Practice Free SY0-701 Exam Online Questions
Question #121
In which of the following scenarios is tokenization the best privacy technique 10 use?
- A . Providing pseudo-anonymization tor social media user accounts
- B . Serving as a second factor for authentication requests
- C . Enabling established customers to safely store credit card Information
- D . Masking personal information inside databases by segmenting data
Correct Answer: C
C
Explanation:
Tokenization is a process that replaces sensitive data, such as credit card information, with a non-sensitive equivalent (token) that can be used in place of the actual data. This technique is particularly useful in securely storing payment information because the token can be safely stored and transmitted without exposing the original credit card number.
CompTIA Security+ SY0-701 Course Content: Domain 03 Security Architecture.
CompTIA Security+ SY0-601 Study Guide: Chapter on Cryptography and Data Protection.
C
Explanation:
Tokenization is a process that replaces sensitive data, such as credit card information, with a non-sensitive equivalent (token) that can be used in place of the actual data. This technique is particularly useful in securely storing payment information because the token can be safely stored and transmitted without exposing the original credit card number.
CompTIA Security+ SY0-701 Course Content: Domain 03 Security Architecture.
CompTIA Security+ SY0-601 Study Guide: Chapter on Cryptography and Data Protection.
Question #122
A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message.
Which of the following should the analyst do?
- A . Place posters around the office to raise awareness of common phishing activities.
- B . Implement email security filters to prevent phishing emails from being delivered
- C . Update the EDR policies to block automatic execution of downloaded programs.
- D . Create additional training for users to recognize the signs of phishing attempts.
Correct Answer: C
C
Explanation:
An endpoint detection and response (EDR) system is a security tool that monitors and analyzes the activities and behaviors of endpoints, such as computers, laptops, mobile devices, and servers. An EDR system can detect, prevent, and respond to various types of threats, such as malware, ransomware, phishing, and advanced persistent threats (APTs). One of the features of an EDR system is to block the automatic execution of downloaded programs, which can prevent malicious code from running on the endpoint when a user clicks on a link in a phishing message. This can reduce the impact of a phishing attack and protect the endpoint from compromise. Updating the EDR policies to block automatic execution of downloaded programs is a technical control that can mitigate the risk of phishing, regardless of the user’s awareness or behavior. Therefore, this is the best answer among the given options.
The other options are not as effective as updating the EDR policies, because they rely on administrative or physical controls that may not be sufficient to prevent or stop a phishing attack. Placing posters around the office to raise awareness of common phishing activities is a physical control that can increase the user’s knowledge of phishing, but it may not change their behavior or prevent them from clicking on a link in a phishing message. Implementing email security filters to prevent phishing emails from being delivered is an administrative control that can reduce the exposure to phishing, but it may not be able to block all phishing emails, especially if they are crafted to bypass the filters. Creating additional training for users to recognize the signs of phishing attempts is an administrative control that can improve the user’s skills of phishing detection, but it may not guarantee that they will always be vigilant or cautious when receiving an email. Therefore, these options are not the best answer for this question. = Endpoint Detection and Response C CompTIA Security+ SY0-701 C 2.2, video at 5:30; CompTIA Security+ SY0-701 Certification Study Guide, page 163.
C
Explanation:
An endpoint detection and response (EDR) system is a security tool that monitors and analyzes the activities and behaviors of endpoints, such as computers, laptops, mobile devices, and servers. An EDR system can detect, prevent, and respond to various types of threats, such as malware, ransomware, phishing, and advanced persistent threats (APTs). One of the features of an EDR system is to block the automatic execution of downloaded programs, which can prevent malicious code from running on the endpoint when a user clicks on a link in a phishing message. This can reduce the impact of a phishing attack and protect the endpoint from compromise. Updating the EDR policies to block automatic execution of downloaded programs is a technical control that can mitigate the risk of phishing, regardless of the user’s awareness or behavior. Therefore, this is the best answer among the given options.
The other options are not as effective as updating the EDR policies, because they rely on administrative or physical controls that may not be sufficient to prevent or stop a phishing attack. Placing posters around the office to raise awareness of common phishing activities is a physical control that can increase the user’s knowledge of phishing, but it may not change their behavior or prevent them from clicking on a link in a phishing message. Implementing email security filters to prevent phishing emails from being delivered is an administrative control that can reduce the exposure to phishing, but it may not be able to block all phishing emails, especially if they are crafted to bypass the filters. Creating additional training for users to recognize the signs of phishing attempts is an administrative control that can improve the user’s skills of phishing detection, but it may not guarantee that they will always be vigilant or cautious when receiving an email. Therefore, these options are not the best answer for this question. = Endpoint Detection and Response C CompTIA Security+ SY0-701 C 2.2, video at 5:30; CompTIA Security+ SY0-701 Certification Study Guide, page 163.
Question #123
A Chief Security Officer signs off on a request to allow inbound SMB and RDP from the internet to a single VLAN.
Which of the following is the most likely explanation for this activity?
- A . The company built a new file-sharing site.
- B . The organization is preparing for a penetration test.
- C . The security team is integrating with an SASE platform.
- D . The security team created a honeynet.
Correct Answer: D
D
Explanation:
Allowing risky protocols like SMB and RDP from the internet to a controlled VLAN is commonly done to create a honeynet, a deliberately vulnerable network environment used to attract attackers and study their behaviors without risking production systems.
Building a file-sharing site (A) or preparing for a pentest (B) typically wouldn’t require exposing SMB and RDP broadly. SASE integration (C) focuses on cloud security access and doesn’t involve opening such protocols indiscriminately.
Honeynets are described as a deception technology in the Security Architecture domain 【 6:Chapter 9†CompTIA Security+ Study Guide 】 .
D
Explanation:
Allowing risky protocols like SMB and RDP from the internet to a controlled VLAN is commonly done to create a honeynet, a deliberately vulnerable network environment used to attract attackers and study their behaviors without risking production systems.
Building a file-sharing site (A) or preparing for a pentest (B) typically wouldn’t require exposing SMB and RDP broadly. SASE integration (C) focuses on cloud security access and doesn’t involve opening such protocols indiscriminately.
Honeynets are described as a deception technology in the Security Architecture domain 【 6:Chapter 9†CompTIA Security+ Study Guide 】 .
Question #124
An employee used a company’s billing system to issue fraudulent checks. The administrator is looking for evidence of other occurrences of this activity.
Which of the following should the administrator examine?
- A . Application logs
- B . Vulnerability scanner logs
- C . IDS/IPS logs
- D . Firewall logs
Correct Answer: A
Question #125
Which of the following phases of an incident response involves generating reports?
- A . Recovery
- B . Preparation
- C . Lessons learned
- D . Containment
Correct Answer: C
C
Explanation:
The lessons learned phase of an incident response process involves reviewing the incident and generating reports. This phase helps identify what went well, what needs improvement, and what
changes should be made to prevent future incidents. Documentation and reporting are essential parts of this phase to ensure that the findings are recorded and used for future planning.
Recovery focuses on restoring services and normal operations.
Preparation involves creating plans and policies for potential incidents, not reporting.
Containment deals with isolating and mitigating the effects of the incident, not generating reports.
C
Explanation:
The lessons learned phase of an incident response process involves reviewing the incident and generating reports. This phase helps identify what went well, what needs improvement, and what
changes should be made to prevent future incidents. Documentation and reporting are essential parts of this phase to ensure that the findings are recorded and used for future planning.
Recovery focuses on restoring services and normal operations.
Preparation involves creating plans and policies for potential incidents, not reporting.
Containment deals with isolating and mitigating the effects of the incident, not generating reports.
Question #126
Which of the following solutions would most likely be used in the financial industry to mask sensitive data?
- A . Tokenization
- B . Hashing
- C . Salting
- D . Steganography
Correct Answer: A
A
Explanation:
Tokenization is widely used in the financial industry to mask sensitive information such as credit card numbers, bank account details, or payment tokens. Tokenization replaces sensitive data with harmless surrogate values (tokens) that maintain format and usability but reveal nothing if intercepted.
Security+ SY0-701 highlights tokenization as a preferred method for PCI-DSS-regulated environments because:
It reduces exposure of actual sensitive data
It lowers compliance scope
Tokens can be mapped back to real data only through a secure token vault
It prevents attackers from accessing meaningful information
Hashing (B) is one-way and cannot be reversed, making it unsuitable for financial transactions that require retrieving original values. Salting (C) enhances password hashing security but does not mask data. Steganography (D) hides data inside images or media files, not used for structured data protection.
Thus, the correct answer is A: Tokenization.
A
Explanation:
Tokenization is widely used in the financial industry to mask sensitive information such as credit card numbers, bank account details, or payment tokens. Tokenization replaces sensitive data with harmless surrogate values (tokens) that maintain format and usability but reveal nothing if intercepted.
Security+ SY0-701 highlights tokenization as a preferred method for PCI-DSS-regulated environments because:
It reduces exposure of actual sensitive data
It lowers compliance scope
Tokens can be mapped back to real data only through a secure token vault
It prevents attackers from accessing meaningful information
Hashing (B) is one-way and cannot be reversed, making it unsuitable for financial transactions that require retrieving original values. Salting (C) enhances password hashing security but does not mask data. Steganography (D) hides data inside images or media files, not used for structured data protection.
Thus, the correct answer is A: Tokenization.
Question #127
Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?
- A . Software as a service
- B . Infrastructure as code
- C . Internet of Things
- D . Software-defined networking
Correct Answer: B
B
Explanation:
Infrastructure as code (IaC) is a method of using code and automation to manage and provision cloud resources, such as servers, networks, storage, and applications. IaC allows for easy deployment, scalability, consistency, and repeatability of cloud environments. IaC is also a key component of DevSecOps, which integrates security into the development and operations processes.: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 6: Cloud and Virtualization Concepts, page 294.
B
Explanation:
Infrastructure as code (IaC) is a method of using code and automation to manage and provision cloud resources, such as servers, networks, storage, and applications. IaC allows for easy deployment, scalability, consistency, and repeatability of cloud environments. IaC is also a key component of DevSecOps, which integrates security into the development and operations processes.: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 6: Cloud and Virtualization Concepts, page 294.
Question #128
Which of the following is the best reason to perform a tabletop exercise?
- A . To address audit findings
- B . To collect remediation response times
- C . To update the IRP
- D . To calculate the ROI
Correct Answer: C
C
Explanation:
A tabletop exercise simulates incident scenarios to test and validate the effectiveness of an organization’s Incident Response Plan (IRP), identifying gaps and areas needing updates. It promotes team readiness without disrupting operations.
Addressing audit findings (A), collecting remediation times (B), and calculating ROI (D) are separate activities and not the primary purpose of tabletop exercises.
This practice is an integral part of Security Operations and Incident Response training in SY0-701 【 6:Chapter 14†CompTIA Security+ Study Guide 】 .
C
Explanation:
A tabletop exercise simulates incident scenarios to test and validate the effectiveness of an organization’s Incident Response Plan (IRP), identifying gaps and areas needing updates. It promotes team readiness without disrupting operations.
Addressing audit findings (A), collecting remediation times (B), and calculating ROI (D) are separate activities and not the primary purpose of tabletop exercises.
This practice is an integral part of Security Operations and Incident Response training in SY0-701 【 6:Chapter 14†CompTIA Security+ Study Guide 】 .
Question #129
A company that has a large IT operation is looking to better control, standardize, and lower the time required to build new servers.
Which of the following architectures will best achieve the company’s objectives?
- A . IoT
- B . IaC
- C . PaaS
- D . ICS
Correct Answer: B
B
Explanation:
Infrastructure as Code (IaC) enables organizations to automate the provisioning, configuration, and deployment of servers through machine-readable scripts rather than manual processes. SY0-701 emphasizes IaC as a key component of DevOps and secure deployment pipelines. By using IaC, server builds become repeatable, standardized, version-controlled, and much faster.
This directly addresses the company’s goals:
Better control: IaC ensures predictable, consistent configuration across all servers.
Standardization: Scripts eliminate drift by applying identical configurations.
Lower build time: Automation significantly accelerates server creation and eliminates manual intervention.
IoT (A) refers to Internet-connected smart devices and is unrelated to server deployment. PaaS (C) offers development platforms but does not automate infrastructure builds. ICS (D) refers to industrial control systems, not IT server architecture.
Therefore, the only correct architecture that meets all objectives is IaC, a foundational technology for modern automated infrastructure.
B
Explanation:
Infrastructure as Code (IaC) enables organizations to automate the provisioning, configuration, and deployment of servers through machine-readable scripts rather than manual processes. SY0-701 emphasizes IaC as a key component of DevOps and secure deployment pipelines. By using IaC, server builds become repeatable, standardized, version-controlled, and much faster.
This directly addresses the company’s goals:
Better control: IaC ensures predictable, consistent configuration across all servers.
Standardization: Scripts eliminate drift by applying identical configurations.
Lower build time: Automation significantly accelerates server creation and eliminates manual intervention.
IoT (A) refers to Internet-connected smart devices and is unrelated to server deployment. PaaS (C) offers development platforms but does not automate infrastructure builds. ICS (D) refers to industrial control systems, not IT server architecture.
Therefore, the only correct architecture that meets all objectives is IaC, a foundational technology for modern automated infrastructure.
Question #130
A systems administrator needs to encrypt all data on employee laptops.
Which of the following encryption levels should be implemented?
- A . Volume
- B . Partition
- C . Full disk
- D . File
Correct Answer: C