CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 241:

  A company is currently utilizing usernames and passwords, and it wants to integrate an MFA method that is seamless, can integrate easily into a user's workflow, and can utilize employee-owned devices.

  Which of the following will meet these requirements?

  A. Push notifications
  B. Phone call
  C. Smart card
  D. Offline backup codes
  A. Push notifications

  ---

  Explanation

  Push notifications offer a seamless and user-friendly method of multi-factor authentication (MFA) that can easily integrate into a user's workflow. This method leverages employee-owned devices, like smartphones, to approve authentication requests through a push notification. It's convenient, quick, and doesn't require the user to input additional codes, making it a preferred choice for seamless integration with existing workflows.

  References:

  CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations. CompTIA Security+ SY0-601 Study Guide: Chapter on Identity and Access Management.

• Question 242:

  Which of the following explains why an attacker cannot easily decrypt passwords using a rainbow table attack?

  A. Digital signatures
  B. Salting
  C. Hashing
  D. Perfect forward secrecy
  B. Salting

  ---

  Explanation

  Salting is a technique used to enhance the security of hashed passwords by adding a unique, random value (salt) to each password before hashing it. This prevents attackers from easily decrypting passwords using rainbow tables, which are precomputed tables for reversing cryptographic hash functions. Since each password has a unique salt, the same password will produce different hash values, making rainbow table attacks ineffective.

  References:

  CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations. CompTIA Security+ SY0-601 Study Guide: Chapter on Cryptography and Hashing Techniques.

• Question 243:

  During a wireless network scan at a data center the IT security team discovered Wi-Fi signals broadcasting from an unknown device.

  Which of the following best describes the cause of the incident?

  A. Domain hijacking
  B. On-path attack
  C. Rogue access point
  D. Jamming
  C. Rogue access point

• Question 244:

  Which of the following outlines the configuration, maintenance, and security roles between a cloud service provider and the customer?

  A. Service-level agreement
  B. Responsibility matrix
  C. Memorandum of understanding
  D. Non-disclosure agreement
  B. Responsibility matrix

  ---

  Explanation

  A responsibility matrix, often referred to in cloud computing as the Shared Responsibility Model, defines the exact roles, duties, and expectations between a cloud service provider (CSP) and the customer. This includes who is responsible for configuration, maintenance, patching, logging, updates, identity management, network security, and data protection.

  According to the SY0-701 exam objectives, cloud models such as SaaS, PaaS, and IaaS all divide responsibilities differently. The responsibility matrix clarifies these boundaries so that neither party assumes the other is handling a critical security task. Misunderstandings in these areas can create dangerous security gaps, such as unpatched virtual machines, misconfigured storage buckets, or weak access controls. A Service-Level Agreement (A) focuses on uptime, performance, and service expectations-not shared security roles. A Memorandum of Understanding (C) describes high-level cooperation between organizations, while an NDA (D) protects confidential information. The responsibility matrix is emphasized under Security Program Management, specifically in managing third-party relationships and cloud provider governance, ensuring both parties understand their obligations and reducing the risk of misconfigurations or operational vulnerabilities.

• Question 245:

  An auditor discovered multiple insecure ports on some servers. Other servers were found to have legacy protocols enabled.

  Which of the following tools did the auditor use to discover these issues?

  A. Nessus
  B. curl
  C. Wireshark
  D. netcat
  A. Nessus

• Question 246:

  After a series of account compromises and credential misuse, a company hires a security manager to develop a security program.

  Which of the following steps should the security manager take first to increase security awareness?

  A. Evaluate tools that identify risky behavior and distribute reports on the findings.
  B. Send quarterly newsletters that explain the importance of password management.
  C. Develop phishing campaigns and notify the management team of any successes.
  D. Update policies and handbooks to ensure all employees are informed of the new procedures.
  D. Update policies and handbooks to ensure all employees are informed of the new procedures.

• Question 247:

  A company wants to improve the availability of its application with a solution that requires minimal effort in the event a server needs to be replaced or added.

  Which of the following would be the best solution to meet these objectives?

  A. Load balancing
  B. Fault tolerance
  C. Proxy servers
  D. Replication
  A. Load balancing

  ---

  Explanation

  Load balancing improves application availability by distributing traffic across multiple servers. If one server fails, traffic is automatically routed to other available servers with minimal intervention.

  References:

  CompTIA Security+ SY0- 701 Study Guide, Domain 3: Security Architecture, Section: "High Availability Solutions".

• Question 248:

  A company makes a change during the appropriate change window, but the unsuccessful change extends beyond the scheduled time and impacts customers.

  Which of the following would prevent this from reoccurring?

  A. User notification
  B. Change approval
  C. Risk analysis
  D. Backout plan
  D. Backout plan

• Question 249:

  A security company informs its customers of a new vulnerability that affects web applications. The vulnerability does not have an available patch at the moment.

  Which of the following best describes this vulnerability?

  A. Zero-day
  B. XSS
  C. SQLi
  D. Buffer overflow
  A. Zero-day

  ---

  Explanation

  The best answer is A. Zero-day. A zero-day vulnerability is a newly discovered vulnerability for which no patch or official fix is yet available. Because defenders have had zero days to fully remediate it, attackers may be able to exploit it before a vendor releases a patch. The question specifically states that the vulnerability is new and does not have an available patch, which is the defining clue. Why the other options are incorrect:

  B. XSSCross-site scripting is a specific web application attack type, not a description of whether a patch exists.

  C. SQLiSQL injection is also a specific attack type, not the broader vulnerability status being asked about.

  D. Buffer overflowBuffer overflow is a type of coding flaw, but again it does not specifically describe the condition of having no patch available. From a Security+ perspective, when a vulnerability is newly identified and lacks a vendor fix, it is best described as a zero-day.

• Question 250:

  Which of the following would most likely prevent exploitation of an end-of-life, business-critical system?

  A. Monitoring
  B. Isolation
  C. Decommissioning
  D. Encryption
  B. Isolation

  ---

  Explanation

  End-of-life (EOL) systems no longer receive security patches, vendor support, or vulnerability updates. Because of this, they are highly susceptible to exploitation, especially if attackers can reach them over a network. When the system is business-critical and cannot be decommissioned, the most effective strategy is isolation, also known as network segmentation, air-gapping, or restrictive network zoning. Isolation removes direct exposure to external and internal threats by limiting communication paths to only essential systems and users.

  According to the Security+ SY0-701 guidance, isolating legacy systems helps reduce the attack surface when patching is no longer possible. Monitoring (A) is useful for detection but does not prevent exploitation.

  Decommissioning (C) would be ideal but is not possible for business-critical systems, as stated in the question. Encryption (D) protects data confidentiality but does not stop an attacker from exploiting vulnerabilities in an unpatched OS or application.

  Isolation is a recommended compensating control for legacy and unsupported systems in SY0-701's Security Architecture & Resilience domain, which emphasizes micro-segmentation, firewalls, and restricted access to minimize risk when systems cannot be replaced or patched.