CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 751:

  Which of the the stage in an investigationthe stage in an investigationthe stage in an investigation are obtained?

  A. Acquisition
  B. Preservation
  C. Reporting
  D. E-discovery
  A. Acquisition

  ---

  Explanation

  The acquisition phase involves creating forensic images (exact replicas) of storage devices or memory to ensure data integrity for further analysis.

  References:

  CompTIA Security+ SY0-701 Study Guide, Domain 4: Security Operations, Section: "Forensic Imaging and Chain of Custody".

• Question 752:

  Which of the following testing techniques uses both defensive and offensive testing methodologies with developers to securely build key applications and software?

  A. Blue
  B. Yellow
  C. Red
  D. Green
  B. Yellow

• Question 753:

  A security analyst is reviewing the security of a SaaS application that the company intends to purchase.

  Which of the following documentations should the security analyst request from the SaaS application vendor?

  A. Service-level agreement
  B. Third-party audit
  C. Statement of work
  D. Data privacy agreement
  B. Third-party audit

• Question 754:

  Which of the following activities are associated with vulnerability management? (Choose two.)

  A. Reporting
  B. Prioritization
  C. Exploiting
  D. Correlation
  E. Containment
  F. Tabletop exercise
  A. Reporting
  B. Prioritization

  ---

  Explanation

  Reporting involves documenting and communicating the findings of vulnerability scans and assessments. This allows stakeholders to be informed about existing vulnerabilities and track remediation efforts.

  Prioritization is the process of ranking vulnerabilities based on their severity, impact, and exploitability, helping the organization address the most critical vulnerabilities first.

• Question 755:

  Which of the following is a qualitative approach to risk analysis?

  A. Including the MTTR and MTBF as part of the risk assessment
  B. Tracking and documenting network risks using a risk register
  C. Assigning a level of high, medium, or low to the risk rating
  D. Using ALE and ARO to help determine whether a risk should be mitigated
  C. Assigning a level of high, medium, or low to the risk rating

• Question 756:

  Which of the following types of vulnerabilities involves attacking a system to access adjacent hosts?

  A. VM escape
  B. Side loading
  C. Remote code execution
  D. Resource exhaustion
  A. VM escape

• Question 757:

  A new employee can select a particular make and model of an employee workstation from a preapproved list.

  Which of the following is this an example of?

  A. MDM
  B. CYOD
  C. PED
  D. COPE
  B. CYOD

  ---

  Explanation

  The described scenario is CYOD (Choose Your Own Device). In a CYOD model, employees may choose from a list of company-approved devices. These devices are vetted for compatibility, security, and organizational standards while still providing some flexibility to employees.

  The SY0-701 exam differentiates CYOD from other mobile deployment models:

  COPE (D) - Company-Owned,

  Personally Enabled: devices are company-owned and fully managed, but employees can use them personally.

  MDM (A) - Mobile Device Management: a tool, not a deployment model, used for managing configurations and security on devices.

  PED (C) - Portable Electronic Device: a generic category, not a deployment strategy.

  CYOD strikes a balance between employee preference and maintaining a secure, standardized environment. It reduces risk associated with BYOD while avoiding the rigidity of COPE. CYOD also supports consistent patching, support, and security enforcement because all devices meet the organization's baseline criteria.

  This aligns with the Security Architecture section of SY0-701, where the exam stresses secure device deployment strategies and maintaining uniform controls over endpoint assets.

• Question 758:

  An important patch for a critical application has just been released, and a systems administrator is identifying all of the systems requiring the patch.

  Which of the following must be maintained in order to ensure that all systems requiring the patch are updated?

  A. Asset inventory
  B. Network enumeration
  C. Data certification
  D. Procurement process
  A. Asset inventory

  ---

  Explanation

  To ensure that all systems requiring the patch are updated, the systems administrator must maintain an accurate asset inventory. This inventory lists all hardware and software assets within the organization, allowing the administrator to identify which systems are affected by the patch and ensuring that none are missed during the update process.

  Network enumeration is used to discover devices on a network but doesn't track software that requires patching.

  Data certification and procurement process are unrelated to tracking systems for patching purposes.

• Question 759:

  A bank set up a new server that contains customers' PII.

  Which of the following should the bank use to make sure the sensitive data is not modified?

  A. Full disk encryption
  B. Network access control
  C. File integrity monitoring
  D. User behavior analytics
  C. File integrity monitoring

• Question 760:

  Which of the following should a security operations center use to improve its incident response procedure?

  A. Playbooks
  B. Frameworks
  C. Baselines
  D. Benchmarks
  A. Playbooks

  ---

  Explanation

  A playbook is a documented set of procedures that outlines the step-by-step response to specific types of cybersecurity incidents. Security Operations Centers (SOCs) use playbooks to improve consistency, efficiency, and accuracy during incident response. Playbooks help ensure that the correct procedures are followed based on the type of incident, ensuring swift and effective remediation. Frameworks provide general guidelines for implementing security but are not specific enough for incident response procedures.

  Baselines represent normal system behavior and are used for anomaly detection, not incident response guidance.

  Benchmarks are performance standards and are not directly related to incident response.