CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 621:

  Which of the following describes the most effective way to address OS vulnerabilities after they are identified?

  A. Endpoint protection
  B. Removal of unnecessary software
  C. Configuration enforcement
  D. Patching
  D. Patching

• Question 622:

  Which of the following would be the best ways to ensure only authorized personnel can access a secure facility? (Select two).

  A. Fencing
  B. Video surveillance
  C. Badge access
  D. Access control vestibule
  E. Sign-in sheet
  F. Sensor
  C. Badge access
  D. Access control vestibule

  ---

  Explanation

  Badge access and access control vestibule are two of the best ways to ensure only authorized personnel can access a secure facility. Badge access requires the personnel to present a valid and authenticated badge to a reader or scanner that grants or denies access based on predefined rules and permissions. Access control vestibule is a physical security measure that consists of a small room or chamber with two doors, one leading to the outside and one leading to the secure area. The personnel must enter the vestibule and wait for the first door to close and lock before the second door can be opened. This prevents tailgating or piggybacking by unauthorized individuals.

  References:

  CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 4, pages 197-1981

• Question 623:

  A contractor is required to visually inspect the motherboards of all new servers that are purchased to determine whether the servers were tampered with.

  Which of the following risks is the contractor attempting to mitigate?

  A. Embedded rootkit
  B. Supply chain
  C. Firmware failure
  D. RFID keylogger
  B. Supply chain

  ---

  Explanation

  By visually inspecting the motherboards of new servers, the contractor is mitigating supply chain risks, which include the possibility of tampering or malicious components being introduced during manufacturing or transit. Such inspections help ensure the integrity of hardware and reduce the likelihood of compromised devices entering the organization.

• Question 624:

  The Chief Information Security Officer (CISO) at a large company would like to gain an understanding of how the company's security policies compare to the requirements imposed by external regulators.

  Which of the following should the CISO use?

  A. Penetration test
  B. Internal audit
  C. Attestation
  D. External examination
  B. Internal audit

• Question 625:

  An architect has a request to increase the speed of data transfer using JSON requests externally. Currently, the organization uses SFTP to transfer data files.

  Which of the following will most likely meet the requirements?

  A. A website-hosted solution
  B. Cloud shared storage
  C. A secure email solution
  D. Microservices using API
  D. Microservices using API

• Question 626:

  A small business initially plans to open common communications ports (21, 22, 25, 80, 443) on its firewall to allow broad access to its screened subnet. However, their security consultant advises against this action.

  Which of the following security principles is the consultant addressing?

  A. Secure access service edge
  B. Attack surface
  C. Least privilege
  D. Separation of duties
  B. Attack surface

  ---

  Explanation

  The correct answer is Attack surface because opening multiple common service ports unnecessarily increases the number of potential entry points an attacker can target. In the Security+ SY0-701 exam objectives, the attack surface is defined as the total number of exposed interfaces, services, ports, protocols, and access points that an attacker could attempt to exploit. Each open port corresponds to a listening service, and every exposed service represents an opportunity for reconnaissance, exploitation, or abuse.

  In this scenario, the business intends to open ports for FTP, SSH, SMTP, HTTP, and HTTPS without clearly limiting access. While some of these services may be required, opening all of them broadly-especially to a screened subnet-significantly expands the attack surface. If any of these services are misconfigured, unpatched, or vulnerable, attackers could exploit them to gain unauthorized access. The SY0-701 study guide emphasizes minimizing exposed services as a foundational defensive strategy, often referred to as reducing attack surface area.

  Option C, least privilege, is related but not the best answer. Least privilege focuses on granting users or systems only the minimum access required, whereas this question specifically concerns exposed network services rather than access rights. Option A, secure access service edge (SASE), is a cloud-based architecture model and is unrelated to basic firewall port exposure decisions. Option D, separation of duties, applies to role and responsibility distribution, not network exposure.

  By advising against opening multiple common ports, the consultant is recommending a reduction in exposed services to limit opportunities for attack. This aligns directly with SY0-701 guidance on secure network design, firewall hardening, and minimizing externally accessible services.

  In summary, limiting open ports reduces the organization's attack surface, making Attack surface the correct and best answer.

• Question 627:

  Which of the following definitions best describes the concept of log correlation?

  A. Combining relevant logs from multiple sources into one location
  B. Searching and processing data to identify patterns of malicious activity
  C. Making a record of the events that occur in the system
  D. Analyzing the log files of the system components
  B. Searching and processing data to identify patterns of malicious activity

  ---

  Explanation

  Log correlation involves analyzing and linking data from multiple sources to identify patterns, trends, or sequences of events that indicate potential security incidents or malicious activity. This process helps security teams detect complex threats that may not be evident from individual logs alone.

• Question 628:

  Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?

  A. Preparation
  B. Recovery
  C. Lessons learned
  D. Analysis
  A. Preparation

  ---

  Explanation

  Preparation is the phase in the incident response process when a security analyst reviews roles and responsibilities, as well as the policies and procedures for handling incidents. Preparation also involves gathering and maintaining the necessary tools, resources, and contacts for responding to incidents. Preparation can help a security analyst to be ready and proactive when an incident occurs, as well as to reduce the impact and duration of the incident.

  Some of the activities that a security analyst performs during the preparation phase are: Defining the roles and responsibilities of the incident response team members, such as the incident manager, the incident coordinator, the technical lead, the communications lead, and the legal advisor. Establishing the incident response plan, which outlines the objectives, scope, authority, and procedures for responding to incidents, as well as the escalation and reporting mechanisms. Developing the incident response policy, which defines the types and categories of incidents, the severity levels, the notification and reporting requirements, and the roles and responsibilities of the stakeholders. Creating the incident response playbook, which provides the step-by-step guidance and checklists for handling specific types of incidents, such as denial-of-service, ransomware, phishing, or data breach. Acquiring and testing the incident response tools, such as network and host-based scanners, malware analysis tools, forensic tools, backup and recovery tools, and communication and collaboration tools. Identifying and securing the incident response resources, such as the incident response team, the incident response location, the evidence storage, and the external support.

  Building and maintaining the incident response contacts, such as the internal and external stakeholders, the law enforcement agencies, the regulatory bodies, and the media.

  References:

  6: Architecture and Design, Section 6.4: Secure Systems Design, p. 279-280 CompTIA Security+ SY0-701 Certification Exam Objectives, Domain

  3: Architecture and Design, Objective 3.5: Given a scenario, implement secure network architecture concepts, Sub-objective: Incident response, p. 16

• Question 629:

  Which of the following activities is included in the post-incident review phase?

  A. Determining the root cause of the incident
  B. Developing steps to mitigate the risks of the incident
  C. Validating the accuracy of the evidence collected during the investigation
  D. Reestablishing the compromised system's configuration and settings
  A. Determining the root cause of the incident

  ---

  Explanation

  During the post-incident review, the team analyzes the incident to understand its root cause. This phase is focused on learning from the incident, identifying vulnerabilities, and implementing improvements to prevent similar future incidents.

• Question 630:

  A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users.

  Which of the following would be a good use case for this task?

  A. Off-the-shelf software
  B. Orchestration
  C. Baseline
  D. Policy enforcement
  B. Orchestration

  ---

  Explanation

  Orchestration is the process of automating multiple tasks across different systems and applications. It can help save time and reduce human error by executing predefined workflows and scripts. In this case, the systems administrator can use orchestration to create accounts for a large number of end users without having to manually enter their information and assign permissions.

  References:

  CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 457