Practice Free SY0-701 Exam Online Questions
Question #1
A bank insists all of its vendors must prevent data loss on stolen laptops.
Which of the following strategies is the bank requiring?
- A . Encryption at rest
- B . Masking
- C . Data classification
- D . Permission restrictions
Correct Answer: A
A
Explanation:
Encryption at rest is a strategy that protects data stored on a device, such as a laptop, by converting it into an unreadable format that can only be accessed with a decryption key or password. Encryption at rest can prevent data loss on stolen laptops by preventing unauthorized access to the data, even if the device is physically compromised. Encryption at rest can also help comply with data privacy regulations and standards that require data protection. Masking, data classification, and permission restrictions are other strategies that can help protect data, but they may not be sufficient or applicable for data stored on laptops. Masking is a technique that obscures sensitive data elements, such as credit card numbers, with random characters or symbols, but it is usually used for data in transit or in use, not at rest. Data classification is a process that assigns labels to data based on its sensitivity and business impact, but it does not protect the data itself. Permission restrictions are rules that define who can access, modify, or delete data, but they may not prevent unauthorized access if the laptop is stolen and the security controls are bypassed.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 17-18, 372-373
A
Explanation:
Encryption at rest is a strategy that protects data stored on a device, such as a laptop, by converting it into an unreadable format that can only be accessed with a decryption key or password. Encryption at rest can prevent data loss on stolen laptops by preventing unauthorized access to the data, even if the device is physically compromised. Encryption at rest can also help comply with data privacy regulations and standards that require data protection. Masking, data classification, and permission restrictions are other strategies that can help protect data, but they may not be sufficient or applicable for data stored on laptops. Masking is a technique that obscures sensitive data elements, such as credit card numbers, with random characters or symbols, but it is usually used for data in transit or in use, not at rest. Data classification is a process that assigns labels to data based on its sensitivity and business impact, but it does not protect the data itself. Permission restrictions are rules that define who can access, modify, or delete data, but they may not prevent unauthorized access if the laptop is stolen and the security controls are bypassed.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 17-18, 372-373
Question #2
An administrator must replace an expired SSL certificate.
Which of the following does the administrator need to create the new SSL certificate?
- A . CSR
- B . OCSP
- C . Key
- D . CRL
Correct Answer: A
A
Explanation:
A Certificate Signing Request (CSR) is a request sent to a certificate authority (CA) to issue an SSL certificate. The CSR contains information like the public key, which will be part of the certificate.
Reference: Security+ SY0-701 Course Content, Security+ SY0-601 Book.
A
Explanation:
A Certificate Signing Request (CSR) is a request sent to a certificate authority (CA) to issue an SSL certificate. The CSR contains information like the public key, which will be part of the certificate.
Reference: Security+ SY0-701 Course Content, Security+ SY0-601 Book.
Question #3
Which of the following describes the reason root cause analysis should be conducted as part of incident response?
- A . To gather loCs for the investigation
- B . To discover which systems have been affected
- C . To eradicate any trace of malware on the network
- D . To prevent future incidents of the same nature
Correct Answer: D
D
Explanation:
Root cause analysis is a process of identifying and resolving the underlying factors that led to an incident. By conducting root cause analysis as part of incident response, security professionals can learn from the incident and implement corrective actions to prevent future incidents of the same nature. For example, if the root cause of a data breach was a weak password policy, the security team can enforce a stronger password policy and educate users on the importance of password security. Root cause analysis can also help to improve security processes, policies, and procedures, and to enhance security awareness and culture within the organization. Root cause analysis is not meant to gather loCs (indicators of compromise) for the investigation, as this is a task performed during the identification and analysis phases of incident response. Root cause analysis is also not meant to discover which systems have been affected or to eradicate any trace of malware on the network, as these are tasks performed during the containment and eradication phases of incident response.
Reference = CompTIA Security+ SY0-701 Certification Study Guide, page 424-425; Professor Messer’s CompTIA SY0-701 Security+ Training Course, video 5.1 – Incident Response, 9:55 – 11:18.
D
Explanation:
Root cause analysis is a process of identifying and resolving the underlying factors that led to an incident. By conducting root cause analysis as part of incident response, security professionals can learn from the incident and implement corrective actions to prevent future incidents of the same nature. For example, if the root cause of a data breach was a weak password policy, the security team can enforce a stronger password policy and educate users on the importance of password security. Root cause analysis can also help to improve security processes, policies, and procedures, and to enhance security awareness and culture within the organization. Root cause analysis is not meant to gather loCs (indicators of compromise) for the investigation, as this is a task performed during the identification and analysis phases of incident response. Root cause analysis is also not meant to discover which systems have been affected or to eradicate any trace of malware on the network, as these are tasks performed during the containment and eradication phases of incident response.
Reference = CompTIA Security+ SY0-701 Certification Study Guide, page 424-425; Professor Messer’s CompTIA SY0-701 Security+ Training Course, video 5.1 – Incident Response, 9:55 – 11:18.
Question #4
Which of the following best explains a concern with OS-based vulnerabilities?
- A . An exploit would give an attacker access to system functions that span multiple applications.
- B . The OS vendor’s patch cycle is not frequent enough to mitigate the large number of threats.
- C . Most users trust the core operating system features and may not notice if the system has been compromised.
- D . Exploitation of an operating system vulnerability is typically easier than any other vulnerability.
Correct Answer: A
A
Explanation:
Comprehensive and Detailed In-Depth
Operating system (OS) vulnerabilities can allow attackers to exploit system functions that affect multiple applications, leading to widespread compromise.
B (patch cycle concerns) is valid but not the primary concern―many OS vendors provide regular patches.
C (user trust in OS features) is a risk, but the more significant issue is that OS vulnerabilities often affect multiple system components.
D (ease of exploitation) is not always true, as application and human-related vulnerabilities can be equally exploitable.
Thus, the main concern is that an OS exploit can impact multiple system functions, leading to broader security risks.
A
Explanation:
Comprehensive and Detailed In-Depth
Operating system (OS) vulnerabilities can allow attackers to exploit system functions that affect multiple applications, leading to widespread compromise.
B (patch cycle concerns) is valid but not the primary concern―many OS vendors provide regular patches.
C (user trust in OS features) is a risk, but the more significant issue is that OS vulnerabilities often affect multiple system components.
D (ease of exploitation) is not always true, as application and human-related vulnerabilities can be equally exploitable.
Thus, the main concern is that an OS exploit can impact multiple system functions, leading to broader security risks.
Question #5
A security analyst needs to improve the company’s authentication policy following a password audit.
Which of the following should be included in the policy? (Select two).
- A . Length
- B . Complexity
- C . Least privilege
- D . Something you have
- E . Security keys
- F . Biometrics
Correct Answer: A, B
A, B
Explanation:
A strong authentication policy should enforce password length (e.g., minimum of 12-16 characters) and complexity (mix of uppercase, lowercase, numbers, and symbols). These measures significantly reduce the risk of brute-force attacks.
Least privilege (C) relates to access control, not authentication policies.
Something you have (D) and biometrics (F) pertain to multi-factor authentication (MFA) but are not
password policy requirements.
Reference: CompTIA Security+ SY0-701 Official Study Guide, General Security Concepts domain.
A, B
Explanation:
A strong authentication policy should enforce password length (e.g., minimum of 12-16 characters) and complexity (mix of uppercase, lowercase, numbers, and symbols). These measures significantly reduce the risk of brute-force attacks.
Least privilege (C) relates to access control, not authentication policies.
Something you have (D) and biometrics (F) pertain to multi-factor authentication (MFA) but are not
password policy requirements.
Reference: CompTIA Security+ SY0-701 Official Study Guide, General Security Concepts domain.
Question #6
Which of the following would a systems administrator follow when upgrading the firmware of an organization’s router?
- A . Software development life cycle
- B . Risk tolerance
- C . Certificate signing request
- D . Maintenance window
Correct Answer: D
Question #7
An employee clicks a malicious link in an email that appears to be from the company’s Chief Executive Officer. The employee’s computer is infected with ransomware that encrypts the company’s files.
Which of the following is the most effective way for the company to prevent similar incidents in the future?
- A . Security awareness training
- B . Database encryption
- C . Segmentation
- D . Reporting suspicious emails
Correct Answer: A
Question #8
Which of the following would most likely be deployed to obtain and analyze attacker activity and techniques?
- A . Firewall
- B . IDS
- C . Honeypot
- D . Layer 3 switch
Correct Answer: C
Question #9
Which of the following would a security administrator use to comply with a secure baseline during a patch update?
- A . Information security policy
- B . Service-level expectations
- C . Standard operating procedure
- D . Test result report
Correct Answer: C
C
Explanation:
Detailed Standard operating procedures (SOPs) outline the steps to be followed to maintain a secure baseline, such as testing and deploying patches while minimizing risk to the system.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 4: Security Operations, Section: "Patch Management and Baseline Compliance".
C
Explanation:
Detailed Standard operating procedures (SOPs) outline the steps to be followed to maintain a secure baseline, such as testing and deploying patches while minimizing risk to the system.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 4: Security Operations, Section: "Patch Management and Baseline Compliance".
Question #10
A technician needs to apply a high-priority patch to a production system.
Which of the following steps should be taken first?
- A . Air gap the system.
- B . Move the system to a different network segment.
- C . Create a change control request.
- D . Apply the patch to the system.
Correct Answer: C
C
Explanation:
= A change control request is a document that describes the proposed change to a system, the reason for the change, the expected impact, the approval process, the testing plan, the implementation plan, the rollback plan, and the communication plan. A change control request is a best practice for applying any patch to a production system, especially a high-priority one, as it ensures that the change is authorized, documented, tested, and communicated. A change control request also minimizes the risk of unintended consequences, such as system downtime, data loss, or security breaches.
Reference = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 6, page 235. CompTIA Security+ SY0-701 Exam Objectives, Domain 4.1, page 13.
C
Explanation:
= A change control request is a document that describes the proposed change to a system, the reason for the change, the expected impact, the approval process, the testing plan, the implementation plan, the rollback plan, and the communication plan. A change control request is a best practice for applying any patch to a production system, especially a high-priority one, as it ensures that the change is authorized, documented, tested, and communicated. A change control request also minimizes the risk of unintended consequences, such as system downtime, data loss, or security breaches.
Reference = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 6, page 235. CompTIA Security+ SY0-701 Exam Objectives, Domain 4.1, page 13.