CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 231:

  An administrator discovers a cross-site scripting vulnerability on a company website.

  Which of the following will most likely remediate the issue?

  A. Input validation
  B. NGFW
  C. Vulnerability scan
  D. WAF
  A. Input validation

  ---

  Explanation

  Cross-site scripting (XSS) occurs when a web application fails to properly validate or sanitize user input, allowing attackers to inject malicious scripts into web pages viewed by other users. The most effective remediation is input validation, which ensures that only safe, expected data is accepted by the application.

  Security+ SY0-701 highlights input validation as a primary defense against:

  XSS

  SQL injection

  Command injection

  Path traversal attacks

  By validating and sanitizing input at both the client and server layers, organizations can strip harmful characters, block script tags, enforce strict data types, and ensure proper encoding. A NGFW (B) or WAF (D) can mitigate attacks by blocking malicious payloads, but they do not fix the root cause within the web application. A vulnerability scan (C) identifies the issue but does not remediate it.

  Therefore, only input validation (A) directly resolves the underlying coding flaw responsible for XSS.

• Question 232:

  A company wants to use new Wi-Fi-enabled environmental sensors in order to automatically collect metrics.

  Which of the following will the security team most likely do?

  A. Add the sensor software to the risk register.
  B. Create a VLAN for the sensors.
  C. Physically air gap the sensors.
  D. Configure TLS 1.2 on all sensors.
  B. Create a VLAN for the sensors.

  ---

  Explanation

  Because these are Wi-Fi-enabled environmental sensors, they are effectively IoT/embedded devices that often have limited security controls, inconsistent patch support, and may expose management interfaces or services. A common Security+ best practice is to reduce their attack surface and limit lateral movement by placing them in a separate, protected network segment and tightly controlling what they can talk to (for example, only to the metrics collector/broker). The Study Guide explicitly calls out VLAN-based segmentation for IoT as a hardening technique: "A common technique used in hardening networks is the use of VLANs... Placing IoT devices on a separate, protected VLAN with appropriate access controls... can help to ensure that frequently vulnerable devices are more protected." It also reinforces this in a practice question scenario: "What security control should she recommend...?... Deploy the IoT devices to a protected VLAN."

  Why the other options are less likely:

  Option A (risk register) is governance documentation, not the most likely immediate technical control for deployment.

  Option C (air gap) is usually unrealistic for Wi-Fi sensors that must transmit metrics.

  Option D (TLS 1.2) may be beneficial, but many sensors can't support strong crypto consistently; segmentation is the most broadly applicable first move to contain risk.

  References:

  CompTIA Security+ Study Guide (SY0-701) - Network Hardening/VLAN segmentation guidance

  related IoT hardening practice question recommending a protected VLAN.

• Question 233:

  An administrator has identified and fingerprinted specific files that will generate an alert if an attempt is made to email these files outside of the organization.

  Which of the following best describes the tool the administrator is using?

  A. DLP
  B. SNMP traps
  C. SCAP
  D. IPS
  A. DLP

• Question 234:

  Which of the following is a compensating control for providing user access to a high-risk website?

  A. Enabling threat prevention features on the firewall
  B. Configuring a SIEM tool to capture all web traffic
  C. Setting firewall rules to allow traffic from any port to that destination
  D. Blocking that website on the endpoint protection software
  A. Enabling threat prevention features on the firewall

  ---

  Explanation

  Enabling threat prevention features on the firewall is a compensating control that adds a layer of security when accessing a high-risk website. This approach helps to detect and block malicious activities associated with the website by scanning for threats, malicious code, and suspicious traffic patterns, thereby mitigating potential risks without completely restricting access.

• Question 235:

  Which of the following control types is AUP an example of?

  A. Physical
  B. Managerial
  C. Technical
  D. Operational
  B. Managerial

  ---

  Explanation

  An Acceptable Use Policy (AUP) is an example of a managerial control. Managerial controls are policies and procedures that govern an organization's operations, ensuring security through directives and rules. The AUP defines acceptable behavior and usage of company resources, setting guidelines for employees. Physical controls refer to security measures like locks, fences, or security guards. Technical controls involve security mechanisms such as firewalls or encryption.

  Operational controls are procedures for maintaining security, such as backup and recovery plans.

• Question 236:

  A security engineer is implementing FDE for all laptops in an organization.

  Which of the following are the most important for the engineer to consider as part of the planning process?

  (Select two).

  A. Key escrow
  B. TPM presence
  C. Digital signatures
  D. Data tokenization
  E. Public key management
  F. Certificate authority linking
  A. Key escrow
  B. TPM presence

  ---

  Explanation

  Key escrow is a method of storing encryption keys in a secure location, such as a trusted third party or a hardware security module (HSM). Key escrow is important for FDE because it allows the recovery of encrypted data in case of lost or forgotten passwords, device theft, or hardware failure. Key escrow also enables authorized access to encrypted data for legal or forensic purposes. TPM presence is a feature of some laptops that have a dedicated chip for storing encryption keys and other security information. TPM presence is important for FDE because it enhances the security and performance of encryption by generating and protecting the keys within the chip, rather than relying on software or external devices. TPM presence also enables features such as secure boot, remote attestation, and device authentication.

• Question 237:

  A company has begun labeling all laptops with asset inventory stickers and associating them with employee IDs.

  Which of the following security benefits do these actions provide? (Choose two.)

  A. If a security incident occurs on the device, the correct employee can be notified.
  B. The security team will be able to send user awareness training to the appropriate device.
  C. Users can be mapped to their devices when configuring software MFA tokens.
  D. User-based firewall policies can be correctly targeted to the appropriate laptops.
  E. When conducting penetration testing, the security team will be able to target the desired laptops.
  F. Company data can be accounted for when the employee leaves the organization.
  A. If a security incident occurs on the device, the correct employee can be notified.
  F. Company data can be accounted for when the employee leaves the organization.

  ---

  Explanation

  Labeling all laptops with asset inventory stickers and associating them with employee IDs can provide several security benefits for a company. Two of these benefits are:

  A. If a security incident occurs on the device, the correct employee can be notified. An asset inventory sticker is a label that contains a unique identifier for a laptop, such as a serial number, a barcode, or a QR code. By associating this identifier with an employee ID, the security team can easily track and locate the owner of the laptop in case of a security incident, such as a malware infection, a data breach, or a theft. This way, the security team can notify the correct employee about the incident, and provide them with the necessary instructions or actions to take, such as changing passwords, scanning for viruses, or reporting the loss. This can help to contain the incident, minimize the damage, and prevent further escalation.

  F. Company data can be accounted for when the employee leaves the organization. When an employee leaves the organization, the company needs to ensure that all the company data and assets are returned or deleted from the employee's laptop. By labeling the laptop with an asset inventory sticker and associating it with an employee ID, the company can easily identify and verify the laptop that belongs to the departing employee, and perform the appropriate data backup, wipe, or transfer procedures. This can help to protect the company data from unauthorized access, disclosure, or misuse by the former employee or any other party. The other options are not correct because they are not related to the security benefits of labeling laptops with asset inventory stickers and associating them with employee IDs.

  B. The security team will be able to send user awareness training to the appropriate device. User awareness training is a type of security education that aims to improve the knowledge and behavior of users regarding security threats and best practices. The security team can send user awareness training to the appropriate device by using the email address, username, or IP address of the device, not the asset inventory sticker or the employee ID.

  C. Users can be mapped to their devices when configuring software MFA tokens. Software MFA tokens are a type of multi-factor authentication that uses a software application to generate a one-time password or a push notification for verifying the identity of a user. Users can be mapped to their devices when configuring software MFA tokens by using the device ID, phone number, or email address of the device, not the asset inventory sticker or the employee ID.

  D. User-based firewall policies can be correctly targeted to the appropriate laptops. User-based firewall policies are a type of firewall rules that apply to specific users or groups of users, regardless of the device or location they use to access the network. User-based firewall policies can be correctly targeted to the appropriate laptops by using the username, domain, or certificate of the user, not the asset inventory sticker or the employee ID.

  E. When conducting penetration testing, the security team will be able to target the desired laptops. Penetration testing is a type of security assessment that simulates a real-world attack on a network or system to identify and exploit vulnerabilities. When conducting penetration testing, the security team will be able to target the desired laptops by using the IP address, hostname, or MAC address of the laptop, not the asset inventory sticker or the employee ID.

  References:

  CompTIA Security+ Study Guide (SY0-701), Chapter 1: General Security Concepts, page 17. Professor Messer's CompTIA SY0-701 Security+ Training Course, Section 1.4: Asset Management, video: Asset Inventory (6:12).

• Question 238:

  Which of the following explains how regular patching helps mitigate risks when securing an enterprise environment?

  A. It improves server performance by reducing software bugs.
  B. It addresses known software vulnerabilities before they are exploited.
  C. It eliminates the need for firewalls and intrusion detection.
  D. It removes the need for antivirus tools.
  B. It addresses known software vulnerabilities before they are exploited.

  ---

  Explanation

  The correct answer is B because regular patching directly reduces security risk by remediating known vulnerabilities before attackers can exploit them. Within the Security+ SY0-701 objectives, patch management is a foundational component of vulnerability management and secure operations. Vendors routinely release patches to fix security flaws that have already been identified, documented, and, in many cases, actively targeted by threat actors.

  Attackers frequently scan enterprise environments for systems that are missing patches related to publicly disclosed vulnerabilities. Once a vulnerability is known, exploit code often becomes widely available, dramatically increasing the likelihood of compromise. Regular patching shortens the "window of exposure," which is the time between vulnerability disclosure and remediation. By applying patches promptly, organizations significantly reduce the attack surface and limit opportunities for exploitation.

  Option A is incorrect because while patches may incidentally improve stability or performance, that is not their primary security purpose.

  Option C is incorrect because patching does not replace other security controls; firewalls and intrusion detection systems remain essential for layered defense.

  Option D is also incorrect because antivirus tools serve a different role, such as detecting and responding to malware, and cannot be replaced by patching alone.

  The SY0-701 study guide emphasizes that effective patch management requires structured processes, including testing, maintenance windows, rollback planning, and prioritization based on risk and asset criticality. Patching is classified as a preventive technical control, stopping attacks before they occur rather than reacting after compromise.

  In summary, regular patching mitigates enterprise risk by proactively addressing known software vulnerabilities before they can be exploited. This makes it one of the most effective and widely emphasized security practices in the Security+ SY0-701 exam and in real-world security operations.

• Question 239:

  After performing an assessment, an analyst wants to provide a risk rating for the findings.

  Which of the following concepts should most likely be considered when calculating the ratings?

  A. Owners and thresholds
  B. Impact and likelihood
  C. Appetite and tolerance
  D. Probability and exposure factor
  B. Impact and likelihood

  ---

  Explanation

  When calculating risk ratings, the concepts of impact and likelihood are most likely to be considered. Risk assessment typically involves evaluating the potential impact of a threat (how severe the consequences would be if the threat materialized) and the likelihood of the threat occurring (how probable it is that the threat will occur).

  Impact: Measures the severity of the consequences if a particular threat exploits a vulnerability. It considers factors such as financial loss, reputational damage, and operational disruption.

  Likelihood: Measures the probability of a threat exploiting a vulnerability. This can be based on historical data, current threat landscape, and expert judgment.

  References:

  CompTIA Security+ SY0-701 Exam Objectives, Domain 5.2 - Risk management process (Risk assessment: impact and likelihood).

• Question 240:

  A security administrator documented the following records during an assessment of network services:

  

  Two weeks later, the administrator performed a log review and noticed the records were changed as follows:

  

  When consulting the service owner, the administrator validated that the new address was not part of the company network.

  Which of the following was the company most likely experiencing?

  A. DDoS attack
  B. DNS poisoning
  C. Ransomware compromise
  D. Spyware infection
  B. DNS poisoning

  ---

  Explanation

  DNS poisoning (also known as DNS cache poisoning) involves an attacker manipulating DNS records, redirecting traffic to malicious destinations. In this case, the change in the DNS records to an IP address outside the company's network suggests that the attacker may have poisoned the DNS cache or altered the DNS records to reroute traffic, potentially leading to a malicious site or server.

  This is not a DDoS attack, ransomware compromise, or spyware infection as the primary issue appears to be manipulation of DNS records, which is characteristic of DNS poisoning.