CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 361:

  Which of the following objectives is best achieved by a tabletop exercise?

  A. Familiarizing participants with the incident response process
  B. Deciding red and blue team rules of engagement
  C. Quickly determining the impact of an actual security breach
  D. Conducting multiple security investigations in parallel
  A. Familiarizing participants with the incident response process

  ---

  Explanation

  A tabletop exercise is a discussion-based exercise where participants walk through different scenarios to better understand and familiarize themselves with the incident response process. This type of exercise allows teams to review roles, procedures, and potential responses to various incidents in a low-stress environment, enhancing preparedness and coordination.

• Question 362:

  Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?

  A. To track the status of patching installations
  B. To find shadow IT cloud deployments
  C. To continuously the monitor hardware inventory
  D. To hunt for active attackers in the network
  A. To track the status of patching installations

  ---

  Explanation

  Running daily vulnerability scans on all corporate endpoints is primarily done to track the status of patching installations. These scans help identify any missing security patches or vulnerabilities that could be exploited by attackers. Keeping the endpoints up-to-date with the latest patches is critical for maintaining security. Finding shadow IT cloud deployments and monitoring hardware inventory are better achieved through other tools.

  Hunting for active attackers would typically involve more real-time threat detection methods than daily vulnerability scans.

• Question 363:

  A penetration tester is testing the security of a building's alarm system.

  Which type of penetration test is being conducted?

  A. Physical
  B. Defensive
  C. Integrated
  D. Continuous
  A. Physical

  ---

  Explanation

  Testing the security of a building's alarm system falls under physical penetration testing. According to Security+ SY0-701, physical penetration tests evaluate the effectiveness of physical security controls such as locks, alarms, cameras, sensors, badge readers, and access control points. These tests simulate real-world attempts to bypass or disable physical protections. Defensive testing (B) refers to defensive security operations, not pen testing scope. Integrated testing (C) relates to combined system evaluations but is not a standard pen testing category. Continuous testing (D) refers to ongoing automated tests, not physical alarm evaluation.

  Thus, the correct answer is A: Physical.

• Question 364:

  The security team has been asked to only enable host A (10.2.2.7) and host B (10.3.9.9) to the new isolated network segment (10.9.8.14) that provides access to legacy devices.

  Access from all other hosts should be blocked.

  Which of the following entries would need to be added on the firewall?

  

  A. Option A
  B. Option B
  C. Option C
  D. Option D
  C. Option C

  ---

  Explanation

  Permit 10.2.2.7/32 to 10.9.8.14/27: This rule allows host A (10.2.2.7) specific access to the isolated network (10.9.8.14/27). Permit 10.3.9.9/32 to 10.9.8.14/27: This rule allows host B (10.3.9.9) specific access to the isolated network

  (10.9.8.14/27).

  Deny 0.0.0.0/0 to 10.9.8.14/27: This rule blocks access from all other IPs to the isolated network (10.9.8.14/27).

• Question 365:

  Several customers want an organization to verify its security controls are operating effectively and have requested an independent opinion.

  Which of the following is the most efficient way to address these requests?

  A. Hire a vendor to perform a penetration test
  B. Perform an annual self-assessment.
  C. Allow each client the right to audit
  D. Provide a third-party attestation report
  D. Provide a third-party attestation report

  ---

  Explanation

  A third-party attestation report, such as a SOC 2 report, is an independent assessment of the organization's security controls conducted by an external auditor. This report provides clients with the assurance they need without requiring each client to conduct their own audit or the organization to perform separate assessments, making it both efficient and credible.

• Question 366:

  An IT security team is concerned about the confidentiality of documents left unattended in MFPs.

  Which of the following should the security team do to mitigate the situation?

  A. Educate users about the importance of paper shredder devices.
  B. Deploy an authentication factor that requires ln-person action before printing.
  C. Install a software client m every computer authorized to use the MFPs.
  D. Update the management software to utilize encryption.
  B. Deploy an authentication factor that requires ln-person action before printing.

  ---

  Explanation

  To mitigate the risk of confidential documents being left unattended in Multi-Function Printers (MFPs), implementing an authentication factor that requires in-person action before printing (such as PIN codes or badge scanning) is the most effective measure. This ensures that documents are only printed when the authorized user is present to collect them, reducing the risk of sensitive information being exposed.

  References:

  CompTIA Security+ SY0-701 study materials, particularly in the domain of physical security and access control.

• Question 367:

  A vendor salesperson is a personal friend of a company's Chief Financial Officer (CFO). The company recently made a large purchase from the vendor, which was directly approved by the CFO.

  Which of the following best describes this situation?

  A. Rules of engagement
  B. Conflict of interest
  C. Due diligence
  D. Contractual impact
  E. Reputational damage
  B. Conflict of interest

• Question 368:

  During a recent log review, an analyst discovers evidence of successful injection attacks.

  Which of the following will best address this issue?

  A. Authentication
  B. Secure cookies
  C. Static code analysis
  D. Input validation
  D. Input validation

  ---

  Explanation

  Input validation is the primary defense against injection attacks, such as SQL injection or command injection. It ensures that user-supplied data is properly sanitized before processing, preventing attackers from injecting malicious code.

  Authentication (A) helps verify user identity but does not prevent injection attacks.

  Secure cookies (B) improve session security but do not address injection vulnerabilities.

  Static code analysis (C) helps identify vulnerabilities in source code but does not actively prevent attacks in real-time.

  References:

  CompTIA Security+ SY0-701 Official Study Guide, Threats, Vulnerabilities, and Mitigations domain.

• Question 369:

  Which of the following security program audits includes a comprehensive evaluation of the security controls in place at an organization over a six-to 12-month time period?

  A. NIST CSF
  B. SOC 2 Type II
  C. ISO 27001
  D. PCI DSS
  B. SOC 2 Type II

• Question 370:

  Which of the following security controls are a company implementing by deploying HIPS? (Select two).

  A. Directive
  B. Preventive
  C. Physical
  D. Corrective
  E. Compensating
  F. Detective
  B. Preventive
  F. Detective