Practice Free SY0-701 Exam Online Questions
Question #91
During a routine audit, an analyst discovers that a department uses software that was not vetted.
Which threat is this?
- A . Espionage
- B . Data exfiltration
- C . Shadow IT
- D . Zero-day
Correct Answer: C
C
Explanation:
Shadow IT refers to software, hardware, cloud services, or applications deployed without approval from the IT or security department. In this scenario, a high school department is using an unvetted simulation program―classic Shadow IT behavior.
Security+ SY0-701 explains that Shadow IT:
Introduces unknown vulnerabilities
Bypasses security controls
Creates compliance risks
Leads to data exposure
Interferes with standard configuration management
Espionage (A) involves intelligence gathering, not unauthorized software use. Data exfiltration (B) involves data theft, not unauthorized software deployment. Zero-day (D) refers to unknown vulnerabilities, not unapproved systems.
Thus, Shadow IT is the correct answer.
C
Explanation:
Shadow IT refers to software, hardware, cloud services, or applications deployed without approval from the IT or security department. In this scenario, a high school department is using an unvetted simulation program―classic Shadow IT behavior.
Security+ SY0-701 explains that Shadow IT:
Introduces unknown vulnerabilities
Bypasses security controls
Creates compliance risks
Leads to data exposure
Interferes with standard configuration management
Espionage (A) involves intelligence gathering, not unauthorized software use. Data exfiltration (B) involves data theft, not unauthorized software deployment. Zero-day (D) refers to unknown vulnerabilities, not unapproved systems.
Thus, Shadow IT is the correct answer.
Question #92
The management team notices that new accounts that are set up manually do not always have correct access or permissions.
Which of the following automation techniques should a systems administrator use to streamline account creation?
- A . Guard rail script
- B . Ticketing workflow
- C . Escalation script
- D . User provisioning script
Correct Answer: D
D
Explanation:
A user provisioning script is an automation technique that uses a predefined set of instructions or commands to create, modify, or delete user accounts and assign appropriate access or permissions. A user provisioning script can help to streamline account creation by reducing manual errors, ensuring consistency and compliance, and saving time and resources12.
The other options are not automation techniques that can streamline account creation:
Guard rail script: This is a script that monitors and enforces the security policies and rules on a system or a network. A guard rail script can help to prevent unauthorized or malicious actions, such as changing security settings, accessing restricted resources, or installing unwanted software3.
Ticketing workflow: This is a process that tracks and manages the requests, issues, or incidents that are reported by users or customers. A ticketing workflow can help to improve the communication, collaboration, and resolution of problems, but it does not automate the account creation process4.
Escalation script: This is a script that triggers an alert or a notification when a certain condition or threshold is met or exceeded. An escalation script can help to inform the relevant parties or authorities of a critical situation, such as a security breach, a performance degradation, or a service outage.
= 1: CompTIA Security+ SY0-701 Certification Study Guide, page 1022: User Provisioning C CompTIA Security+ SY0-701 C 5.1, video by Professor Messer3: CompTIA Security+ SY0-701 Certification Study Guide, page 1034: CompTIA Security+ SY0-701 Certification Study Guide, page 104.: CompTIA Security+ SY0-701 Certification Study Guide, page 105.
D
Explanation:
A user provisioning script is an automation technique that uses a predefined set of instructions or commands to create, modify, or delete user accounts and assign appropriate access or permissions. A user provisioning script can help to streamline account creation by reducing manual errors, ensuring consistency and compliance, and saving time and resources12.
The other options are not automation techniques that can streamline account creation:
Guard rail script: This is a script that monitors and enforces the security policies and rules on a system or a network. A guard rail script can help to prevent unauthorized or malicious actions, such as changing security settings, accessing restricted resources, or installing unwanted software3.
Ticketing workflow: This is a process that tracks and manages the requests, issues, or incidents that are reported by users or customers. A ticketing workflow can help to improve the communication, collaboration, and resolution of problems, but it does not automate the account creation process4.
Escalation script: This is a script that triggers an alert or a notification when a certain condition or threshold is met or exceeded. An escalation script can help to inform the relevant parties or authorities of a critical situation, such as a security breach, a performance degradation, or a service outage.
= 1: CompTIA Security+ SY0-701 Certification Study Guide, page 1022: User Provisioning C CompTIA Security+ SY0-701 C 5.1, video by Professor Messer3: CompTIA Security+ SY0-701 Certification Study Guide, page 1034: CompTIA Security+ SY0-701 Certification Study Guide, page 104.: CompTIA Security+ SY0-701 Certification Study Guide, page 105.
Question #93
An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period.
Which of the following data policies is the administrator carrying out?
- A . Compromise
- B . Retention
- C . Analysis
- D . Transfer
- E . Inventory
Correct Answer: B
B
Explanation:
A data retention policy is a set of rules that defines how long data should be stored and when it should be deleted or archived. An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period by following the data retention policy of the organization. This policy helps the organization to comply with legal and regulatory requirements, optimize storage space, and protect data privacy and security.
CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 3, Section 3.4, page 1211
CompTIA Security+ Practice Tests: Exam SY0-701, 3rd Edition, Chapter 3, Question 15, page 832
B
Explanation:
A data retention policy is a set of rules that defines how long data should be stored and when it should be deleted or archived. An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period by following the data retention policy of the organization. This policy helps the organization to comply with legal and regulatory requirements, optimize storage space, and protect data privacy and security.
CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 3, Section 3.4, page 1211
CompTIA Security+ Practice Tests: Exam SY0-701, 3rd Edition, Chapter 3, Question 15, page 832
Question #94
An organization designs an inbound firewall with a fail-open configuration while implementing a website.
Which of the following does the organization consider to be the highest priority?
- A . Confidentiality
- B . Non-repudiation
- C . Availability
- D . Integrity
Correct Answer: C
C
Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
A fail-open configuration means that if the firewall experiences an outage or failure, traffic is allowed to pass through rather than being blocked. This design decision directly prioritizes availability over other security principles.
The CIA Triad (Confidentiality, Integrity, Availability) is central in SY0-701. A fail-open firewall risks allowing unauthorized or malicious traffic during a failure, sacrificing security controls in order to maintain service uptime.
This is typically used in environments where interruptions are unacceptable, such as:
Public-facing websites
Critical customer applications
Healthcare systems
Financial transaction portals
Fail-closed configurations, in contrast, prioritize confidentiality and integrity by blocking traffic when a failure occurs.
Because the organization chose fail-open, it demonstrates that maintaining continuous access to the website is more important than preventing potential exposure. This approach is aligned with the Availability pillar of the CIA model.
The SY0-701 exam emphasizes this design choice under General Security Concepts, specifically in resilience, failover mechanisms, and risk-based decisions when selecting fail-open vs. fail-closed strategies.
C
Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
A fail-open configuration means that if the firewall experiences an outage or failure, traffic is allowed to pass through rather than being blocked. This design decision directly prioritizes availability over other security principles.
The CIA Triad (Confidentiality, Integrity, Availability) is central in SY0-701. A fail-open firewall risks allowing unauthorized or malicious traffic during a failure, sacrificing security controls in order to maintain service uptime.
This is typically used in environments where interruptions are unacceptable, such as:
Public-facing websites
Critical customer applications
Healthcare systems
Financial transaction portals
Fail-closed configurations, in contrast, prioritize confidentiality and integrity by blocking traffic when a failure occurs.
Because the organization chose fail-open, it demonstrates that maintaining continuous access to the website is more important than preventing potential exposure. This approach is aligned with the Availability pillar of the CIA model.
The SY0-701 exam emphasizes this design choice under General Security Concepts, specifically in resilience, failover mechanisms, and risk-based decisions when selecting fail-open vs. fail-closed strategies.
Question #95
The security operations center is researching an event concerning a suspicious IP address A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced faded log-In attempts when authenticating from the same IP address:
Which of the following most likely describes attack that took place?
- A . Spraying
- B . Brute-force
- C . Dictionary
- D . Rainbow table
Correct Answer: A
A
Explanation:
Password spraying is a type of attack where an attacker tries a small number of commonly used passwords across a large number of accounts. The event logs showing failed login attempts for many user accounts from the same IP address are indicative of a password spraying attack, where the attacker is attempting to gain access by guessing common passwords.
= CompTIA Security+ SY0-701 study materials, particularly in the domain of identity and access management and common attack vectors like password spraying.
A
Explanation:
Password spraying is a type of attack where an attacker tries a small number of commonly used passwords across a large number of accounts. The event logs showing failed login attempts for many user accounts from the same IP address are indicative of a password spraying attack, where the attacker is attempting to gain access by guessing common passwords.
= CompTIA Security+ SY0-701 study materials, particularly in the domain of identity and access management and common attack vectors like password spraying.
Question #96
A penetration tester is testing the security of a building’s alarm system.
Which type of penetration test is being conducted?
- A . Physical
- B . Defensive
- C . Integrated
- D . Continuous
Correct Answer: A
A
Explanation:
Testing the security of a building’s alarm system falls under physical penetration testing. According to Security+ SY0-701, physical penetration tests evaluate the effectiveness of physical security controls such as locks, alarms, cameras, sensors, badge readers, and access control points. These tests simulate real-world attempts to bypass or disable physical protections.
Defensive testing (B) refers to defensive security operations, not pen testing scope. Integrated testing (C) relates to combined system evaluations but is not a standard pen testing category. Continuous testing (D) refers to ongoing automated tests, not physical alarm evaluation.
Thus, the correct answer is A: Physical.
A
Explanation:
Testing the security of a building’s alarm system falls under physical penetration testing. According to Security+ SY0-701, physical penetration tests evaluate the effectiveness of physical security controls such as locks, alarms, cameras, sensors, badge readers, and access control points. These tests simulate real-world attempts to bypass or disable physical protections.
Defensive testing (B) refers to defensive security operations, not pen testing scope. Integrated testing (C) relates to combined system evaluations but is not a standard pen testing category. Continuous testing (D) refers to ongoing automated tests, not physical alarm evaluation.
Thus, the correct answer is A: Physical.
Question #97
During a routine audit, an analyst discovers that a department at a high school uses a simulation program that was not properly vetted before deployment.
Which of the following threats is this an example of?
- A . Espionage
- B . Data exfiltration
- C . Shadow IT
- D . Zero-day
Correct Answer: C
C
Explanation:
The use of an unapproved, unvetted simulation program is a classic case of Shadow IT, which Security+ SY0-701 defines as technology deployed without the knowledge, review, or authorization of the IT or security department. Shadow IT introduces significant risks, including vulnerabilities,
noncompliance, unmonitored data flows, and potential software containing malware or insecure configurations. In academic or departmental environments where staff independently download tools to support curriculum or instruction, Shadow IT becomes particularly common. This bypasses standard vetting processes such as software approval, patch evaluation, licensing verification, and security risk assessment. Espionage (A) involves covert intelligence gathering by hostile actors. Data exfiltration (B) refers to unauthorized data theft. Zero-day (D) refers to unknown vulnerabilities exploited before patches exist. None of these fit the scenario. Since the core issue is the deployment of an unauthorized application without IT oversight, the correct answer is C: Shadow IT.
C
Explanation:
The use of an unapproved, unvetted simulation program is a classic case of Shadow IT, which Security+ SY0-701 defines as technology deployed without the knowledge, review, or authorization of the IT or security department. Shadow IT introduces significant risks, including vulnerabilities,
noncompliance, unmonitored data flows, and potential software containing malware or insecure configurations. In academic or departmental environments where staff independently download tools to support curriculum or instruction, Shadow IT becomes particularly common. This bypasses standard vetting processes such as software approval, patch evaluation, licensing verification, and security risk assessment. Espionage (A) involves covert intelligence gathering by hostile actors. Data exfiltration (B) refers to unauthorized data theft. Zero-day (D) refers to unknown vulnerabilities exploited before patches exist. None of these fit the scenario. Since the core issue is the deployment of an unauthorized application without IT oversight, the correct answer is C: Shadow IT.
Question #98
A security team wants WAF policies to be automatically created when applications are deployed.
Which concept describes this capability?
- A . IaC
- B . IoT
- C . IoC
- D . IaaS
Correct Answer: A
A
Explanation:
Automatically generating WAF rules when applications are deployed is a hallmark of Infrastructure as Code (IaC). IaC allows infrastructure components―including firewalls, WAF policies, and load balancers―to be defined and deployed via code templates rather than manual configuration. In DevSecOps, IaC enables security controls to be embedded into deployment pipelines, ensuring that protections such as WAF rules are created instantly and consistently whenever new application versions are released.
Security+ SY0-701 highlights IaC as a method for automating infrastructure provisioning, standardizing security controls, and reducing configuration drift. This allows development and security teams to collaborate more effectively by treating security policies as code.
IoT (B) refers to smart devices, IoC (C) refers to indicators of compromise, and IaaS (D) refers to cloud compute infrastructure―not automated security policy creation.
Thus, the correct answer is A: IaC.
A
Explanation:
Automatically generating WAF rules when applications are deployed is a hallmark of Infrastructure as Code (IaC). IaC allows infrastructure components―including firewalls, WAF policies, and load balancers―to be defined and deployed via code templates rather than manual configuration. In DevSecOps, IaC enables security controls to be embedded into deployment pipelines, ensuring that protections such as WAF rules are created instantly and consistently whenever new application versions are released.
Security+ SY0-701 highlights IaC as a method for automating infrastructure provisioning, standardizing security controls, and reducing configuration drift. This allows development and security teams to collaborate more effectively by treating security policies as code.
IoT (B) refers to smart devices, IoC (C) refers to indicators of compromise, and IaaS (D) refers to cloud compute infrastructure―not automated security policy creation.
Thus, the correct answer is A: IaC.
Question #99
An administrator has configured a quarantine subnet for all guest devices that connect to the network.
Which of the following would be best for the security team to configure on the MDM before allowing access to corporate resources?
- A . Device fingerprinting
- B . Compliance attestation
- C . NAC
- D . 802.1X
Correct Answer: B
B
Explanation:
Compliance attestation (B)ensures that devices meet predefined security policies (e.g., encryption enabled, updated antivirus, latest OS patches) before being allowed access to corporate resources. This is commonly enforced using Mobile Device Management (MDM)systems.
By using compliance checks via MDM, only secure, policy-compliant devices are promoted from quarantine to trusted network segments.
Reference: CompTIA Security+ SY0-701 Objectives, Domain 3.2 C “MDM, NAC, and compliance enforcement: Compliance attestation before access.”
B
Explanation:
Compliance attestation (B)ensures that devices meet predefined security policies (e.g., encryption enabled, updated antivirus, latest OS patches) before being allowed access to corporate resources. This is commonly enforced using Mobile Device Management (MDM)systems.
By using compliance checks via MDM, only secure, policy-compliant devices are promoted from quarantine to trusted network segments.
Reference: CompTIA Security+ SY0-701 Objectives, Domain 3.2 C “MDM, NAC, and compliance enforcement: Compliance attestation before access.”
Question #100
A company is planning a disaster recovery site and needs to ensure that a single natural disaster would not result in the complete loss of regulated backup data.
Which of the following should the company consider?
- A . Geographic dispersion
- B . Platform diversity
- C . Hot site
- D . Load balancing
Correct Answer: A
A
Explanation:
Geographic dispersion is the practice of having backup data stored in different locations that are far enough apart to minimize the risk of a single natural disaster affecting both sites. This ensures that the company can recover its regulated data in case of a disaster at the primary site. Platform diversity, hot site, and load balancing are not directly related to the protection of backup data from natural disasters.: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 449; Disaster Recovery Planning: Geographic Diversity
A
Explanation:
Geographic dispersion is the practice of having backup data stored in different locations that are far enough apart to minimize the risk of a single natural disaster affecting both sites. This ensures that the company can recover its regulated data in case of a disaster at the primary site. Platform diversity, hot site, and load balancing are not directly related to the protection of backup data from natural disasters.: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 449; Disaster Recovery Planning: Geographic Diversity