CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 71:

  Which of the following best explains a concern with OS-based vulnerabilities?

  A. An exploit would give an attacker access to system functions that span multiple applications.
  B. The OS vendor's patch cycle is not frequent enough to mitigate the large number of threats.
  C. Most users trust the core operating system features and may not notice if the system has been compromised.
  D. Exploitation of an operating system vulnerability is typically easier than any other vulnerability.
  A. An exploit would give an attacker access to system functions that span multiple applications.

  ---

  Explanation

  Operating system (OS) vulnerabilities can allow attackers to exploit system functions that affect multiple applications, leading to widespread compromise.

  Option B: (patch cycle concerns) is valid but not the primary concern--many OS vendors provide regular patches.

  Option C: (user trust in OS features) is a risk, but the more significant issue is that OS vulnerabilities often affect multiple system components.

  Option D: (ease of exploitation) is not always true, as application and human-related vulnerabilities can be equally exploitable.

  Thus, the main concern is that an OS exploit can impact multiple system functions, leading to broader security risks.

• Question 72:

  An IT manager is putting together a documented plan describing how the organization will keep operating in the event of a global incident.

  Which of the following plans is the IT manager creating?

  A. Business continuity
  B. Physical security
  C. Change management
  D. Disaster recovery
  A. Business continuity

  ---

  Explanation

  The IT manager is creating a Business Continuity Plan (BCP). A BCP describes how an organization will continue to operate during and after a disaster or global incident. It ensures that critical business functions remain operational despite adverse conditions, with a focus on minimizing downtime and maintaining essential services. Physical security relates to protecting physical assets. Change management ensures changes in IT systems are introduced smoothly, without disrupting operations.

  Disaster recovery is a subset of business continuity but focuses specifically on recovering from IT-related incidents.

• Question 73:

  A company needs to determine whether authentication weaknesses in a customer-facing web application exist.

  Which of the following is the best technique to use?

  A. Static analysis
  B. Packet capture
  C. Agent-based scanning
  D. Dynamic analysis
  E. Network-based scanning
  D. Dynamic analysis

  ---

  Explanation

  To identify authentication weaknesses in a customer-facing web application, the best method is dynamic analysis, also known as Dynamic Application Security Testing (DAST). Dynamic analysis evaluates an application while it is running, allowing testers to observe real-world interactions, session handling, login mechanisms, credential validation, access control failures, and runtime vulnerabilities such as brute-force weaknesses or authentication bypass conditions.

  Security+ SY0-701 outlines DAST as the preferred approach for testing live web applications because it uncovers:

  Weak session management

  Broken authentication flows

  Input validation failures

  Misconfigurations in login portals

  Runtime vulnerabilities that static code review cannot detect

  Static analysis (A) only analyzes source code and may overlook logic flaws in authentication. Packet capture (B) inspects network traffic but cannot evaluate internal authentication logic. Agent-based scanning (C) is used for hosts, not web applications. Network-based scanning (E) finds port-level vulnerabilities but cannot assess application authentication mechanisms.

  Therefore, dynamic analysis (D) is the most effective and accurate technique for discovering authentication weaknesses in live web applications.

• Question 74:

  A security analyst investigates an incident in which a PowerShell script was identified as a potential IoC.

  Which of the following will best help the analyst identify an attempt to compromise the system?

  A. SNMP logs
  B. Firewall logs
  C. EDR logs
  D. IPS logs
  C. EDR logs

  ---

  Explanation

  The best answer is C. EDR logs. EDR (Endpoint Detection and Response) tools are designed to monitor endpoint activity in detail, including process execution, command-line usage, script activity, file changes, persistence attempts, and suspicious behavior. Since the incident involves a PowerShell script, EDR logs are the most useful source for identifying whether the script attempted to compromise the system. PowerShell is commonly abused by attackers for fileless malware, persistence, lateral movement, downloading payloads, and privilege escalation. EDR can capture this kind of endpoint-level behavior much more effectively than general network logs. Why the other options are incorrect:

  A. SNMP logsSNMP is mainly used for network device monitoring and management, not detailed endpoint script execution analysis.

  B. Firewall logsFirewall logs can show allowed or blocked traffic, but they usually do not provide deep visibility into local PowerShell execution or endpoint compromise attempts.

  D. IPS logsAn IPS may detect known malicious traffic patterns, but it is focused on network-based activity. It is not the best source for detailed analysis of a PowerShell script running on a host. From a Security+ standpoint, when analyzing suspicious scripts or endpoint behavior, EDR provides the strongest visibility into actual compromise attempts.

• Question 75:

  A Chief Security Officer signs off on a request to allow inbound SMB and RDP from the internet to a single VLAN.

  Which of the following is the most likely explanation for this activity?

  A. The company built a new file-sharing site.
  B. The organization is preparing for a penetration test.
  C. The security team is integrating with an SASE platform.
  D. The security team created a honeynet.
  D. The security team created a honeynet.

• Question 76:

  An organization implemented cloud-managed IP cameras to monitor building entry points and sensitive areas. The service provider enables direct TCP/IP connection to stream live video footage from each camera. The organization wants to ensure this stream is encrypted and authenticated.

  Which of the following protocols should be implemented to best meet this objective?

  A. SSH
  B. SRTP
  C. S/MIME
  D. PPTP
  B. SRTP

  ---

  Explanation

  Secure Real-Time Transport Protocol (SRTP) is a security protocol used to encrypt and authenticate the streaming of audio and video over IP networks. It ensures that the video streams from the IP cameras are both encrypted to prevent unauthorized access and authenticated to verify the integrity of the stream, making it the ideal choice for securing video surveillance.

  References:

  CompTIA Security+ SY0-701 Course Content: Domain 3: Security Architecture, which includes secure communication protocols like SRTP for protecting data in transit.

• Question 77:

  A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system.

  Which of the following would detect this behavior?

  A. Implementing encryption
  B. Monitoring outbound traffic
  C. Using default settings
  D. Closing all open ports
  B. Monitoring outbound traffic

  ---

  Explanation

  Monitoring outbound traffic is essential for detecting unauthorized data exfiltration from a system. A new vulnerability that allows malware to move data unauthorizedly would typically attempt to send this data out of the network. By monitoring outbound traffic, security tools can detect unusual data transfers, trigger alerts, and help prevent the exfiltration of sensitive information.

  References:

  CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations. CompTIA Security+ SY0-601 Study Guide: Chapter on Threat Detection and Response.

• Question 78:

  Which of the following organizational documents is most often used to establish and communicate expectations associated with integrity and ethical behavior within an organization?

  A. AUP
  B. SLA
  C. EULA
  D. MOA
  A. AUP

  ---

  Explanation

  An Acceptable Use Policy (AUP) is commonly used to establish and communicate the organization's expectations regarding acceptable behavior, integrity, and ethical conduct. It outlines guidelines for appropriate use of company resources and sets standards for employees to follow, promoting a secure and ethical work environment.

• Question 79:

  Which of the following types of vulnerabilities is primarily caused by improper use and management of cryptographic certificates?

  A. Misconfiguration
  B. Resource reuse
  C. Insecure key storage
  D. Weak cipher suites
  C. Insecure key storage

  ---

  Explanation

  Insecure key storage refers to vulnerabilities caused by improper handling of cryptographic keys and certificates, such as storing them in plaintext or lacking access controls.

  References:

  CompTIA Security+ SY0-701 Study Guide, Domain 2: Threats, Section: "Cryptographic Vulnerabilities and Mitigation".

• Question 80:

  During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Once the password is created, the company will grant the employee access to other company-owned websites based on the intranet profile.

  Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user's intranet account?

  (Select two).

  A. Federation
  B. Identity proofing
  C. Password complexity
  D. Default password changes
  E. Password manager
  F. Open authentication
  A. Federation
  C. Password complexity

  ---

  Explanation

  Federation is an access management concept that allows users to authenticate once and access multiple resources or services across different domains or organizations. Federation relies on a trusted third party that stores the user's credentials and provides them to the requested resources or services without exposing them. Password complexity is a security measure that requires users to create passwords that meet certain criteria, such as length, character types, and uniqueness. Password complexity can help prevent brute-force attacks, password guessing, and credential stuffing by making passwords harder to crack or guess.

  References:

  CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 308-309 and 312-313