Practice Free SY0-701 Exam Online Questions
Question #1
Which of the following is the first step to secure a newly deployed server?
- A . Close unnecessary service ports.
- B . Update the current version of the software.
- C . Add the device to the ACL.
- D . Upgrade the OS version.
Correct Answer: A
A
Explanation:
Comprehensive and Detailed In-Depth
The first step in securing a newly deployed server is to close unnecessary service ports. Open ports can expose the server to unauthorized access and potential cyber threats. By closing unused ports, the attack surface is reduced, limiting the number of entry points available to attackers.
Updating the software version (B) and upgrading the OS version (D)are important security measures but should follow the step of securing open ports to prevent immediate exposure to threats. Adding the device to the Access Control List (ACL) (C)is a step in network security but does not directly secure the server itself against potential attacks.
Closing unnecessary ports helps in minimizing the risk of network-based attacks, such asport scanning and exploitation of default services.
A
Explanation:
Comprehensive and Detailed In-Depth
The first step in securing a newly deployed server is to close unnecessary service ports. Open ports can expose the server to unauthorized access and potential cyber threats. By closing unused ports, the attack surface is reduced, limiting the number of entry points available to attackers.
Updating the software version (B) and upgrading the OS version (D)are important security measures but should follow the step of securing open ports to prevent immediate exposure to threats. Adding the device to the Access Control List (ACL) (C)is a step in network security but does not directly secure the server itself against potential attacks.
Closing unnecessary ports helps in minimizing the risk of network-based attacks, such asport scanning and exploitation of default services.
Question #2
A site reliability engineer is designing a recovery strategy that requires quick failover to an identical site if the primary facility goes down.
Which of the following types of sites should the engineer consider?
- A . Recovery site
- B . Hot site
- C . Cold site
- D . Warm site
Correct Answer: B
B
Explanation:
A hot site is a fully operational offsite facility that is equipped with hardware, software, and up-to-date data, and is ready to take over operations immediately if the primary site fails. This allows for minimal downtime and quick failover, meeting the requirement for rapid recovery.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 4.4: "Hot sites are ready to take over operations instantly with minimal downtime."
Exam Objectives 4.4: “Summarize business continuity and disaster recovery concepts.”
B
Explanation:
A hot site is a fully operational offsite facility that is equipped with hardware, software, and up-to-date data, and is ready to take over operations immediately if the primary site fails. This allows for minimal downtime and quick failover, meeting the requirement for rapid recovery.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 4.4: "Hot sites are ready to take over operations instantly with minimal downtime."
Exam Objectives 4.4: “Summarize business continuity and disaster recovery concepts.”
Question #3
Which of the following must be considered when designing a high-availability network? (Select two).
- A . Ease of recovery
- B . Ability to patch
- C . Physical isolation
- D . Responsiveness
- E . Attack surface
- F . Extensible authentication
Correct Answer: A,E
A,E
Explanation:
A high-availability network is a network that is designed to minimize downtime and ensure continuous operation of critical services and applications. To achieve this goal, a high-availability network must consider two important factors: ease of recovery and attack surface.
Ease of recovery refers to the ability of a network to quickly restore normal functionality after a failure, disruption, or disaster. A high-availability network should have mechanisms such as redundancy, failover, backup, and restore to ensure that any single point of failure does not cause a complete network outage. A high-availability network should also have procedures and policies for incident response, disaster recovery, and business continuity to minimize the impact of any network issue on the organization’s operations and reputation.
Attack surface refers to the exposure of a network to potential threats and vulnerabilities. A high-availability network should have measures such as encryption, authentication, authorization, firewall, intrusion detection and prevention, and patch management to protect the network from unauthorized access, data breaches, malware, denial-of-service attacks, and other cyberattacks. A high-availability network should also have processes and tools for risk assessment, threat intelligence, vulnerability scanning, and penetration testing to identify and mitigate any weaknesses or gaps in the network security.
: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 4: Architecture and Design, pages 164-1651. CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 4: Architecture and Design, pages 164-1652.
A,E
Explanation:
A high-availability network is a network that is designed to minimize downtime and ensure continuous operation of critical services and applications. To achieve this goal, a high-availability network must consider two important factors: ease of recovery and attack surface.
Ease of recovery refers to the ability of a network to quickly restore normal functionality after a failure, disruption, or disaster. A high-availability network should have mechanisms such as redundancy, failover, backup, and restore to ensure that any single point of failure does not cause a complete network outage. A high-availability network should also have procedures and policies for incident response, disaster recovery, and business continuity to minimize the impact of any network issue on the organization’s operations and reputation.
Attack surface refers to the exposure of a network to potential threats and vulnerabilities. A high-availability network should have measures such as encryption, authentication, authorization, firewall, intrusion detection and prevention, and patch management to protect the network from unauthorized access, data breaches, malware, denial-of-service attacks, and other cyberattacks. A high-availability network should also have processes and tools for risk assessment, threat intelligence, vulnerability scanning, and penetration testing to identify and mitigate any weaknesses or gaps in the network security.
: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 4: Architecture and Design, pages 164-1651. CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 4: Architecture and Design, pages 164-1652.
Question #4
An organization wants to deploy software in a container environment to increase security.
Which of the following will limit the organization’s ability to achieve this goal?
- A . Regulatory compliance
- B . Patch availability
- C . Kernel version
- D . Monolithic code
Correct Answer: D
D
Explanation:
Monolithic code architecture significantly limits an organization’s ability to benefit from containerization. Containers are designed to package and run small, modular, loosely coupled services, often following a microservices architecture. CompTIA Security+ SY0-701 explains that containers enhance security by reducing attack surface, improving isolation, and allowing granular patching―but only when applications are designed to support this model.
Monolithic applications bundle all components (UI, business logic, database access) into a single large codebase. This makes it difficult to isolate functions into separate containers, apply least privilege, or patch individual components without redeploying the entire application. As a result, security improvements such as rapid updates, minimal images, and fine-grained access controls are harder to achieve.
Regulatory compliance (A) may add requirements but does not inherently block container use. Patch availability (B) affects maintenance but not architecture suitability. Kernel version (C) can be a constraint, but modern container platforms manage kernel compatibility effectively.
Because containers are best suited for modular applications, monolithic code is the primary limitation, making D the correct answer.
D
Explanation:
Monolithic code architecture significantly limits an organization’s ability to benefit from containerization. Containers are designed to package and run small, modular, loosely coupled services, often following a microservices architecture. CompTIA Security+ SY0-701 explains that containers enhance security by reducing attack surface, improving isolation, and allowing granular patching―but only when applications are designed to support this model.
Monolithic applications bundle all components (UI, business logic, database access) into a single large codebase. This makes it difficult to isolate functions into separate containers, apply least privilege, or patch individual components without redeploying the entire application. As a result, security improvements such as rapid updates, minimal images, and fine-grained access controls are harder to achieve.
Regulatory compliance (A) may add requirements but does not inherently block container use. Patch availability (B) affects maintenance but not architecture suitability. Kernel version (C) can be a constraint, but modern container platforms manage kernel compatibility effectively.
Because containers are best suited for modular applications, monolithic code is the primary limitation, making D the correct answer.
Question #5
A company wants to track modifications to the code that is used to build new virtual servers.
Which of the following will the company most likely deploy?
- A . Change management ticketing system
- B . Behavioral analyzer
- C . Collaboration platform
- D . Version control tool
Correct Answer: D
D
Explanation:
A version control tool, such as Git, is specifically designed to track changes in code, configuration scripts, IaC templates, and deployment files. In the context of creating new virtual servers―often built using Infrastructure as Code (IaC) or automated orchestration―version control allows teams to maintain historical records, compare changes, revert mistakes, ensure code integrity, and enable collaborative development.
Security+ SY0-701 emphasizes the use of version control in secure development practices to ensure traceability, accountability, and change visibility. It supports secure DevOps workflows by ensuring that no unauthorized or insecure code modifications are introduced into production environments.
A change management ticketing system (A) documents approval requests but does not track code-level modifications. A behavioral analyzer (B) evaluates anomalous behavior, not code changes. A collaboration platform (C) enables communication but lacks code versioning capability.
Therefore, the most appropriate tool is D: Version control tool.
D
Explanation:
A version control tool, such as Git, is specifically designed to track changes in code, configuration scripts, IaC templates, and deployment files. In the context of creating new virtual servers―often built using Infrastructure as Code (IaC) or automated orchestration―version control allows teams to maintain historical records, compare changes, revert mistakes, ensure code integrity, and enable collaborative development.
Security+ SY0-701 emphasizes the use of version control in secure development practices to ensure traceability, accountability, and change visibility. It supports secure DevOps workflows by ensuring that no unauthorized or insecure code modifications are introduced into production environments.
A change management ticketing system (A) documents approval requests but does not track code-level modifications. A behavioral analyzer (B) evaluates anomalous behavior, not code changes. A collaboration platform (C) enables communication but lacks code versioning capability.
Therefore, the most appropriate tool is D: Version control tool.
Question #6
A vendor salesperson is a personal friend of a company’s Chief Financial Officer (CFO). The company recently made a large purchase from the vendor, which was directly approved by the CFO.
Which of the following best describes this situation?
- A . Rules of engagement
- B . Conflict of interest
- C . Due diligence
- D . Contractual impact
- E . Reputational damage
Correct Answer: B
B
Explanation:
A conflict of interest (B)arises when personal relationships or interests could potentially influence professional decisions. In this case, the CFO’s friendship with the vendor could improperly affect the procurement decision-making process.
This scenario falls under Domain 5.3: Explain the importance of frameworks, policies, procedures, and controls―specifically under “Personnel policies (e.g., conflict of interest, mandatory vacations, job rotation).”
Reference: CompTIA Security+ SY0-701 Objectives, Domain 5.3 C “Personnel policies: Conflict of interest.”
B
Explanation:
A conflict of interest (B)arises when personal relationships or interests could potentially influence professional decisions. In this case, the CFO’s friendship with the vendor could improperly affect the procurement decision-making process.
This scenario falls under Domain 5.3: Explain the importance of frameworks, policies, procedures, and controls―specifically under “Personnel policies (e.g., conflict of interest, mandatory vacations, job rotation).”
Reference: CompTIA Security+ SY0-701 Objectives, Domain 5.3 C “Personnel policies: Conflict of interest.”
Question #7
A network manager wants to protect the company’s VPN by implementing multifactor authentication that uses:
. Something you know
. Something you have
. Something you are
Which of the following would accomplish the manager’s goal?
- A . Domain name, PKI, GeolP lookup
- B . VPN IP address, company ID, facial structure
- C . Password, authentication token, thumbprint
- D . Company URL, TLS certificate, home address
Correct Answer: C
C
Explanation:
The correct answer is C. Password, authentication token, thumbprint. This combination of authentication factors satisfies the manager’s goal of implementing multifactor authentication that uses something you know, something you have, and something you are.
Something you know is a type of authentication factor that relies on the user’s knowledge of a secret or personal information, such as a password, a PIN, or a security question. A password is a common example of something you know that can be used to access a VPN12 Something you have is a type of authentication factor that relies on the user’s possession of a physical object or device, such as a smart card, a token, or a smartphone. An authentication token is a common example of something you have that can be used to generate a one-time password (OTP) or a code that can be used to access a VPN12
Something you are is a type of authentication factor that relies on the user’s biometric characteristics, such as a fingerprint, a face, or an iris. A thumbprint is a common example of something you are that can be used to scan and verify the user’s identity to access a VPN12
1: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 4: Identity and Access Management, page 177 2: CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 4: Identity and Access Management, page 179
C
Explanation:
The correct answer is C. Password, authentication token, thumbprint. This combination of authentication factors satisfies the manager’s goal of implementing multifactor authentication that uses something you know, something you have, and something you are.
Something you know is a type of authentication factor that relies on the user’s knowledge of a secret or personal information, such as a password, a PIN, or a security question. A password is a common example of something you know that can be used to access a VPN12 Something you have is a type of authentication factor that relies on the user’s possession of a physical object or device, such as a smart card, a token, or a smartphone. An authentication token is a common example of something you have that can be used to generate a one-time password (OTP) or a code that can be used to access a VPN12
Something you are is a type of authentication factor that relies on the user’s biometric characteristics, such as a fingerprint, a face, or an iris. A thumbprint is a common example of something you are that can be used to scan and verify the user’s identity to access a VPN12
1: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 4: Identity and Access Management, page 177 2: CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 4: Identity and Access Management, page 179
Question #8
A penetration testing report indicated that an organization should implement controls related to database input validation.
Which of the following best identifies the type of vulnerability that was likely discovered during the test?
- A . XSS
- B . Command injection
- C . Buffer overflow
- D . SQLi
Correct Answer: D
D
Explanation:
Poor input validation in databases typically leads to SQL Injection (SQLi) vulnerabilities, where attackers manipulate input fields to execute arbitrary SQL commands and gain unauthorized data access or control.
XSS (A) affects web applications’ output rendering, command injection (B) affects OS commands, and buffer overflow (C) affects memory management, so they don’t directly relate to database input validation.
SQLi is a critical vulnerability extensively covered in the Application Security domain 【 6:Chapter 6†CompTIA Security+ Study Guide 】 .
D
Explanation:
Poor input validation in databases typically leads to SQL Injection (SQLi) vulnerabilities, where attackers manipulate input fields to execute arbitrary SQL commands and gain unauthorized data access or control.
XSS (A) affects web applications’ output rendering, command injection (B) affects OS commands, and buffer overflow (C) affects memory management, so they don’t directly relate to database input validation.
SQLi is a critical vulnerability extensively covered in the Application Security domain 【 6:Chapter 6†CompTIA Security+ Study Guide 】 .
Question #9
Which of the following is the best way to secure an on-site data center against intrusion from an insider?
- A . Bollards
- B . Access badge
- C . Motion sensor
- D . Video surveillance
Correct Answer: B
Question #10
An organization wants to improve the company’s security authentication method for remote employees.
Given the following requirements:
• Must work across SaaS and internal network applications
• Must be device manufacturer agnostic
• Must have offline capabilities
Which of the following would be the most appropriate authentication method?
- A . Username and password
- B . Biometrics
- C . SMS verification
- D . Time-based tokens
Correct Answer: D