CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 111:

  A company is in the process of migrating to cloud-based services. The company's IT department has limited resources for migration and ongoing support.

  Which of the following best meets the company's needs?

  A. IPS
  B. WAF
  C. SASE
  D. IAM
  C. SASE

  ---

  Explanation

  Secure Access Service Edge (SASE) combines network security functions with wide area network (WAN) capabilities in a cloud-delivered model, which simplifies management and provides scalable, secure access to cloud-based services.

  For a company with limited IT resources, SASE offers an integrated solution that reduces the need for extensive on-premises infrastructure and simplifies ongoing support. This approach allows the company to enhance security while efficiently supporting its cloud migration.

• Question 112:

  A group of developers has a shared backup account to access the source code repository.

  Which of the following is the best way to secure the backup account if there is an SSO failure?

  A. RAS
  B. EAP
  C. SAML
  D. PAM
  D. PAM

  ---

  Explanation

  Privileged Access Management (PAM) solutions enhance security by enforcing strong authentication, rotation of credentials, and access control for shared accounts. This is especially critical in scenarios like SSO failures.

  References:

  CompTIA Security+ SY0-701 Study Guide, Domain 5: Security Program Management, Section: "Privileged Access and Identity Management".

• Question 113:

  Which of the following is a key reason to follow data retention policies during asset decommissioning?

  A. To ensure data is securely destroyed when no longer needed
  B. To make backup copies of all company data before disposing of hardware
  C. To allow employees to access old files even after the hardware is recycled
  D. To keep all customer data available in case it is required in the future
  A. To ensure data is securely destroyed when no longer needed

  ---

  Explanation

  The best answer is A. To ensure data is securely destroyed when no longer needed. During asset decommissioning, organizations must handle storage media and data according to established data retention policies. These policies define how long data must be kept and when it should be securely destroyed. Following them helps ensure that data is not kept longer than necessary and is properly sanitized or destroyed when retention requirements have been met. This is important for: reducing risk of unauthorized data exposure meeting legal and regulatory obligations preventing sensitive information from being recovered from retired assets limiting unnecessary storage and liability.

  Why the other options are incorrect:

  B. To make backup copies of all company data before disposing of hardwareNot all data should be backed up indefinitely. Retention policies are about keeping data only as long as required.

  C. To allow employees to access old files even after the hardware is recycledThis is not the primary purpose of retention policies during decommissioning.

  D. To keep all customer data available in case it is required in the futureKeeping all data forever is not a proper retention strategy and can create legal and security problems. From the SY0-701 perspective, asset disposal and media sanitization are closely tied to retention schedules and secure destruction practices, so A is the correct answer.

• Question 114:

  A company is concerned about employees unintentionally introducing malware into the network. The company identified fifty employees who clicked on a link embedded in an email sent by the internal IT department.

  Which of the following should the company implement to best improve its security posture?

  A. Social engineering training
  B. SPF configuration
  C. Simulated phishing campaign
  D. Insider threat awareness
  C. Simulated phishing campaign

  ---

  Explanation

  A simulated phishing campaign involves sending fake phishing emails to employees to assess their susceptibility and raise awareness. By conducting such simulations, the company can identify vulnerable users, provide targeted training, and improve employees' ability to recognize phishing attempts. This approach directly addresses the risk of employees unintentionally introducing malware through malicious links in emails.

• Question 115:

  An IT manager is increasing the security capabilities of an organization after a data classification initiative determined that sensitive data could be exfiltrated from the environment.

  Which of the following solutions would mitigate the risk?

  A. XDR
  B. SPF
  C. DLP
  D. DMARC
  C. DLP

  ---

  Explanation

  To mitigate the risk of sensitive data being exfiltrated from the environment, the IT manager should implement a Data Loss Prevention (DLP) solution. DLP monitors and controls the movement of sensitive data, ensuring that unauthorized transfers are blocked and potential data breaches are prevented. XDR (Extended Detection and Response) is useful for threat detection across multiple environments but doesn't specifically address data exfiltration. SPF (Sender Policy Framework) helps prevent email spoofing, not data exfiltration. DMARC (Domain-based Message Authentication, Reporting & Conformance) also addresses email security and spoofing, not data exfiltration.

• Question 116:

  The SOC for a large MSSP is meeting to discuss the lessons learned from a recent incident that took much too long to resolve. This type of incident has become more common in recent weeks and is consuming large amounts of the analysts' time due to manual tasks being performed.

  Which of the following solutions should the SOC consider to BEST improve its response time?

  A. Configure a NIDS appliance using a Switched Port Analyzer
  B. Collect OSINT and catalog the artifacts in a central repository
  C. Implement a SOAR with customizable playbooks
  D. Install a SIEM with community-driven threat intelligence
  C. Implement a SOAR with customizable playbooks

  ---

  Explanation

  SOAR (Security Orchestration, Automation, and Response) Can use either playbook or runbook. It assists in collecting threat related data from a range of sources and automate responses to low level threats. (frees up some of the CSIRT time)

• Question 117:

  An organization wants a third-party vendor to do a penetration test that targets a specific device. The organization has provided basic information about the device.

  Which of the following best describes this kind of penetration test?

  A. Partially known environment
  B. Unknown environment
  C. Integrated
  D. Known environment
  A. Partially known environment

  ---

  Explanation

  A partially known environment is a type of penetration test where the tester has some information about the target, such as the IP address, the operating system, or the device type. This can help the tester focus on specific vulnerabilities and reduce the scope of the test. A partially known environment is also called a gray box test.

  References:

  CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 10, page 543.

• Question 118:

  The Chief Information Security Officer (CISO) has determined the company is non-compliant with local data privacy regulations. The CISO needs to justify the budget request for more resources.

  Which of the following should the CISO present to the board as the direct consequence of non-compliance?

  A. Fines
  B. Reputational damage
  C. Sanctions
  D. Contractual implications
  A. Fines

• Question 119:

  A security administrator would like to protect data on employees' laptops.

  Which of the following encryption techniques should the security administrator use?

  A. Partition
  B. Asymmetric
  C. Full disk
  D. Database
  C. Full disk

  ---

  Explanation

  Full disk encryption (FDE) is a technique that encrypts all the data on a hard drive, including the operating system, applications, and files. FDE protects the data from unauthorized access in case the laptop is lost, stolen, or disposed of without proper sanitization. FDE requires the user to enter a password, a PIN, a smart card, or a biometric factor to unlock the drive and boot the system. FDE can be implemented by using software solutions, such as BitLocker, FileVault, or VeraCrypt, or by using hardware solutions, such as self-encrypting drives (SEDs) or Trusted Platform Modules (TPMs). FDE is a recommended encryption technique for laptops and other mobile devices that store sensitive data. Partition encryption is a technique that encrypts only a specific partition or volume on a hard drive, leaving the rest of the drive unencrypted. Partition encryption is less secure than FDE, as it does not protect the entire drive and may leave traces of data on unencrypted areas. Partition encryption is also less convenient than FDE, as it requires the user to mount and unmount the encrypted partition manually. Asymmetric encryption is a technique that uses a pair of keys, one public and one private, to encrypt and decrypt data. Asymmetric encryption is mainly used for securing communication, such as email, web, or VPN, rather than for encrypting data at rest. Asymmetric encryption is also slower and more computationally intensive than symmetric encryption, which is the type of encryption used by FDE and partition encryption. Database encryption is a technique that encrypts data stored in a database, such as tables, columns, rows, or cells. Database encryption can be done at the application level, the database level, or the file system level. Database encryption is useful for protecting data from unauthorized access by database administrators, hackers, or malware, but it does not protect the data from physical theft or loss of the device that hosts the database.

  References:

  Data Encryption -CompTIA Security+ SY0-401: 4.4, CompTIA Security+ Cheat Sheet and PDF | Zero To Mastery, CompTIA Security+ SY0-601 Certification Course - Cybr, Application Hardening -SY0-601 CompTIA Security+ :3.2.

• Question 120:

  A security analyst is examining a penetration test report and notices that the tester pivoted to critical internal systems with the same local user ID and password.

  Which of the following would help prevent this in the future?

  A. Implement centralized authentication with proper password policies
  B. Add password complexity rules and increase password history limits
  C. Connect the systems to an external authentication server
  D. Limit the ability of user accounts to change passwords
  A. Implement centralized authentication with proper password policies