CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 351:

  A security administrator wants to determine if the company's social engineering training is effective.

  Which of the following should the administrator do to complete this task?

  A. Set up a honeypot.
  B. Send out a survey.
  C. Set up a focus group.
  D. Conduct a phishing campaign.
  D. Conduct a phishing campaign.

  ---

  Explanation

  The best answer is D. Conduct a phishing campaign. To measure whether social engineering awareness training is effective, the best method is to run a simulated phishing campaign. This allows the organization to test employee behavior in a realistic but controlled way. The administrator can track who clicks suspicious links, opens attachments, submits credentials, or reports the email appropriately. This is a practical and measurable way to evaluate training outcomes because it provides real performance data rather than opinions or assumptions. Why the other options are incorrect:

  A. Set up a honeypot.A honeypot is used to attract attackers or detect malicious activity, not to test employee awareness of social engineering.

  B. Send out a survey.A survey may show how confident employees feel, but it does not objectively measure whether they can identify and resist real phishing attempts.

  C. Set up a focus group.A focus group can gather feedback, but it is not the best method for testing actual security behavior. From the SY0-701 perspective, user awareness training effectiveness is best measured through simulated phishing exercises and similar practical assessments.

• Question 352:

  A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices.

  Which of the following vulnerabilities is the organization addressing?

  A. Cross-site scripting
  B. Buffer overflow
  C. Jailbreaking
  D. Side loading
  C. Jailbreaking

  ---

  Explanation

  Jailbreaking is the process of removing the restrictions imposed by the manufacturer or carrier on a mobile device, such as an iPhone or iPad. Jailbreaking allows users to install unauthorized applications, modify system settings, and access root privileges. However, jailbreaking also exposes the device to potential security risks, such as malware, spyware, unauthorized access, data loss, and voided warranty. Therefore, an organization may prohibit employees from jailbreaking their mobile devices to prevent these vulnerabilities and protect the corporate data and network.

  References:

  CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 10: Mobile Device Security, page 507

• Question 353:

  An organization is migrating several SaaS applications that support SSO. The security manager wants to ensure the migration is completed securely.

  Which of the following should the organization consider before implementation?

  (Select TWO).

  A. The back-end directory source
  B. The identity federation protocol
  C. The hashing method
  D. The encryption method
  E. The registration authority
  F. The certificate authority
  B. The identity federation protocol
  F. The certificate authority

  ---

  Explanation

  For a secure SSO migration of SaaS applications, the organization should focus on the identity federation protocol and the certificate authority.

  B is correct because SSO between SaaS applications commonly relies on federation standards such as SAML, OAuth, or OpenID Connect. The organization must confirm which protocol will be used and how trust will be established between the identity provider and service providers.

  F is correct because certificates are used to establish trust in many SSO/federation implementations, especially with SAML. The certificate authority matters because certificate issuance, validation, signing, and trust chains are critical to secure authentication exchanges.

• Question 354:

  Various stakeholders are meeting to discuss their hypothetical roles and responsibilities in a specific situation, such as a security incident or major disaster.

  Which of the following best describes this meeting?

  A. Penetration test
  B. Continuity of operations planning
  C. Tabletop exercise
  D. Simulation
  C. Tabletop exercise

  ---

  Explanation

  A tabletop exercise is a discussion-based exercise where stakeholders gather to walk through the roles and responsibilities they would have during a specific situation, such as a security incident or disaster. This type of exercise is designed to identify gaps in planning and improve coordination among team members without the need for physical execution.

  References:

  CompTIA Security+ SY0-701 study materials, particularly in the domain of security operations and disaster recovery planning.

• Question 355:

  A security analyst scans a company's public network and discovers a host is running a remote desktop that can be used to access the production network.

  Which of the following changes should the security analyst recommend?

  A. Changing the remote desktop port to a non-standard number
  B. Setting up a VPN and placing the jump server inside the firewall
  C. Using a proxy for web connections from the remote desktop server
  D. Connecting the remote server to the domain and increasing the password length
  B. Setting up a VPN and placing the jump server inside the firewall

  ---

  Explanation

  A VPN is a virtual private network that creates a secure tunnel between two or more devices over a public network. A VPN can encrypt and authenticate the data, as well as hide the IP addresses and locations of the devices. A jump server is a server that acts as an intermediary between a user and a target server, such as a production server. A jump server can provide an additional layer of security and access control, as well as logging and auditing capabilities. A firewall is a device or software that filters and blocks unwanted network traffic based on predefined rules. A firewall can protect the internal network from external threats and limit the exposure of sensitive services and ports. A security analyst should recommend setting up a VPN and placing the jump server inside the firewall to improve the security of the remote desktop access to the production network. This way, the remote desktop service will not be exposed to the public network, and only authorized users with VPN credentials can access the jump server and then the production server.

  References:

  CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 8: Secure Protocols and Services, page 382-383 1

  Chapter 9: Network Security, page 441-442

• Question 356:

  Which of the following security concepts is accomplished when granting access after an individual has logged into a computer network?

  A. Authorization
  B. Identification
  C. Non-repudiation
  D. Authentication
  A. Authorization

  ---

  Explanation

  Authorization refers to the process of granting or denying specific rights to a user after verifying their identity through authentication.

  References:

  CompTIA Security+ SY0-701 Study Guide, Domain 1: General Security Concepts, Section:"Authentication, Authorization, and Accounting (AAA)".

• Question 357:

  A recent audit cited a risk involving numerous low-criticality vulnerabilities created by a web application using a third-party library. The development staff state there are still customers using the application even though it is end of life and it would be a substantial burden to update the application for compatibility with more secure libraries.

  Which of the following would be the MOST prudent course of action?

  A. Accept the risk if there is a clear road map for timely decommission
  B. Deny the risk due to the end-of-life status of the application.
  C. Use containerization to segment the application from other applications to eliminate the risk
  D. Outsource the application to a third-party developer group
  A. Accept the risk if there is a clear road map for timely decommission

  ---

  Explanation

  Accept the risk if there is a clear road map for timely decommission.

  The audit found low-criticality vulnerabilities so, from the organization's perspective, it's not an issue that requires immediate attention. If the organization's understands the level of severity of the vulnerabilities and plans to decommission the application when they see fit, then that would be the most prudent(practical) action for them.

  There are still users that are using the application, so there should be time given to notify the users when it is time to decommission the application to minimize disruption.

• Question 358:

  Which of the following would be the greatest concern for a company that is aware of the consequences of non-compliance with government regulations?

  A. Right to be forgotten
  B. Sanctions
  C. External compliance reporting
  D. Attestation
  B. Sanctions

  ---

  Explanation

  Sanctions imposed for non-compliance can include fines, legal actions, and loss of business licenses. These pose a significant financial and reputational risk to organizations.

  References:

  CompTIA Security+ SY0-701 Study Guide, Domain 5: Security Program Management, Section: "Regulatory Compliance Risks".

• Question 359:

  A remote employee navigates to a shopping website on their company-owned computer. The employee clicks a link that contains a malicious file.

  Which of the following would prevent this file from downloading?

  A. DLP
  B. FIM
  C. NAC
  D. EDR
  D. EDR

• Question 360:

  Which of the following is the best resource to consult for information on the most common application exploitation methods?

  A. OWASP
  B. STIX
  C. OVAL
  D. Threat intelligence feed
  E. Common Vulnerabilities and Exposures
  A. OWASP