CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 601:

  Which of the following enables the ability to receive a consolidated report from different devices on the network?

  A. IPS
  B. DLP
  C. SIEM
  D. Firewall
  C. SIEM

  ---

  Explanation

  SIEM (Security Information and Event Management) systems aggregate and analyze log data from various devices across a network, enabling the collection, correlation, and analysis of security-related events. SIEM provides a consolidated report of activities, helping to identify potential security incidents by correlating data from multiple sources, which enhances visibility and response capabilities across the network.

• Question 602:

  During a SQL update of a database, a temporary field that was created was replaced by an attacker in order to allow access to the system.

  Which of the following best describes this type of vulnerability?

  A. Race condition
  B. Memory injection
  C. Malicious update
  D. Side loading
  A. Race condition

  ---

  Explanation

  A race condition occurs when two or more processes access shared data and try to change it at the same time, leading to unpredictable outcomes. In this case, the attacker exploited a timing issue, replacing a temporary field during a SQL update to gain unauthorized access. This type of vulnerability is often due to a lack of proper synchronization controls, allowing malicious actions to occur within critical update windows.

• Question 603:

  Easy-to-guess passwords led to an account compromise. The current password policy requires at least 12 alphanumeric characters, one uppercase character, one lowercase character, a password history of two passwords, a minimum password age of one day, and a maximum password age of 90 days.

  Which of the following would reduce the risk of this incident from happening again? (Choose two.)

  A. Increasing the minimum password length to 14 characters.
  B. Upgrading the password hashing algorithm from MD5 to SHA-512.
  C. Increasing the maximum password age to 120 days.
  D. Reducing the minimum password length to ten characters.
  E. Reducing the minimum password age to zero days.
  F. Including a requirement for at least one special character.
  A. Increasing the minimum password length to 14 characters.
  F. Including a requirement for at least one special character.

• Question 604:

  Which of the following attacks exploits a potential vulnerability as a result of using weak cryptographic algorithms?

  A. Password cracking
  B. On-path
  C. Digital signing
  D. Side-channel
  A. Password cracking

  ---

  Explanation

  Weak cryptographic algorithms make it easier for attackers to crack passwords by using techniques such as brute-force or dictionary attacks. When encryption algorithms are weak, they produce predictable patterns or can be processed faster, allowing attackers to break the encryption and recover sensitive information, such as passwords, more easily.

• Question 605:

  An employee in the accounting department receives an email containing a demand for payment for services performed by a vendor. However, the vendor is not in the vendor management database.

  Which of the following is this scenario an example of?

  A. Pretexting
  B. Impersonation
  C. Ransomware
  D. Invoice scam
  D. Invoice scam

  ---

  Explanation

  The scenario describes an instance where an employee receives a fraudulent invoice from a vendor that is not recognized in the company's vendor management system. This is a classic example of an invoice scam, where attackers attempt to trick organizations into making payments for fake or non-existent services. These scams often rely on social engineering tactics to bypass financial controls.

  References:

  CompTIA Security+ SY0-701 study materials, particularly in the context of social engineering attacks and common scams.

• Question 606:

  Which of the following is most likely in a responsibility matrix in a cloud computing environment?

  A. The customer is responsible for information and data regardless of the cloud model used.
  B. The cloud provider is responsible for account and identity management for connected devices.
  C. The customer and the cloud provider share responsibility for the physical network infrastructure.
  D. The cloud provider is responsible for the security of endpoints connected to the infrastructure.
  A. The customer is responsible for information and data regardless of the cloud model used.

  ---

  Explanation

  The best answer is A. The customer is responsible for information and data regardless of the cloud model In cloud environments, a shared responsibility model defines which security duties belong to the cloud provider and which remain with the customer. While the exact split depends on whether the service is IaaS, PaaS, or SaaS, one responsibility that almost always remains with the customer is accountability for their information and data. The provider secures the cloud infrastructure, but the customer remains responsible for how their data is classified, handled, protected, and governed. Why the other options are incorrect:

  B. The cloud provider is responsible for account and identity management for connected devices. Identity and access management is typically at least partly the customer's responsibility, and often primarily so.

  C. The customer and the cloud provider share responsibility for the physical network infrastructure. Physical infrastructure is usually the cloud provider's responsibility, not shared in the way stated here.

  D. The cloud provider is responsible for the security of endpoints connected to the infrastructure. Endpoint security is normally the customer's responsibility. From the SY0-701 perspective, a responsibility matrix in cloud computing reflects the shared responsibility model, and the most consistently true statement here is

  A.

• Question 607:

  A company performs risk analysis on its equipment and estimates it will experience about ten incidents over a five-year period.

  Which of the following is the correct ARO for the equipment?

  A. 2
  B. 5
  C. 10
  D. 50
  A. 2

  ---

  Explanation

  The best answer is A. 2. ARO (Annualized Rate of Occurrence) measures how many times an incident is expected to occur per year. The company expects: 10 incidents over 5 years So the calculation is: ARO = 10 / 5 = 2 This means the expected annual rate of occurrence is 2 incidents per year. Why the other options are incorrect:

  B. 5This would not represent the yearly average based on the numbers given.

  C. 10This is the total number of incidents over five years, not the annualized value.

  D. 50This is not supported by the information in the question. From a Security+ risk calculation standpoint, when a total event count is spread across multiple years, the ARO is found by dividing the total incidents by the number of years. Therefore, A is correct.

• Question 608:

  A company wants to improve end users experiences when they tog in to a trusted partner website.

  The company does not want the users to be issued separate credentials for the partner website

  Which of the following should be implemented to allow users to authenticate using their own credentials to log in to the trusted partner's website?

  A. Directory service
  B. AAA server
  C. Federation
  D. Multifactor authentication
  C. Federation

  ---

  Explanation

  Federation means the company trusts accounts created and managed by a different network. It connects the identity management services of multiple systems

• Question 609:

  Which of the following will most likely lead an organization to revise its change management policy?

  A. An engineer adds a new feature to the production service.
  B. A production server continuously runs at its maximum load.
  C. Software is migrated to a cloud that offers increased flexibility in its updates.
  D. A legacy server lacks support for new regulatory requirements.
  C. Software is migrated to a cloud that offers increased flexibility in its updates.

  ---

  Explanation

  The best answer is C. Software is migrated to a cloud that offers increased flexibility in its updates. A change management policy defines how changes are requested, reviewed, approved, tested, documented, and implemented. When an organization migrates software to a cloud environment that supports more dynamic, frequent, or automated updates, the change management process may need to be revised to reflect the new operational model. Cloud environments often introduce: faster deployment cycles infrastructure as code automated updates continuous integration and continuous delivery different approval and rollback processes.

  These changes can significantly affect how the organization governs system changes, so revising the policy is likely necessary. Why the other options are incorrect:

  A. An engineer adds a new feature to the production service.This is an example of a change that should follow policy, not necessarily a reason to revise the policy itself.

  B. A production server continuously runs at its maximum load.This is more of a performance or capacity issue than a direct reason to revise change management policy.

  D. A legacy server lacks support for new regulatory requirements.This points more toward compliance remediation or system replacement, not specifically revising change management policy. From the SY0-701 perspective, major shifts in how systems are updated and maintained, especially through cloud adoption, are strong reasons to update change management governance. Therefore, C is correct.

• Question 610:

  A company processes a large volume of business-to-business transactions and prioritizes data confidentiality over transaction availability. The company ' s firewall administrator must configure a new hardware-based firewall to replace the current one.

  Which of the following should the administrator do to best align with the company requirements in case a security event occurs?

  A. Ensure the firewall data plane moves to fail-closed mode.
  B. Implement a deny-all rule as the last firewall ACL rule.
  C. Prioritize business-critical application traffic through the firewall.
  D. Configure rate limiting between the firewall interfaces.
  A. Ensure the firewall data plane moves to fail-closed mode.

  ---

  Explanation

  The best answer is Option A. Ensure the firewall data plane moves to fail-closed mode. The key requirement is that the company prioritizes confidentiality over availability. In a failure or security event, a fail-closed firewall blocks traffic rather than allowing traffic to continue through an untrusted or degraded state. This choice protects sensitive business data, even if it temporarily interrupts transactions.

  Why the other options are incorrect:

  Option B. Implement a deny-all rule as the last firewall ACL rule.This is a standard best practice, but it does not specifically address behavior during a security event.

  Option C. Prioritize business-critical application traffic through the firewall.This emphasizes availability and performance, not confidentiality.

  Option D. Configure rate limiting between the firewall interfaces.Rate limiting can help with traffic control, but it is not the best match for the stated priority.

  From a Security+ standpoint, when confidentiality is more important than uptime, fail closed is the correct choice.