CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 471:

  Which of the following vulnerabilities is exploited when an attacker overwrites a register with a malicious address?

  A. VM escape
  B. SQL injection
  C. Buffer overflow
  D. Race condition
  C. Buffer overflow

  ---

  Explanation

  A buffer overflow is a vulnerability that occurs when an application writes more data to a memory buffer than it can hold, causing the excess data to overwrite adjacent memory locations. A register is a small storage area in the CPU that holds temporary data or instructions. An attacker can exploit a buffer overflow to overwrite a register with a malicious address that points to a shellcode, which is a piece of code that gives the attacker control over the system. By doing so, the attacker can bypass the normal execution flow of the application and execute arbitrary commands.

  References:

  CompTIA Security+ SY0-701 Certification Study Guide, Chapter 2: Threats, Attacks, and Vulnerabilities, Section 2.3: Application Attacks, Page 76

  Buffer Overflows - CompTIA Security+ SY0-701 - 2.3

• Question 472:

  Which of the following would be most useful in determining whether the long-term cost to transfer a risk is less than the impact of the risk?

  A. ARO
  B. RTO
  C. RPO
  D. ALE
  E. SLE
  D. ALE

• Question 473:

  Which of the following is an example of memory injection?

  A. Two processes access the same variable, allowing one to cause a privilege escalation.
  B. A process receives an unexpected amount of data, which causes malicious code to be executed.
  C. Malicious code is copied to the allocated space of an already running process.
  D. An executable is overwritten on the disk, and malicious code runs the next time it is executed.
  C. Malicious code is copied to the allocated space of an already running process.

• Question 474:

  The physical security team at a company receives reports that employees are not displaying their badges. The team also observes employees tailgating at controlled entrances.

  Which of the following topics will the security team most likely emphasize in upcoming security training?

  A. Social engineering
  B. Situational awareness
  C. Phishing
  D. Acceptable use policy
  A. Social engineering

  ---

  Explanation

  Social engineering attacks exploit human behavior to bypass security controls. Tailgating (following an authorized person into a restricted area without authentication) and badge non-compliance are common tactics used by attackers to gain unauthorized physical access. Training employees to recognize and prevent social engineering tactics can reduce these risks.

  Situational awareness (B) relates to general security awareness but is not specific to social engineering attacks.

  Phishing (C) targets victims via email or online deception, not physical access.

  Acceptable use policy (D) defines how employees should use IT resources but does not address physical security risks.

  References:

  CompTIA Security+ SY0-701 Official Study Guide, General Security Concepts domain.

• Question 475:

  Which of the following describes the category of data that is most impacted when it is lost?

  A. Confidential
  B. Public
  C. Private
  D. Critical
  D. Critical

  ---

  Explanation

  The category of data that is most impacted when it is lost is "Critical." Critical data is essential to the organization's operations and often includes sensitive information such as financial records, proprietary business information, and vital operational data. The loss of critical data can severely disrupt business operations and have significant financial, legal, and reputational consequences.

  Confidential: Refers to data that must be protected from unauthorized access to maintain privacy and security.

  Public: Refers to data that is intended for public disclosure and whose loss does not have severe consequences.

  Private: Typically refers to personal data that needs to be protected to ensure privacy.

  Critical: Refers to data that is essential for the operation and survival of the organization, and its loss can have devastating impacts.

  References:

  CompTIA Security+ SY0-701 Exam Objectives, Domain 5.2 - Risk management (Critical data identification and impact analysis).

• Question 476:

  A company is considering an expansion of access controls for an application that contractors and internal employees use to reduce costs.

  Which of the following risk elements should the implementation team understand before granting access to the application?

  A. Threshold
  B. Appetite
  C. Avoidance
  D. Register
  B. Appetite

• Question 477:

  An organization conducts a self-evaluation with a phishing campaign that requests login credentials. The organization receives the following results:

  1. None of the staff were fooled by the attempt due to proper security awareness.

  2. Staff deleted the email without performing any additional actions.

  Which of the following security practices would add the most value to the organization?

  A. Implement a strict password reset policy for all senior managers after a security event.
  B. Update user guidance to include suspicious incident reporting.
  C. Conduct end-user training regarding spear-phishing attempts to raise awareness.
  D. Require remote workers to use a VPN when connecting to the organization ' s networks.
  B. Update user guidance to include suspicious incident reporting.

  ---

  Explanation

  The best answer is B. Update user guidance to include suspicious incident reporting. The phishing simulation results show that users were not fooled, which means awareness training is already helping them avoid credential theft. However, the employees deleted the email without reporting it. That means the organization missed an opportunity to: investigate the message further identify other recipients block similar messages improve incident response visibility update defensive controls quickly.

  The most valuable next step is to train or guide users to report suspicious emails, not just ignore or delete them. Why the other options are incorrect:

  A. Implement a strict password reset policy for all senior managers after a security event.This does not address the gap identified by the exercise.

  C. Conduct end-user training regarding spear-phishing attempts to raise awareness.The results already show awareness was effective enough to prevent users from falling for the message. The missing behavior is reporting.

  D. Require remote workers to use a VPN when connecting to the organization ' s networks.This is unrelated to the phishing exercise outcome. From a Security+ perspective, user awareness programs should teach employees to identify and report suspicious messages. Therefore, B is the best answer.

• Question 478:

  Which of the following explains how to determine the global regulations that data is subject to regardless of the country where the data is stored?

  A. Geographic dispersion
  B. Data sovereignty
  C. Geographic restrictions
  D. Data segmentation
  B. Data sovereignty

  ---

  Explanation

  Data sovereignty refers to the principle that data is subject to the laws and regulations of the country where it originated, regardless of where it is stored. This concept ensures that data complies with the legal requirements of its country of origin, even when stored or processed across borders.

• Question 479:

  A company is changing its mobile device policy. The company has the following requirements:

  1. Company-owned devices

  2. Ability to harden the devices

  3. Reduced security risk

  4. Compatibility with company resources

  Which of the following would best meet these requirements?

  A. BYOD
  B. CYOD
  C. COPE
  D. COBO
  C. COPE

  ---

  Explanation

  COPE (Corporate-Owned, Personally Enabled) devices allow companies to manage and harden company-owned devices while still enabling limited personal use, reducing security risks while maintaining compatibility with corporate resources.

  References:

  CompTIA Security+ SY0-701 Study Guide, Domain 3: Security Architecture, Section: "Mobile Device Deployment Models".

• Question 480:

  Which of the following best explains the role of compensating controls?

  A. Reducing the attack surface by isolating vulnerable components within a segmented environment
  B. Providing an alternative security measure when standard remediation is not feasible
  C. Delaying remediation timelines by replacing affected systems in a maintenance window
  D. Remediating software flaws by modifying source code to remove insecure functions
  B. Providing an alternative security measure when standard remediation is not feasible

  ---

  Explanation

  The best answer is B. Providing an alternative security measure when standard remediation is not feasible. A compensating control is a substitute safeguard used when the preferred or required control cannot be implemented immediately or at all. It helps reduce risk in another way until proper remediation is possible, or when direct remediation is impractical. Examples include: increasing monitoring when a system cannot be patched segmenting a legacy application that cannot be upgraded restricting access to a vulnerable system that must remain in service.

  Why the other options are incorrect:

  A. Reducing the attack surface by isolating vulnerable components within a segmented environmentThis can be an example of a compensating control, but it does not define the overall role as clearly as

  B.

  C. Delaying remediation timelines by replacing affected systems in a maintenance windowThis describes scheduling or change timing, not compensating controls.

  D. Remediating software flaws by modifying source code to remove insecure functionsThis is direct remediation, not a compensating control. From the SY0-701 perspective, compensating controls are used when the ideal fix is not possible, so B is the best explanation.