Practice Free SY0-701 Exam Online Questions
Question #21
Which of the following Is a common, passive reconnaissance technique employed by penetration testers in the early phases of an engagement?
- A . Open-source intelligence
- B . Port scanning
- C . Pivoting
- D . Exploit validation
Correct Answer: A
Question #22
A bank set up a new server that contains customers’ Pll.
Which of the following should the bank use to make sure the sensitive data is not modified?
- A . Full disk encryption
- B . Network access control
- C . File integrity monitoring
- D . User behavior analytics
Correct Answer: C
C
Explanation:
To ensure that sensitive data, such as Personally Identifiable Information (PII), is not modified, the bank should implement file integrity monitoring (FIM). FIM tracks changes to files and provides alerts if unauthorized modifications are detected, ensuring data integrity.
Full disk encryption protects data at rest but does not prevent or monitor modifications.
Network access control (NAC) manages access to the network but doesn’t monitor file changes.
User behavior analytics (UBA) detects suspicious user activities but is not focused on file integrity.
C
Explanation:
To ensure that sensitive data, such as Personally Identifiable Information (PII), is not modified, the bank should implement file integrity monitoring (FIM). FIM tracks changes to files and provides alerts if unauthorized modifications are detected, ensuring data integrity.
Full disk encryption protects data at rest but does not prevent or monitor modifications.
Network access control (NAC) manages access to the network but doesn’t monitor file changes.
User behavior analytics (UBA) detects suspicious user activities but is not focused on file integrity.
Question #23
Which of the following agreement types defines the time frame in which a vendor needs to respond?
- A . SOW
- B . SLA
- C . MOA
- D . MOU
Correct Answer: B
B
Explanation:
A service level agreement (SLA) is a type of agreement that defines the expectations and responsibilities between a service provider and a customer. It usually includes the quality, availability, and performance metrics of the service, as well as the time frame in which the provider needs to respond to service requests, incidents, or complaints. An SLA can help ensure that the customer receives the desired level of service and that the provider is accountable for meeting the agreed-upon standards.
Reference: Security+ (Plus) Certification | CompTIA IT Certifications, under “About the exam”, bullet point 3: “Operate with an awareness of applicable regulations and policies, including principles of governance, risk, and compliance.”
CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 1, page 14: “Service Level Agreements (SLAs) are contracts between a service provider and a customer that specify the level of service expected from the service provider.”
B
Explanation:
A service level agreement (SLA) is a type of agreement that defines the expectations and responsibilities between a service provider and a customer. It usually includes the quality, availability, and performance metrics of the service, as well as the time frame in which the provider needs to respond to service requests, incidents, or complaints. An SLA can help ensure that the customer receives the desired level of service and that the provider is accountable for meeting the agreed-upon standards.
Reference: Security+ (Plus) Certification | CompTIA IT Certifications, under “About the exam”, bullet point 3: “Operate with an awareness of applicable regulations and policies, including principles of governance, risk, and compliance.”
CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 1, page 14: “Service Level Agreements (SLAs) are contracts between a service provider and a customer that specify the level of service expected from the service provider.”
Question #24
A vendor needs to remotely and securely transfer files from one server to another using the command line.
Which of the following protocols should be Implemented to allow for this type of access? (Select two).
- A . SSH
- B . SNMP
- C . RDP
- D . S/MIME
- E . SMTP
- F . SFTP
Correct Answer: A, F
Question #25
Which of the following automation use cases would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company?
- A . Provisioning resources
- B . Disabling access
- C . Reviewing change approvals
- D . Escalating permission requests
Correct Answer: B
B
Explanation:
Disabling access is an automation use case that would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company. Disabling access is the process of revoking or suspending the access rights of a user account, such as login credentials, email, VPN, cloud services, etc. Disabling access can prevent unauthorized or malicious use of the account by former employees or attackers who may have compromised the account. Disabling access can also reduce the attack surface and the risk of data breaches or leaks. Disabling access can be automated by using scripts, tools, or workflows that can trigger the action based on predefined events, such as employee termination, resignation, or transfer. Automation can ensure that the access is disabled in a timely, consistent, and efficient manner, without relying on manual intervention or human error.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 5: Identity and
Access Management, page 2131. CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition,
Chapter 5: Identity and Access Management, page 2132.
B
Explanation:
Disabling access is an automation use case that would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company. Disabling access is the process of revoking or suspending the access rights of a user account, such as login credentials, email, VPN, cloud services, etc. Disabling access can prevent unauthorized or malicious use of the account by former employees or attackers who may have compromised the account. Disabling access can also reduce the attack surface and the risk of data breaches or leaks. Disabling access can be automated by using scripts, tools, or workflows that can trigger the action based on predefined events, such as employee termination, resignation, or transfer. Automation can ensure that the access is disabled in a timely, consistent, and efficient manner, without relying on manual intervention or human error.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 5: Identity and
Access Management, page 2131. CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition,
Chapter 5: Identity and Access Management, page 2132.
Question #26
A company is concerned about the theft of client data from decommissioned laptops.
Which of the following is the most cost-effective method to decrease this risk?
- A . Wiping
- B . Recycling
- C . Shredding
- D . Deletion
Correct Answer: A
A
Explanation:
Wiping involves securely erasing data by overwriting the hard drive, ensuring the information is unrecoverable. It is cost-effective compared to physical destruction methods like shredding.
A
Explanation:
Wiping involves securely erasing data by overwriting the hard drive, ensuring the information is unrecoverable. It is cost-effective compared to physical destruction methods like shredding.
Question #27
After a recent ransomware attack on a company’s system, an administrator reviewed the log files.
Which of the following control types did the administrator use?
- A . Compensating
- B . Detective
- C . Preventive
- D . Corrective
Correct Answer: B
B
Explanation:
Detective controls are security measures that are designed to identify and monitor any malicious activity or anomalies on a system or network. They can help to discover the source, scope, and impact of an attack, and provide evidence for further analysis or investigation. Detective controls include log files, security audits, intrusion detection systems, network monitoring tools, and antivirus software. In this case, the administrator used log files as a detective control to review the ransomware attack on the company’s system. Log files are records of events and activities that occur on a system or network, such as user actions, system errors, network traffic, and security alerts. They can provide valuable information for troubleshooting, auditing, and forensics.
Reference: Security+ (Plus) Certification | CompTIA IT Certifications, under “About the exam”, bullet point 3: “Operate with an awareness of applicable regulations and policies, including principles of governance, risk, and compliance.”
CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 1, page 14: “Detective controls are designed to identify and monitor any malicious activity or anomalies on a system or network.”
Control Types C CompTIA Security+ SY0-401: 2.1 – Professor Messer IT …, under “Detective Controls”: “Detective controls are security measures that are designed to identify and monitor any malicious activity or anomalies on a system or network.”
B
Explanation:
Detective controls are security measures that are designed to identify and monitor any malicious activity or anomalies on a system or network. They can help to discover the source, scope, and impact of an attack, and provide evidence for further analysis or investigation. Detective controls include log files, security audits, intrusion detection systems, network monitoring tools, and antivirus software. In this case, the administrator used log files as a detective control to review the ransomware attack on the company’s system. Log files are records of events and activities that occur on a system or network, such as user actions, system errors, network traffic, and security alerts. They can provide valuable information for troubleshooting, auditing, and forensics.
Reference: Security+ (Plus) Certification | CompTIA IT Certifications, under “About the exam”, bullet point 3: “Operate with an awareness of applicable regulations and policies, including principles of governance, risk, and compliance.”
CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 1, page 14: “Detective controls are designed to identify and monitor any malicious activity or anomalies on a system or network.”
Control Types C CompTIA Security+ SY0-401: 2.1 – Professor Messer IT …, under “Detective Controls”: “Detective controls are security measures that are designed to identify and monitor any malicious activity or anomalies on a system or network.”
Question #28
A company wants to verify that the software the company is deploying came from the vendor the company purchased the software from.
Which of the following is the best way for the company to confirm this information?
- A . Validate the code signature.
- B . Execute the code in a sandbox.
- C . Search the executable for ASCII strings.
- D . Generate a hash of the files.
Correct Answer: A
A
Explanation:
Validating the code signature is the best way to verify software authenticity, as it ensures that the software has not been tampered with and that it comes from a verified source. Code signatures are digital signatures applied by the software vendor, and validating them confirms the software’s integrity and origin.
Reference: CompTIA Security+ SY0-701 course content and official CompTIA study resources.
A
Explanation:
Validating the code signature is the best way to verify software authenticity, as it ensures that the software has not been tampered with and that it comes from a verified source. Code signatures are digital signatures applied by the software vendor, and validating them confirms the software’s integrity and origin.
Reference: CompTIA Security+ SY0-701 course content and official CompTIA study resources.
Question #29
Which of the following vulnerabilities is exploited when an attacker overwrites a register with a malicious address?
- A . VM escape
- B . SQL injection
- C . Buffer overflow
- D . Race condition
Correct Answer: C
C
Explanation:
A buffer overflow is a vulnerability that occurs when an application writes more data to a memory buffer than it can hold, causing the excess data to overwrite adjacent memory locations. A register is a small storage area in the CPU that holds temporary data or instructions. An attacker can exploit a buffer overflow to overwrite a register with a malicious address that points to a shellcode, which is a piece of code that gives the attacker control over the system. By doing so, the attacker can bypass the normal execution flow of the application and execute arbitrary commands.
Reference: CompTIA Security+ SY0-701 Certification Study Guide, Chapter 2: Threats, Attacks, and Vulnerabilities, Section 2.3: Application Attacks, Page 76 1; Buffer Overflows – CompTIA Security+ SY0-701 – 2.3 2
C
Explanation:
A buffer overflow is a vulnerability that occurs when an application writes more data to a memory buffer than it can hold, causing the excess data to overwrite adjacent memory locations. A register is a small storage area in the CPU that holds temporary data or instructions. An attacker can exploit a buffer overflow to overwrite a register with a malicious address that points to a shellcode, which is a piece of code that gives the attacker control over the system. By doing so, the attacker can bypass the normal execution flow of the application and execute arbitrary commands.
Reference: CompTIA Security+ SY0-701 Certification Study Guide, Chapter 2: Threats, Attacks, and Vulnerabilities, Section 2.3: Application Attacks, Page 76 1; Buffer Overflows – CompTIA Security+ SY0-701 – 2.3 2
Question #30
Which of the following is the most effective way to protect an application server running software that is no longer supported from network threats?
- A . Air gap
- B . Barricade
- C . Port security
- D . Screen subnet
Correct Answer: A