Practice Free SY0-701 Exam Online Questions
An employee who was working remotely lost a mobile device containing company dat a.
Which of the following provides the best solution to prevent future data loss?
- A . MDM
- B . DLP
- C . FDE
- D . EDR
Which of the following phases of an incident response involves generating reports?
- A . Recovery
- B . Preparation
- C . Lessons learned
- D . Containment
C
Explanation:
The lessons learned phase of an incident response process involves reviewing the incident and generating reports. This phase helps identify what went well, what needs improvement, and what changes should be made to prevent future incidents. Documentation and reporting are essential parts of this phase to ensure that the findings are recorded and used for future planning.
Recovery focuses on restoring services and normal operations.
Preparation involves creating plans and policies for potential incidents, not reporting.
Containment deals with isolating and mitigating the effects of the incident, not generating reports.
A systems administrator notices that the research and development department is not using the company VPN when accessing various company-related services and systems.
Which of the following scenarios describes this activity?
- A . Espionage
- B . Data exfiltration
- C . Nation-state attack
- D . Shadow IT
A client demands at least 99.99% uptime from a service provider’s hosted security services.
Which of the following documents includes the information the service provider should return to the client?
- A . MOA
- B . SOW
- C . MOU
- D . SLA
D
Explanation:
A service level agreement (SLA) is a document that defines the level of service expected by a customer from a service provider, indicating the metrics by which that service is measured, and the remedies or penalties, if any, should the agreed-upon levels not be achieved. An SLA can specify the minimum uptime or availability of a service, such as 99.99%, and the consequences for failing to meet that standard. A memorandum of agreement (MOA), a statement of work (SOW), and a memorandum of understanding (MOU) are other types of documents that can be used to establish a relationship between parties, but they do not typically include the details of service levels and performance metrics that an SLA does.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 16-17
An accountant is transferring information to a bank over FTP.
Which of the following mitigations should the accountant use to protect the confidentiality of the data?
- A . Tokenization
- B . Data masking
- C . Encryption
- D . Obfuscation
Which of the following consequences would a retail chain most likely face from customers in the event the retailer is non-compliant with PCI DSS?
- A . Contractual impacts
- B . Sanctions
- C . Fines
- D . Reputational damage
A visitor plugs a laptop into a network jack in the lobby and is able to connect to the company’s network.
Which of the following should be configured on the existing network infrastructure to best prevent this activity?
- A . Port security
- B . Web application firewall
- C . Transport layer security
- D . Virtual private network
A
Explanation:
Port security is the best solution to prevent unauthorized devices, like a visitor’s laptop, from connecting to the company’s network. Port security can limit the number of devices that can connect to a network switch port and block unauthorized MAC addresses, effectively stopping unauthorized access attempts.
Web application firewall (WAF) protects against web-based attacks, not unauthorized network access.
Transport Layer Security (TLS) ensures encrypted communication but does not manage physical network access.
Virtual Private Network (VPN) secures remote connections but does not control access through physical network ports.
A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks.
Which of the following analysis elements did the company most likely use in making this decision?
- A . IMTTR
- B . RTO
- C . ARO
- D . MTBF
C
Explanation:
ARO (Annualized Rate of Occurrence) is an analysis element that measures the frequency or likelihood of an event happening in a given year. ARO is often used in risk assessment and management, as it helps to estimate the potential loss or impact of an event. A company can use ARO to calculate the annualized loss expectancy (ALE) of an event, which is the product of ARO and the single loss expectancy (SLE). ALE represents the expected cost of an event per year, and can be used to compare with the cost of implementing a security control or purchasing an insurance policy. The company most likely used ARO in making the decision to remove the coverage for ransomware attacks from its cyber insurance policy. The company may have estimated the ARO of ransomware attacks based on historical data, industry trends, or threat intelligence, and found that the ARO was low or negligible. The company may have also calculated the ALE of ransomware attacks, and found that the ALE was lower than the cost of the insurance policy. Therefore, the company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks, as it deemed the risk to be acceptable or manageable.
IMTTR (Incident Management Team Training and Readiness), RTO (Recovery Time Objective), and MTBF (Mean Time Between Failures) are not analysis elements that the company most likely used in making the decision to remove the coverage for ransomware attacks from its cyber insurance policy. IMTTR is a process of preparing and training the incident management team to respond effectively to security incidents. IMTTR does not measure the frequency or impact of an event, but rather the capability and readiness of the team. RTO is a metric that defines the maximum acceptable time for restoring a system or service after a disruption. RTO does not measure the frequency or impact of an event, but rather the availability and continuity of the system or service. MTBF is a metric that measures the average time between failures of a system or component. MTBF does not measure the frequency or impact of an event, but rather the reliability and performance of the system or component.
Reference = CompTIA Security+ SY0-701 Certification Study Guide, page 97-98; Professor Messer’s CompTIA SY0-701 Security+ Training Course, video 5.2 – Risk Management, 0:00 – 3:00.
Which of the following is the first step to take when creating an anomaly detection process?
- A . Selecting events
- B . Building a baseline
- C . Selecting logging options
- D . Creating an event log
B
Explanation:
The first step in creating an anomaly detection process is building a baseline of normal behavior within the system. This baseline serves as a reference point to identify deviations or anomalies that could indicate a security incident. By understanding what normal activity looks like, security teams can more effectively detect and respond to suspicious behavior.
Reference =
CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations.
CompTIA Security+ SY0-601 Study Guide: Chapter on Monitoring and Baselines.
Which of the following should be used to ensure an attacker is unable to read the contents of a mobile device’s drive if the device is lost?
- A . TPM
- B . ECC
- C . FDE
- D . HSM
C
Explanation:
Full Disk Encryption (FDE) ensures that all data on the drive is encrypted, preventing unauthorized
access even if the device is lost.