CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 671:

  An organization maintains intellectual property that it wants to protect.

  Which of the following concepts would be most beneficial to add to the company's security awareness training program?

  A. Insider threat detection
  B. Simulated threats
  C. Phishing awareness
  D. Business continuity planning
  A. Insider threat detection

  ---

  Explanation

  For an organization that wants to protect its intellectual property, adding insider threat detection to the security awareness training program would be most beneficial. Insider threats can be particularly dangerous because they come from trusted individuals within the organization who have legitimate access to sensitive information. Insider threat detection: Focuses on identifying and mitigating threats from within the organization, including employees, contractors, or business partners who might misuse their access.

  Simulated threats: Often used for testing security measures and training, but not specifically focused on protecting intellectual property. Phishing awareness: Important for overall security but more focused on preventing external attacks rather than internal threats.

  Business continuity planning: Ensures the organization can continue operations during and after a disruption but does not directly address protecting intellectual property from insider threats.

  References:

  CompTIA Security+ SY0-701 Exam Objectives, Domain 5.6 - Implement security awareness practices (Insider threat detection).

• Question 672:

  In which of the following scenarios is tokenization the best privacy technique 10 use?

  A. Providing pseudo-anonymization tor social media user accounts
  B. Serving as a second factor for authentication requests
  C. Enabling established customers to safely store credit card Information
  D. Masking personal information inside databases by segmenting data
  C. Enabling established customers to safely store credit card Information

  ---

  Explanation

  Tokenization is a process that replaces sensitive data, such as credit card information, with a non-sensitive equivalent (token) that can be used in place of the actual data. This technique is particularly useful in securely storing payment information because the token can be safely stored and transmitted without exposing the original credit card number.

  References:

  CompTIA Security+ SY0-701 Course Content: Domain 03 Security Architecture. CompTIA Security+ SY0-601 Study Guide: Chapter on Cryptography and Data Protection.

• Question 673:

  After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice.

  Which of the following topics did the user recognize from the training?

  A. Insider threat
  B. Email phishing
  C. Social engineering
  D. Executive whaling
  C. Social engineering

  ---

  Explanation

  The caller used a deceptive pretext to pressure the user into revealing sensitive credit card information by pretending to act on behalf of the CFO. This is a classic example of social engineering. Executive whaling is a specific phishing attack that targets high-level executives, but in this case the attacker is impersonating an executive to manipulate another employee, so the best answer is social engineering.

• Question 674:

  A user downloads a patch from an unknown repository. FIM alerts indicate OS file hashes have changed.

  Which attack most likely occurred?

  A. Logic bomb
  B. Keylogger
  C. Ransomware
  D. Rootkit
  D. Rootkit

  ---

  Explanation

  The scenario indicates that a user downloaded an unofficial patch and applied it. Afterward, system files changed, which was detected by FIM. This strongly suggests the presence of a rootkit, which is designed to embed itself deeply into the operating system, altering core system files, modifying kernels, and hiding its presence.

  Rootkits commonly replace or modify OS-level files, which results in changed file hashes--exactly what FIM is detecting. Rootkits often gain privileged, persistent control and are frequently disguised as legitimate updates or patches.

  A logic bomb (A) is triggered by an event but does not typically modify OS files. A keylogger (B) captures keystrokes but generally does not modify system files broadly. Ransomware (C) encrypts files rather than silently altering system components.

  Thus, the best match is D: Rootkit.

• Question 675:

  A business provides long-term cold storage services to banks that are required to follow regulator-imposed data retention guidelines. Banks that use these services require that data is disposed of in a specific manner at the conclusion of the regulatory threshold for data retention.

  Which of the following aspects of data management is the most important to the bank in the destruction of this data?

  A. Encryption
  B. Classification
  C. Certification
  D. Procurement
  B. Classification

• Question 676:

  Which of the following should be used to aggregate log data in order to create alerts and detect anomalous activity?

  A. SIEM
  B. WAF
  C. Network taps
  D. IDS
  A. SIEM

  ---

  Explanation

  A Security Information and Event Management (SIEM) solution collects, aggregates, and correlates logs from multiple sources to detect anomalies and generate alerts. SIEMs are essential for security monitoring and incident detection.

  References:

  Security+ SY0-701 Course Content, Security+ SY0-601 Book.

• Question 677:

  Which of the following architectures is most suitable to provide redundancy for critical business processes?

  A. Network-enabled
  B. Server-side
  C. Cloud-native
  D. Multitenant
  C. Cloud-native

  ---

  Explanation

  Cloud-native architectures are designed with scalability, redundancy, and resilience in mind. They leverage the distributed nature of cloud infrastructure, allowing for automatic failover, load balancing, and redundancy across multiple geographic regions. This ensures high availability and continuous operation for critical business processes, even in the event of hardware or regional failures.

• Question 678:

  An organization would like to calculate the time needed to resolve a hardware issue with a server.

  Which of the following risk management processes describes this example?

  A. Recovery point objective
  B. Mean time between failures
  C. Recovery time objective
  D. Mean time to repair
  D. Mean time to repair

• Question 679:

  Which of the following threat actors would most likely deface the website of a high-profile music group?

  A. Unskilled attacker
  B. Organized crime
  C. Nation-state
  D. Insider threat
  A. Unskilled attacker

  ---

  Explanation

  An unskilled attacker, often referred to as a script kiddie, is likely to engage in website defacement. This type of attack typically requires minimal expertise and is often conducted for notoriety.

  References:

  CompTIA Security+ SY0-701 Study Guide, Domain 2: Threats, Section: "Threat Actors and Motivations".

• Question 680:

  A security administrator is addressing an issue with a legacy system that communicates data using an unencrypted protocol to transfer sensitive data to a third party. No software updates that use an encrypted protocol are available, so a compensating control is needed.

  Which of the following are the most appropriate for the administrator to suggest? (Select two.)

  A. Tokenization
  B. Cryptographic downgrade
  C. SSH tunneling
  D. Segmentation
  E. Patch installation
  F. Data masking
  C. SSH tunneling
  D. Segmentation

  ---

  Explanation

  SSH tunneling can secure the unencrypted protocol by encapsulating traffic in an encrypted tunnel. Segmentation isolates the legacy system, reducing the risk of unauthorized access.

  References:

  CompTIA Security+ SY0-701 Study Guide, Domain 2: Threats, Section: "Compensating Controls for Legacy Systems".