CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 841:

  A company's Chief Information Security Officer (CISO) wants to enhance the capabilities of the incident response team. The CISO directs the incident response team to deploy a tool that rapidly analyzes host and network data from potentially compromised systems and forwards the data for further review.

  Which of the following tools should the incident response team deploy?

  A. NAC
  B. IPS
  C. SIEM
  D. EDR
  D. EDR

  ---

  Explanation

  An Endpoint Detection and Response (EDR) solution is designed to monitor, detect, and respond to security incidents on endpoints (such as workstations and servers). It collects and analyzes data, detecting suspicious activity and forwarding relevant information for further investigation.

  Network Access Control (NAC) (A) enforces network access policies but does not analyze security threats on hosts.

  Intrusion Prevention Systems (IPS) (B) detect and block network threats but do not provide deep endpoint analytics.

  Security Information and Event Management (SIEM) (C) aggregates logs and provides security analytics but lacks direct endpoint detection and response capabilities.

  EDR is the best choice for analyzing and responding to endpoint security incidents.

• Question 842:

  A user downloaded software from an online forum. After the user installed the software, the security team observed external network traffic connecting to the user's computer on an uncommon port.

  Which of the following is the most likely explanation of this unauthorized connection?

  A. The software had a hidden keylogger.
  B. The software was ransomware.
  C. The user's computer had a fileless virus.
  D. The software contained a backdoor.
  D. The software contained a backdoor.

  ---

  Explanation

  The scenario describes software downloaded from an untrusted source that, after installation, initiates external communication over an uncommon port. This behavior is characteristic of a backdoor, which allows unauthorized remote access and control, often using nonstandard ports to evade detection. A keylogger primarily captures user input, ransomware typically encrypts files and demands payment, and a fileless virus operates in memory without leaving traditional artifacts, none of which best match the described network behavior.

• Question 843:

  Which of the following is a type of vulnerability that involves inserting scripts into web-based applications in order to take control of the client's web browser?

  A. SQL injection
  B. Cross-site scripting
  C. Zero-day exploit
  D. On-path attack
  B. Cross-site scripting

  ---

  Explanation

  Cross-site scripting (XSS) vulnerabilities allow attackers to inject malicious scripts into a website, which are then executed in the user's web browser, potentially leading to data theft or session hijacking.

  References:

  Security+ SY0-701 Course Content, Security+ SY0-601 Book.

• Question 844:

  A penetration testing report indicated that an organization should implement controls related to database input validation.

  Which of the following best identifies the type of vulnerability that was likely discovered during the test?

  A. XSS
  B. Command injection
  C. Buffer overflow
  D. SQLi
  D. SQLi

• Question 845:

  An audit reveals that cardholder database logs are exposing account numbers inappropriately.

  Which of the following mechanisms would help limit the impact of this error?

  A. Segmentation
  B. Hashing
  C. Journaling
  D. Masking
  D. Masking

  ---

  Explanation

  Masking is a technique used to obscure sensitive data, such as account numbers, in order to prevent unauthorized access to the full details. By applying masking to the cardholder data in the logs, only part of the account number would be visible, limiting the exposure of sensitive information and thus reducing the potential impact of the error. This approach allows for secure handling of data in scenarios where the information needs to be referenced but not fully exposed.

• Question 846:

  Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?

  A. Automation
  B. Compliance checklist
  C. Attestation
  D. Manual audit
  A. Automation

  ---

  Explanation

  Automation is the best way to consistently determine on a daily basis whether security settings on servers have been modified. Automation is the process of using software, hardware, or other tools to perform tasks that would otherwise require human intervention or manual effort. Automation can help to improve the efficiency, accuracy, and consistency of security operations, as well as reduce human errors and costs. Automation can be used to monitor, audit, and enforce security settings on servers, such as firewall rules, encryption keys, access controls, patch levels, and configuration files. Automation can also alert security personnel of any changes or anomalies that may indicate a security breach or compromise.

  The other options are not the best ways to consistently determine on a daily basis whether security settings on servers have been modified: Compliance checklist: This is a document that lists the security requirements, standards, or best practices that an organization must follow or adhere to. A compliance checklist can help to ensure that the security settings on servers are aligned with the organizational policies and regulations, but it does not automatically detect or report any changes or modifications that may occur on a daily basis.

  Attestation: This is a process of verifying or confirming the validity or accuracy of a statement, claim, or fact. Attestation can be used to provide assurance or evidence that the security settings on servers are correct and authorized, but it does not continuously monitor or audit any changes or modifications that may occur on a daily basis.

  Manual audit: This is a process of examining or reviewing the security settings on servers by human inspectors or auditors. A manual audit can help to identify and correct any security issues or discrepancies on servers, but it is time-consuming, labor-intensive, and prone to human errors. A manual audit may not be feasible or practical to perform on a daily basis.

  References:

  1: CompTIA Security+ SY0-701 Certification Study Guide, page 102

  2: Automation and Scripting -CompTIA Security+ SY0-701 -5.1, video by Professor Messer

  3: CompTIA Security+ SY0-701 Certification Study Guide, page 97

  4: CompTIA Security+ SY0-701 Certification Study Guide, page 98. : CompTIA Security+ SY0-701 Certification Study Guide, page 99.

• Question 847:

  Which of the following explains how a supply chain service provider could introduce a security vulnerability into an organization?

  A. Delaying hardware shipments needed for system upgrades
  B. Outsourcing customer service operations to a foreign call center
  C. Failing to encrypt data stored on the organization's internal database
  D. Having privileged access to client systems and becoming a target for attackers
  D. Having privileged access to client systems and becoming a target for attackers

  ---

  Explanation

  The correct answer is having privileged access to client systems and becoming a target for attackers, which directly reflects a major risk discussed in the Security+ SY0-701 domain of Security Program Management and Oversight, specifically within third-party and supply chain risk management. Supply chain service providers often require elevated or privileged access to an organization's systems to perform maintenance, monitoring, software updates, or support services. This level of access significantly expands the organization's attack surface.

  When a vendor has privileged access, attackers may target the service provider as an indirect path into the primary organization. This type of compromise is especially dangerous because malicious activity may appear legitimate, using trusted credentials and authorized connections. The Security+ study guide emphasizes that third-party compromises can bypass traditional perimeter defenses, making them particularly difficult to detect and contain. As a result, vendors can unintentionally introduce vulnerabilities even if the organization's internal security controls are strong.

  The other options do not directly introduce a security vulnerability. Delayed hardware shipments affect availability and project timelines but do not create a security weakness. Outsourcing customer service may introduce privacy or compliance concerns, but it does not inherently create a technical vulnerability unless combined with poor access controls. Failing to encrypt internal databases is an internal security failure, not a supply chain issue caused by a service provider.

  From a Security+ perspective, managing this risk requires strong contractual controls, least-privilege access, continuous monitoring, and audit rights. Organizations must treat vendors as extensions of their own environment. Therefore, privileged access held by a supply chain provider-and the increased likelihood of that provider being targeted-is the most accurate explanation of how a supply chain service provider can introduce a security vulnerability.

• Question 848:

  Which of the following data states applies to data that is being actively processed by a database server?

  A. In use
  B. At rest
  C. In transit
  D. Being hashed
  A. In use

  ---

  Explanation

  Data "in use" refers to data actively being accessed, processed, or modified by an application or system, such as a database server. This is distinct from data "at rest," which is stored but not actively accessed, and data "in transit," which is being transmitted over a network.

• Question 849:

  Which of the following can automate vulnerability management?

  A. CVE
  B. SCAP
  C. OSINT
  D. CVSS
  B. SCAP

  ---

  Explanation

  SCAP (Security Content Automation Protocol) is designed to automate vulnerability management, configuration assessment, and compliance checking. According to CompTIA Security+ SY0-701, SCAP standardizes how vulnerability information is expressed, measured, and shared, allowing security tools to automatically scan systems, identify weaknesses, and assess compliance against predefined baselines.

  SCAP integrates multiple standards such as CVE, CVSS, CPE, and XCCDF, enabling automated vulnerability scanning, scoring, and reporting across large environments. This makes it a core technology for continuous vulnerability management and compliance automation.

  CVE (A) is a catalog of known vulnerabilities, not an automation framework. OSINT (C) provides publicly available intelligence but does not automate remediation or assessment. CVSS (D) provides severity scoring but does not automate vulnerability management.

  Because SCAP enables automated identification, assessment, and reporting of vulnerabilities, the correct answer is B: SCAP.

• Question 850:

  Which of the following should an organization use to protect its environment from external attacks conducted by an unauthorized hacker?

  A. ACL
  B. IDS
  C. HIDS
  D. NIPS
  D. NIPS

  ---

  Explanation

  A Network Intrusion Prevention System (NIPS) actively monitors network traffic and can detect and block malicious activities in real-time, helping to prevent external attacks. Unlike IDS, which only detects intrusions, NIPS can take immediate action to stop threats, making it a strong defensive measure against unauthorized external attacks.