CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 251:

  In a rush to meet an end-of-year business goal, the IT department was told to implement a new business application. The security engineer reviews the attributes of the application and decides the time needed to perform due diligence is insufficient from a cybersecurity perspective.

  Which of the following best describes the security engineer's response?

  A. Risk tolerance
  B. Risk acceptance
  C. Risk importance
  D. Risk appetite
  D. Risk appetite

  ---

  Explanation

  Risk appetite refers to the level of risk that an organization is willing to accept in order to achieve its objectives. In this scenario, the security engineer is concerned that the timeframe for implementing a new application does not allow for sufficient cybersecurity due diligence. This reflects a situation where the organization's risk appetite might be too high if it proceeds without the necessary security checks.

  References:

  CompTIA Security+ SY0-701 study materials, particularly in the domain of risk management and understanding organizational risk appetite.

• Question 252:

  A user is requesting Telnet access to manage a remote development web server. Insecure protocols are not allowed for use within any environment.

  Which of the following should be configured to allow remote access to this server?

  A. HTTPS
  B. SNMPv3
  C. SSH
  D. RDP
  E. SMTP
  C. SSH

• Question 253:

  An organization experiences a compromise in a cloud-hosted solution that contains customer information.

  Which of the following strategies will help determine the sensitivity level of the breach?

  A. Permission restrictions
  B. Tabletop exercise
  C. Data classification
  D. Asset inventory
  C. Data classification

  ---

  Explanation

  The correct answer is Data classification because it is the primary mechanism used to determine the sensitivity and criticality of information involved in a security incident. According to the Security+ SY0-701 governance and risk management concepts, data classification assigns labels-such as public, internal, confidential, or restricted-to information based on its sensitivity, value to the organization, and potential impact if disclosed, altered, or destroyed. When a breach occurs, these classifications allow security teams and management to quickly assess how severe the incident is and what regulatory, legal, or business consequences may apply.

  In this scenario, the compromised cloud-hosted solution contains customer information. By referencing the organization's data classification scheme, incident responders can determine whether the exposed data includes personally identifiable information (PII), financial data, health records, or other regulated data types. This directly influences breach notification requirements, incident escalation, response prioritization, and communication with stakeholders. The SY0- 701 study guide emphasizes that effective security governance depends on having clearly defined classification standards before an incident occurs, so decisions during response are consistent and defensible.

  The other options do not meet the goal of determining sensitivity. Permission restrictions are access control mechanisms used to prevent unauthorized access, not to evaluate the importance of data after a compromise. Tabletop exercises are preparedness and training activities designed to test incident response plans, not to classify real data. Asset inventory identifies systems, hardware, software, and data locations, but it does not define how sensitive the data is; it only helps locate what may be affected.

  Therefore, data classification is the most appropriate strategy for determining the sensitivity level of the breach, aligning directly with Security+ SY0-701 objectives related to risk management, privacy, and incident impact assessment.

• Question 254:

  Which of the following agreement types defines the time frame in which a vendor needs to respond?

  A. SOW
  B. SLA
  C. MOA
  D. MOU
  B. SLA

  ---

  Explanation

  A service level agreement (SLA) is a type of agreement that defines the expectations and responsibilities between a service provider and a customer. It usually includes the quality, availability, and performance metrics of the service, as well as the time frame in which the provider needs to respond to service requests, incidents, or complaints. An SLA can help ensure that the customer receives the desired level of service and that the provider is accountable for meeting the agreed-upon standards.

  References:

  Security+ (Plus) Certification | CompTIA IT Certifications, under "About the exam", bullet point 3: "Operate with an awareness of applicable regulations and policies, including principles of governance, risk, and compliance." CompTIA Security

  + Certification Kit: Exam SY0-701, 7th Edition, Chapter 1, page

  14: "Service Level Agreements (SLAs) are contracts between a service provider and a customer that specify the level of service expected from the service provider."

• Question 255:

  An organization would like to give remote workers the ability to use applications hosted inside the corporate network Users will be allowed to use their personal computers or they will be provided organization assets Either way no data or applications will be installed locally on any user systems

  Which of the following mobile solutions would accomplish these goals?

  A. VDI
  B. MDM
  C. COPE
  D. UTM
  A. VDI

  ---

  Explanation

  MDM would require something to be installed. VDI, virtual desktop infrastructure, would allow employees to use run apps on the company network without installing locally.

• Question 256:

  A company is concerned about theft of client data from decommissioned laptops.

  Which of the following is the most cost-effective method to decrease this risk?

  A. Wiping
  B. Recycling
  C. Shredding
  D. Deletion
  A. Wiping

  ---

  Explanation

  Wiping is the most cost-effective method to decrease the risk of client data theft from decommissioned laptops. Wiping involves using software tools to securely erase all data on the hard drive, making it unrecoverable. This ensures that sensitive information cannot be accessed, even if the laptop is later reused or disposed of. Compared to shredding (which involves physical destruction and is more costly) or simple deletion (which does not truly erase the data), wiping is an effective, inexpensive way to mitigate the risk.

• Question 257:

  Which of the following security principles most likely requires validation before allowing traffic between systems?

  A. Policy enforcement
  B. Authentication
  C. Zero Trust architecture
  D. Confidentiality
  C. Zero Trust architecture

• Question 258:

  A security team is in the process of hardening the network against externally crafted malicious packets.

  Which of the following is the most secure method to protect the internal network?

  A. Anti-malware solutions
  B. Host-based rewalls
  C. Intrusion prevention systems
  D. Network access control
  E. Network allow list
  C. Intrusion prevention systems

• Question 259:

  A security team is reviewing the findings in a report that was delivered after a third party performed a penetration test. One of the findings indicated that a web application form field is vulnerable to cross-site scripting.

  Which of the following application security techniques should the security analyst recommend the developer implement to prevent this vulnerability?

  A. Secure cookies
  B. Version control
  C. Input validation
  D. Code signing
  C. Input validation

  ---

  Explanation

  Input validation is a technique that checks the user input for any malicious or unexpected data before processing it by the web application. Input validation can prevent cross-site scripting (XSS) attacks, which exploit the vulnerability of a web application to execute malicious scripts in the browser of a victim. XSS attacks can compromise the confidentiality, integrity, and availability of the web application and its users. Input validation can be implemented on both the client-side and the server-side, but server-side validation is more reliable and secure. Input validation can use various methods, such as whitelisting, blacklisting, filtering, escaping, encoding, and sanitizing the input data.

  References:

  70. CompTIA Security+ (SY0-701) Certification Exam Objectives, Domain 3.2, page

  11. Application Security - SY0-601

  CompTIA Security+ : 3.2

• Question 260:

  An accounting clerk sent money to an attacker's bank account after receiving fraudulent instructions to use a new account.

  Which of the following would most likely prevent this activity in the future?

  A. Standardizing security incident reporting
  B. Executing regular phishing campaigns
  C. Implementing insider threat detection measures
  D. Updating processes for sending wire transfers
  D. Updating processes for sending wire transfers

  ---

  Explanation

  Updating the processes for sending wire transfers would most likely prevent this type of activity in the future. This could include implementing additional verification steps, such as requiring multiple levels of approval, verifying new payment instructions through a separate communication channel, or implementing a callback procedure to confirm the authenticity of the instructions.