CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 651:

  A systems administrator wants to implement a backup solution. The solution needs to allow recovery of the entire system, including the operating system, in case of a disaster.

  Which of the following backup types should the administrator consider?

  A. Incremental
  B. Storage area network
  C. Differential
  D. Image
  D. Image

  ---

  Explanation

  An image backup, also known as a full system backup, captures the entire contents of a system, including the operating system, applications, settings, and all data. This type of backup allows for a complete recovery of the system in case of a disaster, as it includes everything needed to restore the system to its previous state. This makes it the ideal choice for a systems administrator who needs to ensure the ability to recover the entire system, including the OS.

  References:

  CompTIA Security+ SY0-701 study materials, domain on Security Operations.

• Question 652:

  A network administrator deploys an FDE solution on all end user workstations.

  Which of the following data protection strategies does this describe?

  A. Masking
  B. Data in transit
  C. Obfuscation
  D. Data at rest
  E. Data sovereignty
  D. Data at rest

  ---

  Explanation

  Full-disk encryption (FDE) protects the contents of storage media, which is a classic data-at-rest control. The Study Guide explains the "three situations" relevant to confidentiality-at rest, in transit, and in use-and then specifically ties disk encryption/FDE to protecting stored data: "Data at rest, or stored data, is that which resides in a permanent location awaiting access... Examples... hard drives..." It then describes FDE as an encryption method applied to disks: "Full-disk encryption (FDE) is a form of encryption where all the data on a hard drive is automatically encrypted, including the operating system and system files... In the case of loss or theft, FDE can prevent unauthorized access to all data on the hard drive."

  That is exactly the definition of protecting data at rest-it is intended to prevent disclosure if a laptop /workstation is lost, stolen, or the drive is removed. This is not masking (hiding parts of fields), not data in transit (network encryption like TLS/ VPN), not obfuscation (making code hard to understand), and not data sovereignty (jurisdiction/location requirements). Therefore, deploying FDE on workstations is a data-at-rest protection strategy.

  References:

  Data-at-rest definition and confidentiality contexts

  FDE definition and purpose protecting disk-stored data.

• Question 653:

  An enterprise security team is researching a new security architecture to better protect the company's networks and applications against the latest cyberthreats. The company has a fully remote workforce. The solution should be highly redundant and enable users to connect to a VPN with an integrated, software-based firewall.

  Which of the following solutions meets these requirements?

  A. IPS
  B. SIEM
  C. SASE
  D. CASB
  C. SASE

  ---

  Explanation

  SASE combines network and security functions, including VPN, software-based firewalls, secure web gateways, and more, into a single cloud-delivered service. It is well-suited for a fully remote workforce as it provides secure, scalable, and redundant access to company resources from any location, while protecting networks and applications against the latest cyberthreats.

• Question 654:

  An incident response specialist must stop a malicious attack from expanding to other parts of an organization.

  Which of the following should the incident response specialist perform first?

  A. Eradication
  B. Recovery
  C. Containment
  D. Simulation
  C. Containment

• Question 655:

  A security officer observes that a software development team is not complying with its corporate security policy on encrypting confidential data.

  Which of the following categories refers to this type of non-compliance?

  A. External
  B. Standard
  C. Regulation
  D. Internal
  D. Internal

• Question 656:

  A security manager created new documentation to use in response to various types of security incidents.

  Which of the following is the next step the manager should take?

  A. Set the maximum data retention policy.
  B. Securely store the documents on an air-gapped network.
  C. Review the documents' data classification policy.
  D. Conduct a tabletop exercise with the team.
  D. Conduct a tabletop exercise with the team.

  ---

  Explanation

  A tabletop exercise is a simulated scenario that tests the effectiveness of a security incident response plan. It involves gathering the relevant stakeholders and walking through the steps of the plan, identifying any gaps or issues that need to be addressed. A tabletop exercise is a good way to validate the documentation created by the security manager and ensure that the team is prepared for various types of security incidents.

  References:

  6: Risk Management, page 2841. CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter

  6: Risk Management, page 2842.

• Question 657:

  Which of the following is used to validate a certificate when it is presented to a user?

  A. OCSP
  B. CSR
  C. CA
  D. CRC
  A. OCSP

  ---

  Explanation

  OCSP stands for Online Certificate Status Protocol. It is a protocol that allows applications to check the revocation status of a certificate in real-time. It works by sending a query to an OCSP responder, which is a server that maintains a database of revoked certificates. The OCSP responder returns a response that indicates whether the certificate is valid, revoked, or unknown. OCSP is faster and more efficient than downloading and parsing Certificate Revocation Lists (CRLs), which are large files that contain the serial numbers of all revoked certificates issued by a Certificate Authority (CA).

  References:

  CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 337

• Question 658:

  The Chief Information Security Officer gives the security community the opportunity to report vulnerabilities on the organization's public-facing assets.

  Which of the following does this scenario best describe?

  A. Bug bounty
  B. Red teaming
  C. Open-source intelligence
  D. Third-party information sharing
  A. Bug bounty

  ---

  Explanation

  This scenario describes a bug bounty program, which invites external security researchers to responsibly identify and report vulnerabilities in an organization's systems. CompTIA Security+ SY0-701 defines bug bounty programs as structured initiatives that reward researchers for discovering and disclosing security flaws before they can be exploited by malicious actors.

  Bug bounty programs extend security testing beyond internal teams and provide continuous, real-world testing of public-facing assets. They are particularly effective for identifying zero-day vulnerabilities, logic flaws, and edge-case issues that automated tools may miss.

  Red teaming (B) is a controlled, internal or contracted adversarial exercise, not an open invitation. Open-source intelligence (C) involves gathering publicly available information, not vulnerability reporting. Third-party information sharing (D) refers to sharing threat intelligence, not soliciting vulnerability reports.

  Because the CISO is inviting the broader security community to report vulnerabilities, the correct answer is A:

  Bug bounty.

• Question 659:

  A company implemented an MDM policy 10 mitigate risks after repealed instances of employees losing company-provided mobile phones. In several cases. The lost phones were used maliciously to perform social engineering attacks against other employees.

  Which of the following MDM features should be configured to best address this issue?

  (Select two).

  A. Screen locks
  B. Remote wipe
  C. Full device encryption
  D. Push notifications
  E. Application management
  F. Geolocation
  A. Screen locks
  B. Remote wipe

  ---

  Explanation

  Integrating each SaaS solution with an Identity Provider (IdP) is the most effective way to address the security issue. This approach allows for Single Sign-On (SSO) capabilities, where users can access multiple SaaS applications with a single set of credentials while maintaining strong password policies across all services. It simplifies the user experience and ensures consistent security enforcement across different SaaS platforms.

  References:

  CompTIA Security+ SY0-701 Course Content: Domain 05 Security Program Management and Oversight.

  CompTIA Security+ SY0-601 Study Guide: Chapter on Identity and Access Management.

• Question 660:

  Which of the following is a common data removal option for companies that want to wipe sensitive data from hard drives in a repeatable manner but allow the hard drives to be reused?

  A. Sanitization
  B. Formatting
  C. Degaussing
  D. Defragmentation
  A. Sanitization