CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 681:

  A company asks a vendor to help its internal red team with a penetration test without providing too much detail about the infrastructure.

  Which of the following penetration testing methods does this scenario describe?

  A. Passive reconnaissance
  B. Partially-known environment
  C. Integrated testing
  D. Defensive testing
  B. Partially-known environment

  ---

  Explanation

  This scenario describes a partially-known environment penetration test. In CompTIA Security+ SY0-701, penetration testing approaches are commonly categorized as black box (unknown), white box (fully known), and gray box (partially known). A partially-known environment means the tester is given limited information-enough to be realistic and efficient, but not complete details about the infrastructure.

  Here, the vendor is assisting an internal red team and is intentionally not provided with extensive infrastructure details, which mirrors a gray-box testing approach. This method balances realism and efficiency by simulating an attacker who has some knowledge (such as credentials, architecture diagrams, or application details) but not full access or documentation.

  Passive reconnaissance (A) is an activity within testing, not a testing methodology. Integrated testing (C) refers to coordinated testing involving multiple teams (e.g., red and blue teams) with full cooperation. Defensive testing (D) focuses on validating defensive controls rather than simulating an attacker's perspective.

  Therefore, the correct answer is B: Partially-known environment.

• Question 682:

  A company is working with a vendor to perform a penetration test.

  Which of the following includes an estimate about the number of hours required to complete the engagement?

  A. SOW
  B. BPA
  C. SLA
  D. NDA
  A. SOW

  ---

  Explanation

  A statement of work (SOW) is a document that defines the scope, objectives, deliverables, timeline, and costs of a project or service. It typically includes an estimate of the number of hours required to complete the engagement, as well as the roles and responsibilities of the parties involved. A SOW is often used for penetration testing projects to ensure that both the client and the vendor have a clear and mutual understanding of what is expected and how the work will be performed. A business partnership agreement (BPA), a service level agreement (SLA), and a non-disclosure agreement (NDA) are different types of contracts that may be related to a penetration testing project, but they do not include an estimate of the number of hours required to complete the engagement.

  References:

  CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 492

  What to Look For in a Penetration Testing Statement of Work?

• Question 683:

  A security analyst is responding to a malware incident at a company. The malware connects to a command-and-control server on the internet in order to function.

  Which of the following should the security analyst implement first?

  A. Network segmentation
  B. IP-based firewall rules
  C. Mobile device management
  D. Content filler
  B. IP-based firewall rules

  ---

  Explanation

  The malware depends on reaching its command-and-control server on the internet, so the first action should be to block that communication path. Implementing IP-based firewall rules can immediately prevent the infected system from contacting the known malicious IP address and can disrupt the malware's operation. Network segmentation is broader and slower to implement, MDM is unrelated, and content filter is not the most direct first response to a known C2 connection.

• Question 684:

  A security officer is implementing a security awareness program and is placing security-themed posters around the building and is assigning online user training.

  Which of the following would the security officer most likely implement?

  A. Password policy
  B. Access badges
  C. Phishing campaign
  D. Risk assessment
  C. Phishing campaign

  ---

  Explanation

  In a security awareness program, a phishing campaign is often implemented alongside other awareness activities, such as security-themed posters and online user training. Phishing simulations help users recognize and respond correctly to phishing attempts, reinforcing the training's effectiveness. This practical exercise increases awareness about social engineering attacks, making it a suitable component of a comprehensive security awareness program.

• Question 685:

  A software company currently secures access using a combination of traditional username/password configurations and one-time passwords for MFA. However, employees still struggle to maintain both a password manager and the authenticator application. The company wants to migrate to a single, integrated authentication solution that is more secure and provides a smoother login experience for its employees.

  Which of the following solutions will best satisfy the company ' s needs?

  A. Migrating to FIDO2 passkeys, utilizing built-in device biometrics for user authentication
  B. Implementing SMS-based one-time passwords as the primary second factor for all logins
  C. Implementing SAML federation across authentication servers so employees can use SSO to access applications
  D. Deploying a PKI system that requires all employees to use smart cards for login access
  A. Migrating to FIDO2 passkeys, utilizing built-in device biometrics for user authentication

  ---

  Explanation

  The best answer is A. Migrating to FIDO2 passkeys, utilizing built-in device biometrics for user authentication. The company wants a single, integrated authentication solution that is both more secure and easier for employees to use. FIDO2 passkeys best match this requirement because they allow passwordless authentication using cryptographic credentials stored on the user's device, often unlocked with biometrics or a local PIN. This improves security and usability because: users no longer need to manage a password plus a separate authenticator app phishing resistance is stronger than traditional passwords and OTPs authentication is integrated into the device experience biometric unlock makes login smoother for users.

  Why the other options are incorrect:

  B. Implementing SMS-based one-time passwords as the primary second factor for all loginsSMS is weaker than modern phishing-resistant methods and still does not solve the issue of streamlining authentication as well as passkeys.

  C.

  Implementing SAML federation across authentication servers so employees can use SSO to access applicationsSSO improves convenience, but it does not by itself replace passwords with a more secure integrated authentication method.

  It solves access federation, not the core password-plus-authenticator problem.

  D. Deploying a PKI system that requires all employees to use smart cards for login accessSmart cards can be secure, but they are less convenient and less seamless than device-based passkeys and biometrics for many organizations. From a SY0-701 perspective, FIDO2 and passwordless authentication are strong modern controls that improve both security and user experience. Therefore, A is the best answer.

• Question 686:

  A company relies on open-source software libraries to build the software used by its customers.

  Which of the following vulnerability types would be the most difficult to remediate due to the company's reliance on open-source libraries?

  A. Buffer overflow
  B. SQL injection
  C. Cross-site scripting
  D. Zero day
  D. Zero day

  ---

  Explanation

  Zero-day vulnerabilities are unknown flaws in software, making them harder to patch, especially when using open-source libraries without dedicated support teams.

• Question 687:

  A security administrator recently reset local passwords and the following values were recorded in the system:

  

  Which of the following is the security administrator most likely protecting against?

  A. Account sharing
  B. Weak password complexity
  C. Pass-the-hash attacks
  D. Password compromise
  C. Pass-the-hash attacks

  ---

  Explanation

  The scenario shows stored password hash values for multiple systems after a reset. While the column is labeled "MD5 password values," the key point is not the specific algorithm but that passwords are stored as hashes rather than plaintext.

  This relates directly to pass-the-hash attacks, where an attacker uses a stolen hash to authenticate without needing to know the original password. By resetting passwords and managing stored hashes, the administrator is addressing the risk that previously captured hashes could be reused for unauthorized access.

  Why others are incorrect: Account sharing is unrelated to how passwords are stored.

  Weak password complexity concerns password strength, not hash usage.

  Password compromise is too general and does not specifically relate to the use or abuse of hashed credentials.

  So the best answer is C, without relying on assuming a specific hashing algorithm.

• Question 688:

  Which of the following actions is best performed by ticketing automation to ensure that incidents receive the correct level of attention and response?

  A. Notification
  B. Creation
  C. Closure
  D. Escalation
  D. Escalation

  ---

  Explanation

  The key phrase is "ensure that incidents receive the correct level of attention and response." In operations, that aligns most directly with escalation-moving high-severity or time-sensitive incidents to the right people /teams quickly and consistently, according to predefined criteria (severity, impacted systems, threat intel enrichment, SLA timers). The Study Guide lists ticketing and escalation explicitly as automation use cases: "Ticket creation: Automation can streamline the ticketing process, enabling immediate creation and routing of issues to the right teams." and, crucially for this question, "Escalation: In case of a major incident, scripts can automate the escalation process, alerting key personnel quickly."

  While automation can also handle notification and ticket creation, escalation is the control that most directly enforces that the incident gets the proper priority and response path (for example: paging on-call, invoking the IR lead, opening a bridge, and applying "major incident" workflows). Closure is typically less suitable because it often requires validation and human judgment to ensure containment, eradication, and recovery steps are complete.

  References:

  Automation use cases for ticketing, including escalation for major incidents.

• Question 689:

  A security professional discovers a folder containing an employee's personal information on the enterprise's shared drive.

  Which of the following best describes the data type the security professional should use to identify organizational policies and standards concerning the storage of employees' personal information?

  A. Legal
  B. Financial
  C. Privacy
  D. Intellectual property
  C. Privacy

  ---

  Explanation

  Privacy data includes information such as Personally Identifiable Information (PII), which relates to employees' or customers' personal data. Organizations often maintain policies and standards specifically addressing how such sensitive information should be handled.

  References:

  CompTIA Security+ SY0-701 Study Guide, Domain 5: Security Program Management, Section: "Data Types and Classifications".

• Question 690:

  A security team wants WAF policies to be automatically created when applications are deployed.

  Which concept describes this capability?

  A. IaC
  B. IoT
  C. IoC
  D. IaaS
  A. IaC

  ---

  Explanation

  Automatically generating WAF rules when applications are deployed is a hallmark of Infrastructure as Code (IaC). IaC allows infrastructure components-including firewalls, WAF policies, and load balancers-to be defined and deployed via code templates rather than manual configuration. In DevSecOps, IaC enables security controls to be embedded into deployment pipelines, ensuring that protections such as WAF rules are created instantly and consistently whenever new application versions are released.

  Security+ SY0-701 highlights IaC as a method for automating infrastructure provisioning, standardizing security controls, and reducing configuration drift. This allows development and security teams to collaborate more effectively by treating security policies as code.

  IoT (B) refers to smart devices, IoC (C) refers to indicators of compromise, and IaaS (D) refers to cloud compute infrastructure-not automated security policy creation.

  Thus, the correct answer is A: IaC.