CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 721:

  The security team at a large global company needs to reduce the cost of storing data used for performing investigations.

  Which of the following types of data should have its retention length reduced?

  A. Packet capture
  B. Endpoint logs
  C. OS security logs
  D. Vulnerability scan
  A. Packet capture

  ---

  Explanation

  Packet capture data can be very large and may not need to be stored for extended periods compared to other logs essential for security audits.

• Question 722:

  Which of the following should be used to prevent changes to system-level data?

  A. NIDS
  B. DLP
  C. NAC
  D. FIM
  D. FIM

  ---

  Explanation

  File Integrity Monitoring (FIM) is specifically designed to detect and prevent unauthorized changes to critical system files, configuration files, registry entries, binaries, and logs. According to CompTIA Security+ SY0- 701, FIM creates a cryptographic baseline (usually via hashing) of protected system files. Any attempt to modify, add, or delete protected files immediately triggers an alert, enabling rapid detection of tampering-whether caused by malware, insider threats, or misconfigurations.

  NIDS (A) monitors network traffic, not system-level modifications. DLP (B) prevents unauthorized data exfiltration, not system-file tampering. NAC (C) controls device access to the network but does not protect system files.

  FIM is a core tool for ensuring system integrity in compliance frameworks such as PCI-DSS, which explicitly requires organizations to monitor critical system files. By preventing unauthorized changes to system-level data and alerting administrators to suspicious activity, FIM provides a strong defensive mechanism against malware, ransomware, and configuration drift.

  Thus, FIM is the correct answer.

• Question 723:

  Which of the following cryptographic methods is preferred for securing communications with limited computing resources?

  A. Hashing algorithm
  B. Public key infrastructure
  C. Symmetric encryption
  D. Elliptic curve cryptography
  D. Elliptic curve cryptography

  ---

  Explanation

  ECC provides strong security with shorter key lengths, making it more efficient for devices with limited processing power and memory. It is ideal for securing communications on resource-constrained devices, such as IoT devices, as it offers the same level of security as traditional public-key cryptography (like RSA) but with significantly reduced computational overhead.

• Question 724:

  A systems administrator would like to deploy a change to a production system.

  Which of the following must the administrator submit to demonstrate that the system can be restored to a working state in the event of a performance issue?

  A. Backout plan
  B. Impact analysis
  C. Test procedure
  D. Approval procedure
  A. Backout plan

• Question 725:

  A security analyst notices an increase in port scans on the edge of the corporate network.

  Which of the following logs should the analyst check to obtain the attacker's source IP address?

  A. OS security
  B. Firewall
  C. Application
  D. Endpoint
  B. Firewall

  ---

  Explanation

  A firewall log records inbound and outbound network traffic, including source and destination IP addresses, port numbers, and connection attempts. Since port scans involve probing various ports on a network, the firewall logs will provide visibility into the attacker's source IP address and help the analyst assess the nature of the scanning activity.

• Question 726:

  Which of the following is most likely to be deployed to obtain and analyze attacker activity and techniques?

  A. Firewall
  B. IDS
  C. Honeypot
  D. Layer 3 switch
  C. Honeypot

  ---

  Explanation

  A honeypot is most likely to be deployed to obtain and analyze attacker activity and techniques. A honeypot is a decoy system set up to attract attackers, providing an opportunity to study their methods and behaviors in a controlled environment without risking actual systems.

  Honeypot: A decoy system designed to lure attackers, allowing administrators to observe and analyze attack patterns and techniques.

  Firewall: Primarily used to block unauthorized access to networks, not for observing attacker behavior.

  IDS (Intrusion Detection System): Detects and alerts on malicious activity but does not specifically engage attackers to observe their behavior. Layer 3 switch: Used for routing traffic within networks, not for analyzing attacker techniques.

  References:

  CompTIA Security+ SY0-701 Exam Objectives, Domain 2.4 - Indicators of malicious activity (Honeypots).

• Question 727:

  While investigating a possible incident, a security analyst discovers the following log entries:

  67.118.34.157 ----- [28/Jul/2022:10:26:59 -0300] "GET /query.php?q- wireless%20headphones / HTTP/1.0" 200 12737

  132.18.222.103 ----[28/Jul/2022:10:27:10 -0300] "GET /query.php?q=123 INSERT INTO users VALUES('temp', 'pass123')# / HTTP/1.0" 200 935 12.45.101.121 ----- [28/Jul/2022:10:27:22 -0300] "GET /query.php?q=mp3%20players I

  HTTP/1.0" 200 14650

  Which of the following should the analyst do first?

  A. Implement a WAF
  B. Disable the query .php script
  C. Block brute-force attempts on temporary users
  D. Check the users table for new accounts
  D. Check the users table for new accounts

  ---

  Explanation

  The logs show an SQL injection attack. The first step is to verify if new accounts have been created, indicating a successful injection.

• Question 728:

  In which of the following will unencrypted network traffic most likely be found?

  A. SDN
  B. IoT
  C. VPN
  D. SCADA
  D. SCADA

  ---

  Explanation

  SCADA (Supervisory Control and Data Acquisition) systems often use legacy protocols that do not include encryption. As a result, unencrypted network traffic is more likely to be found in SCADA environments, making them vulnerable to interception and attacks unless additional security measures are implemented.

• Question 729:

  Which of the following security controls would best guard a payroll system against insider manipulation threats?

  A. Compensating
  B. Deterrent
  C. Detective
  D. Corrective
  C. Detective

• Question 730:

  An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of .ryk.

  Which of the following types of infections is present on the systems?

  A. Virus
  B. Trojan
  C. Spyware
  D. Ransomware
  D. Ransomware

  ---

  Explanation

  Ransomware is a type of malware that encrypts the victim's files and demands a ransom for the decryption key. The ransomware usually displays a message on the infected system with instructions on how to pay the ransom and recover the files. The .ryk extension is associated with a ransomware variant called Ryuk, which targets large organizations and demands high ransoms.

  References:

  CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 1, page 17.