Practice Free SY0-701 Exam Online Questions
Question #91
In a rush to meet an end-of-year business goal, the IT department was told to implement a new business application. The security engineer reviews the attributes of the application and decides the time needed to perform due diligence is insufficient from a cybersecurity perspective.
Which of the following best describes the security engineer’s response?
- A . Risk tolerance
- B . Risk acceptance
- C . Risk importance
- D . Risk appetite
Correct Answer: D
D
Explanation:
Risk appetite refers to the level of risk that an organization is willing to accept in order to achieve its objectives. In this scenario, the security engineer is concerned that the timeframe for implementing
a new application does not allow for sufficient cybersecurity due diligence. This reflects a situation where the organization’s risk appetite might be too high if it proceeds without the necessary security checks.
= CompTIA Security+ SY0-701 study materials, particularly in the domain of risk management and understanding organizational risk appetite.
D
Explanation:
Risk appetite refers to the level of risk that an organization is willing to accept in order to achieve its objectives. In this scenario, the security engineer is concerned that the timeframe for implementing
a new application does not allow for sufficient cybersecurity due diligence. This reflects a situation where the organization’s risk appetite might be too high if it proceeds without the necessary security checks.
= CompTIA Security+ SY0-701 study materials, particularly in the domain of risk management and understanding organizational risk appetite.
Question #92
A systems administrator is changing the password policy within an enterprise environment and wants this update implemented on all systems as quickly as possible.
Which of the following operating system security measures will the administrator most likely use?
- A . Deploying PowerShell scripts
- B . Pushing GPO update
- C . Enabling PAP
- D . Updating EDR profiles
Correct Answer: B
B
Explanation:
A group policy object (GPO) is a mechanism for applying configuration settings to computers and users in an Active Directory domain. By pushing a GPO update, the systems administrator can quickly and uniformly enforce the new password policy across all systems in the domain. Deploying PowerShell scripts, enabling PAP, and updating EDR profiles are not the most efficient or effective ways to change the password policy within an enterprise environment.: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 115; Password Policy – Windows Security
B
Explanation:
A group policy object (GPO) is a mechanism for applying configuration settings to computers and users in an Active Directory domain. By pushing a GPO update, the systems administrator can quickly and uniformly enforce the new password policy across all systems in the domain. Deploying PowerShell scripts, enabling PAP, and updating EDR profiles are not the most efficient or effective ways to change the password policy within an enterprise environment.: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 115; Password Policy – Windows Security
Question #93
An organization is developing a security program that conveys the responsibilities associated with the general operation of systems and software within the organization.
Which of the following documents would most likely communicate these expectations?
- A . Business continuity plan
- B . Change management procedure
- C . Acceptable use policy
- D . Software development life cycle policy
Correct Answer: C
C
Explanation:
Detailed
A software development life cycle (SDLC) policy outlines responsibilities, best practices, and standards for developing, deploying, and maintaining secure systems and software.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 5: Security Program Management, Section: "Policies and Standards".
C
Explanation:
Detailed
A software development life cycle (SDLC) policy outlines responsibilities, best practices, and standards for developing, deploying, and maintaining secure systems and software.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 5: Security Program Management, Section: "Policies and Standards".
Question #94
As part of new compliance audit requirements, multiple servers need to be segmented on different networks and should be reachable only from authorized internal systems.
Which of the following would meet the requirements?
- A . Configure firewall rules to block external access to Internal resources.
- B . Set up a WAP to allow internal access from public networks.
- C . Implement a new IPSec tunnel from internal resources.
- D . Deploy an Internal Jump server to access resources.
Correct Answer: A
A
Explanation:
"Network segmentation is a security practice that divides a network into smaller, isolated segments to limit access and reduce the attack surface. Firewalls are commonly used to enforce segmentation by creating rules that allow or deny traffic based on source, destination, and port. To meet compliance requirements, such as restricting access to internal servers, firewall rules can be configured to block all external traffic while permitting only authorized internal systems to communicate with the segmented servers. This ensures that sensitive resources are isolated from unauthorized access."
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 2.0: Architecture and Design, Section:
"Secure Network Architecture Concepts" (Firewalls and network segmentation are key topics).
The requirement is to segment servers on different networks and restrict access to only authorized internal systems.
Option A directly addresses this by using firewall rules to block external access while allowing internal traffic, aligning with network segmentation best practices.
Option B (WAP) refers to a Wireless Access Point, which doesn’t fit the context of segmentation and could expose resources to public networks.
Option C (IPSec tunnel) secures communication but doesn’t inherently segment networks.
Option D (jump server) adds a layer of access control but doesn’t address the segmentation requirement alone. Thus, A is the best fit.
A
Explanation:
"Network segmentation is a security practice that divides a network into smaller, isolated segments to limit access and reduce the attack surface. Firewalls are commonly used to enforce segmentation by creating rules that allow or deny traffic based on source, destination, and port. To meet compliance requirements, such as restricting access to internal servers, firewall rules can be configured to block all external traffic while permitting only authorized internal systems to communicate with the segmented servers. This ensures that sensitive resources are isolated from unauthorized access."
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 2.0: Architecture and Design, Section:
"Secure Network Architecture Concepts" (Firewalls and network segmentation are key topics).
The requirement is to segment servers on different networks and restrict access to only authorized internal systems.
Option A directly addresses this by using firewall rules to block external access while allowing internal traffic, aligning with network segmentation best practices.
Option B (WAP) refers to a Wireless Access Point, which doesn’t fit the context of segmentation and could expose resources to public networks.
Option C (IPSec tunnel) secures communication but doesn’t inherently segment networks.
Option D (jump server) adds a layer of access control but doesn’t address the segmentation requirement alone. Thus, A is the best fit.
Question #95
Which of the following receives logs from various devices and services, and then presents alerts?
- A . SIEM
- B . SCADA
- C . SNMP
- D . SCAP
Correct Answer: A
A
Explanation:
A SIEM (Security Information and Event Management) system aggregates logs from diverse sources, analyzes them, and generates alerts on suspicious activities. It provides centralized monitoring and incident detection.
SCADA (B) is industrial control, SNMP (C) is a protocol for network management, and SCAP (D) is a standard for security content automation.
SIEMs are foundational in Security Operations monitoring 【 6:Chapter 14†CompTIA Security+ Study Guide 】 .
A
Explanation:
A SIEM (Security Information and Event Management) system aggregates logs from diverse sources, analyzes them, and generates alerts on suspicious activities. It provides centralized monitoring and incident detection.
SCADA (B) is industrial control, SNMP (C) is a protocol for network management, and SCAP (D) is a standard for security content automation.
SIEMs are foundational in Security Operations monitoring 【 6:Chapter 14†CompTIA Security+ Study Guide 】 .
Question #96
An organization is evaluating the cost of licensing a new solution to prevent ransomware.
Which of the following is the most helpful in making this decision?
- A . ALE
- B . SLE
- C . RTO
- D . ARO
Correct Answer: A
A
Explanation:
ALE (Annualized Loss Expectancy) is the risk management metric most helpful when deciding whether the licensing cost of a ransomware prevention solution is justified. ALE calculates the expected yearly financial loss from a particular threat.
It is computed as:
ALE = SLE × ARO
SLE (Single Loss Expectancy) estimates the monetary impact of one ransomware incident.
ARO (Annualized Rate of Occurrence) estimates how often the incident is expected to happen each year.
By comparing ALE to the annual licensing cost of the new security solution, the organization can make a financially informed decision based on cost-benefit analysis. If ALE exceeds the solution’s cost, the purchase is justified.
RTO (C) relates to recovery time after outages, not cost justification. SLE (B) is only part of the calculation and insufficient alone. ARO (D) shows frequency but not financial impact.
Security+ SY0-701 highlights ALE as the primary metric for evaluating security investments.
Thus, ALE is the key factor in determining whether purchasing ransomware protection is financially beneficial.
A
Explanation:
ALE (Annualized Loss Expectancy) is the risk management metric most helpful when deciding whether the licensing cost of a ransomware prevention solution is justified. ALE calculates the expected yearly financial loss from a particular threat.
It is computed as:
ALE = SLE × ARO
SLE (Single Loss Expectancy) estimates the monetary impact of one ransomware incident.
ARO (Annualized Rate of Occurrence) estimates how often the incident is expected to happen each year.
By comparing ALE to the annual licensing cost of the new security solution, the organization can make a financially informed decision based on cost-benefit analysis. If ALE exceeds the solution’s cost, the purchase is justified.
RTO (C) relates to recovery time after outages, not cost justification. SLE (B) is only part of the calculation and insufficient alone. ARO (D) shows frequency but not financial impact.
Security+ SY0-701 highlights ALE as the primary metric for evaluating security investments.
Thus, ALE is the key factor in determining whether purchasing ransomware protection is financially beneficial.
Question #97
Which of the following is the best reason to perform a tabletop exercise?
- A . To address audit findings
- B . To collect remediation response times
- C . To update the IRP
- D . To calculate the ROI
Correct Answer: C
C
Explanation:
A tabletop exercise simulates incident scenarios to test and validate the effectiveness of an organization’s Incident Response Plan (IRP), identifying gaps and areas needing updates. It promotes team readiness without disrupting operations.
Addressing audit findings (A), collecting remediation times (B), and calculating ROI (D) are separate activities and not the primary purpose of tabletop exercises.
This practice is an integral part of Security Operations and Incident Response training in SY0-701 【 6:Chapter 14†CompTIA Security+ Study Guide 】 .
C
Explanation:
A tabletop exercise simulates incident scenarios to test and validate the effectiveness of an organization’s Incident Response Plan (IRP), identifying gaps and areas needing updates. It promotes team readiness without disrupting operations.
Addressing audit findings (A), collecting remediation times (B), and calculating ROI (D) are separate activities and not the primary purpose of tabletop exercises.
This practice is an integral part of Security Operations and Incident Response training in SY0-701 【 6:Chapter 14†CompTIA Security+ Study Guide 】 .
Question #98
Which of the following is used to quantitatively measure the criticality of a vulnerability?
- A . CVE
- B . CVSS
- C . CIA
- D . CERT
Correct Answer: B
B
Explanation:
CVSS stands for Common Vulnerability Scoring System, which is a framework that provides a standardized way to assess and communicate the severity and risk of vulnerabilities. CVSS uses a set of metrics and formulas to calculate a numerical score ranging from 0 to 10, where higher scores indicate higher criticality. CVSS can help organizations prioritize remediation efforts and compare vulnerabilities across different systems and vendors. The other options are not used to measure the criticality of a vulnerability, but rather to identify, classify, or report them.: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 39
B
Explanation:
CVSS stands for Common Vulnerability Scoring System, which is a framework that provides a standardized way to assess and communicate the severity and risk of vulnerabilities. CVSS uses a set of metrics and formulas to calculate a numerical score ranging from 0 to 10, where higher scores indicate higher criticality. CVSS can help organizations prioritize remediation efforts and compare vulnerabilities across different systems and vendors. The other options are not used to measure the criticality of a vulnerability, but rather to identify, classify, or report them.: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 39
Question #99
The Chief Information Security Officer wants to put security measures in place to protect PlI. The organization needs to use its existing labeling and classification system to accomplish this goal.
Which of the following would most likely be configured to meet the requirements?
- A . Tokenization
- B . S/MIME
- C . DLP
- D . MFA
Correct Answer: C
C
Explanation:
Data Loss Prevention (DLP) systems are typically configured to protect sensitive data such as Personally Identifiable Information (PII) within an organization. DLP tools enforce policies that monitor, detect, and block the unauthorized transmission of sensitive data. By leveraging the organization’s existing labeling and classification system, DLP solutions can identify and protect data based on its classification, ensuring that PII is appropriately secured according to organizational policies.
CompTIA Security+ SY0-701 Course Content: Domain 03 Security Architecture.
CompTIA Security+ SY0-601 Study Guide: Chapter on Network Security and DLP.
C
Explanation:
Data Loss Prevention (DLP) systems are typically configured to protect sensitive data such as Personally Identifiable Information (PII) within an organization. DLP tools enforce policies that monitor, detect, and block the unauthorized transmission of sensitive data. By leveraging the organization’s existing labeling and classification system, DLP solutions can identify and protect data based on its classification, ensuring that PII is appropriately secured according to organizational policies.
CompTIA Security+ SY0-701 Course Content: Domain 03 Security Architecture.
CompTIA Security+ SY0-601 Study Guide: Chapter on Network Security and DLP.
Question #100
Which of the following enables the use of an input field to run commands that can view or manipulate data?
- A . Cross-site scripting
- B . Side loading
- C . Buffer overflow
- D . SQL injection
Correct Answer: D
D
Explanation:
= SQL injection is a type of attack that enables the use of an input field to run commands that can view or manipulate data in a database. SQL stands for Structured Query Language, which is a language used to communicate with databases. By injecting malicious SQL statements into an input field, an attacker can bypass authentication, access sensitive information, modify or delete data, or execute commands on the server. SQL injection is one of the most common and dangerous web application vulnerabilities. = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 5, page 195. CompTIA Security+ SY0-701 Exam Objectives, Domain 1.1, page 8.
D
Explanation:
= SQL injection is a type of attack that enables the use of an input field to run commands that can view or manipulate data in a database. SQL stands for Structured Query Language, which is a language used to communicate with databases. By injecting malicious SQL statements into an input field, an attacker can bypass authentication, access sensitive information, modify or delete data, or execute commands on the server. SQL injection is one of the most common and dangerous web application vulnerabilities. = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 5, page 195. CompTIA Security+ SY0-701 Exam Objectives, Domain 1.1, page 8.