened system placed in a network segment—often in a demilitarized zone (DMZ)—that acts as a controlled access point between untrusted and trusted networks. By routing access through this tightly secured host, the analyst reduces the attack surface and restricts direct access to internal systems that may be vulnerable to the zero-day.

Option B, Detective, is incorrect because detective controls are focused on identifying or alerting on malicious activity after it occurs, such as logging, monitoring, or intrusion detection systems. Option C, Operational, refers to processes and procedures carried out by people, such as incident response or change management, rather than a technical safeguard. Option D, Physical, applies to tangible protections like locks, cameras, or fencing, which are not relevant in this network-based scenario.

The SY0-701 study guide emphasizes the importance of layered security and adaptive risk management. When preventive controls fail or are temporarily unavailable, compensating controls like bastion hosts, network segmentation, and access restrictions allow organizations to maintain security posture and continuity of operations while longer-term solutions are developed.

The correct answer is Watering-hole because the attack involves compromising a legitimate website that is regularly visited by a specific group of targeted users—in this case, journalists—in order to indirectly infect or compromise them. The Security+ SY0-701 study guide defines watering-hole attacks as targeted attacks where adversaries identify websites frequented by their intended victims and then compromise those sites to deliver malware, steal credentials, or conduct further exploitation.

In this scenario, the attacker does not directly target the journalists’ email systems. Instead, the attacker compromises a trusted website that the journalists frequently access. When the journalists visit the site, malicious code can be delivered through drive-by downloads, malicious scripts, or credential-harvesting mechanisms. This technique is particularly effective for nation-state attackers because it leverages trust and normal user behavior, making detection more difficult.

Option A, On-path, is incorrect because on-path (man-in-the-middle) attacks involve intercepting or altering communications between two parties in transit, rather than compromising a third-party website. Option C, Typosquatting, involves registering domains with misspelled names to trick users into visiting malicious sites, which is not described here. Option D, Brand impersonation, typically refers to phishing or spoofing attacks that mimic a trusted brand to deceive users, often via email or fake websites, rather than compromising a legitimate one.

The SY0-701 objectives emphasize that watering-hole attacks are commonly associated with advanced persistent threats (APTs), including nation-state actors, because they allow precise targeting of specific industries, professions, or organizations. This attack method highlights the importance of browser security, threat intelligence, web filtering, and user awareness to reduce exposure to trusted-but-compromised resources.

In summary, compromising a frequently used website to gain access to a targeted group’s accounts is a textbook example of a watering-hole attack.