CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 331:

  Which of the following best describe why a process would require a two-person integrity security control?

  A. To Increase the chance that the activity will be completed in half of the time the process would take only one user to complete
  B. To permit two users from another department to observe the activity that is being performed by an authorized user
  C. To reduce the risk that the procedures are performed incorrectly or by an unauthorized user
  D. To allow one person to perform the activity while being recorded on the CCTV camera
  C. To reduce the risk that the procedures are performed incorrectly or by an unauthorized user

  ---

  Explanation

  A two-person integrity security control is implemented to minimize the risk of errors or unauthorized actions. This control ensures that at least two individuals are involved in critical operations, which helps to verify the accuracy of the process and prevents unauthorized users from acting alone. It's a security measure commonly used in sensitive operations, like financial transactions or access to critical systems, to ensure accountability and accuracy.

  References:

  CompTIA Security+ SY0-701 Course Content: Domain 05 Security Program Management and Oversight.

  CompTIA Security+ SY0-601 Study Guide: Chapter on Security Operations and Management.

• Question 332:

  Which of the following is a reason why a forensic specialist would create a plan to preserve data after an modem and prioritize the sequence for performing forensic analysis?

  A. Order of volatility
  B. Preservation of event logs
  C. Chain of custody
  D. Compliance with legal hold
  A. Order of volatility

  ---

  Explanation

  When conducting a forensic analysis after an incident, it's essential to prioritize the data collection process based on the "order of volatility." This principle dictates that more volatile data (e.g., data in memory, network connections) should be captured before less volatile data (e.g., disk drives, logs). The idea is to preserve the most transient and potentially valuable evidence first, as it is more likely to be lost or altered quickly.

  References:

  CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations. CompTIA Security+ SY0-601 Study Guide: Chapter on Digital Forensics.

• Question 333:

  A company is developing a critical system for the government and storing project information on a fileshare.

  Which of the following describes how this data will most likely be classified?

  (Select two).

  A. Private
  B. Confidential
  C. Public
  D. Operational
  E. Urgent
  F. Restricted
  B. Confidential
  F. Restricted

  ---

  Explanation

  Data classification is the process of assigning labels to data based on its sensitivity and business impact. Different organizations and sectors may have different data classification schemes, but a common one is the following:

  Public: Data that can be freely disclosed to anyone without any harm or risk.

  Private: Data that is intended for internal use only and may cause some harm or risk if disclosed.

  Confidential: Data that is intended for authorized use only and may cause significant harm or risk if disclosed.

  Restricted: Data that is intended for very limited use only and may cause severe harm or risk if disclosed.

  In this scenario, the company is developing a critical system for the government and storing project information on a fileshare. This data is likely to be classified as confidential and restricted, because it is not meant for public or private use, and it may cause serious damage to national security or public safety if disclosed. The government may also have specific requirements or regulations for handling such data, such as encryption, access control, and auditing.

  References:

  1: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 16-17

  2: Data Classification Practices: Final Project Description Released

• Question 334:

  A Chief Information Security Officer (CISO) has developed information security policies that relate to the software development methodology.

  Which of the following would the CISO most likely include in the organization's documentation?

  A. Peer review requirements
  B. Multifactor authentication
  C. Branch protection tests
  D. Secrets management configurations
  A. Peer review requirements

• Question 335:

  A company is aware of a given security risk related to a specific market segment. The business chooses not to accept responsibility and target their services to a different market segment.

  Which of the following describes this risk management strategy?

  A. Exemption
  B. Exception
  C. Avoid
  D. Transfer
  C. Avoid

  ---

  Explanation

  Avoidance involves choosing not to engage in activities or markets where certain risks are present. This is a proactive approach to risk management.

  References:

  CompTIA Security+ SY0-701 Study Guide, Domain 5: Security Program Management, Section: "Risk Management Strategies".

• Question 336:

  A company needs to provide administrative access to internal resources while minimizing the traffic allowed through the security boundary.

  Which of the following methods is most secure?

  A. Implementing a bastion host
  B. Deploying a perimeter network
  C. Installing a WAF
  D. Utilizing single sign-on
  A. Implementing a bastion host

  ---

  Explanation

  A bastion host is a special-purpose server that is designed to withstand attacks and provide secure access to internal resources. A bastion host is usually placed on the edge of a network, acting as a gateway or proxy to the internal network.

  A bastion host can be configured to allow only certain types of traffic, such as SSH or HTTP, and block all other traffic. A bastion host can also run security software such as firewalls, intrusion detection systems, and antivirus programs to monitor and filter incoming and outgoing traffic. A bastion host can provide administrative access to internal resources by requiring strong authentication and encryption, and by logging all activities for auditing purposes. A bastion host is the most secure method among the given options because it minimizes the traffic allowed through the security boundary and provides a single point of control and defense. A bastion host can also isolate the internal network from direct exposure to the internet or other untrusted networks, reducing the attack surface and the risk of compromise.

  Deploying a perimeter network is not the correct answer, because a perimeter network is a network segment that separates the internal network from the external network. A perimeter network usually hosts public-facing services such as web servers, email servers, or DNS servers that need to be accessible from the internet. A perimeter network does not provide administrative access to internal resources, but rather protects them from unauthorized access. A perimeter network can also increase the complexity and cost of network management and security.

  Installing a WAF is not the correct answer, because a WAF is a security tool that protects web applications from common web-based attacks by monitoring, filtering, and blocking HTTP traffic. A WAF can prevent attacks such as cross-site scripting, SQL injection, or file inclusion, among others. A WAF does not provide administrative access to internal resources, but rather protects them from web application vulnerabilities. A WAF is also not a comprehensive solution for network security, as it only operates at the application layer and does not protect against other types of attacks or threats. Utilizing single sign-on is not the correct answer, because single sign-on is a method of authentication that allows users to access multiple sites, services, or applications with one username and password. Single sign-on can simplify the sign-in process for users and reduce the number of passwords they have to remember and manage. Single sign-on does not provide administrative access to internal resources, but rather enables access to various resources that the user is authorized to use. Single sign-on can also introduce security risks if the user's credentials are compromised or if the single sign-on provider is breached.

  References:

  1: Bastion host - Wikipedia,

  2: 14 Best Practices to Secure SSH Bastion Host - goteleport.com,

  3: The Importance Of Bastion Hosts In Network Security,

  4: What is the network perimeter? | Cloudflare,

  5: What is a WAF? | Web Application Firewall explained,

  6: [What is single sign-on (SSO)? - Definition from WhatIs.com]

• Question 337:

  A financial institution would like to store its customer data in a cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds.

  Which of the following cryptographic techniques would best meet the requirement?

  A. Asymmetric
  B. Symmetric
  C. Homomorphic
  D. Ephemeral
  C. Homomorphic

  ---

  Explanation

  Homomorphic encryption allows data to be encrypted and manipulated without needing to decrypt it first. This cryptographic technique would allow the financial institution to store customer data securely in the cloud while still permitting operations like searching and calculations to be performed on the encrypted data. This ensures that the cloud service provider cannot decipher the sensitive data, meeting the institution's security requirements.

  References:

  CompTIA Security+ SY0-701 Course Content: Domain 03 Security Architecture. CompTIA Security+ SY0-601 Study Guide: Chapter on Cryptographic Techniques.

• Question 338:

  Which of the following best describes why the SMS OTP authentication method is more risky to implement than the TOTP method?

  A. The SMS OTP method requires an end user to have an active mobile telephone service and SIM card.
  B. Generally. SMS OTP codes are valid for up to 15 minutes while the TOTP time frame is 30 to 60 seconds
  C. The SMS OTP is more likely to be intercepted and lead to unauthorized disclosure of the code than the TOTP method.
  D. The algorithm used to generate on SMS OTP code is weaker than the one used to generate a TOTP code
  C. The SMS OTP is more likely to be intercepted and lead to unauthorized disclosure of the code than the TOTP method.

  ---

  Explanation

  The SMS OTP (One-Time Password) method is more vulnerable to interception compared to TOTP (Time-based One-Time Password) because SMS messages can be intercepted through various attack vectors like SIM swapping or SMS phishing. TOTP, on the other hand, generates codes directly on the device and does not rely on a communication channel like SMS, making it less susceptible to interception.

  References:

  CompTIA Security+ SY0-701 study materials, particularly in the domain of identity and access management.

• Question 339:

  A government official receives a blank envelope containing photos and a note instructing the official to wire a large sum of money by midnight to prevent the photos from being leaked on the internet.

  Which of the following best describes the threat actor's intent?

  A. Organized crime
  B. Philosophical beliefs
  C. Espionage
  D. Blackmail
  D. Blackmail

  ---

  Explanation

  The threat actor's intent in this scenario is best described as blackmail. The official is being threatened with the release of compromising photos unless a large sum of money is paid, which is a classic form of blackmail. The attacker is using the threat of exposing sensitive information to coerce the official into making a payment.

• Question 340:

  Which of the following is a vulnerability concern for end-of-life hardware?

  A. Failure to follow hardware disposal procedures could result in unintended data release.
  B. The supply chain may not have replacement hardware.
  C. Newly released software may require computing resources not available on legacy hardware.
  D. The vendor may stop providing patches and updates.
  D. The vendor may stop providing patches and updates.

  ---

  Explanation

  The most significant vulnerability concern for end-of-life (EOL) hardware is that vendors stop providing patches and updates. CompTIA Security+ SY0-701 highlights that unsupported hardware and software no longer receive security fixes, leaving known vulnerabilities permanently unpatched. This creates an expanding attack surface that adversaries can easily exploit.

  Once hardware reaches EOL status, newly discovered vulnerabilities will remain unaddressed, increasing the likelihood of compromise. This is especially dangerous for systems exposed to networks or handling sensitive data, where exploitation can lead to data breaches, lateral movement, or service disruption.

  Option A relates to disposal risks, not active vulnerabilities.

  Option B is a logistical issue, not a security vulnerability.

  Option C is a compatibility concern, not a direct vulnerability.

  Because unpatched systems are inherently vulnerable and cannot be secured through updates, the correct answer is D: The vendor may stop providing patches and updates.