CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 461:

  An administrator is estimating the cost associated with an attack that could result in the replacement of a physical server.

  Which of the following processes is the administrator performing?

  A. Quantitative risk analysis
  B. Disaster recovery test
  C. Physical security controls review
  D. Threat modeling
  A. Quantitative risk analysis

• Question 462:

  An IT administrator needs to ensure data retention standards are implemented on an enterprise application.

  Which of the following describes the administrator's role?

  A. Processor
  B. Custodian
  C. Privacy officer
  D. Owner
  B. Custodian

  ---

  Explanation

  A custodian is responsible for the implementation and enforcement of data management policies, including data retention standards, on systems and applications. Custodians manage the technical aspects of data storage and maintenance according to the organization's policies and standards, supporting the data owner's requirements.

• Question 463:

  After multiple phishing simulations, the Chief Security Officer announces a new program that incentivizes employees to not click phishing links in the upcoming quarter.

  Which of the following security awareness execution techniques does this represent?

  A. Computer-based training
  B. Insider threat awareness
  C. SOAR playbook
  D. Gamification
  D. Gamification

  ---

  Explanation

  Gamification refers to the use of game elements such as points, rewards, competitions, and incentives to motivate users and enhance engagement in activities such as security awareness training. Incentivizing employees to avoid clicking phishing links by rewarding positive behavior is a classic example of gamification. Computer-based training (A) is traditional online training without game elements. Insider threat awareness (B) focuses on educating about internal threats.

  SOAR playbook (C) refers to automated incident response workflows, unrelated to employee training methods. Gamification is recognized in the Security Program Management domain as an effective technique to improve user engagement and security behavior.

• Question 464:

  A cybersecurity incident response team at a large company receives notification that malware is present on several corporate desktops. No known Indicators of compromise have been found on the network.

  Which of the following should the team do first to secure the environment?

  A. Contain the Impacted hosts
  B. Add the malware to the application blocklist.
  C. Segment the core database server.
  D. Implement firewall rules to block outbound beaconing
  A. Contain the Impacted hosts

  ---

  Explanation

  The first step in responding to a cybersecurity incident, particularly when malware is detected, is to contain the impacted hosts. This action prevents the spread of malware to other parts of the network, limiting the potential damage while further investigation and remediation actions are planned.

  References:

  CompTIA Security+ SY0-701 study materials, particularly on incident response procedures and the importance of containment in managing security incidents.

• Question 465:

  Which of the following should a security administrator adhere to when setting up a new set of firewall rules?

  A. Disaster recovery plan
  B. Incident response procedure
  C. Business continuity plan
  D. Change management procedure
  D. Change management procedure

  ---

  Explanation

  A change management procedure is a set of steps and guidelines that a security administrator should adhere to when setting up a new set of firewall rules. A firewall is a device or software that can filter, block, or allow network traffic based on predefined rules or policies. A firewall rule is a statement that defines the criteria and action for a firewall to apply to a packet or a connection. For example, a firewall rule can allow or deny traffic based on the source and destination IP addresses, ports, protocols, or applications. Setting up a new set of firewall rules is a type of change that can affect the security, performance, and functionality of the network. Therefore, a change management procedure is necessary to ensure that the change is planned, tested, approved, implemented, documented, and reviewed in a controlled and consistent manner. A change management procedure typically includes the following elements: A change request that describes the purpose, scope, impact, and benefits of the change, as well as the roles and responsibilities of the change owner, implementer, and approver. A change assessment that evaluates the feasibility, risks, costs, and dependencies of the change, as well as the alternatives and contingency plans. A change approval that authorizes the change to proceed to the implementation stage, based on the criteria and thresholds defined by the change policy. A change implementation that executes the change according to the plan and schedule, and verifies the results and outcomes of the change. A change documentation that records the details and status of the change, as well as the lessons learned and best practices.

  A change review that monitors and measures the performance and effectiveness of the change, and identifies any issues or gaps that need to be addressed or improved. A change management procedure is important for a security administrator to adhere to when setting up a new set of firewall rules, as it can help to achieve the following objectives: Enhance the security posture and compliance of the network by ensuring that the firewall rules are aligned with the security policies and standards, and that they do not introduce any vulnerabilities or conflicts. Minimize the disruption and downtime of the network by ensuring that the firewall rules are tested and validated before deployment, and that they do not affect the availability or functionality of the network services or applications. Improve the efficiency and quality of the network by ensuring that the firewall rules are optimized and updated according to the changing needs and demands of the network users and stakeholders, and that they do not cause any performance or compatibility issues.

  Increase the accountability and transparency of the network by ensuring that the firewall rules are documented and reviewed regularly, and that they are traceable and auditable by the relevant authorities and parties. The other options are not correct because they are not related to the process of setting up a new set of firewall rules. A disaster recovery plan is a set of policies and procedures that aim to restore the normal operations of an organization in the event of a system failure, natural disaster, or other emergency. An incident response procedure is a set of steps and guidelines that aim to contain, analyze, eradicate, and recover from a security incident, such as a cyberattack, data breach, or malware infection. A business continuity plan is a set of strategies and actions that aim to maintain the essential functions and operations of an organization during and after a disruptive event, such as a pandemic, power outage, or civil unrest.

  References:

  CompTIA Security+ Study Guide (SY0-701), Chapter 7: Resilience and Recovery, page 325. Professor Messer's CompTIA SY0-701 Security+ Training Course, Section 1.3: Security Operations, video: Change Management(5:45).

• Question 466:

  A systems administrator works for a local hospital and needs to ensure patient data is protected and secure.

  Which of the following data classifications should be used to secure patient data?

  A. Private
  B. Critical
  C. Sensitive
  D. Public
  C. Sensitive

  ---

  Explanation

  Sensitive is the best answer because patient data contains personally identifiable and medical information that requires stronger protection against unauthorized access, disclosure, or misuse. In security classification questions, "sensitive" is the category most directly associated with information that could harm individuals or the organization if exposed.

  The distractors are weaker for these reasons: Public is clearly incorrect because patient data is never intended for open disclosure.

  Critical refers to information or systems essential to operations, availability, or business continuity, not specifically to privacy-regulated personal data.

  Private can sometimes mean internal-use data, but it does not as clearly express the higher confidentiality requirements associated with medical records.

  So the cleanest classification for patient data is sensitive.

• Question 467:

  Which of the following best practices gives administrators a set period to perform changes to an operational system to ensure availability and minimize business impacts?

  A. Impact analysis
  B. Scheduled downtime
  C. Backout plan
  D. Change management boards
  B. Scheduled downtime

  ---

  Explanation

  Scheduled downtime is a planned period of time when a system or service is unavailable for maintenance, updates, upgrades, or other changes. Scheduled downtime gives administrators a set period to perform changes to an operational system without disrupting the normal business operations or affecting the availability of the system or service. Scheduled downtime also allows administrators to inform the users and stakeholders about the expected duration and impact of the changes.

  References:

  CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 12: Security Operations and Administration, page 579

• Question 468:

  An employee clicks a malicious link in an email that appears to be from the company's Chief Executive Officer. The employee's computer is infected with ransomware that encrypts the company's files.

  Which of the following is the most effective way for the company to prevent similar incidents in the future?

  A. Security awareness training
  B. Database encryption
  C. Segmentation
  D. Reporting suspicious emails
  A. Security awareness training

  ---

  Explanation

  Security awareness training is the most effective way to prevent similar incidents, as it educates employees on how to recognize and respond to phishing emails and other social engineering attacks. By training employees to spot suspicious links and emails, especially those that appear to be from high-level executives, the company can reduce the likelihood of employees falling victim to such attacks in the future.

• Question 469:

  A security technician determines that no additional patches can be applied to an application and the risks of operating as such must be accepted. Additionally, only a limited number of network services should utilize the application.

  Which of the following best describes this type of mitigation?

  A. Patching
  B. Segmentation
  C. Isolation
  D. Monitoring
  C. Isolation

  ---

  Explanation

  The best answer is C. Isolation. The question describes an application that can no longer be patched, meaning the organization must continue operating it while accepting some risk. To reduce exposure, the application should only be used by a limited number of network services. This points to isolation, which means restricting the application's interaction with the rest of the environment to contain risk. Isolation is commonly used for: legacy systems unsupported applications unpatchable systems high-risk services that must remain operational By isolating the application, the organization limits the paths through which it can be attacked and reduces the chance that a compromise will spread to other systems. Why the other options are incorrect:

  A. PatchingThe question clearly states that no additional patches can be applied.

  B. SegmentationSegmentation is related and often used as a method to isolate systems, but the question asks for the best description of the mitigation approach overall. Since the application is being restricted because it is risky and unpatchable, isolation is the stronger answer.

  D. MonitoringMonitoring helps detect issues but does not directly reduce exposure in the way described. From the SY0-701 perspective, when a vulnerable or unsupported application must remain in use, the preferred mitigation is often to isolate it from the broader environment. Therefore, C is the best answer.

• Question 470:

  Which of the following best describes the practice of researching laws and regulations related to information security operations within a specific industry?

  A. Compliance reporting
  B. GDPR
  C. Due diligence
  D. Attestation
  C. Due diligence

  ---

  Explanation

  Due diligence refers to the process of researching and understanding the laws, regulations, and best practices that govern information security within a specific industry. Organizations are required to conduct due diligence to ensure compliance with legal and regulatory requirements, which helps mitigate risks and avoid penalties. Compliance reporting involves generating reports to demonstrate adherence to legal or regulatory standards.

  GDPR is a specific regulation governing data privacy in the EU, not a general practice of researching laws.

  Attestation is a formal declaration that an organization is compliant with a set of standards but is not the act of researching the laws.