CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 101:

  Which of the following tools is best for logging and monitoring in a cloud environment?

  A. IPS
  B. FIM
  C. NAC
  D. SIEM
  D. SIEM

  ---

  Explanation

  A Security Information and Event Management (SIEM) system is best suited for logging and monitoring in a cloud environment. SIEM tools collect, aggregate, and analyze log data from multiple sources within the environment, providing real-time monitoring, alerts, and analysis of security events. This centralized approach helps identify potential security incidents across cloud resources effectively.

• Question 102:

  A company's website is www.company.com. Attackers purchased the domain www.company.com.

  Which of the following types of attacks describes this example?

  A. Typosquatting
  B. Brand impersonation
  C. On-path
  D. Watering-hole
  A. Typosquatting

• Question 103:

  The number of tickets the help desk has been receiving has increased recently due to numerous false-positive phishing reports.

  Which of the following would be best to help to reduce the false positives?

  A. Performing more phishing simulation campaigns
  B. Improving security awareness training
  C. Hiring more help desk staff
  D. Implementing an incident reporting web page
  B. Improving security awareness training

• Question 104:

  A security analyst is creating base for the server team to follow when hardening new devices for deployment.

  Which of the following beet describes what the analyst is creating?

  A. Change management procedure
  B. Information security policy
  C. Cybersecurity framework
  D. Secure configuration guide
  D. Secure configuration guide

  ---

  Explanation

  The security analyst is creating a "secure configuration guide," which is a set of instructions or guidelines used to configure devices securely before deployment. This guide ensures that the devices are set up according to best practices to minimize vulnerabilities and protect against potential security threats.

  References:

  CompTIA Security+ SY0-701 Course Content: Domain 03 Security Architecture. CompTIA Security+ SY0-601 Study Guide: Chapter on System Hardening and Secure Configuration.

• Question 105:

  To which of the following security categories does an EDR solution belong?

  A. Physical
  B. Operational
  C. Managerial
  D. Technical
  D. Technical

• Question 106:

  Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?

  A. Risk tolerance
  B. Risk transfer
  C. Risk register
  D. Risk analysis
  C. Risk register

  ---

  Explanation

  A risk register is a document that records and tracks the risks associated with a project, system, or organization. A risk register typically includes information such as the risk description, the risk owner, the risk probability, the risk impact, the risk level, the risk response strategy, and the risk status. A risk register can help identify, assess, prioritize, monitor, and control risks, as well as communicate them to relevant stakeholders. A risk register can also help document the risk tolerance and thresholds of an organization, which are the acceptable levels of risk exposure and the criteria for escalating or mitigating risks.

  References:

  211. CompTIA Security+ Certification Guide, Chapter 2: Risk Management, page

  33. CompTIA Security+ Certification Exam SY0-701 Practice Test 1, Question4.

• Question 107:

  Which of the following should an organization implement to avoid unnecessary liability after the end of a legal contract obligation with a third party?

  A. Data encryption
  B. Data classification
  C. Data retention
  D. Data inventory
  C. Data retention

  ---

  Explanation

  The best answer is C. Data retention. To avoid unnecessary liability after the end of a legal contract obligation with a third party, an organization should follow a proper data retention policy. Data retention policies define how long data must be kept and when it should be deleted or securely destroyed once it is no longer needed for legal, contractual, regulatory, or business purposes. Keeping third-party data longer than necessary can increase: legal exposure privacy risk breach impact storage and governance burden.

  Why the other options are incorrect:

  A. Data encryptionEncryption protects data confidentiality, but it does not address whether the data should still be retained at all.

  B. Data classificationClassification helps determine sensitivity and handling requirements, but it does not define when data should be disposed of.

  D. Data inventoryAn inventory helps identify what data exists, but it does not by itself reduce liability after contractual obligations end. From the SY0-701 perspective, reducing liability after contractual or legal obligations end requires proper retention schedules and secure disposal, so C is the correct answer.

• Question 108:

  A company's antivirus solution is effective in blocking malware but often has false positives. The security team has spent a significant amount of time on investigations but cannot determine a root cause. The company is looking for a heuristic solution.

  Which of the following should replace the antivirus solution?

  A. SIEM
  B. EDR
  C. DLP
  D. IDS
  B. EDR

  ---

  Explanation

  Endpoint Detection and Response (EDR) platforms use behavioral analytics, machine learning, heuristics, and anomaly detection to identify malware and suspicious activity more accurately than traditional signature-based antivirus. EDR solutions also provide rich telemetry, process tracking, sandboxing, and automated investigation capabilities.

  The SY0-701 exam emphasizes EDR as a replacement for legacy antivirus in modern threat environments. EDR can significantly reduce false positives by establishing behavioral baselines and analyzing file, process, and memory activity rather than relying solely on signatures. The scenario states the company wants a heuristic solution, which directly aligns with EDR's advanced detection approach.

  SIEM (A) is for log aggregation and correlation-not endpoint protection. DLP (C) prevents data exfiltration but does not detect malware. IDS (D) analyzes network traffic, not endpoint behavior.

  Thus, EDR is the correct solution to reduce false positives and improve malware-detection accuracy.

• Question 109:

  Which of the following is required for an organization to properly manage its restore process in the event of system failure?

  A. IRP
  B. DRP
  C. RPO
  D. SDLC
  B. DRP

  ---

  Explanation

  A disaster recovery plan (DRP) is a set of policies and procedures that aim to restore the normal operations of an organization in the event of a system failure, natural disaster, or other emergency. A DRP typically includes the following elements: A risk assessment that identifies the potential threats and impacts to the organization's critical assets and processes.

  A business impact analysis that prioritizes the recovery of the most essential functions and data.

  A recovery strategy that defines the roles and responsibilities of the recovery team, the resources and tools needed, and the steps to follow to restore the system. A testing and maintenance plan that ensures the DRP is updated and validated regularly. A DRP is required for an organization to properly manage its restore process in the event of system failure, as it provides a clear and structured framework for recovering from a disaster and minimizing the downtime and data loss.

  References:

  CompTIA Security+ Study Guide (SY0-701), Chapter 7: Resilience and Recovery, page 325.

• Question 110:

  Which of the following documents provides expectations at a technical level for quality, availability, and responsibilities?

  A. EOL
  B. SLA
  C. MOU
  D. EOSL
  B. SLA

  ---

  Explanation

  A document that provides expectations at a technical level for quality, availability, and responsibilities is a Service Level Agreement (SLA). An SLA is a contract between a service provider and a customer that specifies the level of service that the provider will deliver. This typically includes technical details such as uptime, response times, and performance criteria. The SLA is used to ensure that the customer receives the level of service that they have agreed to and that the provider is held accountable for meeting those expectations. Options A, C, and D are not related to the technical level of service expectations. EOL refers to the end of life for a product or service, MOU is a memorandum of understanding, and EOSL is the end of service life.