CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 201:

  Which of the following can be used to mitigate attacks from high-risk regions?

  A. Obfuscation
  B. Data sovereignty
  C. IP geolocation
  D. Encryption
  C. IP geolocation

• Question 202:

  Which of the following best describes a method for ongoing vendor monitoring in third-party risk management?

  A. Requiring a new MSA for each project
  B. Accepting vendor self-attestation without further verification
  C. Conducting assessments to verify compliance with security requirements
  D. Reviewing SLAs at the start of the contract
  C. Conducting assessments to verify compliance with security requirements

  ---

  Explanation

  Ongoing vendor monitoring is a critical component of third-party risk management (TPRM) and focuses on continuously validating that vendors maintain required security controls throughout the lifecycle of the relationship. According to CompTIA Security+ SY0-701, the most effective ongoing monitoring method is conducting assessments to verify compliance with security requirements. These assessments may include periodic security questionnaires, audits, penetration test results, SOC reports, or compliance attestations that are independently validated.

  Option A, requiring a new MSA for each project, is a contractual activity, not a monitoring mechanism. Option B-accepting self-attestation without verification-introduces risk and is specifically discouraged in SY0-701 because it lacks assurance. Option D, reviewing SLAs at contract start, is a one-time activity and does not provide continuous oversight.

  Ongoing assessments allow organizations to detect control drift, identify new risks, and ensure vendors remain compliant with evolving regulatory and security expectations. This proactive approach is essential for managing supply chain risk and protecting organizational data.

  Therefore, the correct answer is C: Conducting assessments to verify compliance with security requirements.

• Question 203:

  After creating a contract for IT contractors, the human resources department changed several clauses. The contract has gone through three revisions.

  Which of the following processes should the human resources department follow to track revisions?

  A. Version validation
  B. Version changes
  C. Version updates
  D. Version control
  D. Version control

• Question 204:

  A legal department must maintain a backup from all devices that have been shredded and recycled by a third party.

  Which of the following best describes this requirement?

  A. Data retention
  B. Certification
  C. Sanitization
  D. Destruction
  A. Data retention

  ---

  Explanation

  Data retention refers to the practice of keeping copies or backups of data for a specific period, even after the original devices have been disposed of or destroyed. In this case, the legal department requires a backup to be maintained from devices that have been shredded and recycled, ensuring that necessary data is preserved in compliance with legal or regulatory requirements.

• Question 205:

  A company hired a security manager from outside the organization to lead security operations.

  Which of the following actions should the security manager perform first in this new role?

  A. Establish a security baseline.
  B. Review security policies.
  C. Adopt security benchmarks.
  D. Perform a user ID revalidation.
  B. Review security policies.

  ---

  Explanation

  When a security manager is hired from outside the organization to lead security operations, the first action should be to review the existing security policies. Understanding the current security policies provides a foundation for identifying strengths, weaknesses, and areas that require improvement, ensuring that the security program aligns with the organization's goals and regulatory requirements. Review security policies: Provides a comprehensive understanding of the existing security framework, helping the new manager to identify gaps and areas for enhancement.

  Establish a security baseline: Important but should be based on a thorough understanding of existing policies and practices.

  Adopt security benchmarks: Useful for setting standards, but reviewing current policies is a necessary precursor.

  Perform a user ID revalidation: Important for ensuring user access is appropriate but not the first step in understanding overall security operations.

  References:

  CompTIA Security+ SY0-701 Exam Objectives, Domain 5.1 - Summarize elements of effective security governance (Reviewing security policies).

• Question 206:

  A security architect wants to prevent employees from receiving malicious attachments by email.

  Which of the following functions should the chosen solution do?

  A. Apply IP address reputation data.
  B. Tap and monitor the email feed.
  C. Scan email traffic inline.
  D. Check SPF records.
  C. Scan email traffic inline.

  ---

  Explanation

  Scanning email traffic inline enables the security solution to inspect attachments and other content in real-time as emails are received. This allows the system to detect and block malicious attachments before they reach employees, effectively preventing potential security incidents caused by harmful email attachments. This approach is essential for identifying and neutralizing threats within email content directly.

• Question 207:

  Which of the following vulnerabilities would likely be mitigated by setting up an MDM platform?

  A. TPM
  B. Buffer overflow
  C. Jailbreaking
  D. SQL injection
  C. Jailbreaking

  ---

  Explanation

  A Mobile Device Management (MDM) platform protects organizational mobile devices by enforcing security policies, restricting unauthorized configuration changes, and detecting compromised devices. One of the major vulnerabilities MDM mitigates is jailbreaking, which occurs when a user removes manufacturer restrictions to gain unrestricted access to the file system and install unapproved apps.

  Security+ SY0-701 explains that jailbroken devices:

  Bypass built-in security protections

  Are more susceptible to malware

  Can be used for data exfiltration

  Violate corporate mobile security policies

  MDM solutions detect jailbroken or rooted devices and automatically block them from accessing corporate resources, enforce compliance rules, and remotely wipe devices if necessary.

  TPM (A) is a hardware security chip unrelated to MDM. Buffer overflow (B) and SQL injection (D) are software development vulnerabilities, not mobile device policy issues.

  Thus, the correct answer is C: Jailbreaking.

• Question 208:

  A security analyst must prevent remote users from accessing malicious URLs. The sites need to be checked inline for reputation, content, or categorization.

  Which of the following technologies will help secure the enterprise?

  A. VPN
  B. SASE
  C. IDS
  D. SD-WAN
  B. SASE

  ---

  Explanation

  Secure Access Service Edge (SASE) is the technology best suited for preventing remote users from accessing malicious URLs. According to the CompTIA Security+ SY0-701 framework, SASE integrates cloud-native security capabilities such as DNS filtering, secure web gateways, CASB, and URL categorization, all delivered inline. This means every URL request from a remote user is checked in real time for reputation, content, and category before access is granted.

  This solution is specifically designed for remote workforces because security enforcement happens in the cloud, regardless of user location-eliminating reliance on on-premise proxies or VPN routing. SASE also enables consistent policy application and real-time enforcement across distributed networks.

  A VPN (A) only encrypts traffic; it does not perform URL reputation checks. IDS (C) detects malicious activity but does not block URL access. SD-WAN (D) optimizes WAN routing but is not focused on content filtering or URL reputation.

  Therefore, SASE is the correct and most effective solution for inline URL inspection and preventing remote users from reaching malicious sites.

• Question 209:

  An engineer has ensured that the switches are using the latest OS, the servers have the latest patches, and the endpoints' definitions are up to date.

  Which of the following will these actions most effectively prevent?

  A. Zero-day attacks
  B. Insider threats
  C. End-of-life support
  D. Known exploits
  D. Known exploits

• Question 210:

  Which of the following threat actors is the most likely to use large financial resources to attack critical systems located in other countries?

  A. Insider
  B. Unskilled attacker
  C. Nation-state
  D. Hacktivist
  C. Nation-state

  ---

  Explanation

  A nation-state is a threat actor that is sponsored by a government or a political entity to conduct cyberattacks against other countries or organizations. Nation-states have large financial resources, advanced technical skills, and strategic objectives that may target critical systems such as military, energy, or infrastructure. Nation-states are often motivated by espionage, sabotage, or warfare.