CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 441:

  Which of the following security controls is used to isolate externally accessible resources from the internal corporate network in order to reduce the attack surface?

  A. Faraday cages
  B. Demilitarized zone (DMZ)
  C. Vaulting
  D. Proximity readers
  B. Demilitarized zone (DMZ)

  ---

  Explanation

  A demilitarized zone (DMZ) is a network segment that separates public-facing services from the internal network. It allows external access to services such as web or email servers while preventing direct access to internal systems, thereby reducing the attack surface.

• Question 442:

  Which of the following is the best reason to perform a tabletop exercise?

  A. To address audit findings
  B. To collect remediation response times
  C. To update the IRP
  D. To calculate the ROI
  C. To update the IRP

  ---

  Explanation

  The primary reason to perform a tabletop exercise is to test and validate the Incident Response Plan (IRP) in a simulated environment. This helps identify gaps, refine procedures, and ensure that the plan is up-to-date and effective in addressing current threats and scenarios. Regular tabletop exercises improve organizational preparedness for real-world incidents.

• Question 443:

  Which of the following describes a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system?

  A. SIEM
  B. DLP
  C. IDS
  D. SNMP
  A. SIEM

  ---

  Explanation

  SIEM stands for Security Information and Event Management. It is a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system. SIEM can analyze the collected data, correlate events, generate alerts, and provide reports and dashboards. SIEM can also integrate with other security tools and support compliance requirements. SIEM helps organizations to detect and respond to cyber threats, improve security posture, and reduce operational costs.

  References:

  10: Monitoring and Auditing, page 393. CompTIA Security+ Practice Tests: Exam SY0-701, 3rd Edition, Chapter

  10: Monitoring and Auditing, page 397.

• Question 444:

  As part of new compliance audit requirements, multiple servers need to be segmented on different networks and should be reachable only from authorized internal systems.

  Which of the following would meet the requirements?

  A. Configure firewall rules to block external access to Internal resources.
  B. Set up a WAP to allow internal access from public networks.
  C. Implement a new IPSec tunnel from internal resources.
  D. Deploy an Internal Jump server to access resources.
  A. Configure firewall rules to block external access to Internal resources.

  ---

  Explanation

  The requirement is to segment servers on different networks and restrict access to only authorized internal systems. Option A directly addresses this by using firewall rules to block external access while allowing internal traffic, aligning with network segmentation best practices.

  Option B (WAP) refers to a Wireless Access Point, which doesn't fit the context of segmentation and could expose resources to public networks.

  Option C (IPSec tunnel) secures communication but doesn't inherently segment networks.

  Option D (jump server) adds a layer of access control but doesn't address the segmentation requirement alone. Thus, A is the best fit.

• Question 445:

  An organization is leveraging a VPN between its headquarters and a branch location.

  Which of the following is the VPN protecting?

  A. Data in use
  B. Data in transit
  C. Geographic restrictions
  D. Data sovereignty
  B. Data in transit

  ---

  Explanation

  Data in transit is data that is moving from one location to another, such as over a network or through the air. Data in transit is vulnerable to interception, modification, or theft by malicious actors. A VPN (virtual private network) is a technology that protects data in transit by creating a secure tunnel between two endpoints and encrypting the data that passes through it.

  References:

  CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 4, page 145.

• Question 446:

  An administrator needs to protect user passwords and has been advised to hash the passwords.

  Which of the following BEST describes what the administrator is being advised to do?

  A. Perform a mathematical operation on the passwords that will convert them into unique strings.
  B. Add extra data to the passwords so their length is increased, making them harder to brute force.
  C. Store all passwords in the system in a rainbow table that has a centralized location.
  D. Enforce the use of one-time passwords that are changed for every login session.
  A. Perform a mathematical operation on the passwords that will convert them into unique strings.

  ---

  Explanation

  Admin is being advised to hash. A is the definition of hashing

• Question 447:

  Which of the following can be used to identify potential attacker activities without affecting production servers?

  A. Honey pot
  B. Video surveillance
  C. Zero Trust
  D. Geofencing
  A. Honey pot

  ---

  Explanation

  A honey pot is a system or a network that is designed to mimic a real production server and attract potential attackers. A honey pot can be used to identify the attacker's methods, techniques, and objectives without affecting the actual production servers. A honey pot can also divert the attacker's attention from the real targets and waste their time and resources.

  The other options are not effective ways to identify potential attacker activities without affecting production servers: Video surveillance: This is a physical security technique that uses cameras and monitors to record and observe the activities in a certain area. Video surveillance can help to deter, detect, and investigate physical intrusions, but it does not directly identify the attacker's activities on the network or the servers.

  Zero Trust: This is a security strategy that assumes that no user, device, or network is trustworthy by default and requires strict verification and validation for every request and transaction. Zero Trust can help to improve the security posture and reduce the attack surface of an organization, but it does not directly identify the attacker's activities on the network or the servers.

  Geofencing: This is a security technique that uses geographic location as a criterion to restrict or allow access to data or resources. Geofencing can help to protect the data sovereignty and compliance of an organization, but it does not directly identify the attacker's activities on the network or the servers.

  References:

  1: CompTIA Security+ SY0-701 Certification Study Guide, page 54

  2: Honeypots and Deception -SY0-601 CompTIA Security+ : 2.1, video by Professor Messer

  3: CompTIA Security+ SY0-701 Certification Study Guide, page 97

  4: CompTIA Security+ SY0-701 Certification Study Guide, page

  985: CompTIA Security+ SY0-701 Certification Study Guide, page 99.

• Question 448:

  Which of the following steps should be taken before mitigating a vulnerability in a production server?

  A. Escalate the issue to the SDLC team.
  B. Use the IR plan to evaluate the changes.
  C. Perform a risk assessment to classify the vulnerability.
  D. Refer to the change management policy.
  D. Refer to the change management policy.

• Question 449:

  A network manager wants to protect the company's VPN by implementing multifactor authentication that uses:

  1. Something you know

  2. Something you have

  3. Something you are

  Which of the following would accomplish the manager's goal?

  A. Domain name, PKI, GeolP lookup
  B. VPN IP address, company ID, facial structure
  C. Password, authentication token, thumbprint
  D. Company URL, TLS certificate, home address
  C. Password, authentication token, thumbprint

  ---

  Explanation

  The correct answer is C. Password, authentication token, thumbprint. This combination of authentication factors satisfies the manager's goal of implementing multifactor authentication that uses something you know, something you have, and something you are.

  Something you know is a type of authentication factor that relies on the user's knowledge of a secret or personal information, such as a password, a PIN, or a security question. A password is a common example of something you know that can be used to access a VPN Something you have is a type of authentication factor that relies on the user's possession of a physical object or device, such as a smart card, a token, or a smartphone. An authentication token is a common example of something you have that can be used to generate a one-time password (OTP) or a code that can be used to access a VPN Something you are is a type of authentication factor that relies on the user's biometric characteristics, such as a fingerprint, a face, or an iris. A thumbprint is a common example of something you are that can be used to scan and verify the user's identity to access a VPN

  References:

  1: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter

  4: Identity and Access Management, page 177

  2: CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter

  4: Identity and Access Management, page

• Question 450:

  Which of the following is a possible factor for MFA?

  A. Something you exhibit
  B. Something you have
  C. Somewhere you are
  D. Someone you know
  B. Something you have