Practice Free SY0-701 Exam Online Questions
A company receives an alert that a network device vendor, which is widely used in the enterprise, has been banned by the government.
Which of the following will the company’s general counsel most likely be concerned with during a hardware refresh of these devices?
- A . Sanctions
- B . Data sovereignty
- C . Cost of replacement
- D . Loss of license
A
Explanation:
When the government bans a vendor, the primary concern for the company’s general counsel is sanctions, which are legal restrictions that prohibit the purchase, use, import, or continued operation of products associated with restricted entities. Security+ SY0-701 stresses that compliance with government regulations and legal mandates is a critical oversight responsibility. Failure to comply may result in severe penalties, including fines, loss of contracting eligibility, and reputational damage.
During a hardware refresh, general counsel will ensure the organization is not violating federal trade sanctions, procurement laws, or export/import restrictions. Even if devices are already purchased, continued use may still violate the sanctions, creating legal liability.
Data sovereignty (B) relates to storage location requirements, not vendor bans. Cost of replacement
(C) is an operational and financial concern, not a legal one. Loss of license (D) typically applies to software but is not the primary legal concern tied to a government-issued vendor ban.
Therefore, sanctions are the general counsel’s primary focus.
A systems administrator is working on a solution with the following requirements:
• Provide a secure zone.
• Enforce a company-wide access control policy.
• Reduce the scope of threats.
Which of the following is the systems administrator setting up?
- A . Zero Trust
- B . AAA
- C . Non-repudiation
- D . CIA
A
Explanation:
Zero Trust is a security model that assumes no trust for any entity inside or outside the network perimeter and requires continuous verification of identity and permissions. Zero Trust can provide a secure zone by isolating and protecting sensitive data and resources from unauthorized access. Zero Trust can also enforce a company-wide access control policy by applying the principle of least privilege and granular segmentation for users, devices, and applications. Zero Trust can reduce the scope of threats by preventing lateral movement and minimizing the attack surface.
5: This source explains the concept and benefits of Zero Trust security and how it differs from traditional security models.
8: This source provides an overview of Zero Trust identity security and how it can help verify the identity and integrity of users and devices.
A company is currently utilizing usernames and passwords, and it wants to integrate an MFA method that is seamless, can Integrate easily into a user’s workflow, and can utilize employee-owned devices.
Which of the following will meet these requirements?
- A . Push notifications
- B . Phone call
- C . Smart card
- D . Offline backup codes
A
Explanation:
Push notifications offer a seamless and user-friendly method of multi-factor authentication (MFA) that can easily integrate into a user’s workflow. This method leverages employee-owned devices, like smartphones, to approve authentication requests through a push notification. It’s convenient, quick, and doesn’t require the user to input additional codes, making it a preferred choice for seamless integration with existing workflows.
CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations.
CompTIA Security+ SY0-601 Study Guide: Chapter on Identity and Access Management.
The management team reports employees are missing features on company-provided tablets, causing productivity issues. The team directs IT to resolve the issue within 48 hours.
Which of the following is the best solution?
- A . EDR
- B . COPE
- C . MDM
- D . FDE
C
Explanation:
The best solution is Mobile Device Management (MDM), which allows IT administrators to centrally configure, update, and push applications or settings to company-owned devices. When employees report missing features or misconfigurations, MDM platforms enable rapid remote remediation, policy enforcement, patch distribution, and application deployment―all of which can be completed within the 48-hour requirement.
Security+ SY0-701 emphasizes MDM as the primary tool for ensuring consistent configuration baselines, enforcing security restrictions, deploying apps, and preventing unauthorized changes on mobile devices.
EDR (A) provides threat detection, not configuration restoration.
COPE (B) is a device ownership model (Corporate Owned, Personally Enabled); it does not solve configuration issues.
FDE (D) encrypts storage, unrelated to missing features.
Therefore, C: MDM is the correct answer.
A company’s antivirus solution is effective in blocking malware but often has false positives. The security team has spent a significant amount of time on investigations but cannot determine a root cause. The company is looking for a heuristic solution.
Which of the following should replace the antivirus solution?
- A . SIEM
- B . EDR
- C . DLP
- D . IDS
B
Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
Endpoint Detection and Response (EDR) platforms use behavioral analytics, machine learning, heuristics, and anomaly detection to identify malware and suspicious activity more accurately than traditional signature-based antivirus. EDR solutions also provide rich telemetry, process tracking, sandboxing, and automated investigation capabilities.
The SY0-701 exam emphasizes EDR as a replacement for legacy antivirus in modern threat environments. EDR can significantly reduce false positives by establishing behavioral baselines and analyzing file, process, and memory activity rather than relying solely on signatures. The scenario states the company wants a heuristic solution, which directly aligns with EDR’s advanced detection approach.
SIEM (A) is for log aggregation and correlation―not endpoint protection. DLP (C) prevents data exfiltration but does not detect malware. IDS (D) analyzes network traffic, not endpoint behavior.
Thus, EDR is the correct solution to reduce false positives and improve malware-detection accuracy.
A company’s antivirus solution is effective in blocking malware but often has false positives. The security team has spent a significant amount of time on investigations but cannot determine a root cause. The company is looking for a heuristic solution.
Which of the following should replace the antivirus solution?
- A . SIEM
- B . EDR
- C . DLP
- D . IDS
B
Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
Endpoint Detection and Response (EDR) platforms use behavioral analytics, machine learning, heuristics, and anomaly detection to identify malware and suspicious activity more accurately than traditional signature-based antivirus. EDR solutions also provide rich telemetry, process tracking, sandboxing, and automated investigation capabilities.
The SY0-701 exam emphasizes EDR as a replacement for legacy antivirus in modern threat environments. EDR can significantly reduce false positives by establishing behavioral baselines and analyzing file, process, and memory activity rather than relying solely on signatures. The scenario states the company wants a heuristic solution, which directly aligns with EDR’s advanced detection approach.
SIEM (A) is for log aggregation and correlation―not endpoint protection. DLP (C) prevents data exfiltration but does not detect malware. IDS (D) analyzes network traffic, not endpoint behavior.
Thus, EDR is the correct solution to reduce false positives and improve malware-detection accuracy.
The private key for a website was stolen, and a new certificate has been issued.
Which of the following needs to be updated next?
- A . SCEP
- B . CRL
- C . OCSP
- D . CSR
Which of the following phases of an incident response involves generating reports?
- A . Recovery
- B . Preparation
- C . Lessons learned
- D . Containment
C
Explanation:
The lessons learned phase of an incident response process involves reviewing the incident and generating reports. This phase helps identify what went well, what needs improvement, and what
changes should be made to prevent future incidents. Documentation and reporting are essential parts of this phase to ensure that the findings are recorded and used for future planning.
Recovery focuses on restoring services and normal operations.
Preparation involves creating plans and policies for potential incidents, not reporting.
Containment deals with isolating and mitigating the effects of the incident, not generating reports.
Which of the following best describe the benefits of a microservices architecture when compared to
a monolithic architecture? (Select two).
- A . Easter debugging of the system
- B . Reduced cost of ownership of the system
- C . Improved scalability of the system
- D . Increased compartmentalization of the system
- E . Stronger authentication of the system
- F . Reduced complexity of the system
Which of the following threat actors is the most likely to be hired by a foreign government to attack critical systems located in other countries?
- A . Hacktivist
- B . Whistleblower
- C . Organized crime
- D . Unskilled attacker
C
Explanation:
Organized crime is a type of threat actor that is motivated by financial gain and often operates across national borders. Organized crime groups may be hired by foreign governments to conduct cyberattacks on critical systems located in other countries, such as power grids, military networks, or financial institutions. Organized crime groups have the resources, skills, and connections to carry out sophisticated and persistent attacks that can cause significant damage and disruption12. = 1: Threat Actors – CompTIA Security+ SY0-701 – 2.1 2: CompTIA Security+ SY0-701 Certification Study Guide