CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 801:

  An organization is preparing to export proprietary software to a customer.

  Which of the following would be the best way to prevent the loss of intellectual property?

  A. Code signing
  B. Obfuscation
  C. Tokenization
  D. Blockchain
  B. Obfuscation

  ---

  Explanation

  Obfuscation is the process of making software code intentionally difficult to understand or reverse-engineer. By obfuscating the proprietary software before exporting it, the organization can protect its intellectual property from being analyzed, copied, or exploited by unauthorized parties. This method is commonly used to safeguard the core logic and algorithms of the software.

• Question 802:

  SIMULATION

  An organization has learned that its data is being exchanged on the dark web. The CIO

  has requested that you investigate and implement the most secure solution to protect employee accounts.

  INSTRUCTIONS

  Review the data to identify weak security practices and provide the most appropriate

  security solution to meet the CIO's requirements.

  

  A. See the Explanation part for all the Solution
  B. PlaceHolder
  C. PlaceHolder
  D. PlaceHolder
  A. See the Explanation part for all the Solution

  ---

  Explanation

  Step 1: Analyze the Data and Question

  Scenario:

  Company data (directory, compensation report, user data) is found on the dark web.

  CIO asks you to investigate and implement the most secure protection for employee accounts.

  Task:

  Identify weak password practices.

  Choose the best containment step that keeps evidence on the host uncompromised.

  Step 2: Identify Weak Password Practices

  Prompt: Select all weak password practices from the list:

  Age

  Reuse

  Length

  Expiration

  Complexity

  Let’s analyze each:

  Age: If passwords are used for a long time without change, it's a weak practice (passwords become easier to compromise over time).

  Reuse: Reusing passwords across accounts is a serious weak practice (if one gets leaked, all accounts are at risk).

  Length: Short passwords are weak; password length matters. If passwords are too short, that’s a weak practice.

  Expiration: Forcing frequent expiration can lead to weaker passwords (users pick simple ones), but not expiring passwords at all is also risky. (For most exams, "expiration" by itself isn't usually called a weak practice unless the policy is poorly set.)

  Complexity: Lack of complexity (not requiring numbers, symbols, etc.) is a weak practice.

  So, select all that are truly weak practices:

  Answer for weak password practices (check all that apply):

  Age

  Reuse

  Length

  Complexity

  (Expiration is more controversial; on the exam, the main focus is usually on Age, Reuse, Length, and Complexity.)

  Step 3: Choose the Best Containment Step

  Prompt:

  Select the containment step that will leave potential evidence on the host uncompromised:

  PIN code

  FIDO security key

  SMS authentication

  OTP token

  Containment step means “what security solution can you implement to protect employee accounts going forward, while preserving digital evidence on potentially compromised systems?”

  The most secure solution for account protection among these, that also doesn’t interfere with host evidence, is FIDO security key.

  Why?

  PIN code: Not strong enough; also may be stored locally.

  SMS authentication: Can be intercepted; often leaves traces on the host (like SMS logs).

  OTP token: Similar risks, some implementations might log to the host.

  FIDO security key: Hardware-based, phishing-resistant, no codes sent to the host, and doesn’t alter host evidence—authentication happens off the device.

  So, the best answer is:

  FIDO security key

  Step 4: Solution Recap and Justification

  Detailed Solution Recap:

  Identify weak password practices:

  Weaknesses: passwords are reused, not long enough, lack complexity, and used for a long time.

  Select the best security solution:

  Implement FIDO security keys for employees.

  Most secure among listed options.

  Hardware-based; resistant to phishing, interception, and does not leave evidence on the compromised host (which is important for forensics).

• Question 803:

  A security analyst discovers that a large number of employee credentials had been stolen and were being sold on the dark web. The analyst investigates and discovers that some hourly employee credentials were compromised, but salaried employee credentials were not affected.

  Most employees clocked in and out while they were inside the building using one of the kiosks connected to the network. However, some clocked out and recorded their time after leaving to go home. Only those who clocked in and out while inside the building had credentials stolen. Each of the kiosks are on different floors, and there are multiple routers, since the business segments environments for certain business functions.

  Hourly employees are required to use a website called acmetimekeeping.com to clock in and out. This website is accessible from the internet.

  Which of the following is the most likely reason for this compromise?

  A. A brute-force attack was used against the time-keeping website to scan for common passwords.
  B. A malicious actor compromised the time-keeping website with malicious code using an unpatched vulnerability on the site, stealing the credentials.
  C. The internal DNS servers were poisoned and were redirecting acmetimekeeping.com to a malicious domain that intercepted the credentials and then passed them through to the real site.
  D. ARP poisoning affected the machines in the building and caused the kiosks to send a copy of all the submitted credentials to a malicious machine.
  B. A malicious actor compromised the time-keeping website with malicious code using an unpatched vulnerability on the site, stealing the credentials.

  ---

  Explanation

  The scenario suggests that only the employees who used the kiosks inside the building had their credentials compromised. Since the time-keeping website is accessible from the internet, it is possible that a malicious actor exploited an unpatched vulnerability in the site, allowing them to inject malicious code that captured the credentials of those who logged in from the kiosks. This is a common attack vector for stealing credentials from web applications.

  References:

  CompTIA Security+ SY0-701 Course Content: The course discusses web application vulnerabilities and how attackers can exploit them to steal credentials.

• Question 804:

  Which of the following best represents how frequently an incident is expected to happen each year?

  A. RTO
  B. ALE
  C. SLE
  D. ARO
  D. ARO

  ---

  Explanation

  The best answer is D. ARO. ARO (Annualized Rate of Occurrence) measures how often a specific incident or event is expected to happen in a single year. This is the risk analysis attribute that directly represents yearly frequency. Why the other options are incorrect:

  A. RTORecovery Time Objective is the target time to restore operations after a disruption. It does not measure incident frequency.

  B. ALEAnnualized Loss Expectancy estimates the expected yearly financial loss from a risk. It is calculated using other values and reflects cost, not frequency alone.

  C. SLESingle Loss Expectancy is the monetary loss expected from one occurrence of an incident. It does not represent how often the event happens. From the SY0-701 perspective, risk calculations often use:ALE = SLE x ARO Since the question asks how frequently an incident is expected to happen each year, the correct answer is ARO.

• Question 805:

  Which of the following hardening techniques must be applied on a container image before deploying it to a production environment? (Select two).

  A. Remove default applications.
  B. Install a NIPS.
  C. Disable Telnet.
  D. Reconfigure the DNS
  E. Add an SFTP server.
  F. Delete the public certificate.
  A. Remove default applications.
  C. Disable Telnet.

• Question 806:

  An administrator is installing an LDAP browser tool in order to view objects in the corporate LDAP directory. Secure connections to the LDAP server are required. When the browser connects to the server, certificate errors are being displayed, and then the connection is terminated.

  Which of the following is the most likely solution?

  A. The administrator should allow SAN certificates in the browser configuration.
  B. The administrator needs to install the server certificate into the local truststore.
  C. The administrator should request that the secure LDAP port be opened to the server.
  D. The administrator needs to increase the TLS version on the organization's RA.
  B. The administrator needs to install the server certificate into the local truststore.

• Question 807:

  A company's gate access logs show multiple entries from an employee's ID badge within a two-minute period.

  Which of the following is this an example of?

  A. RFID cloning
  B. Side-channel attack
  C. Shoulder sur ng
  D. Tailgating
  A. RFID cloning

• Question 808:

  A systems administrator is redesigning how devices will perform network authentication. The following requirements need to be met:

  1. An existing internal certificate must be used.

  2. Wired and wireless networks must be supported.

  3. Any unapproved device should be isolated in a quarantine subnet.

  4. Approved devices should be updated before accessing resources.

  Which of the following would best meet the requirements?

  A. 802.IX
  B. EAP
  C. RADIUS
  D. WPA2
  A. 802.IX

  ---

  Explanation

  802.1X is a network access control protocol that provides an authentication mechanism to devices trying to connect to a LAN or WLAN. It supports the use of certificates for authentication, can quarantine unapproved devices, and ensures that only approved and updated devices can access network resources. This protocol best meets the requirements of securing both wired and wireless networks with internal certificates.

  References:

  CompTIA Security+ SY0-701 study materials, particularly in the domain of network security and authentication protocols.

• Question 809:

  Which of the following aspects of the data management life cycle is most directly impacted by local and international regulations?

  A. Destruction
  B. Certification
  C. Retention
  D. Sanitization
  C. Retention

  ---

  Explanation

  Retention policies dictate how long data must be stored to comply with local and international regulations. Non-compliance can result in legal and financial penalties.

  References:

  CompTIA Security+ SY0-701 Study Guide, Domain 5: Security Program Management, Section: "Data Retention and Legal Requirements".

• Question 810:

  An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device.

  Which of the following best describes the user's activity?

  A. Penetration testing
  B. Phishing campaign
  C. External audit
  D. Insider threat
  D. Insider threat

  ---

  Explanation

  An insider threat is a security risk that originates from within the organization, such as an employee, contractor, or business partner, who has authorized access to the organization's data and systems. An insider threat can be malicious, such as stealing, leaking, or sabotaging sensitive data, or unintentional, such as falling victim to phishing or social engineering. An insider threat can cause significant damage to the organization's reputation, finances, operations, and legal compliance. The user's activity of logging in remotely after hours and copying large amounts of data to a personal device is an example of a malicious insider threat, as it violates the organization's security policies and compromises the confidentiality and integrity of the data.

  References:

  Insider Threats -CompTIA Security+ SY0-701: 3.2, video at 0:00

  CompTIA Security+ SY0-701 Certification Study Guide, page 133.