CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 321:

  A user, who is waiting for a flight at an airport, logs in to the airline website using the public Wi-Fi, ignores a security warning and purchases an upgraded seat. When the flight lands, the user finds unauthorized credit card charges.

  Which of the following attacks most likely occurred?

  A. Replay attack
  B. Memory leak
  C. Buffer overflow attack
  D. On-path attack
  D. On-path attack

• Question 322:

  An organization recently started hosting a new service that customers access through a web portal. A security engineer needs to add to the existing security devices a new solution to protect this new service.

  Which of the following is the engineer most likely to deploy?

  A. Layer 4 firewall
  B. NGFW
  C. WAF
  D. UTM
  C. WAF

  ---

  Explanation

  The security engineer is likely to deploy a Web Application Firewall (WAF) to protect the new web portal service. A WAF specifically protects web applications by filtering, monitoring, and blocking HTTP requests based on a set of rules. This is crucial for preventing common attacks such as SQL injection, cross-site scripting (XSS), and other web-based attacks that could compromise the web service. Layer 4 firewall operates primarily at the transport layer, focusing on IP address and port filtering, making it unsuitable for web application-specific threats. NGFW (Next-Generation Firewall) provides more advanced filtering than traditional firewalls, including layer 7 inspection, but the WAF is tailored specifically for web traffic.

  UTM (Unified Threat Management) offers a suite of security tools in one package (like antivirus, firewall, and content filtering), but for web application-specific protection, a WAF is the best fit.

• Question 323:

  An organization wants to deploy software in a container environment to increase security.

  Which of the following would limit the organization's ability to achieve this goal?

  A. Regulatory compliance
  B. Patch availability
  C. Kernel version
  D. Monolithic code
  D. Monolithic code

  ---

  Explanation

  A monolithic codebase can limit the deployment of software in a container environment because containers are designed to run lightweight, modular, and independent services. Monolithic applications are large, tightly coupled, and difficult to break into smaller components, which conflicts with the principles of containerization. This makes it harder to achieve the scalability, security, and isolation benefits of containers.

• Question 324:

  An organization needs to monitor its users' activities to prevent insider threats.

  Which of the following solutions would help the organization achieve this goal?

  A. Behavioral analytics
  B. Access control lists
  C. Identity and access management
  D. Network intrusion detection system
  A. Behavioral analytics

  ---

  Explanation

  Behavioral analytics tools monitor user actions and detect anomalies that may indicate insider threats, such as unauthorized access or unusual data exfiltration activities. These tools establish baselines for normal behavior and flag deviations.

  References:

  CompTIA Security+ SY0-701 Study Guide, Domain 4: Security Operations, Section: "Behavioral Analytics and Monitoring".

• Question 325:

  A systems administrator uses deception techniques to help detect and study attacks within a network. The administrator deploys a document filled with fake passwords and customer payment information.

  Which of the following techniques is the administrator using?

  A. Honeytoken
  B. Honeypot
  C. Honeyfile
  D. Honeynet
  C. Honeyfile

  ---

  Explanation

  The best answer is C. Honeyfile.

  A honeyfile is a decoy file that is intentionally placed where an attacker might discover and open it. It often contains fake but tempting information, such as passwords, payment data, or confidential records. If someone accesses, copies, or opens the file, that activity can alert defenders to suspicious behavior. This question specifically describes a document filled with fake passwords and customer payment information. Because the decoy is a file or document, honeyfile is the most precise answer. Why the other options are incorrect:

  A. HoneytokenA honeytoken is a broader term for fake digital data used to detect unauthorized access, such as fake credentials, database entries, or API keys. A honeyfile can be considered a type of honeytoken, but since the question specifically mentions a document, honeyfile is the better answer.

  B. HoneypotA honeypot is a decoy system or service designed to attract attackers, not just a single document.

  D. HoneynetA honeynet is an entire network of decoy systems used for detection and research. From a Security+ perspective, deception technologies include honeyfiles, honeytokens, honeypots, and honeynets. Since the item deployed is a document, C is the best answer.

• Question 326:

  A security administrator observed the following in a web server log while investigating an incident:

  "GET ../../../../etc/passwd"

  Which of the following attacks did the security administrator most likely see?

  A. Privilege escalation
  B. Credential replay
  C. Brute force
  D. Directory traversal
  D. Directory traversal

  ---

  Explanation

  The log entry GET ../../../../etc/passwd indicates a directory traversal attack. Directory traversal is an attack technique that attempts to access files and directories outside the web server's root directory by using sequences like ../ to move up the directory tree. In this case, the attacker is attempting to reach the /etc/passwd file, which typically contains user account information on Unix-based systems. This type of attack can allow unauthorized access to sensitive files on the server.

• Question 327:

  A threat actor was able to use a username and password to log in to a stolen company mobile device.

  Which of the following provides the best solution to increase mobile data security on all employees' company mobile devices?

  A. Application management
  B. Full disk encryption
  C. Remote wipe
  D. Containerization
  C. Remote wipe

• Question 328:

  According to various privacy rules and regulations, users have the power to request that all data pertaining to them is deleted. This is known as:

  A. Right to be forgotten
  B. Attestation and acknowledgement
  C. Data retention
  D. Information deletion
  A. Right to be forgotten

• Question 329:

  A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations.

  Which of the following should the hosting provider consider first?

  A. Local data protection regulations
  B. Risks from hackers residing in other countries
  C. Impacts to existing contractual obligations
  D. Time zone differences in log correlation
  A. Local data protection regulations

  ---

  Explanation

  Local data protection regulations are the first thing that a cloud-hosting provider should consider before expanding its data centers to new international locations. Data protection regulations are laws or standards that govern how personal or sensitive data is collected, stored, processed, and transferred across borders. Different countries or regions may have different data protection regulations, such as the General Data Protection Regulation (GDPR) in the European Union, the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, or the California Consumer Privacy Act (CCPA) in the United States. A cloud-hosting provider must comply with the local data protection regulations of the countries or regions where it operates or serves customers, or else it may face legal penalties, fines, or reputational damage. Therefore, a cloud-hosting provider should research and understand the local data protection regulations of the new international locations before expanding its data centers there.

  References:

  CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 7, page 269. CompTIA Security+ SY0-701 Exam Objectives, Domain 5.1, page 14.

• Question 330:

  An organization purchased a critical business application containing sensitive data. The organization would like to ensure that the application is not exploited by common data exfiltration attacks.

  Which of the following approaches would best help to fulfill this requirement?

  A. URL scanning
  B. WAF
  C. Reverse proxy
  D. NAC
  B. WAF

  ---

  Explanation

  A Web Application Firewall (WAF) is specifically designed to protect web applications by filtering and monitoring HTTP traffic. It helps prevent common data exfiltration attacks, such as SQL injection, cross-site scripting (XSS), and other web-based threats, by inspecting incoming traffic and blocking malicious requests. A WAF would be an effective choice for safeguarding the sensitive data in the application and ensuring it is not exploited by attackers attempting data exfiltration.