Practice Free SY0-701 Exam Online Questions
During a SQL update of a database, a temporary field that was created was replaced by an attacker in order to allow access to the system.
Which of the following best describes this type of vulnerability?
- A . Race condition
- B . Memory injection
- C . Malicious update
- D . Side loading
A Chief Information Security Officer wants to monitor the company’s servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring.
Which of the following strategies would best accomplish this goal?
- A . Logging all NetFlow traffic into a SIEM
- B . Deploying network traffic sensors on the same subnet as the servers
- C . Logging endpoint and OS-specific security logs
- D . Enabling full packet capture for traffic entering and exiting the servers
D
Explanation:
Full packet capture is a technique that records all network traffic passing through a device, such as a router or firewall. It allows for detailed analysis and investigation of network events, such as SQLi attacks, by providing the complete content and context of the packets. Full packet capture can help identify the source, destination, payload, and timing of an SQLi attack, as well as the impact on the server and database. Logging NetFlow traffic, network traffic sensors, and endpoint and OS-specific security logs can provide some information about network activity, but they do not capture the full content of the packets, which may limit the scope and depth of the investigation.: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 372-373
Which of the following is the first step to take when creating an anomaly detection process?
- A . Selecting events
- B . Building a baseline
- C . Selecting logging options
- D . Creating an event log
B
Explanation:
The first step in creating an anomaly detection process is building a baseline of normal behavior within the system. This baseline serves as a reference point to identify deviations or anomalies that could indicate a security incident. By understanding what normal activity looks like, security teams can more effectively detect and respond to suspicious behavior.
CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations.
CompTIA Security+ SY0-601 Study Guide: Chapter on Monitoring and Baselines.
Which of the following is die most important security concern when using legacy systems to provide production service?
- A . Instability
- B . Lack of vendor support
- C . Loss of availability
- D . Use of insecure protocols
B
Explanation:
The most important security concern when using legacy systems is the lack of vendor support. Without support from the vendor, systems may not receive critical security patches and updates, leaving them vulnerable to exploitation. This lack of support can result in increased risk of security breaches, as vulnerabilities discovered in the software may never be addressed.
= CompTIA Security+ SY0-701 study materials, particularly in the context of risk management and the challenges posed by legacy systems.
Which of the following hardening techniques must be applied on a container image before deploying it to a production environment? (Select two).
- A . Remove default applications.
- B . Install a NIPS.
- C . Disable Telnet.
- D . Reconfigure the DNS
- E . Add an SFTP server.
- F . Delete the public certificate.
A,C
Explanation:
Container image hardening best practices include removing default or unnecessary applications (A) to reduce the attack surface and disabling insecure protocols like Telnet (C) to prevent exploitation. Minimizing software components reduces vulnerabilities and limits potential exploits.
Installing a Network Intrusion Prevention System (NIPS) (B) is a network security measure, not typically embedded in a container image. Reconfiguring DNS (D), adding an SFTP server (E), or deleting public certificates (F) are unrelated or could disrupt container functionality.
These practices are part of securing containerized environments covered under Security Architecture topics in SY0-701 【 6:Chapter 10†CompTIA Security+ Study Guide 】 .
A visitor plugs a laptop into a network jack in the lobby and is able to connect to the company’s network.
Which of the following should be configured on the existing network infrastructure to best prevent this activity?
- A . Port security
- B . Web application firewall
- C . Transport layer security
- D . Virtual private network
A
Explanation:
Port security is the best solution to prevent unauthorized devices, like a visitor’s laptop, from connecting to the company’s network. Port security can limit the number of devices that can connect to a network switch port and block unauthorized MAC addresses, effectively stopping unauthorized access attempts.
Web application firewall (WAF) protects against web-based attacks, not unauthorized network access.
Transport Layer Security (TLS) ensures encrypted communication but does not manage physical network access.
Virtual Private Network (VPN) secures remote connections but does not control access through physical network ports.
A company implemented an MDM policy 10 mitigate risks after repealed instances of employees losing company-provided mobile phones. In several cases. The lost phones were used maliciously to perform social engineering attacks against other employees.
Which of the following MDM features should be configured to best address this issue? (Select two).
- A . Screen locks
- B . Remote wipe
- C . Full device encryption
- D . Push notifications
- E . Application management
- F . Geolocation
A,B
Explanation:
Integrating each SaaS solution with an Identity Provider (IdP) is the most effective way to address the security issue. This approach allows for Single Sign-On (SSO) capabilities, where users can access multiple SaaS applications with a single set of credentials while maintaining strong password policies across all services. It simplifies the user experience and ensures consistent security enforcement across different SaaS platforms.
CompTIA Security+ SY0-701 Course Content: Domain 05 Security Program Management and Oversight.
CompTIA Security+ SY0-601 Study Guide: Chapter on Identity and Access Management.
While a school district is performing state testing, a security analyst notices all internet services are unavailable. The analyst discovers that ARP poisoning is occurring on the network and then terminates access for the host.
Which of the following is most likely responsible for this malicious activity?
- A . Unskilled attacker
- B . Shadow IT
- C . Credential stuffing
- D . DMARC failure
A
Explanation:
ARP poisoning (also known as ARP spoofing) is a basic man-in-the-middle (MITM)attack that involves sending fake ARP responses to redirect traffic. This technique is not sophisticated and can be easily executed using freely available tools like Cain & Abel, Ettercap, or Wireshark.
Such attacks are often attempted by unskilled attackers (script kiddies) testing their abilities, especially in environments like schools. The term “unskilled attacker” fits best here, as credential stuffing and DMARC are unrelated to ARP poisoning.
Reference: CompTIA Security+ SY0-701 Objectives, Domain 2.1 C “Attack techniques: MITM, ARP
poisoning; attacker types: Unskilled/script kiddie.”
Which of the following mitigation techniques would a security analyst most likely use to avoid bloatware on devices?
- A . Disabled ports/protocols
- B . Application allow list
- C . Default password changes
- D . Access control permissions
B
Explanation:
Application allow listing is the most effective technique to prevent bloatware, unauthorized software, or unnecessary applications from running on devices. Allow lists work by permitting only pre-approved, trusted applications to execute, blocking everything else by default. This is a recommended best practice in Security+ SY0-701 for reducing attack surface, preventing malware, and maintaining lean, hardened system images.
Bloatware often comes pre-installed on devices or is unintentionally installed by users. An allow list ensures only authorized applications required for business functions can run, thereby eliminating bloatware risks.
Disabling ports/protocols (A) hardens network access but does not prevent software installation. Default password changes (C) improve authentication security but are unrelated to software control. Access control permissions (D) restrict who can access what but do not prevent installation of unnecessary apps.
Thus, the correct answer is B: Application allow list.
An organization failed to account for the right-to-be-forgotten regulations.
Which of the following impacts might this action have on the company?
- A . Fines
- B . Data breaches
- C . Revenue loss
- D . Blackmail
A
Explanation:
Failure to comply with right-to-be-forgotten (data privacy) regulations can lead to significant fines imposed by regulatory authorities like GDPR enforcers. Such laws require companies to delete personal data upon user request.
Data breaches (B) are security incidents; revenue loss (C) and blackmail (D) may occur indirectly but fines are the direct legal consequence.
Regulatory compliance and consequences are critical topics in Security Program Management 【 6:Chapter 16†CompTIA Security+ Study Guide 】