Practice Free SY0-701 Exam Online Questions
Question #111
An employee clicked a malicious link in an email and downloaded malware onto the company’s computer network. The malicious program exfiltrated thousands of customer records.
Which of the following should the company implement to prevent this in the future?
- A . User awareness training
- B . Network monitoring
- C . Endpoint protection
- D . Data loss prevention
Correct Answer: A
A
Explanation:
Comprehensive and Detailed In-Depth
User awareness training is essential in preventing security incidents caused by human error, such as clicking on malicious links. Employees need to be educated on recognizing phishing attempts, verifying email senders, and avoiding suspicious downloads.
Network monitoring detects and alerts on malicious activity but does not prevent employees from clicking on harmful links.
Endpoint protection can mitigate malware infections but is not foolproof, especially if users continue to fall for phishing attacks.
Data loss prevention (DLP)can prevent data exfiltration but does not stop malware from being introduced into the system.
By training employees to recognize and avoid phishing scams, organizations can reduce the risk of malware infections and data breaches.
A
Explanation:
Comprehensive and Detailed In-Depth
User awareness training is essential in preventing security incidents caused by human error, such as clicking on malicious links. Employees need to be educated on recognizing phishing attempts, verifying email senders, and avoiding suspicious downloads.
Network monitoring detects and alerts on malicious activity but does not prevent employees from clicking on harmful links.
Endpoint protection can mitigate malware infections but is not foolproof, especially if users continue to fall for phishing attacks.
Data loss prevention (DLP)can prevent data exfiltration but does not stop malware from being introduced into the system.
By training employees to recognize and avoid phishing scams, organizations can reduce the risk of malware infections and data breaches.
Question #112
A security analyst sees an increase of vulnerabilities on workstations after a deployment of a company group policy.
Which of the following vulnerability types will the analyst most likely find on the workstations?
- A . Misconfiguration
- B . Zero-day
- C . Malicious update
- D . Supply chain
Correct Answer: A
A
Explanation:
Group policies can inadvertently introduce misconfigurations, such as enabling insecure settings or failing to disable legacy protocols, increasing vulnerabilities.
Zero-day (B) are previously unknown vulnerabilities, malicious updates (C) are attacker-controlled, and supply chain (D) risks come from third-party components.
Misconfiguration vulnerabilities are commonly introduced during changes and are emphasized in Security Operations 【 6:Chapter 14†CompTIA Security+ Study Guide 】 .
A
Explanation:
Group policies can inadvertently introduce misconfigurations, such as enabling insecure settings or failing to disable legacy protocols, increasing vulnerabilities.
Zero-day (B) are previously unknown vulnerabilities, malicious updates (C) are attacker-controlled, and supply chain (D) risks come from third-party components.
Misconfiguration vulnerabilities are commonly introduced during changes and are emphasized in Security Operations 【 6:Chapter 14†CompTIA Security+ Study Guide 】 .
Question #113
Which of the following would be the most appropriate way to protect data in transit?
- A . SHA-256
- B . SSL 3.0
- C . TLS 1.3
- D . AES-256
Correct Answer: C
Question #114
Which of the following describes the reason for using an MDM solution to prevent jailbreaking?
- A . To secure end-of-life devices from incompatible firmware updates
- B . To avoid hypervisor attacks through VM escape
- C . To eliminate buffer overflows at the application layer
- D . To prevent users from changing the OS of mobile devices
Correct Answer: D
D
Explanation:
Mobile Device Management (MDM) solutions can enforce security policies that prevent users from jailbreaking or rooting their devices―that is, from modifying the operating system to remove restrictions and gain unauthorized control. Jailbreaking can introduce significant security risks, so MDM is used to ensure device integrity by preventing users from making these changes.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 3.2: "MDM solutions can be used to prevent users from jailbreaking or rooting devices, maintaining the integrity of the OS."
Exam Objectives 3.2: “Summarize security implications of embedded and specialized systems.”
D
Explanation:
Mobile Device Management (MDM) solutions can enforce security policies that prevent users from jailbreaking or rooting their devices―that is, from modifying the operating system to remove restrictions and gain unauthorized control. Jailbreaking can introduce significant security risks, so MDM is used to ensure device integrity by preventing users from making these changes.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 3.2: "MDM solutions can be used to prevent users from jailbreaking or rooting devices, maintaining the integrity of the OS."
Exam Objectives 3.2: “Summarize security implications of embedded and specialized systems.”
Question #115
Which of the following actions would reduce the number of false positives for an analyst to manually review?
- A . Create playbooks as part of a SOAR platform
- B . Redefine the patch management process
- C . Replace an EDR tool with an XDR solution
- D . Disable AV heuristics scanning
Correct Answer: A
A
Explanation:
Implementing playbooks as part of a SOAR (Security Orchestration, Automation, and Response) platform enables the automation of routine security tasks and the standardized response to common alerts. Playbooks help filter and validate alerts, reducing the number of false positives that analysts need to manually investigate. SOAR tools are specifically designed to improve efficiency, consistency, and accuracy in incident response, allowing analysts to focus on genuine threats rather than being overwhelmed by noise.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 4.3: "SOAR platforms allow organizations to automate repetitive security tasks, including the use of playbooks, to reduce false positives and the workload on analysts."
Exam Objectives 4.3: “Implement incident response and recovery procedures.”
A
Explanation:
Implementing playbooks as part of a SOAR (Security Orchestration, Automation, and Response) platform enables the automation of routine security tasks and the standardized response to common alerts. Playbooks help filter and validate alerts, reducing the number of false positives that analysts need to manually investigate. SOAR tools are specifically designed to improve efficiency, consistency, and accuracy in incident response, allowing analysts to focus on genuine threats rather than being overwhelmed by noise.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 4.3: "SOAR platforms allow organizations to automate repetitive security tasks, including the use of playbooks, to reduce false positives and the workload on analysts."
Exam Objectives 4.3: “Implement incident response and recovery procedures.”
Question #116
A company is expanding its threat surface program and allowing individuals to security test the company’s internet-facing application. The company will compensate researchers based on the vulnerabilities discovered.
Which of the following best describes the program the company is setting up?
- A . Open-source intelligence
- B . Bug bounty
- C . Red team
- D . Penetration testing
Correct Answer: B
B
Explanation:
A bug bounty is a program that rewards security researchers for finding and reporting vulnerabilities in an application or system. Bug bounties are often used by companies to improve their security posture and incentivize ethical hacking. A bug bounty program typically defines the scope, rules, and compensation for the researchers. = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 1, page 10. CompTIA Security+ (SY0-701) Certification Exam Objectives, Domain 1.1, page 2.
B
Explanation:
A bug bounty is a program that rewards security researchers for finding and reporting vulnerabilities in an application or system. Bug bounties are often used by companies to improve their security posture and incentivize ethical hacking. A bug bounty program typically defines the scope, rules, and compensation for the researchers. = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 1, page 10. CompTIA Security+ (SY0-701) Certification Exam Objectives, Domain 1.1, page 2.
Question #117
Which of the following can best contribute to prioritizing patch applications?
- A . CVSS
- B . SCAP
- C . OSINT
- D . CVE
Correct Answer: A
A
Explanation:
CVSS (Common Vulnerability Scoring System) provides a standardized way to rate the severity of software vulnerabilities. Organizations use CVSS scores to prioritize which vulnerabilities to address first, focusing on those with the highest risk.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 4.2: "CVSS scores help organizations prioritize patching based on the severity of vulnerabilities."
Exam Objectives 4.2: “Summarize vulnerability management processes.”
A
Explanation:
CVSS (Common Vulnerability Scoring System) provides a standardized way to rate the severity of software vulnerabilities. Organizations use CVSS scores to prioritize which vulnerabilities to address first, focusing on those with the highest risk.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 4.2: "CVSS scores help organizations prioritize patching based on the severity of vulnerabilities."
Exam Objectives 4.2: “Summarize vulnerability management processes.”
Question #118
A systems administrator needs to ensure the secure communication of sensitive data within the organization’s private cloud.
Which of the following is the best choice for the administrator to implement?
- A . IPSec
- B . SHA-1
- C . RSA
- D . TGT
Correct Answer: A
Question #119
In order to strengthen a password and prevent a hacker from cracking it, a random string of 36 characters was added to the password.
Which of the following best describes this technique?
- A . Key stretching
- B . Tokenization
- C . Data masking
- D . Salting
Correct Answer: D
D
Explanation:
Adding a random string of characters, known as a "salt," to a password before hashing it is known as salting. This technique strengthens passwords by ensuring that even if two users have the same password, their hashes will be different due to the unique salt, making it much harder for attackers
to crack passwords using precomputed tables.: CompTIA Security+ SY0-701 course content and official CompTIA study resources.
D
Explanation:
Adding a random string of characters, known as a "salt," to a password before hashing it is known as salting. This technique strengthens passwords by ensuring that even if two users have the same password, their hashes will be different due to the unique salt, making it much harder for attackers
to crack passwords using precomputed tables.: CompTIA Security+ SY0-701 course content and official CompTIA study resources.
Question #120
An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software.
Which of the following security techniques is the IT manager setting up?
- A . Hardening
- B . Employee monitoring
- C . Configuration enforcement
- D . Least privilege
Correct Answer: D
D
Explanation:
The principle of least privilege is a security concept that limits access to resources to the minimum level needed for a user, a program, or a device to perform a legitimate function. It is a cybersecurity best practice that protects high-value data and assets from compromise or insider threat. Least privilege can be applied to different abstraction layers of a computing environment, such as processes, systems, or connected devices. However, it is rarely implemented in practice.
In this scenario, the IT manager is setting up the principle of least privilege by restricting access to the administrator console of the help desk software to only two authorized users: the IT manager and the help desk lead. This way, the IT manager can prevent unauthorized or accidental changes to the software configuration, data, or functionality by other help desk staff. The other help desk staff will only have access to the normal user interface of the software, which is sufficient for them to perform their job functions.
The other options are not correct. Hardening is the process of securing a system by reducing its surface of vulnerability, such as by removing unnecessary software, changing default passwords, or disabling unnecessary services. Employee monitoring is the surveillance of workers’ activity, such as by tracking web browsing, application use, keystrokes, or screenshots. Configuration enforcement is the process of ensuring that a system adheres to a predefined set of security settings, such as by applying a patch, a policy, or a template.
https://en.wikipedia.org/wiki/Principle_of_least_privilege
https://en.wikipedia.org/wiki/Principle_of_least_privilege
D
Explanation:
The principle of least privilege is a security concept that limits access to resources to the minimum level needed for a user, a program, or a device to perform a legitimate function. It is a cybersecurity best practice that protects high-value data and assets from compromise or insider threat. Least privilege can be applied to different abstraction layers of a computing environment, such as processes, systems, or connected devices. However, it is rarely implemented in practice.
In this scenario, the IT manager is setting up the principle of least privilege by restricting access to the administrator console of the help desk software to only two authorized users: the IT manager and the help desk lead. This way, the IT manager can prevent unauthorized or accidental changes to the software configuration, data, or functionality by other help desk staff. The other help desk staff will only have access to the normal user interface of the software, which is sufficient for them to perform their job functions.
The other options are not correct. Hardening is the process of securing a system by reducing its surface of vulnerability, such as by removing unnecessary software, changing default passwords, or disabling unnecessary services. Employee monitoring is the surveillance of workers’ activity, such as by tracking web browsing, application use, keystrokes, or screenshots. Configuration enforcement is the process of ensuring that a system adheres to a predefined set of security settings, such as by applying a patch, a policy, or a template.
https://en.wikipedia.org/wiki/Principle_of_least_privilege
https://en.wikipedia.org/wiki/Principle_of_least_privilege