CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 831:

  An analyst wants to move data from production to the UAT server to test the latest release.

  Which of the following strategies should the analyst use to protect sensitive data from being viewed by the testing team?

  A. Data masking
  B. Data tokenization
  C. Data obfuscation
  D. Data encryption
  A. Data masking

  ---

  Explanation

  The best answer is A. Data masking. When production data is copied into a UAT (User Acceptance Testing) environment, sensitive information should be protected so that testers cannot view real confidential values such as personal data, account numbers, or other regulated information. Data masking replaces sensitive data with realistic but fictional or hidden values while preserving the format and usability of the data for testing. This makes it ideal for non-production environments where the application still needs data that looks real, but the testing team should not be able to see actual sensitive information. Why the other options are incorrect:

  B. Data tokenizationTokenization replaces sensitive values with tokens, but it is more commonly used to protect data in operational processing systems, such as payment environments. It is not the best fit here compared with masking for UAT visibility concerns.

  C. Data obfuscationObfuscation is a broader term and can mean making data harder to understand, but data masking is the more precise and standard control for protecting test data from being viewed.

  D. Data encryptionEncryption protects data at rest or in transit, but once authorized testers access and use the UAT system, the application may decrypt and display the data. That does not solve the problem of testers viewing sensitive values. From a Security+ perspective, when moving production data into development, test, or UAT environments, the preferred control to prevent exposure of real sensitive data is data masking.

• Question 832:

  SIMULATION

  A recent black-box penetration test of http://example.com discovered that external

  website vulnerabilities exist, such as directory traversals, cross-site scripting, cross-site forgery, and insecure protocols.

  You are tasked with reducing the attack space and enabling secure protocols.

  INSTRUCTIONS

  Part 1

  Use the drop-down menus to select the appropriate technologies for each location to implement a secure and resilient web architecture. Not all technologies will be used, and technologies may be used multiple times.

  Part 2

  Use the drop-down menus to select the appropriate command snippets from the drop-down menus. Each command section must be filled.

  

  

  A. Check the anser below.
  B. PlaceHolder
  C. PlaceHolder
  D. PlaceHolder
  A. Check the anser below.

  ---

  Explanation

  Answer: See the solution in explanation below.

  

  

• Question 833:

  Which of the following actions must an organization take to comply with a person's request for the right to be forgotten?

  A. Purge all personally identifiable attributes.
  B. Encrypt all of the data.
  C. Remove all of the person's data.
  D. Obfuscate all of the person's data.
  C. Remove all of the person's data.

  ---

  Explanation

  The right to be forgotten, as outlined in regulations such as the General Data Protection Regulation (GDPR), requires organizations to permanently delete an individual's personal data upon request, unless there is a legal or contractual obligation to retain it.

  Purging personally identifiable attributes (Option A) removes some identifying data but does not fully satisfy the request.

  Encrypting the data (Option B) does not remove it, and the data is still accessible with the decryption key.

  Obfuscating data (Option D) makes data unreadable but does not permanently remove it. To comply with the right to be forgotten, organizations must remove all of the person's data unless an exception applies.

• Question 834:

  A recent penetration test identified that an attacker could flood the MAC address table of network switches.

  Which of the following would best mitigate this type of attack?

  A. Load balancer
  B. Port security
  C. IPS
  D. NGFW
  B. Port security

  ---

  Explanation

  Port security is the best mitigation technique for preventing an attacker from flooding the MAC address table of network switches. Port security can limit the number of MAC addresses learned on a port, preventing an attacker from overwhelming the switch's MAC table (a form of MAC flooding attack). When the allowed number of MAC addresses is exceeded, port security can block additional devices or trigger alerts. Load balancer distributes network traffic but does not address MAC flooding attacks.

  IPS (Intrusion Prevention System) detects and prevents attacks but isn't specifically designed for MAC flooding mitigation. NGFW (Next-Generation Firewall) offers advanced traffic inspection but is not directly involved in MAC table security.

• Question 835:

  A security analyst attempts to start a company's database server. When the server starts, the analyst receives an error message indicating the database server did not pass authentication. After reviewing and testing the system, the analyst receives confirmation that the server has been compromised and that attackers have redirected all outgoing database traffic to a server under their control.

  Which of the following MITRE ATT&CK techniques did the attacker most likely use to redirect database traffic?

  A. Browser extension
  B. Process injection
  C. Valid accounts
  D. Escape to host
  C. Valid accounts

  ---

  Explanation

  The "Valid accounts" technique in the MITRE ATT&CK framework involves attackers using stolen or otherwise valid credentials to access and control systems. In this scenario, the attackers likely gained legitimate access to the database server using valid credentials and modified settings to redirect database traffic to their own server. This technique allows attackers to bypass certain security measures and perform actions as if they were authorized users, which aligns with the observed redirection of outgoing traffic.

• Question 836:

  Which of the following would best ensure a controlled version release of a new software application?

  A. Business continuity planning
  B. Quantified risk analysis
  C. Static code analysis
  D. Change management procedures
  D. Change management procedures

• Question 837:

  Which of the following is best to use when determining the severity of a vulnerability?

  A. CVE
  B. OSINT
  C. SOAR
  D. CVSS
  D. CVSS

• Question 838:

  A store is setting up wireless access for employees. Management wants to limit the number of access points while ensuring full coverage.

  Which tool will help determine how many access points are needed?

  A. Signal locator
  B. WPA3
  C. Heat map
  D. Site survey
  D. Site survey

  ---

  Explanation

  A site survey is the formal process used to determine the required number, placement, and configuration of wireless access points (APs). Security+ SY0-701 states that site surveys measure RF propagation, identify dead zones, account for building materials, detect interference sources, and evaluate coverage overlap. This information allows network engineers to deploy the fewest APs necessary while still ensuring full coverage.

  Although heat maps (C) are generated as a result of a site survey, they are visualization tools-not the actual survey process. A signal locator (A) is not a standardized tool in wireless planning. WPA3 (B) is a wireless security protocol and has no impact on access point planning or coverage optimization.

  A full site survey ensures optimal AP placement to balance coverage, performance, and cost-exactly the concern described in the scenario.

  Thus, the correct answer is D: Site survey.

• Question 839:

  Which of the following is an example of a certificate that is generated by an internal source?

  A. Digital signature
  B. Asymmetric key
  C. Self-signed
  D. Symmetric key
  C. Self-signed

  ---

  Explanation

  A self-signed certificate is generated internally without involving an external Certificate Authority (CA). In a self-signed certificate, the certificate issuer and certificate subject are the same entity. Security+ SY0-701 explains that organizations frequently use self-signed certificates for internal systems, lab environments, or testing scenarios where external trust chains are unnecessary.

  A digital signature (A) is a cryptographic function, not a certificate. Asymmetric keys (B) are used in public-key cryptography but do not constitute a certificate by themselves. Symmetric keys (D) are encryption tools, not certificates.

  Therefore, the example of a certificate generated internally is C: Self-signed.

• Question 840:

  Which of the following best distinguishes hacktivists from insider threats?

  A. Hacktivists often act based on ideological or political beliefs rather than organizational access.
  B. Hacktivists are generally employed by the target organization at the time of attack.
  C. Hacktivists often target organizations without prior access or internal affiliation.
  D. Hacktivists are primarily motivated by personal conflicts or employment-related dissatisfaction.
  C. Hacktivists often target organizations without prior access or internal affiliation.

  ---

  Explanation

  The best answer is C. Hacktivists often target organizations without prior access or internal affiliation. The clearest distinction between hacktivists and insider threats is that insider threats typically have authorized access or internal affiliation with the organization, while hacktivists usually act from the outside. Hacktivists are often motivated by political, ideological, or social causes, but the strongest differentiator in this comparison is that they generally do not begin with legitimate internal access. Why the other options are less correct:

  A. Hacktivists often act based on ideological or political beliefs rather than organizational access.This is true about motivation, but it does not distinguish them as directly as the lack of internal access does.

  B. Hacktivists are generally employed by the target organization at the time of attack.This describes insiders, not hacktivists.

  D. Hacktivists are primarily motivated by personal conflicts or employment-related dissatisfaction. This is more typical of some insider threats, not hacktivists. From the SY0-701 perspective, the strongest distinction is external targeting without prior authorized access, so C is the best answer.