CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 391:

  An administrator notices that several users are logging in from suspicious IP addresses. After speaking with the users, the administrator determines that the employees were not logging in from those IP addresses and resets the affected users' passwords.

  Which of the following should the administrator implement to prevent this type of attack from succeeding in the future?

  A. Multifactor authentication
  B. Permissions assignment
  C. Access management
  D. Password complexity
  A. Multifactor authentication

  ---

  Explanation

  The correct answer is A because multifactor authentication (MFA) is a method of verifying a user's identity by requiring more than one factor, such as something the user knows (e.g., password), something the user has (e.g., token), or something the user is (e.g., biometric). MFA can prevent unauthorized access even if the user's password is compromised, as the attacker would need to provide another factor to log in. The other options are incorrect because they do not address the root cause of the attack, which is weak authentication. Permissions assignment (B) is the process of granting or denying access to resources based on the user's role or identity. Access management ?is the process of controlling who can access what and under what conditions. Password complexity (D) is the requirement of using strong passwords that are hard to guess or crack, but it does not prevent an attacker from using a stolen password.

  References:

  1: General Security Concepts1 Professor Messer's CompTIA SY0- 701 Security+ Training Course, Section 1.2: Security Concepts Multi-factor Authentication -SY0-601 CompTIA Security+ : 2.4 TOTAL: CompTIA Security+ Cert (SY0-701) | Udemy, Section

  3: Identity and Access Management, Lecture

  15: Multifactor Authentication CompTIA Security+ Certification SY0-

  601: The Total Course [Video], Chapter 3:

  Identity and Account Management, Section 2: Enabling Multifactor Authentication5

• Question 392:

  A website user is locked out of an account after clicking an email link and visiting a different website. Web server logs show the user's password was changed, even though the user did not change the password.

  Which of the following is the most likely cause?

  A. Cross-sue request forgery
  B. Directory traversal
  C. ARP poisoning
  D. SQL injection
  A. Cross-sue request forgery

  ---

  Explanation

  The scenario describes a situation where a user unknowingly triggers an unwanted action, such as changing their password, by clicking a malicious link. This is indicative of a Cross-Site Request Forgery (CSRF) attack, where an attacker tricks the user into executing actions they did not intend to perform on a web application in which they are authenticated.

  References:

  CompTIA Security+ SY0-701 study materials, particularly in the domain of web application security and common attack vectors like CSRF.

• Question 393:

  Which of the following topics would most likely be included within an organization's SDLC?

  A. Service-level agreements
  B. Information security policy
  C. Penetration testing methodology
  D. Branch protection requirements
  B. Information security policy

• Question 394:

  The Chief Information Security Officer of an organization needs to ensure recovery from ransomware would likely occur within the organization's agreed-upon RPOs end RTOs.

  Which of the following backup scenarios would best ensure recovery?

  A. Hourly differential backups stored on a local SAN array
  B. Dally full backups stored on premises in magnetic offline media
  C. Daly differential backups maintained by a third-party cloud provider
  D. Weekly full backups with daily incremental stored on a NAS drive
  D. Weekly full backups with daily incremental stored on a NAS drive

  ---

  Explanation

  A backup strategy that combines weekly full backups with daily incremental backups stored on a NAS (Network Attached Storage) drive is likely to meet an organization's Recovery Point Objectives (RPOs) and Recovery Time Objectives (RTOs). This approach ensures that recent data is regularly backed up and that recovery can be done efficiently, without significant data loss or lengthy downtime.

  References:

  CompTIA Security+ SY0-701 Course Content: Domain 05 Security Program Management and Oversight.

  CompTIA Security+ SY0-601 Study Guide: Chapter on Disaster Recovery and Backup Strategies.

• Question 395:

  An enterprise is working with a third party and needs to allow access between the internal networks of both parties for a secure file migration. The solution needs to ensure encryption is applied to all traffic that is traversing the networks.

  Which of the following solutions should most likely be implemented?

  A. EAP
  B. IPSec
  C. SD-WAN
  D. TLS
  B. IPSec

• Question 396:

  After multiple on premises security solutions were migrated to the cloud, the incident response time increased. The analyst are spending a long time to trace information on different cloud consoles and correlating data in different formats.

  Which of the following can be used to optimize the incident response time?

  A. CASB
  B. VPC
  C. SWG
  D. CMS
  A. CASB

  ---

  Explanation

  CASB vs SWG CASB is the more optimal solution for multiple on premises security solutions CASB services are explicitly designed to fit the needs of large enterprises You can access link and read about it:

  https://www.gend.co/blog/casb-or-swg-which-is-best-option-for-your-enterprise

• Question 397:

  An organization's web servers host an online ordering system. The organization discovers that the servers are vulnerable to a malicious JavaScript injection, which could allow attackers to access customer payment information.

  Which of the following mitigation strategies would be most effective for preventing an attack on the organization's web servers? (Choose two.)

  A. Regularly updating server software and patches
  B. Implementing strong password policies
  C. Encrypting sensitive data at rest and in transit
  D. Utilizing a web-application firewall
  E. Performing regular vulnerability scans
  F. Removing payment information from the servers
  A. Regularly updating server software and patches
  D. Utilizing a web-application firewall

  ---

  Explanation

  Regularly updating server software and applying patches addresses known vulnerabilities, reducing the risk of exploitation through unpatched flaws.

  A web-application firewall (WAF) is particularly effective against malicious injections, as it monitors and filters HTTP traffic to block injection attempts, such as JavaScript injections.

  Together, these strategies provide robust protection against attacks targeting the web servers.

• Question 398:

  An employee from the accounting department logs in to a website. A desktop application automatically downloads on the employee's computer.

  Which of the following has occurred?

  A. XSS
  B. Watering hole
  C. Typosquatting
  D. Buffer overflow
  B. Watering hole

• Question 399:

  An office wants to install a Wi-Fi network. The security team must ensure a secure design. The access points will be more powerful and use WPA3 with a 16-character randomized key.

  Which of the following should the security team do next?

  A. Create a heat map of the building perimeter.
  B. Deploy IPSec tunnels from each access point to the controller.
  C. Enable WPA2-PSK with a 24-character randomized key.
  D. Disable SSH administration on all access points.
  A. Create a heat map of the building perimeter.

  ---

  Explanation

  Because the organization plans to deploy high-powered wireless access points, the next critical step is to create a heat map of the building perimeter. CompTIA Security+ SY0-701 highlights wireless heat maps as an essential design tool for identifying signal bleed, coverage overlap, dead zones, and areas where wireless signals extend beyond intended boundaries.

  Stronger access points increase the risk of signal leakage outside the building, which could allow unauthorized users to attempt connections from parking lots or nearby buildings. A heat map enables the security team to visualize RF propagation and adjust power levels, antenna placement, and access point locations to minimize external exposure while maintaining internal coverage.

  Deploying IPSec tunnels (B) is unnecessary for standard WLAN architectures. Enabling WPA2-PSK (C) weakens security compared to WPA3. Disabling SSH administration (D) is a hardening step but does not address wireless coverage risks.

  Therefore, the correct next step in secure Wi-Fi design is A: Create a heat map of the building perimeter.

• Question 400:

  A security analyst learns that an attack vector, used as part of a recent incident, was a well-known IoT device exploit. The analyst needs to review logs to identify the time of the initial exploit.

  Which of the following logs should the analyst review first?

  A. Endpoint
  B. Application
  C. Firewall
  D. NAC
  C. Firewall

  ---

  Explanation

  Firewall logs provide details of all network traffic, including connections to and from IoT devices. They are typically the first source of evidence for identifying the time of an exploit.

  References:

  CompTIA Security+ SY0-701 Study Guide, Domain 4: Security Operations, Section: "Log Analysis for Incident Response".