CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 131:

  Which of the following should an organization use to ensure that it can review the controls and performance of a service provider or vendor?

  A. Service-level agreement
  B. Memorandum of agreement
  C. Right-to-audit clause
  D. Supply chain analysis
  C. Right-to-audit clause

  ---

  Explanation

  A right-to-audit clause gives an organization the legal ability to inspect and verify a service provider's or vendor's controls, processes, and compliance with contractual obligations, ensuring transparency and accountability.

• Question 132:

  A company decides to purchase an insurance policy.

  Which of the following risk management strategies is this company implementing?

  A. Mitigate
  B. Accept
  C. Avoid
  D. Transfer
  D. Transfer

• Question 133:

  During a penetration test, a flaw in the internal PKI was exploited to gain domain administrator rights using specially crafted certificates.

  Which of the following remediation tasks should be completed as part of the cleanup phase?

  A. Updating the CRL
  B. Patching the CA
  C. Changing passwords
  D. Implementing SOAR
  A. Updating the CRL

  ---

  Explanation

  In the cleanup phase, the priority is to invalidate any malicious or unauthorized certificates that were used during the exploitation. Updating the CRL ensures those certificates are revoked and no longer trusted. Patching the CA is a remediation or recovery action to fix the root cause, but it does not by itself invalidate certificates that were already issued and abused. Changing passwords does not address certificate-based abuse directly, and implementing SOAR is unrelated.

• Question 134:

  A security audit of an organization revealed that most of the IT staff members have domain administrator credentials and do not change the passwords regularly.

  Which of the following solutions should the security learn propose to resolve the findings in the most complete way?

  A. Creating group policies to enforce password rotation on domain administrator credentials
  B. Reviewing the domain administrator group, removing all unnecessary administrators, and rotating all passwords
  C. Integrating the domain administrator's group with an IdP and requiring SSO with MFA for all access
  D. Securing domain administrator credentials in a PAM vault and controlling access with role-based access control
  D. Securing domain administrator credentials in a PAM vault and controlling access with role-based access control

  ---

  Explanation

  Using a Privileged Access Management (PAM) vault to secure domain administrator credentials and enforcing role-based access control (RBAC) is the most comprehensive solution. PAM systems help manage and control access to privileged accounts, ensuring that only authorized personnel can access sensitive credentials. This approach also facilitates password rotation, auditing, and ensures that credentials are not misused or left unchanged. Integrating PAM with RBAC ensures that access is granted based on the user's role, further enhancing security.

  References:

  CompTIA Security+ SY0-701 Course Content: Domain 05 Security Program Management and Oversight.

  CompTIA Security+ SY0-601 Study Guide: Chapter on Identity and Access Management.

• Question 135:

  Visitors to a secured facility are required to check in with a photo ID and enter the facility through an access control vestibule.

  Which of the following but describes this form of security control?

  A. Physical
  B. Managerial
  C. Technical
  D. Operational
  A. Physical

  ---

  Explanation

  A physical security control is a device or mechanism that prevents unauthorized access to a physical location or asset. An access control vestibule, also known as a mantrap, is a physical security control that consists of a small space with two sets of interlocking doors, such that the first set of doors must close before the second set opens. This prevents unauthorized individuals from following authorized individuals into the facility, a practice known as piggybacking or tailgating. A photo ID check is another form of physical security control that verifies the identity of visitors. Managerial, technical, and operational security controls are not directly related to physical access, but rather to policies, procedures, systems, and processes that support security objectives.

  References:

  CompTIA Security+ Study Guide: Exam SY0- 701, 9th Edition, page 341

  Mantrap (access control) - Wikipedia

• Question 136:

  A legacy device is being decommissioned and is no longer receiving updates or patches.

  Which of the following describes this scenario?

  A. End of business
  B. End of testing
  C. End of support
  D. End of life
  D. End of life

• Question 137:

  A new security regulation was announced that will take effect in the coming year. A company must comply with it to remain in business.

  Which of the following activities should the company perform next?

  A. Gap analysis
  B. Policy review
  C. Security procedure evaluation
  D. Threat scope reduction
  A. Gap analysis

  ---

  Explanation

  A gap analysis will help the company identify the differences between its current security practices and the requirements of the new regulation. This analysis provides a clear understanding of what needs to be addressed to achieve compliance, allowing the company to prioritize and implement necessary changes before the regulation takes effect.

• Question 138:

  A security analyst receives an alert that there was an attempt to download known malware.

  Which of the following actions would allow the best chance to analyze the malware?

  A. Review the IPS logs and determine which command-and-control IPs were blocked.
  B. Analyze application logs to see how the malware attempted to maintain persistence.
  C. Run vulnerability scans to check for systems and applications that are vulnerable to the malware.
  D. Obtain and execute the malware in a sandbox environment and perform packet captures.
  D. Obtain and execute the malware in a sandbox environment and perform packet captures.

• Question 139:

  A store is setting up wireless access for their employees. Management wants to limit the number of access points while ensuring all areas of the store are covered.

  Which of the following tools will help management determine the number of access points needed?

  A. Signal locator
  B. WPA3
  C. Heat map
  D. Site survey
  D. Site survey

  ---

  Explanation

  A site survey is the formal assessment used to determine the optimal number and placement of wireless access points (APs). According to Security+ SY0-701, wireless site surveys evaluate factors such as building layout, RF interference, wall material density, antenna propagation, and signal overlap. The goal is to ensure full wireless coverage while minimizing the number of APs needed, maximizing performance, and reducing dead zones.

  During a site survey, technicians analyze: Signal strength patterns Interference sources (microwaves, metal shelving, wiring, etc.) Required coverage zones Capacity needs (number of users, devices)

  Although heat maps (C) visually represent wireless signal distribution, they are a result of a site survey, not the process itself. WPA3 (B) is a security protocol unrelated to determining coverage. A signal locator (A) is not an enterprise-grade planning tool.

  Therefore, the correct answer is D: Site survey.

• Question 140:

  Which of the following best describes configuring devices to log to an off-site location for possible future reference?

  A. Log aggregation
  B. DLP
  C. Archiving
  D. SCAP
  A. Log aggregation

  ---

  Explanation

  Configuring devices to log to an off-site location for possible future reference is best described as log aggregation. Log aggregation involves collecting logs from multiple sources and storing them in a centralized location, often off-site, to ensure they are preserved and can be analyzed in the future.

  Log aggregation: Centralizes log data from multiple devices, making it easier to analyze and ensuring logs are available for future reference.

  DLP (Data Loss Prevention): Focuses on preventing unauthorized data transfer and ensuring data security.

  Archiving: Involves storing data for long-term retention, which could be part of log aggregation but is broader in scope.

  SCAP (Security Content Automation Protocol): A standard for automating vulnerability management and policy compliance.

  References:

  CompTIA Security+ SY0-701 Exam Objectives, Domain 4.4 - Explain security alerting and monitoring concepts and tools (Log aggregation).