CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 281:

  During a penetration test in a hypervisor, the security engineer is able to inject a malicious payload and access the host filesystem.

  Which of the following best describes this vulnerability?

  A. VM escape
  B. Cross-site scripting
  C. Malicious update
  D. SQL injection
  A. VM escape

• Question 282:

  A network engineer is increasing the overall security of network devices and needs to harden the devices.

  Which of the following will best accomplish this task?

  A. Con guring centralized logging
  B. Generating local administrator accounts
  C. Replacing Telnet with SSH
  D. Enabling HTTP administration
  C. Replacing Telnet with SSH

• Question 283:

  Which of the following best explains the use of a policy engine in a Zero Trust environment?

  A. It is used by a central server to apply default permissions across a range of network and computing resources.
  B. It is used to make access control decisions without inheriting permission decisions from prior events.
  C. It is used to dynamically assign user permissions based on a user ' s identity and previous activity.
  D. It is used when user roles are unknown and the organization wants to leverage ML to control access.
  B. It is used to make access control decisions without inheriting permission decisions from prior events.

  ---

  Explanation

  The best answer is B. It is used to make access control decisions without inheriting permission decisions from prior events. In a Zero Trust environment, the core principle is never trust, always verify. A policy engine evaluates each access request using current context and defined security policies. Access is not automatically granted simply because a user or device was previously authenticated or allowed access earlier. This means decisions are made continuously and based on factors such as: user identity device posture location requested resource risk level session context.

  The phrase "without inheriting permission decisions from prior events" best reflects the Zero Trust concept that trust is not assumed or permanently granted. Why the other options are incorrect:

  A. It is used by a central server to apply default permissions across a range of network and computing resources.This sounds more like centralized administration, but it does not capture the dynamic, context-based access decision-making of a Zero Trust policy engine.

  C. It is used to dynamically assign user permissions based on a user ' s identity and previous activity. This is close, but the wording emphasizes previous activity, whereas Zero Trust focuses on real-time evaluation of current conditions rather than inherited trust.

  D. It is used when user roles are unknown and the organization wants to leverage ML to control access. Machine learning may support analytics, but this is not the main purpose of a Zero Trust policy engine. From the SY0-701 perspective, a policy engine is central to making explicit, context-aware access decisions for every request, which is best captured by

  B.

• Question 284:

  A security team wants to work with the development team to ensure WAF policies are automatically created when applications are deployed.

  Which concept describes this capability?

  A. IaC
  B. IoT
  C. IoC
  D. IaaS
  A. IaC

  ---

  Explanation

  The ability to automatically generate WAF (Web Application Firewall) policies during application deployment is a characteristic of Infrastructure as Code (IaC). IaC allows infrastructure components-such as firewalls, WAF policies, load balancers, and security groups-to be defined, version-controlled, and deployed programmatically.

  According to Security+ SY0-701, IaC enhances DevSecOps workflows by embedding security controls directly into deployment pipelines, ensuring consistent, repeatable, and automated application protection. This reduces human error, eliminates configuration drift, and ensures that every new application instance is deployed with the correct WAF rules already in place.

  IoT (B) involves connected devices.

  IoC (C) refers to Indicators of Compromise.

  IaaS (D) provides cloud infrastructure but does not itself automate security policy generation.

  Thus, A: IaC is the correct concept enabling automated WAF policy creation.

• Question 285:

  An employee recently resigned from a company. The employee was responsible for managing and supporting weekly batch jobs over the past five years. A few weeks after the employee resigned. one of the batch jobs talked and caused a major disruption.

  Which of the following would work best to prevent this type of incident from reoccurring?

  A. Job rotation
  B. Retention
  C. Outsourcing
  D. Separation of duties
  A. Job rotation

  ---

  Explanation

  Job rotation is a security control that involves regularly moving employees to different roles within an organization. This practice helps prevent incidents where a single employee has too much control or knowledge about a specific job function, reducing the risk of disruption when an employee leaves. It also helps in identifying any hidden issues or undocumented processes that could cause problems after an employee ' s departure.

  References:

  CompTIA Security+ SY0-701 Course Content: Domain 5: Security Program Management and Oversight, which includes job rotation as a method to ensure business continuity and reduce risks.

• Question 286:

  A help desk employee receives a call from someone impersonating the Chief Executive Officer. The caller asks for assistance with resetting a password.

  Which of the following best describes this event?

  A. Vishing
  B. Hacktivism
  C. Blackmail
  D. Misinformation
  A. Vishing

  ---

  Explanation

  Vishing (voice phishing) is a social engineering attack conducted over the phone. In this scenario, the attacker impersonates the CEO to manipulate the help desk employee into resetting a password, which is a classic example of a vishing attempt.

• Question 287:

  Which of the following provides resilience by hosting critical VMs within different IaaS providers while being maintained by internal application owners?

  A. Multicloud architectures
  B. SaaS provider diversity
  C. On-premises server load balancing
  D. Corporate-owned, off-site locations
  A. Multicloud architectures

• Question 288:

  After reviewing the following vulnerability scanning report:

  

  A security analyst performs the following test:

  

  Which of the following would the security analyst conclude for this reported vulnerability?

  A. It is a false positive.
  B. A rescan is required.
  C. It is considered noise.
  D. Compensating controls exist.
  A. It is a false positive.

  ---

  Explanation

  A false positive is a result that indicates a vulnerability or a problem when there is none. In this case, the vulnerability scanning report shows that the telnet service on port 23 is open and uses an insecure network protocol. However, the security analyst performs a test using nmap and a script that checks for telnet encryption support. The result shows that the telnet server supports encryption, which means that the data transmitted between the client and the server can be protected from eavesdropping. Therefore, the reported vulnerability is a false positive and does not reflect the actual security posture of the server. The security analyst should verify the encryption settings of the telnet server and client and ensure that they are configured properly.

  References:

  3: Telnet Protocol - Can You Encrypt Telnet?

• Question 289:

  A security manager is implementing MFA and patch management.

  Which of the following would best describe the control type and category?

  (Select two).

  A. Physical
  B. Managerial
  C. Detective
  D. Administrator
  E. Preventative
  F. Technical
  E. Preventative
  F. Technical

  ---

  Explanation

  Multi-Factor Authentication (MFA) and patch management are both examples of preventative and technical controls. MFA prevents unauthorized access by requiring multiple forms of verification, and patch management ensures that systems are protected against vulnerabilities by applying updates. Both of these controls are implemented using technical methods, and they work to prevent security incidents before they occur.

  References:

  1: General Security Concepts, and Domain

  4: Identity and Access Management, which cover the implementation of preventative and technical controls.

• Question 290:

  Which of the following best describes the concept of information being stored outside of its country of origin while still being subject to the laws and requirements of the country of origin?

  A. Data sovereignty
  B. Geolocation
  C. Intellectual property
  D. Geographic restrictions
  A. Data sovereignty

  ---

  Explanation

  Data sovereignty refers to the principle that data stored in another country remains subject to the originating country's laws. This is a common concern in cloud computing.

  References:

  CompTIA Security+ SY0-701 Study Guide, Domain 3: Security Architecture, Section: "Data Sovereignty and Regulatory Compliance".