CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 521:

  Which of the following is the most relevant reason a DPO would develop a data inventory?

  A. To manage data storage requirements better
  B. To determine the impact in the event of a breach
  C. To extend the length of time data can be retained
  D. To automate the reduction of duplicated data
  B. To determine the impact in the event of a breach

  ---

  Explanation

  A data inventory provides a comprehensive overview of what data the organization holds, where it is stored, and its sensitivity. This information is crucial for assessing the potential impact of a data breach, as it allows the DPO to identify which data would be affected and the associated risks. Additionally, it aids in compliance with data protection regulations by ensuring that sensitive data is adequately managed and protected.

• Question 522:

  An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards.

  Which of the following techniques is the attacker using?

  A. Smishing
  B. Disinformation
  C. Impersonating
  D. Whaling
  C. Impersonating

  ---

  Explanation

  Impersonating is the best answer because the attacker is pretending to be the Chief Executive Officer in order to pressure the employee into taking action. The defining technique in the scenario is the false claim of identity.

  Whaling is the weaker choice because whaling refers to a phishing attack aimed at high-profile targets such as executives. In this case, the executive is not the victim; the attacker is pretending to be the executive in order to deceive an employee. The attack may resemble CEO fraud in a broader sense, but the specific technique shown here is impersonation.

  Smishing involves SMS messages, and disinformation involves spreading false information broadly rather than directly deceiving a specific employee into making a purchase.

• Question 523:

  During an investigation, a security analyst discovers traffic going out to a command-and-control server. The analyst must find out if any data exfiltration has occurred.

  Which of the following would best help the analyst determine this?

  A. Application log
  B. Metadata
  C. Network log
  D. Packet capture
  D. Packet capture

  ---

  Explanation

  To determine whether data exfiltration has occurred, the most effective tool is a packet capture (PCAP). Packet captures allow investigators to see exactly what data left the network, including file contents, payloads, headers, protocols, and destination information. PCAP files provide full-fidelity network evidence, enabling analysts to reconstruct sessions and review exfiltrated content byte-by-byte.

  Security+ SY0-701 emphasizes PCAP as the gold standard for forensic network investigations, especially when dealing with:

  Malware beaconing

  Command-and-control (C2) traffic

  Data leakage

  Unauthorized transmissions

  Network logs (C) provide summaries such as IP addresses, ports, and timestamps but do not show actual data contents. Metadata (B) gives descriptive information (e.g., file size, type) but not transmitted payloads. Application logs (A) show application-level events but do not capture network data.

  If the analyst needs to confidently determine if sensitive information was exported to the attacker, only packet capture provides the required depth of visibility.

• Question 524:

  A company with a high-availability website is looking to harden its controls at any cost. The company wants to ensure that the site is secure by finding any possible issues.

  Which of the following would most likely achieve this goal?

  A. Permission restrictions
  B. Bug bounty program
  C. Vulnerability scan
  D. Reconnaissance
  B. Bug bounty program

  ---

  Explanation

  A bug bounty program encourages ethical hackers to find and report vulnerabilities, helping organizations discover security flaws before they are exploited by malicious actors. Unlike vulnerability scans, bug bounty programs use real-world testing techniques.

  References:

  CompTIA Security+ SY0-701 Official Study Guide, Security Operations domain.

• Question 525:

  Which of the following best describes the practice of preserving and documenting the handling of forensic evidence?

  A. Acquisition of evidence
  B. E-discovery
  C. Chain of custody
  D. Forensic tabletop exercises
  C. Chain of custody

  ---

  Explanation

  The best answer is C. Chain of custody. Chain of custody is the documented process used to track forensic evidence from the moment it is collected until it is presented, stored, transferred, or disposed of. It records: who handled the evidence when it was handled where it was stored how it was transferred how its integrity was preserved.

  This is critical to ensure the evidence remains credible and admissible. Why the other options are incorrect:

  A. Acquisition of evidenceAcquisition refers to collecting or imaging evidence, but it does not specifically cover the full documentation of handling over time.

  B. E-discoveryE-discovery relates to identifying and producing electronically stored information for legal matters, not specifically preserving forensic handling records.

  D. Forensic tabletop exercisesThese are discussion-based practice activities, not evidence handling procedures. From a Security+ perspective, preserving and documenting forensic evidence handling is the definition of chain of custody.

• Question 526:

  A security engineer configured a remote access VPN. The remote access VPN allows end users to connect to the network by using an agent that is installed on the endpoint, which establishes an encrypted tunnel.

  Which of the following protocols did the engineer most likely implement?

  A. GRE
  B. IPSec
  C. SD-WAN
  D. EAP
  B. IPSec

  ---

  Explanation

  IPSec is commonly used in remote access VPNs to establish secure, encrypted tunnels between the endpoint and the network. This ensures that data transmitted over the VPN is protected from interception, providing confidentiality, integrity, and authentication. IPSec is a widely used protocol for secure remote access VPNs.

• Question 527:

  A security administrator protects passwords by using hashing.

  Which of the following best describes what the administrator is doing?

  A. Adding extra characters at the end to increase password length
  B. Generating a token to make the passwords temporal
  C. Using mathematical algorithms to make passwords unique
  D. Creating a rainbow table to protect passwords in a list
  C. Using mathematical algorithms to make passwords unique

• Question 528:

  Which of the following is the first step to take when creating an anomaly detection process?

  A. Selecting events
  B. Building a baseline
  C. Selecting logging options
  D. Creating an event log
  B. Building a baseline

  ---

  Explanation

  The first step in creating an anomaly detection process is building a baseline of normal behavior within the system. This baseline serves as a reference point to identify deviations or anomalies that could indicate a security incident. By understanding what normal activity looks like, security teams can more effectively detect and respond to suspicious behavior.

  References:

  CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations. CompTIA Security+ SY0-601 Study Guide: Chapter on Monitoring and Baselines.

• Question 529:

  An organization has recently decided to implement SSO. The requirements are to leverage access tokens and focus on application authorization rather than user authentication.

  Which of the following solutions would the engineering team most likely configure?

  A. LDAP
  B. Federation
  C. SAML
  D. OAuth
  D. OAuth

  ---

  Explanation

  OAuth is designed for authorization rather than authentication. It uses access tokens to grant applications permission to access resources on behalf of a user, focusing on what the application can do with the user's data rather than verifying the user's identity. This makes OAuth a suitable choice for Single Sign-On (SSO) when the focus is on application authorization.

• Question 530:

  A company is concerned about weather events causing damage to the server room and downtime.

  Which of the following should the company consider?

  A. Clustering servers
  B. Geographic dispersion
  C. Load balancers
  D. Off-site backups
  B. Geographic dispersion

  ---

  Explanation

  Geographic dispersion is a strategy that involves distributing the servers or data centers across different geographic locations. Geographic dispersion can help the company to mitigate the risk of weather events causing damage to the server room and downtime, as well as improve the availability, performance, and resilience of the network. Geographic dispersion can also enhance the disaster recovery and business continuity capabilities of the company, as it can provide backup and failover options in case of a regional outage or disruption.

  The other options are not the best ways to address the company's concern: Clustering servers: This is a technique that involves grouping multiple servers together to act as a single system. Clustering servers can help to improve the performance, scalability, and fault tolerance of the network, but it does not protect the servers from physical damage or downtime caused by weather events, especially if the servers are located in the same room or building.

  Load balancers: These are devices or software that distribute the network traffic or workload among multiple servers or resources. Load balancers can help to optimize the utilization, efficiency, and reliability of the network, but they do not prevent the servers from being damaged or disrupted by weather events, especially if the servers are located in the same room or building.

  Off-site backups: These are copies of data or files that are stored in a different location than the original source. Off-site backups can help to protect the data from being lost or corrupted by weather events, but they do not prevent the servers from being damaged or disrupted by weather events, nor do they ensure the availability or continuity of the network services.

  References:

  1: CompTIA Security+ SY0-701 Certification Study Guide, page 97

  2: High Availability -CompTIA Security+ SY0-701 -3.4, video by Professor Messer

  3: CompTIA Security+ SY0-701 Certification Study Guide, page 98

  4: CompTIA Security+ SY0-701 Certification Study Guide, page 99. : CompTIA Security+ SY0-701 Certification Study Guide, page 100.