CompTIA SY0-701 Online Practice Questions and Exam Preparation

CompTIA SY0-701 Online Questions & Answers

• Question 891:

  Which of the following describes an executive team that is meeting in a board room and testing the company's incident response plan?

  A. Continuity of operations
  B. Capacity planning
  C. Tabletop exercise
  D. Parallel processing
  C. Tabletop exercise

  ---

  Explanation

  A tabletop exercise involves the executive team or key stakeholders discussing and testing the company's incident response plan in a simulated environment. These exercises are low-stress, discussion-based, and help to validate the plan's effectiveness by walking through different scenarios without disrupting actual operations. It is an essential part of testing business continuity and incident response strategies. Continuity of operations refers to the ability of an organization to continue functioning during and after a disaster but doesn't specifically involve simulations like tabletop exercises.

  Capacity planning is related to ensuring the infrastructure can handle growth, not incident response testing.

  Parallel processing refers to running multiple processes simultaneously, which is unrelated to testing an incident response plan.

• Question 892:

  Which of the following should a technician perform to verify the integrity of a file transferred from one device to another?

  A. Authentication
  B. Obfuscation
  C. Hashing
  D. Encryption
  C. Hashing

  ---

  Explanation

  Hashing is the process used to verify file integrity. When transferring a file between devices, a hash value (such as SHA-256) is generated before the transfer and then recomputed afterward. If the two hash values match, the file has not been altered, corrupted, or tampered with during transmission.

  Authentication (A) verifies identity, not file integrity. Obfuscation (B) hides meaning but does not detect modification. Encryption (D) protects confidentiality but does not guarantee integrity unless combined with hashing or digital signatures.

  CompTIA Security+ SY0-701 covers hashing under cryptographic functions used for integrity verification. Hash algorithms ensure that even a single byte change results in a completely different hash value (the avalanche effect). This makes hashing the standard method for verifying the integrity of transferred files, software downloads, backups, and system images.

• Question 893:

  An accounting intern receives an invoice via email from the Chief Executive Officer (CEO). In the email, the CEO demands the immediate release of funds to the bank account that is listed.

  Which of the following principles best describes why this attack might be successful?

  A. Authority
  B. Scarcity
  C. Consensus
  D. Familiarity
  A. Authority

  ---

  Explanation

  The attack works by exploiting authority. The message appears to come from the CEO, a high-ranking executive whose instructions are more likely to be obeyed without verification. Although the email also creates urgency, the primary social engineering principle being used is authority.

• Question 894:

  Attackers created a new domain name that looks similar to a popular file-sharing website.

  Which of the following threat vectors is being used?

  A. Watering-hole attack
  B. Brand impersonation
  C. Phishing
  D. Typosquatting
  D. Typosquatting

  ---

  Explanation

  The scenario describes attackers registering a similar-looking domain to trick users into visiting a malicious site. This matches the definition of typosquatting, also known as URL hijacking or domain spoofing. Typosquatting relies on users mistyping legitimate URLs or failing to notice slight visual differences (e.g., "dropbx.com" instead of "dropbox.com"). Attackers use these domains to distribute malware, steal credentials, or redirect users to phishing pages.

  Watering-hole attacks (A) infect legitimate websites frequented by a specific target group, which does not match this scenario. Brand impersonation (B) involves mimicking a company's identity-often combined with email phishing-but the question specifically mentions creating a similar-looking domain, which is characteristic of typosquatting. Phishing (C) may use these malicious domains, but phishing is a broader social-engineering attack, whereas typosquatting precisely describes the domain manipulation technique.

  Security+ SY0-701 emphasizes typosquatting under Social Engineering & Web-based Threats, highlighting how attackers exploit user errors to redirect traffic to malicious destinations. Reducing this risk involves user training, DNS filtering, domain monitoring, and certificate validation.

• Question 895:

  A security analyst is investigating a workstation that is suspected of outbound communication to a command-and-control server. During the investigation, the analyst discovered that logs on the endpoint were deleted.

  Which of the following logs would the analyst most likely look at next?

  A. IPS
  B. Firewall
  C. ACL
  D. Windows security
  B. Firewall

  ---

  Explanation

  Since the logs on the endpoint were deleted, the next best option for the analyst is to examine firewall logs. Firewall logs can reveal external communication, including outbound traffic to a command-and-control (C2) server. These logs would contain information about the IP addresses, ports, and protocols used, which can help in identifying suspicious connections.

  IPS logs may provide information about network intrusions, but firewall logs are better for tracking communication patterns.

  ACL logs (Access Control List) are useful for tracking access permissions but not for identifying C2 communication.

  Windows security logs would have been ideal if they had not been deleted

• Question 896:

  An organization recently updated its security policy to include the following statement:

  Regular expressions are included in source code to remove special characters such as $, |, ;. &, `, and ? from variables set by forms in a web application.

  Which of the following best explains the security technique the organization adopted by making this addition to the policy?

  A. Identify embedded keys
  B. Code debugging
  C. Input validation
  D. Static code analysis
  C. Input validation

  ---

  Explanation

  Input validation is a security technique that checks the user input for any malicious or unexpected data before processing it by the application. Input validation can prevent various types of attacks, such as injection, cross-site scripting, buffer overflow, and command execution, that exploit the vulnerabilities in the application code. Input validation can be performed on both the client-side and the server-side, using methods such as whitelisting, blacklisting, filtering, sanitizing, escaping, and encoding. By including regular expressions in the source code to remove special characters from the variables set by the forms in the web application, the organization adopted input validation as a security technique. Regular expressions are patterns that match a specific set of characters or strings, and can be used to filter out any unwanted or harmful input. Special characters, such as $, |, ;, &, `, and ?, can be used by attackers to inject commands or scripts into the application, and cause damage or data theft. By removing these characters from the input, the organization can reduce the risk of such attacks.

  Identify embedded keys, code debugging, and static code analysis are not the security techniques that the organization adopted by making this addition to the policy. Identify embedded keys is a process of finding and removing any hard- coded keys or credentials from the source code, as these can pose a security risk if exposed or compromised. Code debugging is a process of finding and fixing any errors or bugs in the source code, which can affect the functionality or performance of the application. Static code analysis is a process of analyzing the source code without executing it, to identify any vulnerabilities, flaws, or coding standards violations. These techniques are not related to the use of regular expressions to remove special characters from the input.

  References:

  CompTIA Security+ SY0-701 Certification Study Guide, page 375-376

  Professor Messer's CompTIA SY0-701 Security+ Training Course, video 4.1 - Vulnerability Scanning, 8:00 - 9:08

  Application Security -SY0-601 CompTIA Security+ : 3.2,

  0:00 - 2:00.

• Question 897:

  Which of the following types of identification methods can be performed on a deployed application during runtime?

  A. Dynamic analysis
  B. Code review
  C. Package monitoring
  D. Bug bounty
  A. Dynamic analysis

  ---

  Explanation

  Dynamic analysis is performed on software during execution to identify vulnerabilities based on how the software behaves in real-world scenarios. It is useful in detecting security issues that only appear when the application is running.

  References:

  CompTIA SY0-701 Course Content.

• Question 898:

  A security team installs an IPS on an organization's network and needs to configure the system to detect and prevent specific network attacks.

  Which of the following settings should the team configure first within the IPS?

  A. Allow list policies
  B. Packet Inspection
  C. Logging and reporting
  D. Firewall rules
  B. Packet Inspection

• Question 899:

  Which of the following is a primary security concern for a company setting up a BYOD program?

  A. End of life
  B. Buffer overflow
  C. VM escape
  D. Jailbreaking
  D. Jailbreaking

  ---

  Explanation

  Jailbreaking is a primary security concern for a company setting up a BYOD (Bring Your Own Device) program. Jailbreaking is the process of removing the manufacturer's or the carrier's restrictions on a device, such as a smartphone or a tablet, to gain root access and install unauthorized or custom software. Jailbreaking can compromise the security of the device and the data stored on it, as well as expose it to malware, viruses, or hacking. Jailbreaking can also violate the warranty and the terms of service of the device, and make it incompatible with the company's security policies and standards. Therefore, a company setting up a BYOD program should prohibit jailbreaking and enforce device compliance and encryption.

  References:

  CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 2, page 76. CompTIA Security+ SY0-701 Exam Objectives, Domain 2.4, page 11.

• Question 900:

  Due to a cyberattack, a company's IT systems were not operational for an extended period of time. The company wants to measure how quickly the systems must be restored in order to minimize business disruption.

  Which of the following would the company most likely use?

  A. Recovery point objective
  B. Risk appetite
  C. Risk tolerance
  D. Recovery time objective
  E. Mean time between failure
  D. Recovery time objective

  ---

  Explanation

  The Recovery Time Objective (RTO) refers to the maximum acceptable amount of time that an IT system can be down after an incident before causing significant disruption to the business. This metric is used to set restoration goals and minimize business impact. RTO helps the company define how quickly the systems need to be restored to resume normal operations.