CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 271:

  A customer has a contract with a CSP and wants to identify which controls should be implemented in the IaaS enclave.

  Which of the following is most likely to contain this information?

  A. Statement of work
  B. Responsibility matrix
  C. Service-level agreement
  D. Master service agreement
  B. Responsibility matrix

  ---

  Explanation

  A responsibility matrix clarifies the division of responsibilities between the cloud service provider (CSP) and the customer, ensuring that each party understands and implements their respective security controls.

  References:

  Security+ SY0-701 Course Content.

• Question 272:

  Which of the following is the best way to remove personal data from a social media account that is no longer being used?

  A. Exercise the right to be forgotten
  B. Uninstall the social media application
  C. Perform a factory reset
  D. Terminate the social media account
  A. Exercise the right to be forgotten

• Question 273:

  Which of the following data types best describes an AI tool developed by a company to automate the ticketing system under a specific contract?

  A. Classified
  B. Regulated information
  C. Open source
  D. Intellectual property
  D. Intellectual property

• Question 274:

  A security analyst finds a rogue device during a monthly audit of current endpoint assets that are connected to the network. The corporate network utilizes 802.1 X for access control. To be allowed on the network, a device must have a known hardware address, and a valid username and password must be entered in a captive portal. The following is the audit report:

  

  Which of the following is the most likely way a rogue device was allowed to connect?

  A. A user performed a MAC cloning attack with a personal device.
  B. A DHCP failure caused an incorrect IP address to be distributed.
  C. An administrator bypassed the security controls for testing.
  D. DNS hijacking let an attacker intercept the captive portal traffic.
  A. A user performed a MAC cloning attack with a personal device.

  ---

  Explanation

  The audit report shows a suspicious device named WIN10 using user3 and a hardware address that closely matches an existing authorized device, which strongly suggests MAC cloning. Since access requires a known hardware address plus valid credentials in the captive portal, an attacker could have used a personal device, spoofed a permitted MAC address, and authenticated with stolen or reused user credentials. The other choices do not explain how a rogue endpoint would satisfy both access-control requirements and appear as an allowed device on the network.

• Question 275:

  Alerts from email protection systems and MSSPs must be entered into an IT service management system and assigned to the security team.

  Which of the following should an organization implement to enable this functionality?

  A. Automated compliance monitoring
  B. Automated ticket creation
  C. Automated vulnerability scans
  D. Automated indicator sharing
  B. Automated ticket creation

  ---

  Explanation

  The best answer is B. Automated ticket creation. The requirement is to take alerts from email protection systems and MSSPs and ensure they are entered into an IT service management system and assigned to the security team. That function is best achieved through automated ticket creation, which generates incidents or service tickets based on incoming alerts and routes them to the appropriate group. This improves consistency, response time, and tracking of security events. Why the other options are incorrect:

  A. Automated compliance monitoringThis focuses on compliance status, not routing alerts into an ITSM workflow.

  C. Automated vulnerability scansVulnerability scanning identifies weaknesses, but it does not create or assign incident tickets from security alerts.

  D. Automated indicator sharingIndicator sharing helps distribute threat intelligence, but it does not directly create and assign IT service tickets. From a Security+ viewpoint, integrating alert sources with response workflows commonly involves ticketing automation, so B is correct.

• Question 276:

  A systems administrator notices that a testing system is down. While investigating, the systems administrator finds that the servers are online and accessible from any device on the server network. The administrator reviews the following information from the monitoring system:

  

  Which of the following is the most likely cause of the outage?

  A. Denial of service
  B. ARP poisoning
  C. Jamming
  D. Kerberoasting
  D. Kerberoasting

• Question 277:

  An organization has hired a red team to simulate attacks on its security posture.

  Which of the following will the blue team do after detecting an IoC?

  A. Reimage the impacted workstations
  B. Activate runbooks for incident response
  C. Conduct forensics on the compromised system
  D. Conduct passive reconnaissance to gather information
  B. Activate runbooks for incident response

  ---

  Explanation

  The blue team is responsible for detecting, responding to, and containing attacks. After identifying an IoC, the most appropriate next step is to activate incident response runbooks so the team can follow established response procedures.

  Reimaging and forensics may happen later depending on the situation, while passive reconnaissance is typically associated with pre-attack information gathering, not blue team response.

• Question 278:

  An organization requests a third-party full-spectrum analysis of its supply chain.

  Which of the following would the analysis team use to meet this requirement?

  A. Vulnerability scanner
  B. Penetration test
  C. SCAP
  D. Illumination tool
  D. Illumination tool

• Question 279:

  Which of the following automation use cases would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company?

  A. Provisioning resources
  B. Disabling access
  C. Reviewing change approvals
  D. Escalating permission requests
  B. Disabling access

  ---

  Explanation

  Disabling access is an automation use case that would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company. Disabling access is the process of revoking or suspending the access rights of a user account, such as login credentials, email, VPN, cloud services, etc. Disabling access can prevent unauthorized or malicious use of the account by former employees or attackers who may have compromised the account. Disabling access can also reduce the attack surface and the risk of data breaches or leaks. Disabling access can be automated by using scripts, tools, or workflows that can trigger the action based on predefined events, such as employee termination, resignation, or transfer. Automation can ensure that the access is disabled in a timely, consistent, and efficient manner, without relying on manual intervention or human error.

  References:

  5: Identity and Access Management, page 2131. CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter

  5: Identity and Access Management, page 2132.

• Question 280:

  A security administrator is hardening corporate systems and applying appropriate mitigations by consulting a real-world knowledge base for adversary behavior.

  Which of the following would be best for the administrator to reference?

  A. MITRE ATT&CK
  B. CSIRT
  C. CVSS
  D. SOAR
  A. MITRE ATT&CK