Practice Free SY0-701 Exam Online Questions
A legal department must maintain a backup from all devices that have been shredded and recycled by a third party.
Which of the following best describes this requirement?
- A . Data retention
- B . Certification
- C . Sanitation
- D . Destruction
A systems administrate wants to implement a backup solution. the solution needs to allow recovery of the entire system, including the operating system, in case of a disaster.
Which of the following backup types should the administrator consider?
- A . Incremental
- B . Storage area network
- C . Differential
- D . Image
D
Explanation:
An image backup, also known as a full system backup, captures the entire contents of a system, including the operating system, applications, settings, and all data. This type of backup allows for a complete recovery of the system in case of a disaster, as it includes everything needed to restore the system to its previous state. This makes it the ideal choice for a systems administrator who needs to ensure the ability to recover the entire system, including the OS.
Reference = CompTIA Security+ SY0-701 study materials, domain on Security Operations.
While considering the organization’s cloud-adoption strategy, the Chief Information Security Officer sets a goal to outsource patching of firmware, operating systems, and applications to the chosen cloud vendor.
Which of the following best meets this goal?
- A . Community cloud
- B . PaaS
- C . Containerization
- D . Private cloud
- E . SaaS
- F . laaS
E
Explanation:
Software as a Service (SaaS) is the cloud model that best meets the goal of outsourcing the management, including patching, of firmware, operating systems, and applications to the cloud vendor. In a SaaS environment, the cloud provider is responsible for maintaining and updating the entire software stack, allowing the organization to focus on using the software rather than managing its infrastructure.
Reference = CompTIA Security+ SY0-701 study materials, particularly the domains related to cloud security models.
A hacker gained access to a system via a phishing attempt that was a direct result of a user clicking a suspicious link. The link laterally deployed ransomware, which laid dormant for multiple weeks, across the network.
Which of the following would have mitigated the spread?
- A . IPS
- B . IDS
- C . WAF
- D . UAT
A
Explanation:
IPS stands for intrusion prevention system, which is a network security device that monitors and blocks malicious traffic in real time. IPS is different from IDS, which only detects and alerts on malicious traffic, but does not block it. IPS would have mitigated the spread of ransomware by preventing the hacker from accessing the system via the phishing link, or by stopping the ransomware from communicating with its command and control server or encrypting the files.
Several employees received a fraudulent text message from someone claiming to be the Chief Executive Officer (CEO).
The message stated:
“I’m in an airport right now with no access to email. I need you to buy gift cards for employee recognition awards. Please send the gift cards to following email address.”
Which of the following are the best responses to this situation? (Choose two).
- A . Cancel current employee recognition gift cards.
- B . Add a smishing exercise to the annual company training.
- C . Issue a general email warning to the company.
- D . Have the CEO change phone numbers.
- E . Conduct a forensic investigation on the CEO’s phone.
- F . Implement mobile device management.
B,C
Explanation:
This situation is an example of smishing, which is a type of phishing that uses text messages (SMS) to entice individuals into providing personal or sensitive information to cybercriminals. The best responses to this situation are to add a smishing exercise to the annual company training and to issue a general email warning to the company. A smishing exercise can help raise awareness and educate employees on how to recognize and avoid smishing attacks. An email warning can alert employees to the fraudulent text message and remind them to verify the identity and legitimacy of any requests for information or money.
Reference = What Is Phishing | Cybersecurity | CompTIA, Phishing C SY0-601 CompTIA Security+: 1.1 – Professor Messer IT Certification Training Courses
After a recent ransomware attack on a company’s system, an administrator reviewed the log files.
Which of the following control types did the administrator use?
- A . Compensating
- B . Detective
- C . Preventive
- D . Corrective
B
Explanation:
Detective controls are security measures that are designed to identify and monitor any malicious activity or anomalies on a system or network. They can help to discover the source, scope, and impact of an attack, and provide evidence for further analysis or investigation. Detective controls include log files, security audits, intrusion detection systems, network monitoring tools, and antivirus software. In this case, the administrator used log files as a detective control to review the ransomware attack on the company’s system. Log files are records of events and activities that occur on a system or network, such as user actions, system errors, network traffic, and security alerts. They can provide valuable information for troubleshooting, auditing, and forensics.
Reference: Security+ (Plus) Certification | CompTIA IT Certifications, under “About the exam”, bullet point 3: “Operate with an awareness of applicable regulations and policies, including principles of governance, risk, and compliance.”
CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 1, page 14: “Detective controls are designed to identify and monitor any malicious activity or anomalies on a system or network.”
Control Types C CompTIA Security+ SY0-401: 2.1 – Professor Messer IT …, under “Detective Controls”: “Detective controls are security measures that are designed to identify and monitor any malicious activity or anomalies on a system or network.”
A security engineer at a large company needs to enhance IAM to ensure that employees can only access corporate systems during their shifts.
Which of the following access controls should the security engineer implement?
- A . Role-based
- B . Time-of-day restrictions
- C . Least privilege
- D . Biometric authentication
B
Explanation:
Detailed
Time-of-day restrictions limit access to corporate systems based on predefined schedules. This
ensures employees can only access resources during their assigned work hours.
Reference: CompTIA
Security+ SY0-701 Study Guide, Domain 3: Security Architecture, Section: "Access Control Models".
A company is working with a vendor to perform a penetration test.
Which of the following includes an estimate about the number of hours required to complete the engagement?
- A . SOW
- B . BPA
- C . SLA
- D . NDA
A
Explanation:
A statement of work (SOW) is a document that defines the scope, objectives, deliverables, timeline, and costs of a project or service. It typically includes an estimate of the number of hours required to complete the engagement, as well as the roles and responsibilities of the parties involved. A SOW is often used for penetration testing projects to ensure that both the client and the vendor have a clear and mutual understanding of what is expected and how the work will be performed. A business partnership agreement (BPA), a service level agreement (SLA), and a non-disclosure agreement (NDA) are different types of contracts that may be related to a penetration testing project, but they do not include an estimate of the number of hours required to complete the engagement.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 492; What to Look For in a Penetration Testing Statement of Work?
A company is changing its mobile device policy.
The company has the following requirements:
Company-owned devices
Ability to harden the devices
Reduced security risk
Compatibility with company resources
Which of the following would best meet these requirements?
- A . BYOD
- B . CYOD
- C . COPE
- D . COBO
C
Explanation:
Detailed COPE (Corporate-Owned, Personally Enabled) devices allow companies to manage and harden company-owned devices while still enabling limited personal use, reducing security risks while maintaining compatibility with corporate resources.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 3: Security Architecture, Section: "Mobile Device Deployment Models".
A security analyst wants to better understand the behavior of users and devices in order to gain visibility into potential malicious activities. The analyst needs a control to detect when actions deviate from a common baseline.
Which of the following should the analyst use?
- A . Intrusion prevention system
- B . Sandbox
- C . Endpoint detection and response
- D . Antivirus