CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 881:

  Which of the following best describe the benefits of a microservices architecture when compared to a monolithic architecture? (Choose two.)

  A. Easier debugging of the system
  B. Reduced cost of ownership of the system
  C. Improved scalability of the system
  D. Increased compartmentalization of the system
  E. Stronger authentication of the system
  F. Reduced complexity of the system
  C. Improved scalability of the system
  D. Increased compartmentalization of the system

  ---

  Explanation

  A microservices architecture offers the following benefits compared to a monolithic architecture:

  Improved scalability: Each microservice can be independently scaled based on demand, allowing more efficient resource usage and better performance for high-demand components.

  Increased compartmentalization : Microservices are designed as separate, independent components, which improves modularity and allows for better fault isolation, easier updates, and focused development on specific services.

  While microservices have benefits such as easier debugging and reduced cost of ownership, their primary advantages lie in scalability and compartmentalization.

• Question 882:

  An accounting employee recently used software that was not approved by the company.

  Which of the following risks does this most likely represent?

  A. Unskilled attacker
  B. Hacktivist
  C. Shadow IT
  D. Supply chain
  C. Shadow IT

• Question 883:

  While a school district is performing state testing, a security analyst notices all internet services are unavailable. The analyst discovers that ARP poisoning is occurring on the network and then terminates access for the host.

  Which of the following is most likely responsible for this malicious activity?

  A. Unskilled attacker
  B. Shadow IT
  C. Insider threat
  D. Nation-state
  C. Insider threat

• Question 884:

  Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software?

  A. Configure all systems to log scheduled tasks.
  B. Collect and monitor all traffic exiting the network.
  C. Block traffic based on known malicious signatures.
  D. Install endpoint management software on all systems.
  D. Install endpoint management software on all systems.

  ---

  Explanation

  Endpoint management software is a tool that allows security engineers to monitor and control the configuration, security, and performance of workstations and servers from a central console. Endpoint management software can help detect and prevent unauthorized changes and software installations, enforce policies and compliance, and provide reports and alerts on the status of the endpoints. The other options are not as effective or comprehensive as endpoint management software for this purpose.

  References:

  CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 137

• Question 885:

  Which of the following is a possible consequence of a VM escape?

  A. Malicious instructions can be inserted into memory and give the attacker elevated permissions.
  B. An attacker can access the hypervisor and compromise other VMs.
  C. Unencrypted data can be read by a user in a separate environment.
  D. Users can install software that is not on the manufacturer's approved list.
  B. An attacker can access the hypervisor and compromise other VMs.

  ---

  Explanation

  A VM escape occurs when an attacker breaks out of a virtual machine's isolation to access the hypervisor. This compromise can allow control of the hypervisor and all other VMs on the host, posing significant security risks.

  References:

  CompTIA Security+ SY0-701 Study Guide, Domain 3: Security Architecture, Section: "Virtualization Risks and Mitigation".

• Question 886:

  Which of the following are the best for hardening end-user devices? (Selecttwo)

  A. Full disk encryption
  B. Group-level permissions
  C. Account lockout
  D. Endpoint protection
  E. Proxy server
  F. Segmentation
  A. Full disk encryption
  D. Endpoint protection

• Question 887:

  A company processes and stores sensitive data on its own systems.

  Which of the following steps should the company take first to ensure compliance with privacy regulations?

  A. Implement access controls and encryption.
  B. Develop and provide training on data protection policies.
  C. Create incident response and disaster recovery plans.
  D. Purchase and install security software.
  B. Develop and provide training on data protection policies.

  ---

  Explanation

  Establishing clear data protection policies and training employees is foundational for compliance. It ensures that everyone in the organization understands the requirements, their responsibilities, and how to handle sensitive data correctly.

  This foundation enables effective implementation of technical controls, incident response plans, and security measures in alignment with privacy regulations.

• Question 888:

  Which of the following security controls is most likely being used when a critical legacy server is segmented into a private network?

  A. Deterrent
  B. Corrective
  C. Compensating
  D. Preventive
  C. Compensating

  ---

  Explanation

  When a critical legacy server is segmented into a private network, the security control being used is compensating. Compensating controls are alternative measures put in place to satisfy a security requirement when the primary control is not feasible or practical. In this case, segmenting the legacy server into a private network serves as a compensating control to protect it from potential vulnerabilities that cannot be mitigated directly.

  Compensating: Provides an alternative method to achieve the desired security outcome when the primary control is not possible.

  Deterrent: Aims to discourage potential attackers but does not directly address segmentation.

  Corrective: Used to correct or mitigate the impact of an incident after it has occurred.

  Preventive: Aims to prevent security incidents but is not specific to the context of segmentation.

  References:

  CompTIA Security+ SY0-701 Exam Objectives, Domain 1.1 - Compare and contrast various types of security controls (Compensating controls).

• Question 889:

  A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications.

  Which of the following methods would allow this functionality?

  A. SSO
  B. LEAP
  C. MFA
  D. PEAP
  A. SSO

  ---

  Explanation

  SSO stands for single sign-on, which is a method of authentication that allows users to access multiple applications or services with one set of credentials. SSO reduces the number of credentials employees need to maintain and simplifies the login process. SSO can also improve security by reducing the risk of password reuse, phishing, and credential theft. SSO can be implemented using various protocols, such as SAML, OAuth, OpenID Connect, and Kerberos, that enable the exchange of authentication information between different domains or systems. SSO is commonly used for accessing SaaS applications, such as Office 365, Google Workspace, Salesforce, and others, using domain credentials.

  B. LEAP stands for Lightweight Extensible Authentication Protocol, which is a Cisco proprietary protocol that provides authentication for wireless networks. LEAP is not related to SaaS applications or domain credentials.

  C. MFA stands for multi-factor authentication, which is a method of authentication that requires users to provide two or more pieces of evidence to prove their identity. MFA can enhance security by adding an extra layer of protection beyond passwords, such as tokens, biometrics, or codes. MFA is not related to SaaS applications or domain credentials, but it can be used in conjunction with SSO.

  D. PEAP stands for Protected Extensible Authentication Protocol, which is a protocol that provides secure authentication for wireless networks. PEAP uses TLS to create an encrypted tunnel between the client and the server, and then uses another authentication method, such as MS-CHAPv2 or EAP-GTC, to verify the user's identity. PEAP is not related to SaaS applications or domain credentials.

  References:

  1: Security+ (SY0-701) Certification Study Guide | CompTIA IT Certifications

  2: What is Single Sign-On (SSO)? - Definition from WhatIs.com

  3: Single sign-on - Wikipedia

  4: Lightweight Extensible Authentication Protocol - Wikipedia : What is Multi-Factor Authentication (MFA)? - Definition from WhatIs.com : Protected Extensible Authentication Protocol - Wikipedia

• Question 890:

  For an upcoming product launch, a company hires a marketing agency whose owner is a close relative of the Chief Executive Officer.

  Which of the following did the company violate?

  A. Independent assessments
  B. Supply chain analysis
  C. Right-to-audit clause
  D. Conflict of interest policy
  D. Conflict of interest policy

  ---

  Explanation

  A conflict of interest policy ensures that decisions are made in the best interests of the company and not influenced by personal relationships or benefits. Hiring a marketing agency owned by a close relative of the CEO without appropriate disclosures or procedures would violate such a policy, as it creates a potential bias or unfair advantage.