CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 431:

  Which of the following alert types is the most likely to be ignored over time?

  A. True positive
  B. True negative
  C. False positive
  D. False negative
  C. False positive

  ---

  Explanation

  A false positive is an alert that incorrectly identifies benign activity as malicious. Over time, if an alerting system generates too many false positives, security teams are likely to ignore these alerts, resulting in "alert fatigue." This increases the risk of missing genuine threats.

  True positives and true negatives are accurate and should be acted upon. False negatives are more dangerous because they fail to identify real threats, but they are not "ignored" since they do not trigger alerts.

• Question 432:

  An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25.

  Which of the following firewall ACLs will accomplish this goal?

  A. Access list outbound permit 0.0.0.0 0 0.0.0.0/0 port 53 Access list outbound deny 10.50.10.25 32 0.0.0.0/0 port 53
  B. Access list outbound permit 0.0.0.0/0 10.50.10.25 32 port 53 Access list outbound deny 0.0.0.0 0 0.0.0.0/0 port 53
  C. Access list outbound permit 0.0.0.0 0 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0 10.50.10.25 32 port 53
  D. Access list outbound permit 10.50.10.25 32 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0.0.0.0.0.0/0 port 53
  D. Access list outbound permit 10.50.10.25 32 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0.0.0.0.0.0/0 port 53

  ---

  Explanation

  A firewall ACL (access control list) is a set of rules that determines which traffic is allowed or denied by the firewall. The rules are processed in order, from top to bottom, until a match is found. The syntax of a firewall ACL rule is: Access list <direction> <action> <source address> <destination address> <protocol> <port>

  To limit outbound DNS traffic originating from the internal network, the firewall ACL should allow only the device with the IP address 10.50.10.25 to send DNS requests to any destination on port 53, and deny all other outbound traffic on port53. The correct firewall ACL is: Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

  The first rule permits outbound traffic from the source address 10.50.10.25/32 (a single host) to any destination address (0.0.0.0/0) on port 53 (DNS). The second rule denies all other outbound traffic on port 53.

  References:

  CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 4, page 175.

• Question 433:

  An organization failed to account for the right-to-be-forgotten regulations.

  Which of the following impacts might this action have on the company?

  A. Fines
  B. Data breaches
  C. Revenue loss
  D. Blackmail
  A. Fines

• Question 434:

  Which of the following describes the difference between encryption and hashing?

  A. Encryption protects data in transit, while hashing protects data at rest.
  B. Encryption replaces cleartext with ciphertext, while hashing calculates a checksum.
  C. Encryption ensures data integrity, while hashing ensures data con dentiality.
  D. Encryption uses a public-key exchange, while hashing uses a private key.
  B. Encryption replaces cleartext with ciphertext, while hashing calculates a checksum.

• Question 435:

  An employee from the accounting department logs in to the website used for processing the company's payments. After logging in, a new desktop application automatically downloads on the employee's computer and causes the computer to restart.

  Which of the following attacks has occurred?

  A. XSS
  B. Watering hole
  C. Typosquatting
  D. Buffer overflow
  B. Watering hole

• Question 436:

  Which of the following options will provide the lowest RTO and RPO for a database?

  A. Snapshots
  B. On-site backups
  C. Journaling
  D. Hot site
  D. Hot site

  ---

  Explanation

  A hot site provides the lowest Recovery Time Objective (RTO) and Recovery Point Objective (RPO) because it involves a fully functional backup system that is continuously synchronized with the primary system. In the event of a failure, operations can be quickly switched over to the hot site with minimal downtime and data loss.

  RTO is the maximum allowable downtime before service must be restored, and a hot site offers near-instantaneous recovery.

  RPO is the maximum acceptable amount of data loss, and a hot site allows for nearly zero data loss since it's constantly synchronized.

  While snapshots, on-site backups, and journaling also provide valuable backup and recovery options, they generally do not offer the same level of real-time recovery as a hot site.

• Question 437:

  Which of the following is a technical security control?

  A. Security guard
  B. Policy
  C. Fence
  D. Firewall
  D. Firewall

• Question 438:

  The internal audit team determines a software application is no longer in scope for external reporting requirements.

  Which of the following will confirm management's perspective that the application is no longer applicable?

  A. Data inventory and retention
  B. Right to be forgotten
  C. Due care and due diligence
  D. Acknowledgement and attestation
  D. Acknowledgement and attestation

  ---

  Explanation

  Acknowledgement and attestation involve formal confirmation that an application is no longer in scope for compliance, auditing, or reporting requirements. This typically includes documentation signed by relevant stakeholders confirming that the software no longer processes, stores, or transmits relevant data.

  Data inventory and retention (A) is related to managing data assets, not software scope confirmation.

  Right to be forgotten (B) pertains to privacy laws (e.g., GDPR), allowing individuals to request data deletion.

  Due care and due diligence (C) focus on security best practices rather than software applicability.

  References:

  CompTIA Security+ SY0-701 Official Study Guide, Security Program Management and Oversight domain.

• Question 439:

  A company wants to prevent proprietary and confidential company information from being shared to outsiders.

  Which of the following would this best describe?

  A. MOA
  B. SLA
  C. MSA
  D. NDA
  D. NDA

  ---

  Explanation

  A Non-Disclosure Agreement (NDA) is a legal contract that restricts parties from disclosing proprietary or confidential information to unauthorized individuals or organizations, making it the most suitable option for protecting sensitive company data.

• Question 440:

  A systems administrator discovers a system that is no longer receiving support from the vendor. However, this system and its environment are critical to running the business, cannot be modified, and must stay online.

  Which of the following risk treatments is the most appropriate in this situation?

  A. Reject
  B. Accept
  C. Transfer
  D. Avoid
  B. Accept

  ---

  Explanation

  accept the risk. This decision acknowledges the potential vulnerabilities but continues.

  When a system is critical, cannot be modified, and must stay online despite no longer receiving vendor support, the most appropriate risk treatment is to operation due to the system's importance. Additional compensating controls, such as network isolation, monitoring, and backup procedures, may be implemented to help mitigate associated risks while accepting them as part of the business necessity.