Practice Free SY0-701 Exam Online Questions
Question #121
Which of the following is a feature of a next-generation SIEM system?
- A . Virus signatures
- B . Automated response actions
- C . Security agent deployment
- D . Vulnerability scanning
Correct Answer: B
Question #122
Which of the following would be the best ways to ensure only authorized personnel can access a secure facility? (Select two).
- A . Fencing
- B . Video surveillance
- C . Badge access
- D . Access control vestibule
- E . Sign-in sheet
- F . Sensor
Correct Answer: C,D
C,D
Explanation:
Badge access and access control vestibule are two of the best ways to ensure only authorized personnel can access a secure facility. Badge access requires the personnel to present a valid and authenticated badge to a reader or scanner that grants or denies access based on predefined rules and permissions. Access control vestibule is a physical security measure that consists of a small room or chamber with two doors, one leading to the outside and one leading to the secure area. The personnel must enter the vestibule and wait for the first door to close and lock before the second door can be opened. This prevents tailgating or piggybacking by unauthorized individuals.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 4, pages 197-1981
C,D
Explanation:
Badge access and access control vestibule are two of the best ways to ensure only authorized personnel can access a secure facility. Badge access requires the personnel to present a valid and authenticated badge to a reader or scanner that grants or denies access based on predefined rules and permissions. Access control vestibule is a physical security measure that consists of a small room or chamber with two doors, one leading to the outside and one leading to the secure area. The personnel must enter the vestibule and wait for the first door to close and lock before the second door can be opened. This prevents tailgating or piggybacking by unauthorized individuals.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 4, pages 197-1981
Question #123
An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device.
Which of the following best describes the user’s activity?
- A . Penetration testing
- B . Phishing campaign
- C . External audit
- D . Insider threat
Correct Answer: D
D
Explanation:
An insider threat is a security risk that originates from within the organization, such as an employee, contractor, or business partner, who has authorized access to the organization’s data and systems. An insider threat can be malicious, such as stealing, leaking, or sabotaging sensitive data, or unintentional, such as falling victim to phishing or social engineering. An insider threat can cause significant damage to the organization’s reputation, finances, operations, and legal compliance. The user’s activity of logging in remotely after hours and copying large amounts of data to a personal device is an example of a malicious insider threat, as it violates the organization’s security policies and compromises the confidentiality and integrity of the data.
Reference = Insider Threats C CompTIA Security+ SY0-701: 3.2, video at 0:00; CompTIA Security+ SY0-701 Certification Study Guide, page 133.
D
Explanation:
An insider threat is a security risk that originates from within the organization, such as an employee, contractor, or business partner, who has authorized access to the organization’s data and systems. An insider threat can be malicious, such as stealing, leaking, or sabotaging sensitive data, or unintentional, such as falling victim to phishing or social engineering. An insider threat can cause significant damage to the organization’s reputation, finances, operations, and legal compliance. The user’s activity of logging in remotely after hours and copying large amounts of data to a personal device is an example of a malicious insider threat, as it violates the organization’s security policies and compromises the confidentiality and integrity of the data.
Reference = Insider Threats C CompTIA Security+ SY0-701: 3.2, video at 0:00; CompTIA Security+ SY0-701 Certification Study Guide, page 133.
Question #124
Which of the following is the final step of the modem response process?
- A . Lessons learned
- B . Eradication
- C . Containment
- D . Recovery
Correct Answer: A
A
Explanation:
The final step in the incident response process is "Lessons learned." This step involves reviewing and analyzing the incident to understand what happened, how it was handled, and what could be improved. The goal is to improve future response efforts and prevent similar incidents from occurring. It’s essential for refining the incident response plan and enhancing overall security posture.
Reference = CompTIA Security+ SY0-701 study materials, particularly in the domain of incident response and recovery.
A
Explanation:
The final step in the incident response process is "Lessons learned." This step involves reviewing and analyzing the incident to understand what happened, how it was handled, and what could be improved. The goal is to improve future response efforts and prevent similar incidents from occurring. It’s essential for refining the incident response plan and enhancing overall security posture.
Reference = CompTIA Security+ SY0-701 study materials, particularly in the domain of incident response and recovery.
Question #125
Which of the following security control types does an acceptable use policy best represent?
- A . Detective
- B . Compensating
- C . Corrective
- D . Preventive
Correct Answer: D
D
Explanation:
An acceptable use policy (AUP) is a set of rules that govern how users can access and use a corporate network or the internet. The AUP helps companies minimize their exposure to cyber security threats and limit other risks. The AUP also serves as a notice to users about what they are not allowed to do and protects the company against misuse of their network. Users usually have to acknowledge that they understand and agree to the rules before accessing the network1.
An AUP best represents a preventive security control type, because it aims to deter or stop potential security incidents from occurring in the first place. A preventive control is proactive and anticipates possible threats and vulnerabilities, and implements measures to prevent them from exploiting or harming the system or the data. A preventive control can be physical, technical, or administrative in nature2.
Some examples of preventive controls are:
Locks, fences, or guards that prevent unauthorized physical access to a facility or a device
Firewalls, antivirus software, or encryption that prevent unauthorized logical access to a network or a system
Policies, procedures, or training that prevent unauthorized or inappropriate actions or behaviors by users or employees
An AUP is an example of an administrative preventive control, because it defines the policies and procedures that users must follow to ensure the security and proper use of the network and the IT resources. An AUP can prevent users from engaging in activities that could compromise the security, performance, or availability of the network or the system, such as: Downloading or installing unauthorized or malicious software
Accessing or sharing sensitive or confidential information without authorization or encryption Using the network or the system for personal, illegal, or unethical purposes
Bypassing or disabling security controls or mechanisms Connecting unsecured or unapproved devices to the network
By enforcing an AUP, a company can prevent or reduce the likelihood of security breaches, data loss, legal liability, or reputational damage caused by user actions or inactions3.
Reference = 1: How to Create an Acceptable Use Policy – CoreTech, 2: [Security Control Types: Preventive, Detective, Corrective, and Compensating], 3: Why You Need A Corporate Acceptable Use Policy – CompTIA
D
Explanation:
An acceptable use policy (AUP) is a set of rules that govern how users can access and use a corporate network or the internet. The AUP helps companies minimize their exposure to cyber security threats and limit other risks. The AUP also serves as a notice to users about what they are not allowed to do and protects the company against misuse of their network. Users usually have to acknowledge that they understand and agree to the rules before accessing the network1.
An AUP best represents a preventive security control type, because it aims to deter or stop potential security incidents from occurring in the first place. A preventive control is proactive and anticipates possible threats and vulnerabilities, and implements measures to prevent them from exploiting or harming the system or the data. A preventive control can be physical, technical, or administrative in nature2.
Some examples of preventive controls are:
Locks, fences, or guards that prevent unauthorized physical access to a facility or a device
Firewalls, antivirus software, or encryption that prevent unauthorized logical access to a network or a system
Policies, procedures, or training that prevent unauthorized or inappropriate actions or behaviors by users or employees
An AUP is an example of an administrative preventive control, because it defines the policies and procedures that users must follow to ensure the security and proper use of the network and the IT resources. An AUP can prevent users from engaging in activities that could compromise the security, performance, or availability of the network or the system, such as: Downloading or installing unauthorized or malicious software
Accessing or sharing sensitive or confidential information without authorization or encryption Using the network or the system for personal, illegal, or unethical purposes
Bypassing or disabling security controls or mechanisms Connecting unsecured or unapproved devices to the network
By enforcing an AUP, a company can prevent or reduce the likelihood of security breaches, data loss, legal liability, or reputational damage caused by user actions or inactions3.
Reference = 1: How to Create an Acceptable Use Policy – CoreTech, 2: [Security Control Types: Preventive, Detective, Corrective, and Compensating], 3: Why You Need A Corporate Acceptable Use Policy – CompTIA
Question #126
The physical security team at a company receives reports that employees are not displaying their badges. The team also observes employees tailgating at controlled entrances.
Which of the following topics will the security team most likely emphasize in upcoming security training?
- A . Social engineering
- B . Situational awareness
- C . Phishing
- D . Acceptable use policy
Correct Answer: B
B
Explanation:
Situational awareness refers to being mindful of security risks in one’s environment and taking proactive measures to mitigate them. In this scenario, employees are failing to display their identification badges and allowing unauthorized personnel to follow them into restricted areas (tailgating). These behaviors pose significant security risks, such as unauthorized access to sensitive locations.
Security training focused on situational awareness will educate employees on the importance of remaining vigilant about security practices, recognizing potential threats, and enforcing access control measures.
Social engineering involves manipulating individuals to gain unauthorized access, but this scenario highlights poor adherence to security protocols rather than deception.
Phishing is an email-based attack aimed at stealing sensitive information, which is unrelated to physical security lapses.
Acceptable use policy governs the proper use of company resources but does not specifically address tailgating or badge display issues.
Thus, situational awareness is the most relevant security training topic for addressing these concerns.
B
Explanation:
Situational awareness refers to being mindful of security risks in one’s environment and taking proactive measures to mitigate them. In this scenario, employees are failing to display their identification badges and allowing unauthorized personnel to follow them into restricted areas (tailgating). These behaviors pose significant security risks, such as unauthorized access to sensitive locations.
Security training focused on situational awareness will educate employees on the importance of remaining vigilant about security practices, recognizing potential threats, and enforcing access control measures.
Social engineering involves manipulating individuals to gain unauthorized access, but this scenario highlights poor adherence to security protocols rather than deception.
Phishing is an email-based attack aimed at stealing sensitive information, which is unrelated to physical security lapses.
Acceptable use policy governs the proper use of company resources but does not specifically address tailgating or badge display issues.
Thus, situational awareness is the most relevant security training topic for addressing these concerns.
Question #127
A newly identified network access vulnerability has been found in the OS of legacy loT devices.
Which of the following would best mitigate this vulnerability quickly?
- A . Insurance
- B . Patching
- C . Segmentation
- D . Replacement
Correct Answer: C
C
Explanation:
Segmentation is a technique that divides a network into smaller subnetworks or segments, each with its own security policies and controls. Segmentation can help mitigate network access vulnerabilities in legacy loT devices by isolating them from other devices and systems, reducing their attack surface and limiting the potential impact of a breach. Segmentation can also improve network performance and efficiency by reducing congestion and traffic. Patching, insurance, and replacement are other possible strategies to deal with network access vulnerabilities, but they may not be feasible or effective in the short term. Patching may not be available or compatible for legacy loT devices, insurance may not cover the costs or damages of a cyberattack, and replacement may be expensive and time-consuming.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 142-143
C
Explanation:
Segmentation is a technique that divides a network into smaller subnetworks or segments, each with its own security policies and controls. Segmentation can help mitigate network access vulnerabilities in legacy loT devices by isolating them from other devices and systems, reducing their attack surface and limiting the potential impact of a breach. Segmentation can also improve network performance and efficiency by reducing congestion and traffic. Patching, insurance, and replacement are other possible strategies to deal with network access vulnerabilities, but they may not be feasible or effective in the short term. Patching may not be available or compatible for legacy loT devices, insurance may not cover the costs or damages of a cyberattack, and replacement may be expensive and time-consuming.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 142-143
Question #128
An attacker used XSS to compromise a web server.
Which of the following solutions could have been used to prevent this attack?
- A . NGFW
- B . UTM
- C . WAF
- D . NAC
Correct Answer: C
C
Explanation:
Comprehensive and Detailed In-Depth
A Web Application Firewall (WAF)is designed to protect web applications from attacks such as Cross-Site Scripting (XSS)by filtering and monitoring HTTP traffic between the internet and a web application.
Next-Generation Firewalls (NGFW) (A)provide advanced network security but are not specifically designed to protect web applications from XSS attacks.
Unified Threat Management (UTM) (B)provides multiple security functions but lacks the specialized application-layer protection needed to mitigate XSS.
Network Access Control (NAC) (D)controls device access to the network but does not prevent web-based attacks.
AWAF is the best solution for protecting web servers from XSS, SQL injection, and other web-based threats.
C
Explanation:
Comprehensive and Detailed In-Depth
A Web Application Firewall (WAF)is designed to protect web applications from attacks such as Cross-Site Scripting (XSS)by filtering and monitoring HTTP traffic between the internet and a web application.
Next-Generation Firewalls (NGFW) (A)provide advanced network security but are not specifically designed to protect web applications from XSS attacks.
Unified Threat Management (UTM) (B)provides multiple security functions but lacks the specialized application-layer protection needed to mitigate XSS.
Network Access Control (NAC) (D)controls device access to the network but does not prevent web-based attacks.
AWAF is the best solution for protecting web servers from XSS, SQL injection, and other web-based threats.
Question #129
A company wants to verify that the software the company is deploying came from the vendor the company purchased the software from.
Which of the following is the best way for the company to confirm this information?
- A . Validate the code signature.
- B . Execute the code in a sandbox.
- C . Search the executable for ASCII strings.
- D . Generate a hash of the files.
Correct Answer: A
A
Explanation:
Validating the code signature is the best way to verify software authenticity, as it ensures that the software has not been tampered with and that it comes from a verified source. Code signatures are digital signatures applied by the software vendor, and validating them confirms the software’s integrity and origin.
Reference: CompTIA Security+ SY0-701 course content and official CompTIA
study resources.
A
Explanation:
Validating the code signature is the best way to verify software authenticity, as it ensures that the software has not been tampered with and that it comes from a verified source. Code signatures are digital signatures applied by the software vendor, and validating them confirms the software’s integrity and origin.
Reference: CompTIA Security+ SY0-701 course content and official CompTIA
study resources.
Question #130
A security report shows that during a two-week test period. 80% of employees unwittingly disclosed their SSO credentials when accessing an external website. The organization purposely created the website to simulate a cost-free password complexity test.
Which of the following would best help reduce the number of visits to similar websites in the future?
- A . Block all outbound traffic from the intranet.
- B . Introduce a campaign to recognize phishing attempts.
- C . Restrict internet access for the employees who disclosed credentials.
- D . Implement a deny list of websites.
Correct Answer: B