CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 551:

  An administrator needs to perform server hardening before deployment.

  Which of the following steps should the administrator take?

  (Select two).

  A. Disable default accounts.
  B. Add the server to the asset inventory.
  C. Remove unnecessary services.
  D. Document default passwords.
  E. Send server logs to the SIEM.
  F. Join the server to the corporate domain.
  A. Disable default accounts.
  C. Remove unnecessary services.

  ---

  Explanation

  To perform server hardening before deployment, the administrator should disable default accounts and remove unnecessary services. These steps are crucial to reducing the attack surface and enhancing the security of the server. Disable default accounts: Default accounts often come with default credentials that are well-known and can be exploited by attackers. Disabling these accounts helps prevent unauthorized access. Remove unnecessary services: Unnecessary services can introduce vulnerabilities and be exploited by attackers. Removing them reduces the number of potential attack vectors.

  Add the server to the asset inventory: Important for tracking and management but not directly related to hardening.

  Document default passwords: Documentation is useful, but changing or disabling default passwords is the hardening step.

  Send server logs to the SIEM: Useful for monitoring and analysis but not a direct hardening step.

  Join the server to the corporate domain: Part of integration into the network but not specific to hardening.

  References:

  CompTIA Security+ SY0-701 Exam Objectives, Domain 1.1 - Compare and contrast various types of security controls (Server hardening).

• Question 552:

  A hacker gained access to a system via a phishing attempt that was a direct result of a user clicking a suspicious link. The link laterally deployed ransomware, which laid dormant for multiple weeks, across the network.

  Which of the following would have mitigated the spread?

  A. IPS
  B. IDS
  C. WAF
  D. UAT
  A. IPS

  ---

  Explanation

  An IPS (Intrusion Prevention System) would have mitigated the spread of the ransomware by actively blocking malicious traffic patterns associated with lateral movement or propagation across the network.

  It is important to clarify scope: the IPS would not necessarily stop the initial phishing event (which is user-driven and typically handled by email security controls or user awareness). Instead, its value is in inline inspection and prevention after initial compromise, where it can detect and block suspicious behaviors such as exploitation attempts, abnormal lateral connections, or known ransomware signatures.

  Why others are incorrect: IDS only detects and alerts but does not block, so it would not mitigate spread.

  WAF protects web applications, not internal lateral movement.

  UAT is unrelated to security controls.

  So the correct reasoning is that IPS mitigates post-compromise propagation, not the phishing entry point.

• Question 553:

  A security administrator is configuring fileshares. The administrator removed the default permissions and added permissions for only users who will need to access the fileshares as part of their job duties.

  Which of the following best describes why the administrator performed these actions?

  A. Encryption standard compliance
  B. Data replication requirements
  C. Least privilege
  D. Access control monitoring
  C. Least privilege

  ---

  Explanation

  The security administrator's actions of removing default permissions and adding permissions only for users who need access as part of their job duties best describe the principle of least privilege. This principle ensures that users are granted the minimum necessary access to perform their job functions, reducing the risk of unauthorized access or data breaches.

  Least privilege: Limits access rights for users to the bare minimum necessary for their job duties, enhancing security by reducing potential attack surfaces. Encryption standard compliance: Involves meeting encryption requirements, but it does not explain the removal and assignment of specific permissions. Data replication requirements: Focus on duplicating data across different systems for redundancy and availability, not related to user permissions. Access control monitoring: Involves tracking and reviewing access to resources, but the scenario is about setting permissions, not monitoring them.

  References:

  CompTIA Security+ SY0-701 Exam Objectives, Domain 4.5 - Modify enterprise capabilities to enhance security (Least privilege).

• Question 554:

  Which of the following is the best mitigation for a zero-day vulnerability found in mission-critical production servers that must be highly available?

  A. Virtualizing and migrating to a containerized instance
  B. Removing and sandboxing to an isolated network
  C. Monitoring and implementing compensating controls
  D. Patching and redeploying to production as quickly as possible
  C. Monitoring and implementing compensating controls

• Question 555:

  A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team.

  Which of the following best describes the threat actor in the CISO's report?

  A. Insider threat
  B. Hacktivist
  C. Nation-state
  D. Organized crime
  D. Organized crime

  ---

  Explanation

  Ransomware-as-a-service is a type of cybercrime where hackers sell or rent ransomware tools or services to other criminals who use them to launch attacks and extort money from victims. This is a typical example of organized crime, which is a group of criminals who work together to conduct illegal activities for profit. Organized crime is different from other types of threat actors, such as insider threats, hacktivists, or nation-states, who may have different motives, methods, or targets.

  References:

  CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 17

• Question 556:

  A security analyst estimates that a small security incident will cost $10,000 and will occur twice per year. The analyst recommends a budget of $20,000 for next year.

  Which of the following does the $10,000 represent?

  A. ARO
  B. SLE
  C. ALE
  D. RPO
  B. SLE

  ---

  Explanation

  The $10,000 is the estimated cost per incident (per single occurrence). In quantitative risk analysis, that value is the Single Loss Expectancy (SLE)-the financial impact expected each time a risk event occurs. The Study Guide defines these terms and calculations clearly: "The single loss expectancy (SLE) is the amount of financial damage expected each time a risk materializes." It also explains how annual impact is derived: "The annualized loss expectancy (ALE) is the amount of damage expected from a risk each year. It is calculated by multiplying the SLE and the ARO."

  Here, the event occurs twice per year, so the Annualized Rate of Occurrence (ARO) is 2.0, and the annual expected loss (ALE) would be SLE x ARO = $10,000 x 2 = $20,000, which matches the recommended budget. That confirms $10,000 is not ARO (a frequency), not ALE (annual total), and not RPO (a disaster recovery metric about acceptable data loss window).

  References:

  Quantitative risk terms and formulas (SLE definition

  ALE = SLE x ARO).

• Question 557:

  After a security incident, a systems administrator asks the company to buy a NAC platform.

  Which of the following attack surfaces is the systems administrator trying to protect?

  A. Bluetooth
  B. Wired
  C. NFC
  D. SCADA
  B. Wired

  ---

  Explanation

  A NAC (network access control) platform is a technology that enforces security policies on devices that attempt to access a network. A NAC platform can verify the identity, role, and compliance of the devices, and grant or deny access based on predefined rules. A NAC platform can protect both wired and wireless networks, but in this scenario, the systems administrator is trying to protect the wired attack surface, which is the set of vulnerabilities that can be exploited through a physical connection to the network.

  References:

  CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 5, page 189

  CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 5, page 237.

• Question 558:

  A web application for a bank displays the following output when showing details about a customer's bank account:

  

  Which of the following techniques is most likely implemented in this web application?

  A. Data minimization
  B. Data scrambling
  C. Data masking
  D. Anonymization
  C. Data masking

  ---

  Explanation

  The application is hiding part of the account number and client name while still showing enough information for recognition. That is data masking. Data minimization means collecting or displaying only the minimum necessary data, data scrambling means transforming data into an unreadable or altered form, and anonymization means removing identifying elements so the person can no longer be identified.

• Question 559:

  A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering.

  Which of the following teams will conduct this assessment activity?

  A. White
  B. Purple
  C. Blue
  D. Red
  D. Red

  ---

  Explanation

  A red team is a group of security professionals who perform offensive security assessments covering penetration testing and social engineering. A red team simulates real-world attacks and exploits the vulnerabilities of a target organization, system, or network. A red team aims to test the effectiveness of the security controls, policies, and procedures of the target, as well as the awareness and response of the staff and the blue team. A red team can be hired as an external consultant or formed internally within the organization.

  References:

  18. CompTIA Security+ (SY0-701) Certification Exam Objectives, Domain 1.8, page

  4. Security Teams -SY0- 601

  CompTIA Security+ : 1.8

• Question 560:

  An employee emailed a new systems administrator a malicious web link and convinced the administrator to change the email server's password. The employee used this access to remove the mailboxes of key personnel.

  Which of the following security awareness concepts would help prevent this threat in the future?

  A. Recognizing phishing
  B. Providing situational awareness training
  C. Using password management
  D. Reviewing email policies
  A. Recognizing phishing

  ---

  Explanation

  In this scenario, the employee used a form of social engineering by sending a malicious link and persuading the administrator to take unauthorized actions. Training employees to recognize phishing attempts and other social engineering tactics would help them identify and avoid suspicious requests, reducing the likelihood of falling victim to similar threats in the future.