Practice Free SY0-701 Exam Online Questions
Question #121
Which of the following uses proprietary controls and is designed to function in harsh environments over many years with limited remote access management?
- A . ICS
- B . Microservers
- C . Containers
- D . IoT
Correct Answer: A
A
Explanation:
Industrial Control Systems (ICS) are engineered to operate in rugged, mission-critical environments such as manufacturing floors, refineries, gas pipelines, nuclear plants, and water treatment facilities. These systems are designed to remain operational for decades, often with minimal remote-management capability and limited update cycles. ICS architectures frequently use proprietary protocols and controls, many of which were developed long before modern cybersecurity concerns existed.
Security+ SY0-701 notes that ICS environments include SCADA systems, PLCs, actuators, sensors, and controllers that must function reliably under extreme temperature, pressure, vibration, and industrial stress conditions. Because downtime may impact safety, critical infrastructure, or national security, ICS devices avoid frequent patching and instead rely on isolation, segmentation, and compensating controls.
Microservers (B) are small, lightweight servers―not rugged systems. Containers (C) are virtualized application environments. IoT devices (D) are consumer or commercial smart devices, not industrial-
grade long-lifespan systems.
Thus, the correct answer is A: ICS.
A
Explanation:
Industrial Control Systems (ICS) are engineered to operate in rugged, mission-critical environments such as manufacturing floors, refineries, gas pipelines, nuclear plants, and water treatment facilities. These systems are designed to remain operational for decades, often with minimal remote-management capability and limited update cycles. ICS architectures frequently use proprietary protocols and controls, many of which were developed long before modern cybersecurity concerns existed.
Security+ SY0-701 notes that ICS environments include SCADA systems, PLCs, actuators, sensors, and controllers that must function reliably under extreme temperature, pressure, vibration, and industrial stress conditions. Because downtime may impact safety, critical infrastructure, or national security, ICS devices avoid frequent patching and instead rely on isolation, segmentation, and compensating controls.
Microservers (B) are small, lightweight servers―not rugged systems. Containers (C) are virtualized application environments. IoT devices (D) are consumer or commercial smart devices, not industrial-
grade long-lifespan systems.
Thus, the correct answer is A: ICS.
Question #122
An administrator must replace an expired SSL certificate.
Which of the following does the administrator need to create the new SSL certificate?
- A . CSR
- B . OCSP
- C . Key
- D . CRL
Correct Answer: A
A
Explanation:
A Certificate Signing Request (CSR) is a request sent to a certificate authority (CA) to issue an SSL certificate. The CSR contains information like the public key, which will be part of the certificate.
Reference: Security+ SY0-701 Course Content, Security+ SY0-601 Book.
A
Explanation:
A Certificate Signing Request (CSR) is a request sent to a certificate authority (CA) to issue an SSL certificate. The CSR contains information like the public key, which will be part of the certificate.
Reference: Security+ SY0-701 Course Content, Security+ SY0-601 Book.
Question #123
Which of the following control types is AUP an example of?
- A . Physical
- B . Managerial
- C . Technical
- D . Operational
Correct Answer: B
B
Explanation:
An Acceptable Use Policy (AUP) is an example of a managerial control. Managerial controls are policies and procedures that govern an organization’s operations, ensuring security through directives and rules. The AUP defines acceptable behavior and usage of company resources, setting guidelines for employees.
Physical controls refer to security measures like locks, fences, or security guards.
Technical controls involve security mechanisms such as firewalls or encryption.
Operational controls are procedures for maintaining security, such as backup and recovery plans.
B
Explanation:
An Acceptable Use Policy (AUP) is an example of a managerial control. Managerial controls are policies and procedures that govern an organization’s operations, ensuring security through directives and rules. The AUP defines acceptable behavior and usage of company resources, setting guidelines for employees.
Physical controls refer to security measures like locks, fences, or security guards.
Technical controls involve security mechanisms such as firewalls or encryption.
Operational controls are procedures for maintaining security, such as backup and recovery plans.
Question #124
A university employee logged on to the academic server and attempted to guess the system administrators’ log-in credentials.
Which of the following security measures should the university have implemented to detect the employee’s attempts to gain access to the administrators’ accounts?
- A . Two-factor authentication
- B . Firewall
- C . Intrusion prevention system
- D . User activity logs
Correct Answer: D
Question #125
While troubleshooting a firewall configuration, a technician determines that a “deny any” policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable.
Which of the following actions would prevent this issue?
- A . Documenting the new policy in a change request and submitting the request to change management
- B . Testing the policy in a non-production environment before enabling the policy in the production network
- C . Disabling any intrusion prevention signatures on the ‘deny any* policy prior to enabling the new policy
- D . Including an ‘allow any1 policy above the ‘deny any* policy
Correct Answer: B
B
Explanation:
A firewall policy is a set of rules that defines what traffic is allowed or denied on a network. A firewall policy should be carefully designed and tested before being implemented, as a misconfigured policy can cause network disruptions or security breaches. A common best practice is to test the policy in a non-production environment, such as a lab or a simulation, before enabling the policy in the production network. This way, the technician can verify the functionality and performance of the policy, and identify and resolve any issues or conflicts, without affecting the live network. Testing the policy in a non-production environment would prevent the issue of the ‘deny any’ policy causing several company servers to become unreachable, as the technician would be able to detect and correct the problem before applying the policy to the production network.
Documenting the new policy in a change request and submitting the request to change management is a good practice, but it would not prevent the issue by itself. Change management is a process that ensures that any changes to the network are authorized, documented, and communicated, but it does not guarantee that the changes are error-free or functional. The technician still needs to test the policy before implementing it.
Disabling any intrusion prevention signatures on the ‘deny any’ policy prior to enabling the new policy would not prevent the issue, and it could reduce the security of the network. Intrusion prevention signatures are patterns that identify malicious or unwanted traffic, and allow the firewall to block or alert on such traffic. Disabling these signatures would make the firewall less effective in detecting and preventing attacks, and it would not affect the reachability of the company servers. Including an ‘allow any’ policy above the ‘deny any’ policy would not prevent the issue, and it would render the ‘deny any’ policy useless. A firewall policy is processed from top to bottom, and the first matching rule is applied. An ‘allow any’ policy would match any traffic and allow it to pass through the firewall, regardless of the source, destination, or protocol. This would negate the purpose of the ‘deny any’ policy, which is to block any traffic that does not match any of the previous rules. Moreover, an ‘allow any’ policy would create a security risk, as it would allow any unauthorized or malicious traffic to enter or exit the network.
Reference = CompTIA Security+ SY0-701 Certification Study Guide, page 204-205; Professor Messer’s CompTIA SY0-701 Security+ Training Course, video 2.1 – Network Security Devices, 8:00 – 10:00.
B
Explanation:
A firewall policy is a set of rules that defines what traffic is allowed or denied on a network. A firewall policy should be carefully designed and tested before being implemented, as a misconfigured policy can cause network disruptions or security breaches. A common best practice is to test the policy in a non-production environment, such as a lab or a simulation, before enabling the policy in the production network. This way, the technician can verify the functionality and performance of the policy, and identify and resolve any issues or conflicts, without affecting the live network. Testing the policy in a non-production environment would prevent the issue of the ‘deny any’ policy causing several company servers to become unreachable, as the technician would be able to detect and correct the problem before applying the policy to the production network.
Documenting the new policy in a change request and submitting the request to change management is a good practice, but it would not prevent the issue by itself. Change management is a process that ensures that any changes to the network are authorized, documented, and communicated, but it does not guarantee that the changes are error-free or functional. The technician still needs to test the policy before implementing it.
Disabling any intrusion prevention signatures on the ‘deny any’ policy prior to enabling the new policy would not prevent the issue, and it could reduce the security of the network. Intrusion prevention signatures are patterns that identify malicious or unwanted traffic, and allow the firewall to block or alert on such traffic. Disabling these signatures would make the firewall less effective in detecting and preventing attacks, and it would not affect the reachability of the company servers. Including an ‘allow any’ policy above the ‘deny any’ policy would not prevent the issue, and it would render the ‘deny any’ policy useless. A firewall policy is processed from top to bottom, and the first matching rule is applied. An ‘allow any’ policy would match any traffic and allow it to pass through the firewall, regardless of the source, destination, or protocol. This would negate the purpose of the ‘deny any’ policy, which is to block any traffic that does not match any of the previous rules. Moreover, an ‘allow any’ policy would create a security risk, as it would allow any unauthorized or malicious traffic to enter or exit the network.
Reference = CompTIA Security+ SY0-701 Certification Study Guide, page 204-205; Professor Messer’s CompTIA SY0-701 Security+ Training Course, video 2.1 – Network Security Devices, 8:00 – 10:00.
Question #126
A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations.
Which of the following should the hosting provider consider first?
- A . Local data protection regulations
- B . Risks from hackers residing in other countries
- C . Impacts to existing contractual obligations
- D . Time zone differences in log correlation
Correct Answer: A
A
Explanation:
Local data protection regulations are the first thing that a cloud-hosting provider should consider before expanding its data centers to new international locations. Data protection regulations are laws or standards that govern how personal or sensitive data is collected, stored, processed, and transferred across borders. Different countries or regions may have different data protection regulations, such as the General Data Protection Regulation (GDPR) in the European Union, the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, or the California Consumer Privacy Act (CCPA) in the United States. A cloud-hosting provider must comply with the local data protection regulations of the countries or regions where it operates or serves customers, or else it may face legal penalties, fines, or reputational damage. Therefore, a cloud-hosting provider should research and understand the local data protection regulations of the new international locations before expanding its data centers there.
Reference = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 7, page 269. CompTIA Security+ SY0-701 Exam Objectives, Domain 5.1, page 14.
A
Explanation:
Local data protection regulations are the first thing that a cloud-hosting provider should consider before expanding its data centers to new international locations. Data protection regulations are laws or standards that govern how personal or sensitive data is collected, stored, processed, and transferred across borders. Different countries or regions may have different data protection regulations, such as the General Data Protection Regulation (GDPR) in the European Union, the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, or the California Consumer Privacy Act (CCPA) in the United States. A cloud-hosting provider must comply with the local data protection regulations of the countries or regions where it operates or serves customers, or else it may face legal penalties, fines, or reputational damage. Therefore, a cloud-hosting provider should research and understand the local data protection regulations of the new international locations before expanding its data centers there.
Reference = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 7, page 269. CompTIA Security+ SY0-701 Exam Objectives, Domain 5.1, page 14.
Question #127
A company is changing its mobile device policy.
The company has the following requirements:
Company-owned devices
Ability to harden the devices
Reduced security risk
Compatibility with company resources
Which of the following would best meet these requirements?
- A . BYOD
- B . CYOD
- C . COPE
- D . COBO
Correct Answer: C
C
Explanation:
Detailed COPE (Corporate-Owned, Personally Enabled) devices allow companies to manage and harden company-owned devices while still enabling limited personal use, reducing security risks while maintaining compatibility with corporate resources.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 3: Security Architecture, Section: "Mobile Device Deployment Models".
C
Explanation:
Detailed COPE (Corporate-Owned, Personally Enabled) devices allow companies to manage and harden company-owned devices while still enabling limited personal use, reducing security risks while maintaining compatibility with corporate resources.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 3: Security Architecture, Section: "Mobile Device Deployment Models".
Question #128
Visitors to a secured facility are required to check in with a photo ID and enter the facility through an access control vestibule Which of the following but describes this form of security control?
- A . Physical
- B . Managerial
- C . Technical
- D . Operational
Correct Answer: A
A
Explanation:
A physical security control is a device or mechanism that prevents unauthorized access to a physical location or asset. An access control vestibule, also known as a mantrap, is a physical security control that consists of a small space with two sets of interlocking doors, such that the first set of doors must close before the second set opens. This prevents unauthorized individuals from following authorized individuals into the facility, a practice known as piggybacking or tailgating. A photo ID check is another form of physical security control that verifies the identity of visitors. Managerial, technical, and operational security controls are not directly related to physical access, but rather to policies, procedures, systems, and processes that support security objectives.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 341; Mantrap (access control) – Wikipedia2
A
Explanation:
A physical security control is a device or mechanism that prevents unauthorized access to a physical location or asset. An access control vestibule, also known as a mantrap, is a physical security control that consists of a small space with two sets of interlocking doors, such that the first set of doors must close before the second set opens. This prevents unauthorized individuals from following authorized individuals into the facility, a practice known as piggybacking or tailgating. A photo ID check is another form of physical security control that verifies the identity of visitors. Managerial, technical, and operational security controls are not directly related to physical access, but rather to policies, procedures, systems, and processes that support security objectives.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 341; Mantrap (access control) – Wikipedia2
Question #128
Visitors to a secured facility are required to check in with a photo ID and enter the facility through an access control vestibule Which of the following but describes this form of security control?
- A . Physical
- B . Managerial
- C . Technical
- D . Operational
Correct Answer: A
A
Explanation:
A physical security control is a device or mechanism that prevents unauthorized access to a physical location or asset. An access control vestibule, also known as a mantrap, is a physical security control that consists of a small space with two sets of interlocking doors, such that the first set of doors must close before the second set opens. This prevents unauthorized individuals from following authorized individuals into the facility, a practice known as piggybacking or tailgating. A photo ID check is another form of physical security control that verifies the identity of visitors. Managerial, technical, and operational security controls are not directly related to physical access, but rather to policies, procedures, systems, and processes that support security objectives.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 341; Mantrap (access control) – Wikipedia2
A
Explanation:
A physical security control is a device or mechanism that prevents unauthorized access to a physical location or asset. An access control vestibule, also known as a mantrap, is a physical security control that consists of a small space with two sets of interlocking doors, such that the first set of doors must close before the second set opens. This prevents unauthorized individuals from following authorized individuals into the facility, a practice known as piggybacking or tailgating. A photo ID check is another form of physical security control that verifies the identity of visitors. Managerial, technical, and operational security controls are not directly related to physical access, but rather to policies, procedures, systems, and processes that support security objectives.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 341; Mantrap (access control) – Wikipedia2
Question #130
An organization plans to expand its operations internationally and needs to keep data at the new location secure. The organization wants to use the most secure architecture model possible.
Which of the following models offers the highest level of security?
- A . Cloud-based
- B . Peer-to-peer
- C . On-premises
- D . Hybrid
Correct Answer: A
A
Explanation:
Cloud-based models provide strong security with features like encryption, redundancy, and disaster recovery, making it a secure choice for international operations.
A
Explanation:
Cloud-based models provide strong security with features like encryption, redundancy, and disaster recovery, making it a secure choice for international operations.