CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 821:

  Which of the following describes effective change management procedures?

  A. Approving the change after a successful deployment
  B. Having a backout plan when a patch fails
  C. Using a spreadsheet for tracking changes
  D. Using an automatic change control bypass for security updates
  B. Having a backout plan when a patch fails

• Question 822:

  A systems administrator is concerned users are accessing emails through a duplicate site that is not run by the company.

  Which of the following is used in this scenario?

  A. Impersonation
  B. Replication
  C. Phishing
  D. Smishing
  C. Phishing

• Question 823:

  A company processes personal data from customers in multiple countries.

  Which of the following actions is most critical for maintaining legal compliance with global privacy regulations?

  A. Storing all customer data on encrypted local servers
  B. Hiring a data privacy officer to review contracts
  C. Ensuring DPAs are in place with third-party vendors
  D. Using strong passwords and firewalls on all endpoints
  C. Ensuring DPAs are in place with third-party vendors

  ---

  Explanation

  The best answer is C. Ensuring DPAs are in place with third-party vendors. When a company handles personal data across multiple countries, one of the most important legal and regulatory requirements is ensuring that any third parties processing that data are contractually bound to protect it appropriately. A DPA (Data Processing Agreement) defines how a vendor may collect, process, store, share, and protect personal data. This is a key requirement in many privacy frameworks and regulations. This matters because organizations are often still responsible for customer data even when a third-party provider handles it. A DPA helps establish: the roles and responsibilities of each party the legal basis and limits for data processing security and privacy obligations breach notification expectations cross-border data handling requirements.

  Why the other options are incorrect:

  A. Storing all customer data on encrypted local serversEncryption is important, but this alone does not ensure compliance with international privacy laws. Legal compliance involves governance, lawful processing, third-party handling, and contractual obligations.

  B. Hiring a data privacy officer to review contractsA privacy officer may be helpful or required in some situations, but simply hiring one is not as directly critical as having the actual data processing agreements in place.

  D. Using strong passwords and firewalls on all endpointsThese are valuable security controls, but they are not sufficient for legal compliance with global privacy regulations. From a Security+ perspective, privacy compliance often involves third-party risk management, contractual controls, and lawful data handling, making DPAs the most critical answer here.

• Question 824:

  A company wants to ensure secure remote access to its internal network. The company has only one public IP and would like to avoid making any changes to the current network setup.

  Which of the following solutions would best accomplish this goal?

  A. PAT
  B. IPSec VPN
  C. Perimeter network
  D. Reverse proxy
  B. IPSec VPN

• Question 825:

  Which of the following techniques would identify whether data has been modified in transit?

  A. Hashing
  B. Tokenization
  C. Masking
  D. Encryption
  A. Hashing

• Question 826:

  A security officer is implementing a security awareness program and has placed security-themed posters around the building and assigned online user training.

  Which of the following will the security officer most likely implement?

  A. Password policy
  B. Access badges
  C. Phishing campaign
  D. Risk assessment
  C. Phishing campaign

• Question 827:

  Which of the following threat actors is the most likely to be motivated by profit?

  A. Hacktivist
  B. Insider threat
  C. Organized crime
  D. Shadow IT
  C. Organized crime

• Question 828:

  A systems administrator would like to create a point-in-time backup of a virtual machine.

  Which of the following should the administrator use?

  A. Replication
  B. Simulation
  C. Snapshot
  D. Containerization
  C. Snapshot

• Question 829:

  A company performs a risk assessment on the information security program each year.

  Which of the following best describes this risk assessment?

  A. Recurring
  B. Ad hoc
  C. One time
  D. Continuous
  A. Recurring

  ---

  Explanation

  Because the organization performs the risk assessment each year, it is being done on a regular, scheduled interval. In Security+ terminology, that makes it a recurring risk assessment, not ad hoc, one-time, or continuous. The Study Guide differentiates these modes and states: "Recurring risk assessments are performed at regular intervals, such as annually or quarterly." This matches the scenario exactly (annually = each year).

  To avoid confusion with the other options: a one-time assessment is described as a "point-in-time view" performed when the organization wants a snapshot (often tied to a specific need), while ad hoc assessments are triggered by a specific event or situation (like a new project or significant change). In contrast, the key distinguishing factor of recurring is the planned cadence used to "track the evolution of risks over time" and ensure risk management adapts. The guide also notes continuous risk assessment involves ongoing monitoring and analysis, often supported by automated scanning and frequent updates, which is different from a once-per-year schedule. Therefore, the annual assessment described is best classified as recurring.

  References:

  Risk assessment types-definition of recurring assessments ("annually or quarterly").

• Question 830:

  Which of the following describes the procedures a penetration tester must follow while conducting a test?

  A. Rules of engagement
  B. Rules of acceptance
  C. Rules of understanding
  D. Rules of execution
  A. Rules of engagement

  ---

  Explanation

  Rules of engagement specify the agreed-upon boundaries, scope, and procedures for a penetration test to ensure compliance and avoid disruption to the environment.

  References:

  CompTIA Security+ SY0-701 Study Guide, Domain 4: Security Operations, Section: "Penetration Testing Procedures".