CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 151:

  The Chief Information Security Officer wants to put security measures in place to protect PlI. The organization needs to use its existing labeling and classification system to accomplish this goal.

  Which of the following would most likely be configured to meet the requirements?

  A. Tokenization
  B. S/MIME
  C. DLP
  D. MFA
  C. DLP

  ---

  Explanation

  Data Loss Prevention (DLP) systems are typically configured to protect sensitive data such as Personally Identifiable Information (PII) within an organization. DLP tools enforce policies that monitor, detect, and block the unauthorized transmission of sensitive data. By leveraging the organization's existing labeling and classification system, DLP solutions can identify and protect data based on its classification, ensuring that PII is appropriately secured according to organizational policies.

  References:

  CompTIA Security+ SY0-701 Course Content: Domain 03 Security Architecture. CompTIA Security+ SY0-601 Study Guide: Chapter on Network Security and DLP.

• Question 152:

  A company uses multiple providers to send its marketing, internal, and support emails. Many of the emails are marked as spam.

  Which of the following changes should the company make to ensure legitimate emails are validated?

  A. Disable DKIM to avoid signature conflicts.
  B. Implement DMARC with a " reject " policy to enforce sender validation.
  C. Replace the domain ' s MX record with the marketing provider ' s services.
  D. Update the SPF record to include all authorized sending sources.
  D. Update the SPF record to include all authorized sending sources.

  ---

  Explanation

  The best answer is D. Update the SPF record to include all authorized sending sources. SPF (Sender Policy Framework) is used to identify which mail servers and third-party services are authorized to send email on behalf of a domain. In this scenario, the company uses multiple providers for marketing, internal, and support emails. If all of those sending sources are not properly listed in the domain's SPF record, receiving mail servers may treat some valid messages as suspicious or spam. Updating the SPF record to include all legitimate sending providers helps recipient systems validate that the email came from an approved source. This directly addresses the problem of legitimate emails being flagged. Why the other options are incorrect:

  A. Disable DKIM to avoid signature conflicts.This is incorrect because DKIM helps validate message authenticity by using digital signatures. Disabling it would weaken email validation rather than improve it.

  B. Implement DMARC with a " reject " policy to enforce sender validation.DMARC is important, but a reject policy can cause legitimate messages to fail if SPF and DKIM are not configured correctly first. DMARC builds on SPF and DKIM; it does not replace the need to authorize all sending sources.

  C. Replace the domain ' s MX record with the marketing provider ' s services.MX records control where incoming email is received, not which systems are authorized to send email. This would not solve the validation issue for outbound messages. From a Security+ perspective, this question focuses on email security controls and proper configuration of SPF, DKIM, and DMARC. The most direct fix for multiple legitimate senders is to ensure the SPF record includes every authorized provider.

• Question 153:

  A systems administrator is changing the password policy within an enterprise environment and wants this update implemented on all systems as quickly as possible.

  Which of the following operating system security measures will the administrator most likely use?

  A. Deploying PowerShell scripts
  B. Pushing GPO update
  C. Enabling PAP
  D. Updating EDR profiles
  B. Pushing GPO update

  ---

  Explanation

  A group policy object (GPO) is a mechanism for applying configuration settings to computers and users in an Active Directory domain. By pushing a GPO update, the systems administrator can quickly and uniformly enforce the new password policy across all systems in the domain. Deploying PowerShell scripts, enabling PAP, and updating EDR profiles are not the most efficient or effective ways to change the password policy within an enterprise environment.

  References:

  CompTIA Security+ Study Guide:

  Exam SY0-701, 9th Edition, page 115

  Password Policy - Windows Security

• Question 154:

  A malicious update was distributed to a common software platform and disabled services at many organizations.

  Which of the following best describes this type of vulnerability?

  A. DDoS attack
  B. Rogue employee
  C. Insider threat
  D. Supply chain
  D. Supply chain

• Question 155:

  A systems administrator is working on a defense-in-depth strategy and needs to restrict activity from employees after hours.

  Which of the following should the systems administrator implement?

  A. Role-based restrictions
  B. Attribute-based restrictions
  C. Mandatory restrictions
  D. Time-of-day restrictions
  D. Time-of-day restrictions

  ---

  Explanation

  To restrict activity from employees after hours, the systems administrator should implement time-of-day restrictions. This method allows access to network resources to be limited to specific times, ensuring that employees can only access systems during approved working hours. This is an effective part of a defense-in-depth strategy to mitigate risks associated with unauthorized access during off-hours, which could be a time when security monitoring might be less stringent.

  Time-of-day restrictions: These control access based on the time of day, preventing users from logging in or accessing certain systems outside of designated hours.

  Role-based restrictions: Control access based on a user's role within the organization.

  Attribute-based restrictions: Use various attributes (such as location, department, or project) to determine access rights.

  Mandatory restrictions: Typically refer to non-discretionary access controls, such as those based on government or organizational policy.

  References:

  CompTIA Security+ SY0-701 Exam Objectives, Domain 4.6 - Implement and maintain identity and access management (Access controls: Time-of-day restrictions).

• Question 156:

  Which of the following is a hardware-specific vulnerability?

  A. Firmware version
  B. Buffer overflow
  C. SQL injection
  D. Cross-site scripting
  A. Firmware version

  ---

  Explanation

  Firmware is a type of software that is embedded in a hardware device, such as a router, a printer, or a BIOS chip. Firmware controls the basic functions and operations of the device, and it can be updated or modified by the manufacturer or the user. Firmware version is a hardware-specific vulnerability, as it can expose the device to security risks if it is outdated, corrupted, or tampered with. An attacker can exploit firmware vulnerabilities to gain unauthorized access, modify device settings, install malware, or cause damage to the device or the network. Therefore, it is important to keep firmware updated and verify its integrity and authenticity.

  References:

  CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 2, page 67. CompTIA Security+ SY0-701 Exam Objectives, Domain 2.1, page 10.

• Question 157:

  An application developer accidentally uploaded a company's code-signing certificate private key to a public web server. The company is concerned about malicious use of its certificate.

  Which of the following should the company do FIRST?

  A. Delete the private key from the repository.
  B. Verify the public key is not exposed as well.
  C. Update the DLP solution to check for private keys.
  D. Revoke the code-signing certificate.
  D. Revoke the code-signing certificate.

  ---

  Explanation

  We need to revoke the code-signing certificate as this is the most secure way to ensure that the comprised key wont be used by attackers. Usually there are bots crawking all over repos searching this kind of human errors.

• Question 158:

  HOTSPOT

  You are a security administrator investigating a potential infection on a network.

  INSTRUCTIONS

  Click on each host and firewall. Review all logs to determine which host originated the infection and then identify if each remaining host is clean or infected.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  

  

  

  

  

  Explanation

• Question 159:

  Which of the following addresses individual rights such as the right to be informed, the right of access, and the right to be forgotten?

  A. GDPR
  B. PCI DSS
  C. NIST
  D. ISO
  A. GDPR

• Question 160:

  Which of the following best describes a social engineering attack that uses a targeted electronic messaging campaign aimed at a Chief Executive Officer?

  A. Whaling
  B. Spear phishing
  C. Impersonation
  D. Identity fraud
  A. Whaling