CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 641:

  Which of the following is the best way to improve the confidentiality of remote connections to an enterprise's infrastructure?

  A. Firewalls
  B. Virtual private networks
  C. Extensive logging
  D. Intrusion detection systems
  B. Virtual private networks

• Question 642:

  Which of the following is an example of change management?

  A. Implementing an update after a board grants approval
  B. Setting a new password for a user
  C. Performing a penetration test before deploying a patch
  D. Auditing all system equipment before sending the list to the Chief Executive Officer
  A. Implementing an update after a board grants approval

  ---

  Explanation

  The best answer is A. Implementing an update after a board grants approval. Change management is the formal process used to request, review, approve, test, document, and implement changes to systems and environments in a controlled manner. A common example is submitting a proposed change to a change advisory board (CAB) or other approval authority, receiving approval, and then implementing the update according to procedure. This answer reflects the structured governance process that Security+ associates with proper change management. Why the other options are incorrect:

  B. Setting a new password for a userThis is a routine administrative or support task, not a formal example of change management.

  C. Performing a penetration test before deploying a patchPenetration testing is a security assessment activity. It may support decision-making, but it is not itself the best example of the change management process.

  D. Auditing all system equipment before sending the list to the Chief Executive OfficerThis is closer to inventory or audit work, not change management. From a SY0-701 perspective, change management is about controlled, approved, and documented changes to the environment. Therefore, A is the correct answer.

• Question 643:

  Which of the following methods would most likely be used to identify legacy systems?

  A. Bug bounty program
  B. Vulnerability scan
  C. Package monitoring
  D. Dynamic analysis
  B. Vulnerability scan

  ---

  Explanation

  A vulnerability scan is the most likely method to identify legacy systems. These scans assess an organization's network and systems for known vulnerabilities, including outdated or unsupported software (i.e., legacy systems) that may pose a security risk. The scan results can highlight systems that are no longer receiving updates, helping IT teams address these risks. Bug bounty programs are used to incentivize external researchers to find security flaws, but they are less effective at identifying legacy systems. Package monitoring tracks installed software packages for updates or issues but is not as comprehensive for identifying legacy systems. Dynamic analysis is typically used for testing applications during runtime to find vulnerabilities, but not for identifying legacy systems.

• Question 644:

  Which of the following allows an exploit to go undetected by the operating system?

  A. Firmware vulnerabilities
  B. Side loading
  C. Memory injection
  D. Encrypted payloads
  C. Memory injection

  ---

  Explanation

  Memory injection techniques allow attackers to inject malicious code directly into a process's memory space, often bypassing traditional file-based detection methods. By operating in-memory, these exploits can evade detection by the operating system and avoid leaving traces on disk, making them harder for antivirus and other security software to identify.

• Question 645:

  When trying to access an internal website, an employee reports that a prompt displays, stating that the site is insecure.

  Which of the following certificate types is the site most likely using?

  A. Wildcard
  B. Root of trust
  C. Third-party
  D. Self-signed
  D. Self-signed

  ---

  Explanation

  A self-signed certificate is not issued by a trusted certificate authority, which often causes browsers to flag it as insecure. When accessing a site with a self-signed certificate, users typically receive a warning about the site's security since the certificate cannot be automatically trusted, making it likely that the internal website is using a self-signed certificate.

• Question 646:

  A company wants to ensure employees are allowed to copy files from a virtual desktop during the workday but are restricted during non-working hours.

  Which of the following security measures should the company set up?

  A. Digital rights management
  B. Role-based access control
  C. Time-based access control
  D. Network access control
  C. Time-based access control

• Question 647:

  A company hired an external consultant to assist with required system upgrades to a critical business application. A systems administrator needs to secure the consultant's access without sharing passwords to critical systems.

  Which of the following solutions should most likely be utilized?

  A. TACACS+
  B. SAML
  C. An SSO platform
  D. Role-based access control
  E. PAM software
  E. PAM software

• Question 648:

  Which of the following is the most important element when defining effective security governance?

  A. Discovering and documenting external considerations
  B. Developing procedures for employee onboarding and offboarding
  C. Assigning roles and responsibilities for owners, controllers, and custodians
  D. Defining and monitoring change management procedures
  C. Assigning roles and responsibilities for owners, controllers, and custodians

• Question 649:

  A security analyst is reviewing the logs on an organization's DNS server and notices the following unusual snippet:

  

  Which of the following attack techniques was most likely used?

  A. Determining the organization's ISP-assigned address space
  B. Bypassing the organization's DNS sinkholing
  C. Footprinting the internal network
  D. Attempting to achieve initial access to the DNS server
  E. Exfiltrating data from fshare.int.complia.org
  C. Footprinting the internal network

• Question 650:

  Which of the following actions would reduce the number of false positives for an analyst to manually review?

  A. Create playbooks as part of a SOAR platform
  B. Redefine the patch management process
  C. Replace an EDR tool with an XDR solution
  D. Disable AV heuristics scanning
  A. Create playbooks as part of a SOAR platform