CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 531:

  A systems administrator just purchased multiple network devices.

  Which of the following should the systems administrator perform to prevent attackers from accessing the devices by using publicly available information?

  A. Install endpoint protection.
  B. Disable ports/protocols.
  C. Change default passwords.
  D. Remove unnecessary software.
  C. Change default passwords.

• Question 532:

  A company wants to update its disaster recovery plan to include a dedicated location for immediate continued operations if a catastrophic event occurs.

  Which of the following options is best to include in the disaster recovery plan?

  A. Hot site
  B. Warm site
  C. Geolocation
  D. Cold site
  A. Hot site

• Question 533:

  Which of the following best explains how open service ports increase an organization's attack surface?

  A. They are commonly overlooked by endpoint antivirus tools during scans.
  B. They can make the company's remote entry point available to the internet.
  C. They enable automatic application updates to reduce vulnerability windows.
  D. They can expose unnecessary services to unauthorized access if not properly restricted.
  D. They can expose unnecessary services to unauthorized access if not properly restricted.

  ---

  Explanation

  Open service ports directly contribute to an organization's attack surface because they provide potential entry points that attackers can probe, exploit, or abuse. In the context of the Security+ SY0-701 objectives, the attack surface is defined as the sum of all possible points where an attacker can attempt to enter or extract data from a system. Each open port corresponds to a service or application that is listening for incoming connections, and if that service is unnecessary, misconfigured, unpatched, or weakly protected, it becomes a viable attack vector.

  Option D is correct because open ports may expose services that do not need to be accessible, especially if proper access controls, firewall rules, or network segmentation are not in place. For example, leaving management interfaces, legacy services, or test services open can allow attackers to perform reconnaissance, banner grabbing, credential attacks, or exploitation of known vulnerabilities. The SY0-701 study guide emphasizes the principle of minimizing attack surface by disabling unused services, closing unnecessary ports, and applying the principle of least functionality.

  Option A is incorrect because endpoint antivirus tools are not responsible for identifying or managing open network ports at an architectural level.

  Option B is partially true but incomplete; while open ports can allow remote access, not all open ports are remote entry points, and the question asks for the best explanation of how attack surface increases.

  Option C is incorrect because open ports do not inherently enable updates and, in fact, often increase risk rather than reduce it.

  In summary, open service ports increase attack surface by exposing services that attackers can target. Proper port management, firewall enforcement, and regular vulnerability scanning are critical controls emphasized in Security+ SY0-701 to reduce exposure and limit unauthorized access.

• Question 534:

  Which of the following risk management strategies should an enterprise adopt first if a legacy application is critical to business operations and there are preventative controls that are not yet implemented?

  A. Mitigate
  B. Accept
  C. Transfer
  D. Avoid
  A. Mitigate

  ---

  Explanation

  Mitigate is the risk management strategy that involves reducing the likelihood or impact of a risk. If a legacy application is critical to business operations and there are preventative controls that are not yet implemented, the enterprise should adopt the mitigate strategy first to address the existing vulnerabilities and gaps in the application. This could involve applying patches, updates, or configuration changes to the application, or adding additional layers of security controls around the application. Accept, transfer, and avoid are other risk management strategies, but they are not the best options for this scenario. Accept means acknowledging the risk and accepting the consequences without taking any action. Transfer means shifting the risk to a third party, such as an insurance company or a vendor. Avoid means eliminating the risk by removing the source or changing the process. These strategies may not be feasible or desirable for a legacy application that is critical to business operations and has no preventative controls in place.

  References:

  CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 122

  A Risk-Based Framework for Legacy System Migration and Deprecation

• Question 535:

  Which of the following is a known security risk associated with data archives that contain financial information?

  A. Data can become a liability if archived longer than required by regulatory guidance
  B. Data must be archived off-site to avoid breaches and meet business requirements
  C. Companies are prohibited from providing archived data to e-discovery requests
  D. Unencrypted archives should be preserved as long as possible and encrypted
  A. Data can become a liability if archived longer than required by regulatory guidance

  ---

  Explanation

  Data minimization has to be done to decrease liability

• Question 536:

  An organization that handles sensitive information wants to protect the information by using a reversible technology.

  Which of the following best satisfies this requirement?

  A. Hardware security module
  B. Hashing algorithm
  C. Tokenization
  D. Steganography
  C. Tokenization

  ---

  Explanation

  Tokenization is a reversible technology that replaces sensitive information (such as credit card numbers or personal data) with a non-sensitive placeholder (a token). The original data can be retrieved from the token through a secure process, making tokenization ideal for situations where sensitive data needs to be protected but still be recoverable in a controlled manner. Unlike hashing, which is irreversible, tokenization provides a way to securely protect and retrieve sensitive information when necessary.

• Question 537:

  During a recent company safety stand-down, the cyber-awareness team gave a presentation on the importance of cyber hygiene. One topic the team covered was best practices for printing centers.

  Which of the following describes an attack method that relates to printing centers?

  A. Whaling
  B. Credential harvesting
  C. Prepending
  D. Dumpster diving
  D. Dumpster diving

  ---

  Explanation

  Dumpster diving is an attack method where attackers search through physical waste, such as discarded documents and printouts, to find sensitive information that has not been properly disposed of. In the context of printing centers, this could involve attackers retrieving printed documents containing confidential data that were improperly discarded without shredding or other secure disposal methods. This emphasizes the importance of proper disposal and physical security measures in cyber hygiene practices.

  References:

  CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations. CompTIA Security+ SY0-601 Study Guide: Chapter on Physical Security and Cyber Hygiene.

• Question 538:

  Which of the following is a directive managerial control?

  A. Acceptable use policy
  B. Login warning banner
  C. Master service agreement
  D. No trespassing sign
  A. Acceptable use policy

  ---

  Explanation

  A directive managerial control provides guidance and expectations for behavior through policy and governance. An Acceptable Use Policy (AUP) is a classic example, as it defines how users may and may not use organizational systems and data. Security+ SY0-701 categorizes policies as managerial (administrative) controls that direct user behavior and establish accountability.

  A login warning banner (B) is typically a deterrent/administrative control but is not managerial in nature. A master service agreement (C) is a contractual/legal document, not a managerial directive for internal users. A "No trespassing" sign (D) is a physical deterrent control.

  Because an AUP formally directs behavior and is enforced through management processes, A: Acceptable use policy is correct.

• Question 539:

  A penetration tester finds an unused Ethernet port during an on-site penetration test. Upon plugging a device into the unused port, the penetration tester notices that the machine is assigned an IP address, allowing the tester to enumerate the local network.

  Which of the following should an administrator implement in order to prevent this situation from happening in the future?

  A. Port security
  B. Transport Layer Security
  C. Proxy server
  D. Security zones
  A. Port security

  ---

  Explanation

  Port security is a network security feature that restricts input to an Ethernet port based on MAC addresses, which helps prevent unauthorized devices from gaining access to the network. By implementing port security, administrators can control which devices are allowed to connect to specific network ports, preventing unauthorized access through unused or untrusted ports. This measure would have prevented the penetration tester from gaining access to the local network by plugging into an unused port.

• Question 540:

  An organization has been experiencing issues with deleted network share data and improperly assigned permissions.

  Which of the following would best help track and remediate these issues?

  A. DLP
  B. EDR
  C. FIM
  D. ACL
  C. FIM

  ---

  Explanation

  File Integrity Monitoring (FIM) is the best tool for detecting unauthorized file deletions, modifications, or improper permission changes within network shares. FIM works by creating cryptographic hashes and baselines for protected files or directories and then continuously monitoring for deviations. Any unauthorized deletion, modification, or permission change triggers alerts.

  Security+ SY0-701 identifies FIM as a foundational integrity control used in compliance frameworks (PCI-DSS, HIPAA) and operational security monitoring. Because the organization is experiencing unpredictable changes to shared files and permissions, FIM provides visibility and accountability for who changed what and when.

  DLP (A) prevents data leakage but does not detect permission changes. EDR (B) focuses on endpoint threat behavior, not file integrity on network shares. ACLs (D) define permissions but do not track changes or detect unauthorized modifications.

  Therefore, C: FIM is the correct choice.