CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 811:

  A security analyst is reviewing the source code of an application in order to identify misconfigurations and vulnerabilities.

  Which of the following kinds of analysis best describes this review?

  A. Dynamic
  B. Static
  C. Gap
  D. Impact
  B. Static

  ---

  Explanation

  Reviewing the source code of an application to identify misconfigurations and vulnerabilities is best described as static analysis. Static analysis involves examining the code without executing the program. It focuses on finding potential security issues, coding errors, and vulnerabilities by analyzing the code itself. Static analysis: Analyzes the source code or compiled code for vulnerabilities without executing the program.

  Dynamic analysis: Involves testing and evaluating the program while it is running to identify vulnerabilities.

  Gap analysis: Identifies differences between the current state and desired state, often used for compliance or process improvement. Impact analysis: Assesses the potential effects of changes in a system or process.

  References:

  CompTIA Security+ SY0-701 Exam Objectives, Domain 4.3 - Explain various activities associated with vulnerability management (Static analysis).

• Question 812:

  A company would like to provide employees with computers that do not have access to the internet in order to prevent information from being leaked to an online forum.

  Which of the following would be best for the systems administrator to implement?

  A. Air gap
  B. Jump server
  C. Logical segmentation
  D. Virtualization
  A. Air gap

  ---

  Explanation

  To provide employees with computers that do not have access to the internet and prevent information leaks to an online forum, implementing an air gap would be the best solution. An air gap physically isolates the computer or network from any outside connections, including the internet, ensuring that data cannot be transferred to or from the system.

  Air gap: A security measure that isolates a computer or network from the internet or other networks, preventing any form of electronic communication with external systems. Jump server: A secure server used to access and manage devices in a different security zone, but it does not provide isolation from the internet. Logical segmentation: Segregates networks using software or network configurations, but it does not guarantee complete isolation from the internet.

  Virtualization: Creates virtual instances of systems, which can be isolated, but does not inherently prevent internet access without additional configurations.

  References:

  CompTIA Security+ SY0-701 Exam Objectives, Domain 2.5 - Explain the purpose of mitigation techniques used to secure the enterprise (Air gap).

• Question 813:

  A company must ensure that log searches are conducted in the shortest time frame.

  Which of the following should the company do to maintain logs in live storage for 90 days?

  A. Conduct deduplication.
  B. Conduct archiving.
  C. Apply aggregation.
  D. Apply compression.
  C. Apply aggregation.

  ---

  Explanation

  The best answer is C. Apply aggregation. In Security+ logging and monitoring concepts, log aggregation means collecting logs from multiple systems and centralizing them in one place, often for use by a SIEM or another monitoring platform.

  This improves the speed and efficiency of searches because analysts do not need to query many separate devices or locations individually. Centralized logs are much easier to index, correlate, and search quickly. Why the other options are not the best choice:

  A. Conduct deduplicationDeduplication reduces repeated data and may save storage space, but it is primarily a storage-efficiency method. It does not directly provide the best improvement for fast searching across logs.

  B. Conduct archivingArchiving is used for long-term retention, but archived logs are usually moved out of readily searchable live storage. This would not support the requirement for the shortest search time frame.

  D. Apply compressionCompression saves storage capacity, but compressed logs may require decompression or additional processing before review. This does not best support the need for the fastest searches. From a Security+ perspective, when the goal is rapid log review, correlation, and search performance, aggregation is the strongest answer because it supports centralized monitoring and efficient analysis of live logs over the retention period.

• Question 814:

  Which of the following can be best used to discover a company's publicly available breach information?

  A. OSINT
  B. SIEM
  C. CVE
  D. CVSS
  A. OSINT

• Question 815:

  Which of the following is a prerequisite for a DLP solution?

  A. Data destruction
  B. Data sanitization
  C. Data classification
  D. Data masking
  C. Data classification

  ---

  Explanation

  Data classification is essential for a Data Loss Prevention (DLP) solution to function effectively. It identifies and labels data based on sensitivity and importance, enabling the DLP system to apply appropriate policies to protect it.

• Question 816:

  An analyst is evaluating the implementation of Zero Trust principles within the data plane.

  Which of the following would be most relevant for the analyst to evaluate?

  A. Secured zones
  B. Subject role
  C. Adaptive identity
  D. Threat scope reduction
  D. Threat scope reduction

  ---

  Explanation

  In a Zero Trust environment, the data plane is the part of the architecture where actual communication happens. It carries the real traffic between users, devices, applications, and resources. Because of that, an analyst evaluating Zero Trust in the data plane should focus on whether the environment is designed to limit how far a threat can spread after access is gained.

  That is exactly what threat scope reduction means. Its purpose is to reduce the potential impact of compromise by making sure that access is narrow, controlled, and limited to only what is necessary. In practice, this means preventing unnecessary communication paths, restricting lateral movement, and containing attacks so that one compromised account, device, or workload cannot easily reach many other systems.

  This is a core Zero Trust objective in the data plane because Zero Trust does not assume that any internal traffic is automatically safe. Instead, every connection should be tightly controlled and continuously enforced. The analyst would therefore examine whether the implementation reduces exposure between systems, minimizes reachable assets, and limits the blast radius of an incident.

  So, from a data plane perspective, the most relevant thing to evaluate is whether the architecture actively enforces controls that shrink the threat's reachable scope. That is why threat scope reduction is the best answer.

• Question 817:

  A security administrator needs to reduce the attack surface in the company's data centers.

  Which of the following should the security administrator do to complete this task?

  A. Implement a honeynet.
  B. Define Group Policy on the servers.
  C. Configure the servers for high availability.
  D. Upgrade end-of-support operating systems.
  D. Upgrade end-of-support operating systems.

  ---

  Explanation

  Upgrading end-of-support operating systems is one of the most effective ways to reduce the attack surface. Unsupported OS versions no longer receive security patches, making them prime targets for attackers. Removing outdated software ensures that known vulnerabilities cannot be exploited.

  A (honeynet) is used for threat analysis, not reducing the attack surface.

  B (Group Policy) helps enforce security policies but does not address outdated vulnerabilities.

  C (High availability) focuses on uptime, not security risk reduction.

  References:

  CompTIA Security+ SY0-701 Official Study Guide, Security Architecture domain.

• Question 818:

  A company must ensure sensitive data at rest is rendered unreadable.

  Which of the following will the company most likely use?

  A. Hashing
  B. Tokenization
  C. Encryption
  D. Segmentation
  C. Encryption

  ---

  Explanation

  Encryption is a method of transforming data in a way that makes it unreadable without a secret key necessary to decrypt the data back into plaintext. Encryption is one of the most common and effective ways to protect data at rest, as it prevents unauthorized access, modification, or theft of the data. Encryption can be applied to different types of data at rest, such as block storage, object storage, databases, archives, and so on. Hashing, tokenization, and segmentation are not methods of rendering data at rest unreadable, but rather of protecting data in other ways. Hashing is a one-way function that generates a fixed-length output, called a hash or digest, from an input, such that the input cannot be recovered from the output. Hashing is used to verify the integrity and authenticity of data, but not to encrypt it. Tokenization is a process that replaces sensitive data with non-sensitive substitutes, called tokens, that have no meaning or value on their own. Tokenization is used to reduce the exposure and compliance scope of sensitive data, but not to encrypt it. Segmentation is a technique that divides a network or a system into smaller, isolated units, called segments, that have different levels of access and security. Segmentation is used to limit the attack surface and contain the impact of a breach, but not to encrypt data at rest.

  References:

  CompTIA Security+ Study Guide:

  Exam SY0-701, 9th Edition, pages 77-781

  Protecting data at rest - Security Pillar

• Question 819:

  An organization plans to take online orders via a new website. Three web servers are available for this website. However, the organization does not want to reveal the network addresses or quantity of the individual servers to the general public.

  Which of the following would best fulfill these requirements?

  A. IPSec
  B. Explicit proxy
  C. Port security
  D. Virtual IP
  D. Virtual IP

• Question 820:

  Which of the following would be the most appropriate way to protect data in transit?

  A. SHA-256
  B. SSL3.0
  C. TLS 1.3
  D. AES-256
  C. TLS 1.3