Practice Free SY0-701 Exam Online Questions
Question #131
Which of the following activities should be performed first to compile a list of vulnerabilities in an environment?
- A . Automated scanning
- B . Penetration testing
- C . Threat hunting
- D . Log aggregation
- E . Adversarial emulation
Correct Answer: A
A
Explanation:
Automated vulnerability scanning is the first step in identifying system weaknesses. These scans systematically check for outdated software, misconfigurations, and known vulnerabilities in a network.
Penetration testing (B) is conducted after vulnerabilities are identified.
Threat hunting (C) focuses on detecting unknown threats, not listing vulnerabilities.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Security Operations domain.
A
Explanation:
Automated vulnerability scanning is the first step in identifying system weaknesses. These scans systematically check for outdated software, misconfigurations, and known vulnerabilities in a network.
Penetration testing (B) is conducted after vulnerabilities are identified.
Threat hunting (C) focuses on detecting unknown threats, not listing vulnerabilities.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Security Operations domain.
Question #132
A company is currently utilizing usernames and passwords, and it wants to integrate an MFA method that is seamless, can Integrate easily into a user’s workflow, and can utilize employee-owned devices.
Which of the following will meet these requirements?
- A . Push notifications
- B . Phone call
- C . Smart card
- D . Offline backup codes
Correct Answer: A
A
Explanation:
Push notifications offer a seamless and user-friendly method of multi-factor authentication (MFA) that can easily integrate into a user’s workflow. This method leverages employee-owned devices, like smartphones, to approve authentication requests through a push notification. It’s convenient, quick, and doesn’t require the user to input additional codes, making it a preferred choice for seamless integration with existing workflows.
Reference =
CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations.
CompTIA Security+ SY0-601 Study Guide: Chapter on Identity and Access Management.
A
Explanation:
Push notifications offer a seamless and user-friendly method of multi-factor authentication (MFA) that can easily integrate into a user’s workflow. This method leverages employee-owned devices, like smartphones, to approve authentication requests through a push notification. It’s convenient, quick, and doesn’t require the user to input additional codes, making it a preferred choice for seamless integration with existing workflows.
Reference =
CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations.
CompTIA Security+ SY0-601 Study Guide: Chapter on Identity and Access Management.
Question #133
Which of the following aspects of the data management life cycle is most directly impacted by local and international regulations?
- A . Destruction
- B . Certification
- C . Retention
- D . Sanitization
Correct Answer: C
C
Explanation:
Detailed
Retention policies dictate how long data must be stored to comply with local and international regulations. Non-compliance can result in legal and financial penalties.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 5: Security Program Management, Section: "Data Retention and Legal Requirements".
C
Explanation:
Detailed
Retention policies dictate how long data must be stored to comply with local and international regulations. Non-compliance can result in legal and financial penalties.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 5: Security Program Management, Section: "Data Retention and Legal Requirements".
Question #134
Several customers want an organization to verify its security controls are operating effectively and have requested an independent opinion.
Which of the following is the most efficient way to address these requests?
- A . Hire a vendor to perform a penetration test.
- B . Perform an annual self-assessment.
- C . Allow each client the right to audit.
- D . Provide a third-party attestation report.
Correct Answer: D
Question #135
A customer has a contract with a CSP and wants to identify which controls should be implemented in the IaaS enclave.
Which of the following is most likely to contain this information?
- A . Statement of work
- B . Responsibility matrix
- C . Service-level agreement
- D . Master service agreement
Correct Answer: B
B
Explanation:
A responsibility matrix clarifies the division of responsibilities between the cloud service provider (CSP) and the customer, ensuring that each party understands and implements their respective security controls.
Reference: Security+ SY0-701 Course Content.
B
Explanation:
A responsibility matrix clarifies the division of responsibilities between the cloud service provider (CSP) and the customer, ensuring that each party understands and implements their respective security controls.
Reference: Security+ SY0-701 Course Content.
Question #136
A new security regulation was announced that will take effect in the coming year. A company must comply with it to remain in business.
Which of the following activities should the company perform next?
- A . Gap analysis
- B . Policy review
- C . Security procedure evaluation
- D . Threat scope reduction
Correct Answer: A
Question #137
A systems administrator receives an alert that a company’s internal file server is very slow and is only working intermittently.
The systems administrator reviews the server management software and finds the following information about the server:
Which of the following indicators most likely triggered this alert?
- A . Concurrent session usage
- B . Network saturation
- C . Account lockout
- D . Resource consumption
Correct Answer: D
Question #138
An employee used a company’s billing system to issue fraudulent checks. The administrator is looking for evidence of other occurrences of this activity.
Which of the following should the administrator examine?
- A . Application logs
- B . Vulnerability scanner logs
- C . IDS/IPS logs
- D . Firewall logs
Correct Answer: A
Question #139
Which of the following threat actors would most likely deface the website of a high-profile music group?
- A . Unskilled attacker
- B . Organized crime
- C . Nation-state
- D . Insider threat
Correct Answer: A
A
Explanation:
Detailed An unskilled attacker, often referred to as a script kiddie, is likely to engage in website defacement. This type of attack typically requires minimal expertise and is often conducted for notoriety.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 2: Threats, Section: "Threat Actors and Motivations".
A
Explanation:
Detailed An unskilled attacker, often referred to as a script kiddie, is likely to engage in website defacement. This type of attack typically requires minimal expertise and is often conducted for notoriety.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 2: Threats, Section: "Threat Actors and Motivations".
Question #140
Which of the following should a security administrator adhere to when setting up a new set of firewall rules?
- A . Disaster recovery plan
- B . Incident response procedure
- C . Business continuity plan
- D . Change management procedure
Correct Answer: D
D
Explanation:
A change management procedure is a set of steps and guidelines that a security administrator should adhere to when setting up a new set of firewall rules. A firewall is a device or software that can filter, block, or allow network traffic based on predefined rules or policies. A firewall rule is a statement that defines the criteria and action for a firewall to apply to a packet or a connection. For example, a firewall rule can allow or deny traffic based on the source and destination IP addresses, ports, protocols, or applications. Setting up a new set of firewall rules is a type of change that can affect the security, performance, and functionality of the network. Therefore, a change management procedure is necessary to ensure that the change is planned, tested, approved, implemented, documented, and reviewed in a controlled and consistent manner. A change management procedure typically includes the following elements:
A change request that describes the purpose, scope, impact, and benefits of the change, as well as the roles and responsibilities of the change owner, implementer, and approver.
A change assessment that evaluates the feasibility, risks, costs, and dependencies of the change, as well as the alternatives and contingency plans.
A change approval that authorizes the change to proceed to the implementation stage, based on the criteria and thresholds defined by the change policy.
A change implementation that executes the change according to the plan and schedule, and verifies the results and outcomes of the change.
A change documentation that records the details and status of the change, as well as the lessons learned and best practices.
A change review that monitors and measures the performance and effectiveness of the change, and identifies any issues or gaps that need to be addressed or improved.
A change management procedure is important for a security administrator to adhere to when setting up a new set of firewall rules, as it can help to achieve the following objectives:
Enhance the security posture and compliance of the network by ensuring that the firewall rules are aligned with the security policies and standards, and that they do not introduce any vulnerabilities or conflicts.
Minimize the disruption and downtime of the network by ensuring that the firewall rules are tested and validated before deployment, and that they do not affect the availability or functionality of the network services or applications.
Improve the efficiency and quality of the network by ensuring that the firewall rules are optimized and updated according to the changing needs and demands of the network users and stakeholders, and that they do not cause any performance or compatibility issues.
Increase the accountability and transparency of the network by ensuring that the firewall rules are documented and reviewed regularly, and that they are traceable and auditable by the relevant authorities and parties.
The other options are not correct because they are not related to the process of setting up a new set of firewall rules. A disaster recovery plan is a set of policies and procedures that aim to restore the normal operations of an organization in the event of a system failure, natural disaster, or other emergency. An incident response procedure is a set of steps and guidelines that aim to contain, analyze, eradicate, and recover from a security incident, such as a cyberattack, data breach, or malware infection. A business continuity plan is a set of strategies and actions that aim to maintain the essential functions and operations of an organization during and after a disruptive event, such as a pandemic, power outage, or civil unrest.
Reference = CompTIA Security+ Study Guide (SY0-701), Chapter 7: Resilience and Recovery, page 325. Professor Messer’s CompTIA SY0-701 Security+ Training Course, Section 1.3: Security Operations, video: Change Management (5:45).
D
Explanation:
A change management procedure is a set of steps and guidelines that a security administrator should adhere to when setting up a new set of firewall rules. A firewall is a device or software that can filter, block, or allow network traffic based on predefined rules or policies. A firewall rule is a statement that defines the criteria and action for a firewall to apply to a packet or a connection. For example, a firewall rule can allow or deny traffic based on the source and destination IP addresses, ports, protocols, or applications. Setting up a new set of firewall rules is a type of change that can affect the security, performance, and functionality of the network. Therefore, a change management procedure is necessary to ensure that the change is planned, tested, approved, implemented, documented, and reviewed in a controlled and consistent manner. A change management procedure typically includes the following elements:
A change request that describes the purpose, scope, impact, and benefits of the change, as well as the roles and responsibilities of the change owner, implementer, and approver.
A change assessment that evaluates the feasibility, risks, costs, and dependencies of the change, as well as the alternatives and contingency plans.
A change approval that authorizes the change to proceed to the implementation stage, based on the criteria and thresholds defined by the change policy.
A change implementation that executes the change according to the plan and schedule, and verifies the results and outcomes of the change.
A change documentation that records the details and status of the change, as well as the lessons learned and best practices.
A change review that monitors and measures the performance and effectiveness of the change, and identifies any issues or gaps that need to be addressed or improved.
A change management procedure is important for a security administrator to adhere to when setting up a new set of firewall rules, as it can help to achieve the following objectives:
Enhance the security posture and compliance of the network by ensuring that the firewall rules are aligned with the security policies and standards, and that they do not introduce any vulnerabilities or conflicts.
Minimize the disruption and downtime of the network by ensuring that the firewall rules are tested and validated before deployment, and that they do not affect the availability or functionality of the network services or applications.
Improve the efficiency and quality of the network by ensuring that the firewall rules are optimized and updated according to the changing needs and demands of the network users and stakeholders, and that they do not cause any performance or compatibility issues.
Increase the accountability and transparency of the network by ensuring that the firewall rules are documented and reviewed regularly, and that they are traceable and auditable by the relevant authorities and parties.
The other options are not correct because they are not related to the process of setting up a new set of firewall rules. A disaster recovery plan is a set of policies and procedures that aim to restore the normal operations of an organization in the event of a system failure, natural disaster, or other emergency. An incident response procedure is a set of steps and guidelines that aim to contain, analyze, eradicate, and recover from a security incident, such as a cyberattack, data breach, or malware infection. A business continuity plan is a set of strategies and actions that aim to maintain the essential functions and operations of an organization during and after a disruptive event, such as a pandemic, power outage, or civil unrest.
Reference = CompTIA Security+ Study Guide (SY0-701), Chapter 7: Resilience and Recovery, page 325. Professor Messer’s CompTIA SY0-701 Security+ Training Course, Section 1.3: Security Operations, video: Change Management (5:45).