CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 871:

  An administrator has configured a quarantine subnet for all guest devices that connect to the network.

  Which of the following would be best for the security team to perform before allowing access to corporate resources?

  A. Device ngerprinting
  B. Compliance attestation
  C. Penetration test
  D. Application vulnerability test
  B. Compliance attestation

• Question 872:

  A company purchased cyber insurance to address items listed on the risk register.

  Which of the following strategies does this represent?

  A. Accept
  B. Transfer
  C. Mitigate
  D. Avoid
  B. Transfer

  ---

  Explanation

  Cyber insurance is a type of insurance that covers the financial losses and liabilities that result from cyberattacks, such as data breaches, ransomware, denial-of-service, phishing, or malware. Cyber insurance can help a company recover from the costs of restoring data, repairing systems, paying ransoms, compensating customers, or facing legal actions. Cyber insurance is one of the possible strategies that a company can use to address the items listed on the risk register. A risk register is a document that records the identified risks, their probability, impact, and mitigation strategies for a project or an organization. The four common risk mitigation strategies are:

  Accept: The company acknowledges the risk and decides to accept the consequences without taking any action to reduce or eliminate the risk. This strategy is usually chosen when the risk is low or the cost of mitigation is too high.

  Transfer: The company transfers the risk to a third party, such as an insurance company, a vendor, or a partner. This strategy is usually chosen when the risk is high or the company lacks the resources or expertise to handle the risk.

  Mitigate: The company implements controls or measures to reduce the likelihood or impact of the risk. This strategy is usually chosen when the risk is moderate or the cost of mitigation is reasonable.

  Avoid: The company eliminates the risk by changing the scope, plan, or design of the project or the organization. This strategy is usually chosen when the risk is unacceptable or the cost of mitigation is too high. By purchasing cyber insurance, the company is transferring the risk to the insurance company, which will cover the financial losses and liabilities in case of a cyberattack. Therefore, the correct answer is B. Transfer.

  References:

  CompTIA Security+ Study Guide (SY0-701), Chapter 8: Governance, Risk, and Compliance, page 377. Professor Messer's CompTIA SY0-701 Security+ Training Course, Section 8.1: Risk Management, video: Risk Mitigation Strategies (5:37).

• Question 873:

  During a security incident, the security operations team identified sustained network traffic from a malicious IP address:

  10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization's network.

  Which of the following fulfills this request?

  A. access-list inbound deny ig source 0.0.0.0/0 destination 10.1.4.9/32
  B. access-list inbound deny ig source 10.1.4.9/32 destination 0.0.0.0/0
  C. access-list inbound permit ig source 10.1.4.9/32 destination 0.0.0.0/0
  D. access-list inbound permit ig source 0.0.0.0/0 destination 10.1.4.9/32
  B. access-list inbound deny ig source 10.1.4.9/32 destination 0.0.0.0/0

  ---

  Explanation

  A firewall rule is a set of criteria that determines whether to allow or deny a packet to pass through the firewall. A firewall rule consists of several elements, such as the action, the protocol, the source address, the destination address, and the port number. The syntax of a firewall rule may vary depending on the type and vendor of the firewall, but the basic logic is the same. In this question, the security analyst is creating an inbound firewall rule to block the IP address 10.1.4.9 from

  accessing the organization's network. This means that the action should be deny, the protocol should be any (or ig for IP), the source address should be 10.1.4.9/32 (which means a single IP address), the destination address should be 0.0.0.0/0 (which means any IP address), and the port number should be any.

  Therefore, the correct firewall rule is:

  access-list inbound deny ig source 10.1.4.9/32 destination 0.0.0.0/0 This rule will match any packet that has the source IP address of 10.1.4.9 and drop it. The other options are incorrect because they either have the wrong action, the wrong source address, or the wrong destination address. For example, option A has the source and destination addresses reversed, which means that it will block any packet that has the destination IP address of 10.1.4.9, which is not the intended

  goal.

  Option C has the wrong action, which is permit, which means that it will allow the packet to pass through the firewall, which is also not the intended goal.

  Option D has the same problem as option A, with the source and destination addresses reversed.

  References:

  Firewall Rules -CompTIA Security+ SY0-401: 1.2, Firewalls -SY0-601 CompTIA Security+ : 3.3, Firewalls -CompTIA Security+ SY0-501, Understanding Firewall Rules -CompTIA Network+ N10-005: 5.5, Configuring Windows Firewall - CompTIA A+ 220-1102 -1.6.

• Question 874:

  An organization has issues with deleted network share data and improper permissions.

  Which solution helps track and remediate these?

  A. DLP
  B. EDR
  C. FIM
  D. ACL
  C. FIM

  ---

  Explanation

  File Integrity Monitoring (FIM) detects unauthorized changes to files, including deletions, modifications, and permission alterations. When protecting shared data, FIM creates baseline hashes of files and monitors them for unexpected changes. Any deviation triggers alerts, enabling rapid investigation and remediation.

  Security+ SY0-701 identifies FIM as a crucial tool for: Integrity monitoring

  Detecting unauthorized file deletion

  Identifying malicious or accidental permission changes

  Supporting compliance (PCI-DSS, HIPAA, etc.)

  DLP (A) protects against data leakage but does not detect permission misconfiguration or deleted files. EDR (B) monitors endpoint activity but is not optimized for shared file integrity. ACL (D) defines permissions but does not track changes.

  Thus, C (FIM) is the correct solution.

• Question 875:

  A university uses two different cloud solutions for storing student data.

  Which of the following does this scenario represent?

  A. Load balancing
  B. Parallel processing
  C. Platform diversity
  D. Clustering
  C. Platform diversity

• Question 876:

  A company expects its provider to ensure servers and networks maintain 97% uptime.

  Which of the following would most likely list this expectation?

  A. BPA
  B. MOU
  C. NDA
  D. SLA
  D. SLA

  ---

  Explanation

  An SLA (Service-Level Agreement) defines the expected performance, availability, uptime, response times, and responsibilities between a provider and a client. The requirement in the scenario-"97% uptime"-is a classic example of an SLA metric. Security+ SY0-701 emphasizes that SLAs outline measurable service expectations so the client can assess compliance and performance.

  A BPA (A) outlines business partnership terms, not performance uptime. An MOU (B) documents mutual understanding but is not legally binding and does not include uptime metrics. An NDA (C) protects confidentiality, not availability or service guarantees.

  Thus, the correct answer is D: SLA.

• Question 877:

  A malicious actor conducted a brute-force attack on a company's web servers and eventually gained access to the company's customer information database.

  Which of the following is the most effective way to prevent similar attacks?

  A. Regular patching of servers
  B. Web application firewalls
  C. Multifactor authentication
  D. Enabling encryption of customer data
  C. Multifactor authentication

  ---

  Explanation

  multifactor authentication (MFA). MFA requires users to provide multiple forms of authentication (such as a password and a one-time code. The most effective way to prevent similar brute-force attacks in the future is to implement sent to a mobile device) before gaining access. This significantly reduces the likelihood of successful brute-force attacks, as attackers would need more than just the password to gain unauthorized access to the system.

  While regular patching, web application firewalls, and encryption of customer data are important security measures, MFA directly addresses the core vulnerability exploited by brute-force attacks.

• Question 878:

  Which of the following would best prepare a security team for a specific incident response scenario?

  A. Situational awareness
  B. Risk assessment
  C. Root cause analysis
  D. Tabletop exercise
  D. Tabletop exercise

• Question 879:

  Client files can only be accessed by employees who need to know the information and have specified roles in the company.

  Which of the following best describes this security concept?

  A. Availability
  B. Confidentiality
  C. Integrity
  D. Non-repudiation
  B. Confidentiality

  ---

  Explanation

  The scenario described, where client files are only accessible to employees who "need to know" the information, reflects the concept of confidentiality. Confidentiality ensures that sensitive information is only accessible to those who are authorized to view it, preventing unauthorized access.

  Availability ensures that data is accessible when needed but doesn't focus on restricting access.

  Integrity ensures that data remains accurate and unaltered but doesn't pertain to access control.

  Non-repudiation ensures that actions cannot be denied after they are performed, but this concept is unrelated to access control.

• Question 880:

  The executive management team is mandating the company develop a disaster recovery plan. The cost must be kept to a minimum, and the money to fund additional internet connections is not available.

  Which of the following would be the best option?

  A. Hot site
  B. Cold site
  C. Failover site
  D. Warm site
  B. Cold site