CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 501:

  Which of the following activities should be performed first to compile a list of vulnerabilities in an environment?

  A. Automated scanning
  B. Penetration testing
  C. Threat hunting
  D. Log aggregation
  E. Adversarial emulation
  A. Automated scanning

  ---

  Explanation

  Automated vulnerability scanning is the first step in identifying system weaknesses. These scans systematically check for outdated software, misconfigurations, and known vulnerabilities in a network.

  Penetration testing (B) is conducted after vulnerabilities are identified.

  Threat hunting (C) focuses on detecting unknown threats, not listing vulnerabilities.

  References:

  CompTIA Security+ SY0-701 Official Study Guide, Security Operations domain.

• Question 502:

  Which of the following is prevented by proper data sanitization?

  A. Hackers' ability to obtain data from used hard drives
  B. Devices reaching end-of-life and losing support
  C. Disclosure of sensitive data through incorrect classification
  D. Incorrect inventory data leading to a laptop shortage
  A. Hackers' ability to obtain data from used hard drives

  ---

  Explanation

  Proper data sanitization ensures that sensitive data is securely erased from storage devices, preventing unauthorized access or recovery when the devices are disposed of or reused.

  References:

  CompTIA Security+ SY0-701 Study Guide, Domain 5: Security Program Management, Section: "Data Sanitization and Disposal Methods".

• Question 503:

  An employee clicked a malicious link in an email and downloaded malware onto the company's computer network. The malicious program exfiltrated thousands of customer records.

  Which of the following should the company implement to prevent this in the future?

  A. User awareness training
  B. Network monitoring
  C. Endpoint protection
  D. Data loss prevention
  A. User awareness training

  ---

  Explanation

  User awareness training is essential in preventing security incidents caused by human error, such as clicking on malicious links. Employees need to be educated on recognizing phishing attempts, verifying email senders, and avoiding suspicious downloads. Network monitoring detects and alerts on malicious activity but does not prevent employees from clicking on harmful links. Endpoint protection can mitigate malware infections but is not foolproof, especially if users continue to fall for phishing attacks.

  Data loss prevention (DLP) can prevent data exfiltration but does not stop malware from being introduced into the system.

  By training employees to recognize and avoid phishing scams, organizations can reduce the risk of malware infections and data breaches.

• Question 504:

  Which of the following technologies assists in passively verifying the expired status of a digital certificate?

  A. OCSP
  B. CRL
  C. TPM
  D. CSR
  A. OCSP

• Question 505:

  A certificate authority needs to post information about expired certificates.

  Which of the following would accomplish this task?

  A. TPM
  B. CRL
  C. PKI
  D. CSR
  B. CRL

  ---

  Explanation

  A Certificate Revocation List (CRL) is a digitally signed list maintained by a Certificate Authority (CA) that contains revoked or expired certificates. This prevents clients from trusting compromised or outdated certificates. TPM (A) is a hardware security module, unrelated to certificate revocation. PKI (C) is the overall system managing digital certificates, but it does not store revocation lists. CSR (D) is a request to obtain a certificate, not to revoke one.

  References:

  CompTIA Security+ SY0-701 Official Study Guide, Security Architecture domain.

• Question 506:

  Which of the following is the most common data loss path for an air-gapped network?

  A. Bastion host
  B. Unsecured Bluetooth
  C. Unpatched OS
  D. Removable devices
  D. Removable devices

  ---

  Explanation

  An air-gapped network is a network that is physically isolated from other networks, such as the internet, to prevent unauthorized access and data leakage. However, an air-gapped network can still be compromised by removable devices, such as USB drives, CDs, DVDs, or external hard drives, that are used to transfer data between the air-gapped network and other networks. Removable devices can carry malware, spyware, or other malicious code that can infect the air-gapped network or exfiltrate data from it. Therefore, removable devices are the most common data loss path for an air-gapped network.

  References:

  CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 9: Network Security, page 449

• Question 507:

  The management team notices that new accounts that are set up manually do not always have correct access or permissions.

  Which of the following automation techniques should a systems administrator use to streamline account creation?

  A. Guard rail script
  B. Ticketing workflow
  C. Escalation script
  D. User provisioning script
  D. User provisioning script

  ---

  Explanation

  A user provisioning script is an automation technique that uses a predefined set of instructions or commands to create, modify, or delete user accounts and assign appropriate access or permissions. A user provisioning script can help to streamline account creation by reducing manual errors, ensuring consistency and compliance, and saving time and resources.

  The other options are not automation techniques that can streamline account creation: Guard rail script: This is a script that monitors and enforces the security policies and rules on a system or a network. A guard rail script can help to prevent unauthorized or malicious actions, such as changing security settings, accessing restricted resources, or installing unwanted software 3. Ticketing workflow: This is a process that tracks and manages the requests, issues, or incidents that are reported by users or customers. A ticketing workflow can help to improve the communication, collaboration, and resolution of problems, but it does not automate the account creation process 4. Escalation script: This is a script that triggers an alert or a notification when a certain condition or threshold is met or exceeded. An escalation script can help to inform the relevant parties or authorities of a critical situation, such as a security breach, a performance degradation, or a service outage.

  References:

  1: CompTIA Security+ SY0-701 Certification Study Guide, page 102

  2: User Provisioning -CompTIA Security+ SY0-701 -5.1, video by Professor Messer

  3: CompTIA Security+ SY0-701 Certification Study Guide, page 103

  4: CompTIA Security+ SY0-701 Certification Study Guide, page 104. : CompTIA Security+ SY0-701 Certification Study Guide, page 105.

• Question 508:

  Which of the following is the main consideration when a legacy system that is a critical part of a company's infrastructure cannot be replaced?

  A. Resource provisioning
  B. Cost
  C. Single point of failure
  D. Complexity
  C. Single point of failure

  ---

  Explanation

  When a legacy system that is critical to a company's infrastructure cannot be replaced, the primary consideration is that it may become a single point of failure. This is because legacy systems are often difficult to support, lack redundancy, and may no longer receive updates, making them vulnerable. Ensuring that this critical system is protected from failure is essential to maintain continuity and reduce the risk of operational disruptions.

• Question 509:

  Which of the following describes the maximum allowance of accepted risk?

  A. Risk indicator
  B. Risk level
  C. Risk score
  D. Risk threshold
  D. Risk threshold

  ---

  Explanation

  Risk threshold is the maximum amount of risk that an organization is willing to accept for a given activity or decision. It is also known as risk appetite or risk tolerance. Risk threshold helps an organization to prioritize and allocate resources for risk management. Risk indicator, risk level, and risk score are different ways of measuring or expressing the likelihood and impact of a risk, but they do not describe the maximum allowance of accepted risk.

  References:

  CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 34

  Accepting Risk: Definition, How It Works, and Alternatives

• Question 510:

  During a routine audit, an analyst discovers that a department uses software that was not vetted.

  Which threat is this?

  A. Espionage
  B. Data exfiltration
  C. Shadow IT
  D. Zero-day
  C. Shadow IT

  ---

  Explanation

  Shadow IT refers to software, hardware, cloud services, or applications deployed without approval from the IT or security department. In this scenario, a high school department is using an unvetted simulation program-classic Shadow IT behavior.

  Security+ SY0-701 explains that Shadow IT:

  Introduces unknown vulnerabilities

  Bypasses security controls

  Creates compliance risks

  Leads to data exposure

  Interferes with standard configuration management

  Espionage (A) involves intelligence gathering, not unauthorized software use. Data exfiltration (B) involves data theft, not unauthorized software deployment. Zero-day (D) refers to unknown vulnerabilities, not unapproved systems.

  Thus, Shadow IT is the correct answer.