CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 761:

  A company is redesigning its infrastructure and wants to reduce the number of physical servers in use.

  Which of the following architectures is best suited for this goal?

  A. Isolation
  B. Segmentation
  C. Virtualization
  D. Redundancy
  C. Virtualization

• Question 762:

  A security analyst wants to better understand the behavior of users and devices in order to gain visibility into potential malicious activities. The analyst needs a control to detect when actions deviate from a common baseline.

  Which of the following should the analyst use?

  A. Intrusion prevention system
  B. Sandbox
  C. Endpoint detection and response
  D. Antivirus
  C. Endpoint detection and response

  ---

  Explanation

  Endpoint Detection and Response (EDR) solutions provide visibility into the behavior of users and devices, monitoring for deviations from established baselines. EDR tools are designed to detect suspicious activities by continuously analyzing endpoint behaviors, which helps identify potential threats, including malicious activities, that may otherwise go unnoticed. This is particularly useful for spotting deviations from normal patterns and enhancing security response.

• Question 763:

  Which of the following activities would involve members of the incident response team and other stakeholders simulating an event?

  A. Lessons learned
  B. Digital forensics
  C. Tabletop exercise
  D. Root cause analysis
  C. Tabletop exercise

• Question 764:

  Which of the following is a type of vulnerability that refers to the unauthorized installation of applications on a device through means other than the official application store?

  A. Cross-site scripting
  B. Buffer overflow
  C. Jailbreaking
  D. Side loading
  D. Side loading

  ---

  Explanation

  Side loading refers to the process of installing applications on a device from outside the official app store, which can introduce security vulnerabilities by bypassing standard app validation processes.

  References:

  Security+ SY0-701 Course Content, Security+ SY0-601 Book.

• Question 765:

  A company that is located in an area prone to hurricanes is developing a disaster recovery plan and looking at site considerations that allow the company to immediately continue operations.

  Which of the following is the best type of site for this company?

  A. Cold
  B. Tertiary
  C. Warm
  D. Hot
  D. Hot

  ---

  Explanation

  For a company located in an area prone to hurricanes and needing to immediately continue operations, the best type of site is a hot site. A hot site is a fully operational offsite data center that is equipped with hardware, software, and network connectivity and is ready to take over operations with minimal downtime. Hot site: Fully operational and can take over business operations almost immediately after a disaster. Cold site: A basic site with infrastructure in place but without hardware or data, requiring significant time to become operational. Tertiary site: Not a standard term in disaster recovery; it usually refers to an additional backup location but lacks the specifics of readiness. Warm site: Equipped with hardware and connectivity but requires some time and effort to become fully operational, not as immediate as a hot site.

  References:

  CompTIA Security+ SY0-701 Exam Objectives, Domain 3.4 - Importance of resilience and recovery in security architecture (Site considerations: Hot site).

• Question 766:

  Which of the following is the best reason an organization should enforce a data classification policy to help protect its most sensitive information?

  A. End users will be required to consider the classification of data that can be used in documents.
  B. The policy will result in the creation of access levels for each level of classification.
  C. The organization will have the ability to create security requirements based on classification levels.
  D. Security analysts will be able to see the classification of data within a document before opening it.
  C. The organization will have the ability to create security requirements based on classification levels.

• Question 767:

  A security administrator notices numerous unused, non-compliant desktops are connected to the network.

  Which of the following actions would the administrator most likely recommend to the management team?

  A. Monitoring
  B. Decommissioning
  C. Patching
  D. Isolating
  B. Decommissioning

• Question 768:

  A penetration tester begins an engagement by performing port and service scans against the client environment according to the rules of engagement.

  Which of the following reconnaissance types is the tester performing?

  A. Active
  B. Passive
  C. Defensive
  D. Offensive
  A. Active

  ---

  Explanation

  Active reconnaissance is a type of reconnaissance that involves sending packets or requests to a target and analyzing the responses. Active reconnaissance can reveal information such as open ports, services, operating systems, and vulnerabilities. However, active reconnaissance is also more likely to be detected by the target or its security devices, such as firewalls or intrusion detection systems. Port and service scans are examples of active reconnaissance techniques, as they involve probing the target for specific information.

  References:

  CompTIA Security+ Certification Exam Objectives, Domain 1.1: Given a scenario, conduct reconnaissance using appropriate techniques and tools. CompTIA Security+ Study Guide (SY0-701), Chapter 2: Reconnaissance and Intelligence Gathering, page 47. CompTIA Security+ Certification Exam SY0-701 Practice Test

• Question 769:

  Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment?

  A. Fines
  B. Audit findings
  C. Sanctions
  D. Reputation damage
  B. Audit findings

  ---

  Explanation

  If a large bank fails an internal PCI DSS compliance assessment, the most likely immediate outcome is audit findings. An internal assessment typically identifies gaps, deficiencies, or noncompliance issues that must be documented and remediated. Fines and sanctions are more likely after external regulatory enforcement or continued failure to correct issues, while reputation damage is a possible secondary effect, not the most direct outcome.

• Question 770:

  When used with an access control vestibule which of the following would provide the best prevention against tailgating?

  A. PIN
  B. Access card
  C. Security guard
  D. CCTV
  C. Security guard

  ---

  Explanation

  A security guard actively monitors and enforces access control policies in an access control vestibule (mantrap), ensuring that only authorized individuals enter. Unlike PINs, access cards, or CCTV (which only record events), a security guard can physically intervene to prevent tailgating - where an unauthorized person follows an authorized individual into a restricted area.