CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 341:

  A manager receives an email that contains a link to receive a refund. After hovering over the link, the manager notices that the domain's URL points to a suspicious link.

  Which of the following security practices helped the manager to identify the attack?

  A. End user training
  B. Policy review
  C. URL scanning
  D. Plain text email
  A. End user training

  ---

  Explanation

  The security practice that helped the manager identify the suspicious link is end-user training. Training users to recognize phishing attempts and other social engineering attacks, such as hovering over links to check the actual URL, is a critical component of an organization's security awareness program. End user training: Educates employees on how to identify and respond to security threats, including suspicious emails and phishing attempts. Policy review: Ensures that policies are understood and followed but does not directly help in identifying specific attacks.

  URL scanning: Automatically checks URLs for threats, but the manager identified the issue manually.

  Plain text email: Ensures email content is readable without executing scripts, but the identification in this case was due to user awareness.

  References:

  CompTIA Security+ SY0-701 Exam Objectives, Domain 5.6 - Implement security awareness practices (End-user training).

• Question 342:

  Callers speaking a foreign language are using company phone numbers to make unsolicited phone calls lo a partner organization. A security analyst validates through phone system logs that the calls are occurring and the numbers are not being spoofed.

  Which of the following is the most likely explanation?

  A. The executive team is traveling internationally and trying to avoid roaming charges
  B. The company's SIP server security settings are weak.
  C. Disgruntled employees are making calls to the partner organization.
  D. The service provider has assigned multiple companies the same numbers
  B. The company's SIP server security settings are weak.

  ---

  Explanation

  If cadets are using company phone numbers to make unsolicited calls, and the logs confirm the numbers are not being spoofed, it suggests that the SIP (Session Initiation Protocol) server's security settings might be weak. This could allow unauthorized access or exploitation of the company's telephony services, potentially leading to misuse by unauthorized individuals.

  References:

  CompTIA Security+ SY0-701 study materials, especially on SIP security and common vulnerabilities.

• Question 343:

  A bank insists all of its vendors must prevent data loss on stolen laptops.

  Which of the following strategies is the bank requiring?

  A. Encryption at rest
  B. Masking
  C. Data classification
  D. Permission restrictions
  A. Encryption at rest

  ---

  Explanation

  Encryption at rest is a strategy that protects data stored on a device, such as a laptop, by converting it into an unreadable format that can only be accessed with a decryption key or password. Encryption at rest can prevent data loss on stolen laptops by preventing unauthorized access to the data, even if the device is physically compromised. Encryption at rest can also help comply with data privacy regulations and standards that require data protection. Masking, data classification, and permission restrictions are other strategies that can help protect data, but they may not be sufficient or applicable for data stored on laptops. Masking is a technique that obscures sensitive data elements, such as credit card numbers, with random characters or symbols, but it is usually used for data in transit or in use, not at rest. Data classification is a process that assigns labels to data based on its sensitivity and business impact, but it does not protect the data itself. Permission restrictions are rules that define who can access, modify, or delete data, but they may not prevent unauthorized access if the laptop is stolen and the security controls are bypassed.

  References:

  CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 17-18, 372-373

• Question 344:

  Prior to implementing a design change, the change must go through multiple steps to ensure that it does not cause any security issues.

  Which of the following is most likely to be one of those steps?

  A. Board review
  B. Service restart
  C. Backout planning
  D. Maintenance
  C. Backout planning

  ---

  Explanation

  Before implementing a design change, backout planning is crucial to ensure the organization can quickly revert to a stable state if the change causes issues, including security vulnerabilities. Backout planning involves identifying the steps and resources needed to undo the change safely and efficiently, minimizing disruptions and maintaining security.

• Question 345:

  Which of the following explains how organizations benefit from SCAP?

  A. The configurations defined as part of established baselines allow organizations to deploy well-tested security solutions quickly and easily.
  B. The consolidated reporting layout makes it easier for technicians to communicate incident response to senior decision-makers.
  C. The common format for vulnerability scanning and reporting enables greater interoperability between security tools from different vendors.
  D. The strict compliance to international standards reduces overall cost and risk to organizations when a security breach occurs.
  C. The common format for vulnerability scanning and reporting enables greater interoperability between security tools from different vendors.

  ---

  Explanation

  The best answer is C. The common format for vulnerability scanning and reporting enables greater interoperability between security tools from different vendors. SCAP (Security Content Automation Protocol) is a standardized framework that helps security tools use common methods for expressing, measuring, and reporting security issues such as vulnerabilities, misconfigurations, and compliance results. One of its biggest benefits is interoperability across tools from different vendors. Because SCAP uses standardized formats and naming conventions, organizations can more easily: share scan results compare findings across platforms automate vulnerability and compliance checks integrate multiple security products.

  Why the other options are incorrect:

  A. The configurations defined as part of established baselines allow organizations to deploy well-tested security solutions quickly and easily.Baselines are important, but this answer is too general and does not capture the main benefit of SCAP.

  B. The consolidated reporting layout makes it easier for technicians to communicate incident response to senior decision-makers.SCAP is not primarily about incident response reporting to executives.

  D. The strict compliance to international standards reduces overall cost and risk to organizations when a security breach occurs.This is too broad and not the clearest explanation of what SCAP actually provides. From the SY0-701 perspective, SCAP is valuable because it supports standardized vulnerability and configuration assessment and improves tool interoperability. Therefore, C is the correct answer.

• Question 346:

  Which of the following is the best security reason for closing service ports that are not needed?

  A. To mitigate risks associated with unencrypted traffic
  B. To eliminate false positives from a vulnerability scan
  C. To reduce a system's attack surface
  D. To improve a system's resource utilization
  C. To reduce a system's attack surface

  ---

  Explanation

  Closing unnecessary service ports is a critical security measure because it helps to reduce the system's attack surface. Each open port represents a potential entry point for attackers, and if a service is not needed, keeping the associated port open unnecessarily increases the risk of exploitation. By closing unused ports, you minimize the number of possible attack vectors, making it harder for attackers to compromise the system.

• Question 347:

  An employee decides to collect PII data from the company's system for personal use. The employee compresses the data into a single encrypted file before sending the file to their personal email. The security department becomes aware of the attempted misuse and blocks the attachment from leaving the corporate environment.

  Which of the following types of employee training would most likely reduce the occurrence of this type of issue?

  A. Privacy legislation
  B. Social engineering
  C. Risk management
  D. Company compliance
  E. Phishing
  F. Remote work
  A. Privacy legislation
  D. Company compliance

• Question 348:

  Which of the following is a risk of conducting a vulnerability assessment?

  A. A disruption of business operations
  B. Unauthorized access to the system
  C. Reports of false positives
  D. Finding security gaps in the system
  A. A disruption of business operations

  ---

  Explanation

  During a vulnerability assessment, scanning or testing can sometimes interfere with normal system operations, potentially leading to slowdowns, unresponsiveness, or even outages. This can disrupt business operations, especially if the assessment is run on production systems without adequate precautions or scheduling during low-impact times.

• Question 349:

  Which of the following makes Infrastructure as Code (IaC) a preferred security architecture over traditional infrastructure models?

  A. Common attacks are less likely to be effective.
  B. Configuration can be better managed and replicated.
  C. Outsourcing to a third party with more expertise in network defense is possible.
  D. Optimization can occur across a number of computing instances.
  B. Configuration can be better managed and replicated.

• Question 350:

  Which of the following cryptographic solutions protects data at rest?

  A. Digital signatures
  B. Full disk encryption
  C. Private key
  D. Steganography
  B. Full disk encryption

  ---

  Explanation

  Full disk encryption (FDE) secures data at rest by encrypting the entire storage drive, ensuring that data is protected when the system is powered off or if the drive is accessed without authorization. This approach is commonly used to protect sensitive data stored on devices like laptops, servers, and storage media.