CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 701:

  A technician is deploying a new security camera.

  Which of the following should the technician do?

  A. Configure the correct VLAN.
  B. Perform a vulnerability scan.
  C. Disable unnecessary ports.
  D. Conduct a site survey.
  D. Conduct a site survey.

• Question 702:

  A company is discarding a classified storage array and hires an outside vendor to complete the disposal.

  Which of the following should the company request from the vendor?

  A. Certification
  B. Inventory list
  C. Classification
  D. Proof of ownership
  A. Certification

  ---

  Explanation

  The company should request a certification from the vendor that confirms the storage array has been disposed of securely and in compliance with the company's policies and standards. A certification provides evidence that the vendor has followed the proper procedures and methods to destroy the classified data and prevent unauthorized access or recovery. A certification may also include details such as the date, time, location, and method of disposal, as well as the names and signatures of the personnel involved.

  References:

  CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 3, page 1441

• Question 703:

  Which of the following would a systems administrator follow when upgrading the firmware of an organization's router?

  A. Software development life cycle
  B. Risk tolerance
  C. Certificate signing request
  D. Maintenance window
  D. Maintenance window

  ---

  Explanation

  A maintenance window is a pre-scheduled period when system or network changes, updates, or repairs are performed. By using a designated maintenance window, a systems administrator can minimize disruption to the organization's operations, as this window is typically chosen during a time when network usage is lower, reducing the impact on users.

• Question 704:

  A security analyst receives an alert that an employee has clicked on a phishing email and exposed their credentials.

  Which of the following should the analyst do?

  A. Notify all employees about the phishing attack and instruct them to avoid suspicious emails.
  B. Wait for confirmation from the employee before making any changes to the account.
  C. Reimage the employee ' s workstation to ensure no malware is present.
  D. Lock the employee ' s account to prevent further unauthorized access.
  D. Lock the employee ' s account to prevent further unauthorized access.

  ---

  Explanation

  The best answer is D. Lock the employee ' s account to prevent further unauthorized access. If credentials have been exposed in a phishing incident, the most urgent priority is to contain the threat by preventing attackers from using those credentials. Locking or disabling the affected account is an immediate response step that reduces the risk of unauthorized access, lateral movement, privilege abuse, or data theft. Why the other options are incorrect:

  A. Notify all employees about the phishing attack and instruct them to avoid suspicious emails. Awareness messaging may be useful later, but it does not immediately contain the compromised account.

  B. Wait for confirmation from the employee before making any changes to the account.Waiting introduces unnecessary risk if the credentials are already exposed.

  C. Reimage the employee ' s workstation to ensure no malware is present.Reimaging may be appropriate if malware was delivered, but the question specifically says the employee exposed credentials. The first priority is account containment. From a Security+ incident response perspective, the immediate action after credential compromise is to disable or lock the account, making D the best answer.

• Question 705:

  Which of the following would a security administrator use to comply with a secure baseline during a patch update?

  A. Information security policy
  B. Service-level expectations
  C. Standard operating procedure
  D. Test result report
  C. Standard operating procedure

  ---

  Explanation

  Standard operating procedures (SOPs) outline the steps to be followed to maintain a secure baseline, such as testing and deploying patches while minimizing risk to the system.

  References:

  CompTIA Security+ SY0-701 Study Guide, Domain 4: Security Operations, Section: "Patch Management and Baseline Compliance".

• Question 706:

  A company's accounting department receives an urgent payment message from the company's bank domain with instructions to wire transfer funds. The sender requests that the transfer be completed as soon as possible.

  Which of the following attacks is described?

  A. Business email compromise
  B. Vishing
  C. Spear phishing
  D. Impersonation
  A. Business email compromise

• Question 707:

  Which of the following is the best way to validate the integrity and availability of a disaster recovery site?

  A. Lead a simulated failover.
  B. Conduct a tabletop exercise.
  C. Periodically test the generators.
  D. Develop requirements for database encryption.
  A. Lead a simulated failover.

  ---

  Explanation

  A simulated failover tests the disaster recovery site's ability to handle a full transition of services. This ensures all systems can function as expected during an actual disaster.

  References:

  CompTIA Security+ SY0-701 Study Guide, Domain 5: Security Program Management, Section: "Disaster Recovery and Business Continuity Planning".

• Question 708:

  Which of the following is used to calculate the impact to an organization per cybersecurity incident?

  A. SLE
  B. ALE
  C. ARO
  D. SLA
  A. SLE

  ---

  Explanation

  Single Loss Expectancy (SLE) represents the monetary loss an organization expects from a single cybersecurity incident, helping quantify the financial impact of individual events.

• Question 709:

  A company wants to get alerts when others are researching and doing reconnaissance on the company. One approach would be to host a part of the Infrastructure online with known vulnerabilities that would appear to be company assets.

  Which of the following describes this approach?

  A. Watering hole
  B. Bug bounty
  C. DNS sinkhole
  D. Honeypot
  D. Honeypot

  ---

  Explanation

  A honeypot is a security mechanism set up to attract and detect potential attackers by simulating vulnerable assets. By hosting a part of the infrastructure online with known vulnerabilities that appear to be company assets, the company can observe and analyze the behavior of attackers conducting reconnaissance. This approach allows the company to get alerts and gather intelligence on potential threats.

  References:

  CompTIA Security+ SY0-701 study materials, particularly on threat detection techniques such as honeypots.

• Question 710:

  A security administrator is reissuing a former employee's laptop.

  Which of the following is the best combination of data handling activities for the administrator to perform? (Choose two.)

  A. Data retention
  B. Certification
  C. Destruction
  D. Classification
  E. Sanitization
  F. Enumeration
  B. Certification
  E. Sanitization