CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 711:

  After a company was compromised, customers initiated a lawsuit. The company's attorneys have requested that the security team initiate a legal hold in response to the lawsuit.

  Which of the following describes the action the security team will most likely be required to take?

  A. Retain the emails between the security team and affected customers for 30 days.
  B. Retain any communications related to the security breach until further notice.
  C. Retain any communications between security members during the breach response.
  D. Retain all emails from the company to affected customers for an indefinite period of time.
  B. Retain any communications related to the security breach until further notice.

  ---

  Explanation

  A legal hold (also known as a litigation hold) is a notification sent from an organization's legal team to employees instructing them not to delete electronically stored information (ESI) or discard paper documents that may be relevant to a new or imminent legal case. A legal hold is intended to preserve evidence and prevent spoliation, which is the intentional or negligent destruction of evidence that could harm a party's case. A legal hold can be triggered by various events, such as a lawsuit, a regulatory investigation, or a subpoena. In this scenario, the company's attorneys have requested that the security team initiate a legal hold in response to the lawsuit filed by the customers after the company was compromised.

  This means that the security team will most likely be required to retain any communications related to the security breach until further notice. This could include emails, instant messages, reports, logs, memos, or any other documents that could be relevant to the lawsuit. The security team should also inform the relevant custodians (the employees who have access to or control over the ESI) of their preservation obligations and monitor their compliance. The security team should also document the legal hold process and its scope, as well as take steps to protect the ESI from alteration, deletion, or loss.

  References:

  1: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter

  6: Risk Management, page 303

  2: CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter

  6: Risk Management, page 305

  3: Legal Hold (Litigation Hold) - The Basics of E-Discovery - Exterro

  4: The Legal Implications and Consequences of a Data Breach

• Question 712:

  A company is required to use certified hardware when building networks.

  Which of the following best addresses the risks associated with procuring counterfeit hardware?

  A. A thorough analysis of the supply chain
  B. A legally enforceable corporate acquisition policy
  C. A right to audit clause in vendor contracts and SOWs
  D. An in-depth penetration test of all suppliers and vendors
  A. A thorough analysis of the supply chain

  ---

  Explanation

  Counterfeit hardware is hardware that is built or modified without the authorization of the original equipment manufacturer (OEM). It can pose serious risks to network quality, performance, safety, and reliability. Counterfeit hardware can also contain malicious components that can compromise the security of the network and the data that flows through it. To address the risks associated with procuring counterfeit hardware, a company should conduct a thorough analysis of the supply chain, which is the network of entities involved in the production, distribution, and delivery of the hardware. By analyzing the supply chain, the company can verify the origin, authenticity, and integrity of the hardware, and identify any potential sources of counterfeit or tampered products. A thorough analysis of the supply chain can include the following steps: Establishing a trusted relationship with the OEM and authorized resellers Requesting documentation and certification of the hardware from the OEM or authorized resellers Inspecting the hardware for any signs of tampering, such as mismatched labels, serial numbers, or components Testing the hardware for functionality, performance, and security Implementing a tracking system to monitor the hardware throughout its lifecycle Reporting any suspicious or counterfeit hardware to the OEM and law enforcement agencies.

  References:

  1: Identify Counterfeit and Pirated Products - Cisco,

  2: What Is Hardware Security? Definition, Threats, and Best Practices,

  3: Beware of Counterfeit Network Equipment - TechNewsWorld, : Counterfeit Hardware: The Threat and How to Avoid It

• Question 713:

  An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days.

  Which of the following types of sites is the best for this scenario?

  A. Real-time recovery
  B. Hot
  C. Cold
  D. Warm
  D. Warm

  ---

  Explanation

  A warm site provides a balance between cost and recovery speed. The question states that cost-benefit is the primary requirement, so the organization does not need the most expensive option. It also says the RTO and RPO are around two days, which means the business can tolerate some downtime and some data loss.

  A real-time recovery solution and a hot site are designed for much faster recovery and much less data loss, but they are more expensive. A cold site is the least expensive option, but it usually takes too long to become operational after a disaster. A warm site is the best choice because it is more affordable than a hot site while still being able to support recovery within about two days.

• Question 714:

  An organization issued new laptops to all employees and wants to provide web filtering both in and out of the office without configuring additional access to the network.

  Which of the following types of web filtering should a systems administrator configure?

  A. Agent-based
  B. Centralized proxy
  C. URL scanning
  D. Content categorization
  A. Agent-based

  ---

  Explanation

  An agent-based web filtering solution installs a software agent directly on the laptops. This approach allows the filtering to work regardless of the device's location (in or out of the office) without requiring additional network configuration. The agent enforces web filtering policies locally on each laptop, ensuring consistent protection across various network environments.

• Question 715:

  A company prepares for an upcoming regulatory audit. The company wants to perform a gap analysis in the most cost-effective way.

  Which of the following will help the company achieve this goal?

  A. Internal self-assessment
  B. Active reconnaissance
  C. Red team penetration test
  D. Tabletop exercise
  A. Internal self-assessment

  ---

  Explanation

  The best answer is A. Internal self-assessment. A gap analysis is used to compare the organization's current security, compliance, or control posture against a required standard, framework, or regulatory requirement. If the company wants to do this in the most cost-effective way, an internal self-assessment is the best choice because it allows the organization to review its own policies, procedures, controls, and documentation without the added expense of external testing or specialized attack simulations. Why the other options are incorrect:

  B. Active reconnaissanceActive reconnaissance involves directly interacting with systems to gather information, often as part of security testing or attack emulation. It is not the best option for a compliance-focused gap analysis.

  C. Red team penetration testA red team exercise is more advanced and expensive. It simulates real-world attacks to test detection and response capabilities. This is valuable for security maturity, but it is not the most cost-effective method for identifying compliance gaps before an audit.

  D. Tabletop exerciseA tabletop exercise is a discussion-based activity used to test incident response plans, communication, and decision-making. It does not primarily identify regulatory compliance gaps. From a Security+ perspective, self-assessments, audits, and gap analyses are part of governance, risk, and compliance activities. For a low-cost review against regulatory requirements, internal self-assessment is the most appropriate answer.

• Question 716:

  A systems administrator is working on a solution with the following requirements:

  1. Provide a secure zone.

  2. Enforce a company-wide access control policy.

  3. Reduce the scope of threats.

  Which of the following is the systems administrator setting up?

  A. Zero Trust
  B. AAA
  C. Non-repudiation
  D. CIA
  A. Zero Trust

  ---

  Explanation

  Zero Trust is a security model that assumes no trust for any entity inside or outside the network perimeter and requires continuous verification of identity and permissions. Zero Trust can provide a secure zone by isolating and protecting sensitive data and resources from unauthorized access. Zero Trust can also enforce a company-wide access control policy by applying the principle of least privilege and granular segmentation for users, devices, and applications. Zero Trust can reduce the scope of threats by preventing lateral movement and minimizing the attack surface.

• Question 717:

  A forensic engineer determines that the root cause of a compromise is a SQL injection attack.

  Which of the following should the engineer review to identify the command used by the threat actor?

  A. Metadata
  B. Application log
  C. System log
  D. Netflow log
  B. Application log

• Question 718:

  A software development manager wants to ensure the authenticity of the code created by the company.

  Which of the following options is the most appropriate?

  A. Testing input validation on the user input fields
  B. Performing code signing on company-developed software
  C. Performing static code analysis on the software
  D. Ensuring secure cookies are use
  B. Performing code signing on company-developed software

  ---

  Explanation

  Code signing is a technique that uses cryptography to verify the authenticity and integrity of the code created by the company. Code signing involves applying a digital signature to the code using a private key that only the company possesses. The digital signature can be verified by anyone who has the corresponding public key, which can be distributed through a trusted certificate authority. Code signing can prevent unauthorized modifications, tampering, or malware injection into the code, and it can also assure the users that the code is from a legitimate source.

  References:

  74. CompTIA Security+ (SY0-701) Certification Exam Objectives, Domain 3.2, page

  11. Application Security - SY0-601

  CompTIA Security+ : 3.2

• Question 719:

  A network administrator is working on a project to deploy a load balancer in the company's cloud environment.

  Which of the following fundamental security requirements does this project fulfil?

  A. Privacy
  B. Integrity
  C. Confidentiality
  D. Availability
  D. Availability

• Question 720:

  While reviewing a recent compromise, a forensics team discovers that there are hard-coded credentials in the database connection strings.

  Which of the following assessment types should be performed during software development to prevent this from reoccurring?

  A. Vulnerability scan
  B. Penetration test
  C. Static analysis
  D. Quality assurance
  C. Static analysis

  ---

  Explanation

  Static analysis, also known as Static Application Security Testing (SAST), analyzes source code without executing it to identify security weaknesses such as hard-coded passwords, insecure API calls, and improper credential handling. This aligns exactly with the issue described-credentials embedded directly in code.

  CompTIA Security+ SY0-701 stresses that secure software development practices must include automated static code analysis tools that scan for credential exposure, insecure dependencies, injection risks, and coding standards violations.

  Static analysis detects these issues early in the SDLC, long before deployment.

  A vulnerability scan (A) examines running systems, not source code. A penetration test (B) actively exploits vulnerabilities but cannot reliably detect embedded secrets. Quality assurance (D) checks functional requirements, not security flaws in code.

  Therefore, static analysis is the correct and most effective assessment to prevent reoccurrence of hard-coded credentials in software systems.