CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 171:

  Which of the following techniques would attract the attention of a malicious attacker in an insider threat scenario?

  A. Creating a false text file in /docs/salaries
  B. Setting weak passwords in /etc/shadow
  C. Scheduling vulnerable jobs in /etc/crontab
  D. Adding a fake account to /etc/passwd
  A. Creating a false text file in /docs/salaries

  ---

  Explanation

  A file with a name like "salaries" suggests sensitive information, which would likely draw the attention of an insider threat looking for valuable or confidential data. This technique is often used as part of a honeypot strategy to monitor and detect suspicious activity by insiders attempting unauthorized access.

• Question 172:

  An analyst discovers a suspicious item in the SQL Server logs.

  Which of the following could be evidence of an attempted SQL injection?

  A. cat /etc/shadow
  B. dig 25.36.99.11
  C. cd .. / .. / .. /
  D. UserId = 10 OR 1=1;
  D. UserId = 10 OR 1=1;

• Question 173:

  An analyst identifies that multiple users have the same passwords, but the hashes appear to be completely different.

  Which of the following most likely explains this issue?

  A. Data masking
  B. Salting
  C. Key escrow
  D. Tokenization
  B. Salting

• Question 174:

  A security manager needs an automated solution that will take immediate action to protect an organization against inbound malicious traffic.

  Which of the following is the best solution?

  A. UEM
  B. IPS
  C. WAF
  D. VPN
  B. IPS

  ---

  Explanation

  An Intrusion Prevention System (IPS) is designed to automatically block or mitigate malicious network traffic in real time. Unlike an IDS, which only detects threats, an IPS performs inline traffic inspection and takes active action-such as dropping malicious packets, blocking connections, or updating firewall rules. This matches the requirement for an automated system that responds immediately to inbound threats.

  Security+ SY0-701 highlights IPS as a preventive control that detects signature-based, anomaly-based, and behavioral threats, including exploits, malware, and command-and-control activity. IPS systems are essential in defending against fast-moving attacks where human response time is too slow.

  UEM (A) manages endpoints but does not block inbound network threats.

  WAF (C) protects web applications, not the entire network. VPN (D) provides secure tunnels but does not prevent malicious inbound traffic.

  Thus, B: IPS is the best solution for automatic threat blocking.

• Question 175:

  A Chief Information Security Officer (CISO) wants to:

  1. Prevent employees from downloading malicious content.

  2. Establish controls based on departments and users.

  3. Map internet access for business applications to specific service accounts.

  4. Restrict content based on categorization.

  Which of the following should the CSO implement?

  A. Web application rewall
  B. Secure DNS server
  C. Jump server
  D. Next-generation rewall
  D. Next-generation rewall

• Question 176:

  A company is in the process of cutting jobs to manage costs. The Chief Information Security Officer is concerned about the increased risk of an insider threat.

  Which of the following would most likely help the security awareness team address this potential threat?

  A. Immediately disable the accounts of staff who are likely to be terminated.
  B. Train supervisors to identify and manage disgruntled employees.
  C. Configure DLP to monitor staff who will be terminated.
  D. Raise awareness for business leaders on social engineering techniques.
  B. Train supervisors to identify and manage disgruntled employees.

• Question 177:

  A security engineer at a large company needs to enhance IAM to ensure that employees can only access corporate systems during their shifts.

  Which of the following access controls should the security engineer implement?

  A. Role-based
  B. Time-of-day restrictions
  C. Least privilege
  D. Biometric authentication
  B. Time-of-day restrictions

  ---

  Explanation

  Time-of-day restrictions limit access to corporate systems based on predefined schedules. This ensures employees can only access resources during their assigned work hours.

  References:

  CompTIA Security+ SY0-701 Study Guide, Domain 3: Security Architecture, Section: "Access Control Models".

• Question 178:

  Which of the following physical controls can be used to both detect and deter? (Choose two.)

  A. Lighting
  B. Fencing
  C. Signage
  D. Sensor
  E. Bollard
  F. Lock
  A. Lighting
  D. Sensor

• Question 179:

  The application development teams have been asked to answer the following questions:

  1. Does this application receive patches from an external source?

  2. Does this application contain open-source code?

  3. Is this application accessible by external users?

  4. Does this application meet the corporate password standard?

  Which of the following are these questions part of?

  A. Risk control self-assessment
  B. Risk management strategy
  C. Risk acceptance
  D. Risk matrix
  A. Risk control self-assessment

  ---

  Explanation

  The questions listed are part of a Risk Control Self-Assessment (RCSA), which is a process where teams evaluate the risks associated with their operations and assess the effectiveness of existing controls. The questions focus on aspects such as patch management, the use of open-source code, external access, and compliance with corporate standards, all of which are critical for identifying and mitigating risks.

  References:

  CompTIA Security+ SY0-701 Course Content: The course discusses various risk management processes, including self-assessments that help in identifying and managing risks within the organization.

• Question 180:

  Executives at a company are concerned about employees accessing systems and information about sensitive company projects unrelated to the employees' normal job duties.

  Which of the following enterprise security capabilities will the security team most likely deploy to detect that activity?

  A. UBA
  B. EDR
  C. NAC
  D. DLP
  A. UBA

  ---

  Explanation

  UBA helps detect unusual or unauthorized access patterns by analyzing user behavior and identifying deviations from typical access patterns. It can alert the security team when employees attempt to access systems or data unrelated to their job duties, which addresses the executives' concern about potential insider threats or policy violations related to sensitive projects.