CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 81:

  A security analyst is evaluating a SaaS application that the human resources department would like to implement. The analyst requests a SOC 2 report from the SaaS vendor.

  Which of the following processes is the analyst most likely conducting?

  A. Internal audit
  B. Penetration testing
  C. Attestation
  D. Due diligence
  D. Due diligence

• Question 82:

  A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message.

  Which of the following should the analyst do?

  A. Place posters around the office to raise awareness of common phishing activities.
  B. Implement email security filters to prevent phishing emails from being delivered
  C. Update the EDR policies to block automatic execution of downloaded programs.
  D. Create additional training for users to recognize the signs of phishing attempts.
  C. Update the EDR policies to block automatic execution of downloaded programs.

  ---

  Explanation

  An endpoint detection and response (EDR) system is a security tool that monitors and analyzes the activities and behaviors of endpoints, such as computers, laptops, mobile devices, and servers. An EDR system can detect, prevent, and respond to various types of threats, such as malware, ransomware, phishing, and advanced persistent threats (APTs). One of the features of an EDR system is to block the automatic execution of downloaded programs, which can prevent malicious code from running on the endpoint when a user clicks on a link in a phishing message. This can reduce the impact of a phishing attack and protect the endpoint from compromise. Updating the EDR policies to block automatic execution of downloaded programs is a technical control that can mitigate the risk of phishing, regardless of the user's awareness or behavior. Therefore, this is the best answer among the given options. The other options are not as effective as updating the EDR policies, because they rely on administrative or physical controls that may not be sufficient to prevent or stop a phishing attack. Placing posters around the office to raise awareness of common phishing activities is a physical control that can increase the user's knowledge of phishing, but it may not change their behavior or prevent them from clicking on a link in a phishing message. Implementing email security filters to prevent phishing emails from being delivered is an administrative control that can reduce the exposure to phishing, but it may not be able to block all phishing emails, especially if they are crafted to bypass the filters. Creating additional training for users to recognize the signs of phishing attempts is an administrative control that can improve the user's skills of phishing detection, but it may not guarantee that they will always be vigilant or cautious when receiving an email.

  Therefore, these options are not the best answer for this question.

  References:

  Endpoint Detection and Response -CompTIA Security+ SY0-701 -2.2, video at 5:30

  CompTIA Security+ SY0- 701 Certification Study Guide, page 163.

• Question 83:

  A security analyst identifies an incident in the network.

  Which of the following incident response activities would the security analyst perform next?

  A. Containment
  B. Detection
  C. Eradication
  D. Recovery
  A. Containment

  ---

  Explanation

• Question 84:

  An organization experiences a cybersecurity incident involving a command-and-control server.

  Which of the following logs should be analyzed to identify the impacted host? (Choose two.)

  A. Application
  B. Authentication
  C. DHCP
  D. Network
  E. Firewall
  F. Database
  D. Network
  E. Firewall

• Question 85:

  A security team is addressing a risk associated with the attack surface of the organization's web application over port 443. Currently, no advanced network security capabilities are in place.

  Which of the following would be best to set up? (Choose two.)

  A. NIDS
  B. Honeypot
  C. Certificate revocation list
  D. HIPS
  E. WAF
  F. SIEM
  E. WAF
  F. SIEM

• Question 86:

  Which of the following should a company use to provide proof of external network security testing?

  A. Business impact analysis
  B. Supply chain analysis
  C. Vulnerability assessment
  D. Third-party attestation
  D. Third-party attestation

  ---

  Explanation

  Third-party attestation involves an external, independent party performing a network security assessment and providing documented proof, ensuring objectivity and compliance with regulatory or client requirements.

  References:

  CompTIA Security+ SY0-701 Study Guide, Domain 5: Security Program Management, Section: "Compliance and Security Audits".

• Question 87:

  Which of the following agreement types is used to limit external discussions?

  A. BPA
  B. NDA
  C. SLA
  D. MSA
  B. NDA

• Question 88:

  While conducting a business continuity tabletop exercise, the security team becomes concerned by potential impacts if a generator fails during failover.

  Which of the following is the team most likely to consider in regard to risk management activities?

  A. RPO
  B. ARO
  C. BIA
  D. MTTR
  C. BIA

  ---

  Explanation

  In this scenario, the security team is evaluating the potential impact of a generator failure during a failover situation as part of a business continuity tabletop exercise. This is fundamentally an impact analysis activity.

  C. BIA (Business Impact Analysis) - CORRECT A Business Impact Analysis identifies and evaluates the effects of disruptions on business operations. It helps determine critical systems, dependencies (such as generators), and the impact if those components fail. In this case, the team is concerned about what would happen if the generator fails during failover, which directly aligns with BIA activities.

  A. RPO (Recovery Point Objective) - INCORRECT RPO defines the maximum acceptable amount of data loss measured in time. It is focused on data recovery, not infrastructure failure impact.

  B. ARO (Annual Rate of Occurrence) - INCORRECT ARO estimates how often a risk event is expected to occur per year. The scenario is not about frequency, but about impact during a failure.

  D. MTTR (Mean Time to Repair) - INCORRECT MTTR measures the average time required to repair a system after failure. While relevant to recovery operations, it does not address the assessment of business impact. Conclusion: The team is analyzing the consequences of a failure scenario on business operations, which is the purpose of a Business Impact Analysis (BIA).

• Question 89:

  An MSSP manages firewalls for hundreds of clients.

  Which of the following tools would be most helpful to create a standard configuration template in order to improve the efficiency of firewall changes?

  A. SNMP
  B. Benchmarks
  C. Netflow
  D. SCAP
  B. Benchmarks

• Question 90:

  The Chief Information Security Officer wants to prevent exfiltration of sensitive information from employee cell phones when using public USB power charging stations.

  Which of the following would be the BEST solution to Implement?

  A. DLP
  B. USB data blocker
  C. USB OTG
  D. Disabling USB ports
  B. USB data blocker

  ---

  Explanation

  The best solution to prevent exfiltration of sensitive information from employee cell phones when using public USB power charging stations would be to use a USB data blocker. A USB data blocker is a device that can be used to physically block the data pins on a USB cable, preventing data transfer while still allowing the device to be charged. This would prevent employees from accidentally or maliciously transferring sensitive data from their cell phones to the public charging station. Options A, C, and D would not be effective in preventing this type of data exfiltration