CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 91:

  The private key for a website was stolen, and a new certificate has been issued.

  Which of the following needs to be updated next?

  A. SCEP
  B. CRL
  C. OCSP
  D. CSR
  B. CRL

  ---

  Explanation

  The Certificate Revocation List (CRL) should be updated when a private key is compromised. The CRL is a list of certificates that have been revoked by the issuing Certificate Authority (CA) and are no longer trusted. Updating the CRL ensures that clients and systems know the previous certificate is no longer valid, preventing it from being trusted even if the key has been compromised.

• Question 92:

  Which of the following should be used to ensure an attacker is unable to read the contents of a mobile device's drive if the device is lost?

  A. TPM
  B. ECC
  C. FDE
  D. HSM
  C. FDE

  ---

  Explanation

  Full Disk Encryption (FDE) ensures that all data on the drive is encrypted, preventing unauthorized access even if the device is lost.

• Question 93:

  A security team is setting up a new environment to host the organization's on-premises software application as a cloud-based service.

  Which of the following should the team ensure is in place to follow security best practices?

  A. Virtualization and isolation of resources
  B. Network segmentation
  C. Data encryption
  D. Strong authentication policies
  A. Virtualization and isolation of resources

  ---

  Explanation

  When hosting an on-premises software application as a cloud-based service, ensuring virtualization and isolation of resources is essential for maintaining security best practices. This involves using virtualization technologies to create isolated environments (e.g., virtual machines or containers) for different applications and services, reducing the risk of cross-tenant attacks and resource leakage.

  Network segmentation, data encryption, and strong authentication policies are also important security controls, but they do not directly address the core requirement of isolating computing resources in a multi-tenant cloud environment.

• Question 94:

  Which of the following is used to protect a computer from viruses, malware, and Trojans being installed and moving laterally across the network?

  A. IDS
  B. ACL
  C. EDR
  D. NAC
  C. EDR

  ---

  Explanation

  Endpoint detection and response (EDR) is a technology that monitors and analyzes the activity and behavior of endpoints, such as computers, laptops, mobile devices, and servers. EDR can help to detect and prevent malicious software, such as viruses, malware, and Trojans, from infecting the endpoints and spreading across the network. EDR can also provide visibility and response capabilities to contain and remediate threats. EDR is different from IDS, which is a network-based technology that monitors and alerts on network traffic anomalies. EDR is also different from ACL, which is a list of rules that control the access to network resources. EDR is also different from NAC, which is a technology that enforces policies on the network access of devices based on their identity and compliance status.

  References:

  CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 2561

• Question 95:

  A new employee accessed an unauthorized website. An investigation found that the employee violated the company's rules.

  Which of the following did the employee violate?

  A. MOU
  B. AUP
  C. NDA
  D. MOA
  B. AUP

• Question 96:

  An organization is developing a security program that conveys the responsibilities associated with the general operation of systems and software within the organization.

  Which of the following documents would most likely communicate these expectations?

  A. Business continuity plan
  B. Change management procedure
  C. Acceptable use policy
  D. Software development life cycle policy
  D. Software development life cycle policy

  ---

  Explanation

  A software development life cycle (SDLC) policy outlines responsibilities, best practices, and standards for developing, deploying, and maintaining secure systems and software.

  References:

  CompTIA Security+ SY0-701 Study Guide, Domain 5: Security Program Management, Section: "Policies and Standards".

• Question 97:

  A manufacturing organization receives the results from a penetration test. According to the results, legacy devices that are critical to continued business function display vulnerabilities. The devices have minimal vendor support and should be segmented and monitored closely.

  Which of the following devices were most likely identified?

  A. Workstations
  B. Embedded systems
  C. Core router
  D. DNS server
  B. Embedded systems

  ---

  Explanation

  The scenario describes legacy, business-critical devices with minimal vendor support that must be segmented and closely monitored. This strongly matches embedded systems commonly found in manufacturing environments (e.g., industrial machinery controllers, sensors, ICS/SCADA components). The Study Guide defines embedded systems as: "Embedded systems are computer systems that are built into other devices. Industrial machinery, appliances, and cars are all places where you may have encountered embedded systems." Manufacturing organizations often can't easily replace or patch these systems because they have long lifecycles and may depend on specialized firmware/RTOS and proprietary integrations. The same guide warns that legacy/unsupported platforms create risk due to lack of vendor security patches and recommends compensating controls: "Lack of support implies that no new security patches... will be released... In cases where the organization simply must continue using an unsupported operating system, best practice dictates isolating the system as much as possible... and applying as many compensating security controls as possible, such as increased monitoring and implementing strict network firewall rules."

  That guidance directly supports the question's "segmented and monitored closely" language. Workstations typically have stronger patch/support options; core routers and DNS servers are important, but they are not usually described as embedded legacy devices with minimal vendor support in a manufacturing context.

  References:

  Embedded systems definition and manufacturing examples

  legacy/unsupported systems require isolation/monitoring compensating controls.

• Question 98:

  Which of the following risks can be mitigated by HTTP headers?

  A. SQLi
  B. XSS
  C. DoS
  D. SSL
  B. XSS

  ---

  Explanation

  HTTP headers can be used to mitigate risks associated with Cross-Site Scripting (XSS). Security-related HTTP headers such as Content Security Policy (CSP) and X-XSS-Protection can be configured to prevent the execution of malicious scripts in the context of a web page.

  XSS (Cross-Site Scripting): A vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. HTTP headers like CSP help prevent XSS attacks by specifying which dynamic resources are allowed to load.

  SQLi (SQL Injection): Typically mitigated by using parameterized queries and input validation, not HTTP headers.

  DoS (Denial of Service): Mitigated by network and application-level defenses rather than HTTP headers.

  SSL (Secure Sockets Layer): Refers to securing communications and is not directly mitigated by HTTP headers; rather, it's implemented using SSL/TLS protocols.

  References:

  CompTIA Security+ SY0-701 Exam Objectives, Domain 3.3 - Protect data (HTTP headers for securing web applications).

• Question 99:

  Which of the following is a benefit of an RTO when conducting a business impact analysis?

  A. It determines the likelihood of an incident and its cost.
  B. It determines the roles and responsibilities for incident responders.
  C. It determines the state that systems should be restored to following an incident.
  D. It determines how long an organization can tolerate downtime after an incident.
  D. It determines how long an organization can tolerate downtime after an incident.

  ---

  Explanation

  Recovery Time Objective (RTO) defines the maximum acceptable downtime before business operations must be restored. It helps organizations set expectations for recovery speed and prioritize system restoration accordingly.

  A (likelihood of an incident and cost) relates to risk assessment, not RTO.

  B (roles and responsibilities) falls under incident response planning, not RTO.

  C (state of restored systems) is covered by Recovery Point Objective (RPO), not RTO.

  References:

  CompTIA Security+ SY0-701 Official Study Guide, Security Program Management and Oversight domain.

• Question 100:

  A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks.

  Which of the following analysis elements did the company most likely use in making this decision?

  A. MTTR
  B. RTO
  C. ARO
  D. MTBF
  C. ARO

  ---

  Explanation

  The company most likely used ARO (Annual Rate of Occurrence) to estimate how often a ransomware event is expected to happen within a year. Insurance coverage decisions are commonly tied to risk frequency and expected annual exposure, so if the organization believed the likelihood of a ransomware incident was low enough, it may have decided to remove that coverage to reduce premium costs. MTTR measures repair time, RTO measures acceptable recovery time, and MTBF measures average time between failures, none of which best explain an insurance coverage decision based on expected annual risk.