Practice Free SY0-701 Exam Online Questions
Question #131
Which of the following security threats aims to compromise a website that multiple employees frequently visit?
- A . Supply chain
- B . Typosquatting
- C . Watering hole
- D . Impersonation
Correct Answer: C
C
Explanation:
The best answer is C. Watering hole.
A watering hole attack occurs when an attacker compromises a website that a targeted group of users commonly visits. The attacker chooses that site because they know the intended victims are likely to access it during normal work activities. Once the site is compromised, the attacker can deliver malware, steal credentials, or exploit browser vulnerabilities.
This exactly matches the scenario in the question: a website that multiple employees frequently visit is targeted for compromise.
Why the other options are incorrect:
C
Explanation:
The best answer is C. Watering hole.
A watering hole attack occurs when an attacker compromises a website that a targeted group of users commonly visits. The attacker chooses that site because they know the intended victims are likely to access it during normal work activities. Once the site is compromised, the attacker can deliver malware, steal credentials, or exploit browser vulnerabilities.
This exactly matches the scenario in the question: a website that multiple employees frequently visit is targeted for compromise.
Why the other options are incorrect:
Question #132
A business uses Wi-Fi with content filleting enabled. An employee noticed a coworker accessed a blocked sue from a work computer and repotted the issue. While Investigating the issue, a security administrator found another device providing internet access to certain employees.
Which of the following best describes the security risk?
- A . The host-based security agent Is not running on all computers.
- B . A rogue access point Is allowing users to bypass controls.
- C . Employees who have certain credentials are using a hidden SSID.
- D . A valid access point is being jammed to limit availability.
Correct Answer: B
B
Explanation:
The presence of another device providing internet access that bypasses the content filtering system indicates the existence of a rogue access point. Rogue access points are unauthorized devices that can create a backdoor into the network, allowing users to bypass security controls like content filtering. This presents a significant security risk as it can expose the network to unauthorized access and potential data breaches.
Reference = CompTIA Security+ SY0-701 Course Content: Rogue access points are highlighted as a major security risk, allowing unauthorized access to the network and bypassing security measures.
B
Explanation:
The presence of another device providing internet access that bypasses the content filtering system indicates the existence of a rogue access point. Rogue access points are unauthorized devices that can create a backdoor into the network, allowing users to bypass security controls like content filtering. This presents a significant security risk as it can expose the network to unauthorized access and potential data breaches.
Reference = CompTIA Security+ SY0-701 Course Content: Rogue access points are highlighted as a major security risk, allowing unauthorized access to the network and bypassing security measures.
Question #133
Which of the following scenarios describes a possible business email compromise attack?
- A . An employee receives a gift card request in an email that has an executive’s name in the display field of the email.
- B . Employees who open an email attachment receive messages demanding payment in order to access files.
- C . A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account.
- D . An employee receives an email with a link to a phishing site that is designed to look like the company’s email portal.
Correct Answer: A
A
Explanation:
A business email compromise (BEC) attack is a type of phishing attack that targets employees who have access to company funds or sensitive information. The attacker impersonates a trusted person, such as an executive, a vendor, or a client, and requests a fraudulent payment, a wire transfer, or confidential data. The attacker often uses social engineering techniques, such as urgency, pressure, or familiarity, to convince the victim to comply with the request12.
In this scenario, option A describes a possible BEC attack, where an employee receives a gift card request in an email that has an executive’s name in the display field of the email. The email may look like it is coming from the executive, but the actual email address may be spoofed or compromised. The attacker may claim that the gift cards are needed for a business purpose, such as rewarding employees or clients, and ask the employee to purchase them and send the codes. This is a common tactic used by BEC attackers to steal money from unsuspecting victims34.
Option B describes a possible ransomware attack, where malicious software encrypts the files on a device and demands a ransom for the decryption key.
Option C describes a possible credential harvesting attack, where an attacker tries to obtain the login information of a privileged account by posing as a legitimate authority.
Option D describes a possible phishing attack, where an attacker tries to lure the victim to a fake website that mimics the company’s email portal and capture their credentials. These are all types of cyberattacks, but they are not examples of BEC
attacks.
Reference = 1: Business Email Compromise – CompTIA Security+ SY0-701 – 2.2 2: CompTIA Security+ SY0-701 Certification Study Guide 3: Business Email Compromise: The 12 Billion Dollar Scam 4: TOTAL: CompTIA Security+ Cert (SY0-701) | Udemy
A
Explanation:
A business email compromise (BEC) attack is a type of phishing attack that targets employees who have access to company funds or sensitive information. The attacker impersonates a trusted person, such as an executive, a vendor, or a client, and requests a fraudulent payment, a wire transfer, or confidential data. The attacker often uses social engineering techniques, such as urgency, pressure, or familiarity, to convince the victim to comply with the request12.
In this scenario, option A describes a possible BEC attack, where an employee receives a gift card request in an email that has an executive’s name in the display field of the email. The email may look like it is coming from the executive, but the actual email address may be spoofed or compromised. The attacker may claim that the gift cards are needed for a business purpose, such as rewarding employees or clients, and ask the employee to purchase them and send the codes. This is a common tactic used by BEC attackers to steal money from unsuspecting victims34.
Option B describes a possible ransomware attack, where malicious software encrypts the files on a device and demands a ransom for the decryption key.
Option C describes a possible credential harvesting attack, where an attacker tries to obtain the login information of a privileged account by posing as a legitimate authority.
Option D describes a possible phishing attack, where an attacker tries to lure the victim to a fake website that mimics the company’s email portal and capture their credentials. These are all types of cyberattacks, but they are not examples of BEC
attacks.
Reference = 1: Business Email Compromise – CompTIA Security+ SY0-701 – 2.2 2: CompTIA Security+ SY0-701 Certification Study Guide 3: Business Email Compromise: The 12 Billion Dollar Scam 4: TOTAL: CompTIA Security+ Cert (SY0-701) | Udemy
Question #134
Which of the following automation use cases would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company?
- A . Provisioning resources
- B . Disabling access
- C . Reviewing change approvals
- D . Escalating permission requests
Correct Answer: B
B
Explanation:
Disabling access is an automation use case that would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company. Disabling access is the process of revoking or suspending the access rights of a user account, such as login credentials, email, VPN, cloud services, etc. Disabling access can prevent unauthorized or malicious use of the account by former employees or attackers who may have compromised the account. Disabling access can also reduce the attack surface and the risk of data breaches or leaks. Disabling access can be automated by using scripts, tools, or workflows that can trigger the action based on predefined events, such as employee termination, resignation, or transfer. Automation can ensure that the access is disabled in a timely, consistent, and efficient manner, without relying on manual intervention or human error.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 5: Identity and Access Management, page 2131. CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 5: Identity and Access Management, page 2132.
B
Explanation:
Disabling access is an automation use case that would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company. Disabling access is the process of revoking or suspending the access rights of a user account, such as login credentials, email, VPN, cloud services, etc. Disabling access can prevent unauthorized or malicious use of the account by former employees or attackers who may have compromised the account. Disabling access can also reduce the attack surface and the risk of data breaches or leaks. Disabling access can be automated by using scripts, tools, or workflows that can trigger the action based on predefined events, such as employee termination, resignation, or transfer. Automation can ensure that the access is disabled in a timely, consistent, and efficient manner, without relying on manual intervention or human error.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 5: Identity and Access Management, page 2131. CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 5: Identity and Access Management, page 2132.
Question #135
Which of the following solutions would most likely be used in the financial industry to mask sensitive data?
- A . Tokenization
- B . Hashing
- C . Salting
- D . Steganography
Correct Answer: A
A
Explanation:
Tokenization is widely used in the financial industry to mask sensitive information such as credit card numbers, bank account details, or payment tokens. Tokenization replaces sensitive data with harmless surrogate values (tokens) that maintain format and usability but reveal nothing if intercepted.
Security+ SY0-701 highlights tokenization as a preferred method for PCI-DSS-regulated environments because:
It reduces exposure of actual sensitive data
It lowers compliance scope
Tokens can be mapped back to real data only through a secure token vault
It prevents attackers from accessing meaningful information
Hashing (B) is one-way and cannot be reversed, making it unsuitable for financial transactions that require retrieving original values. Salting (C) enhances password hashing security but does not mask data. Steganography (D) hides data inside images or media files, not used for structured data protection.
Thus, the correct answer is A: Tokenization.
A
Explanation:
Tokenization is widely used in the financial industry to mask sensitive information such as credit card numbers, bank account details, or payment tokens. Tokenization replaces sensitive data with harmless surrogate values (tokens) that maintain format and usability but reveal nothing if intercepted.
Security+ SY0-701 highlights tokenization as a preferred method for PCI-DSS-regulated environments because:
It reduces exposure of actual sensitive data
It lowers compliance scope
Tokens can be mapped back to real data only through a secure token vault
It prevents attackers from accessing meaningful information
Hashing (B) is one-way and cannot be reversed, making it unsuitable for financial transactions that require retrieving original values. Salting (C) enhances password hashing security but does not mask data. Steganography (D) hides data inside images or media files, not used for structured data protection.
Thus, the correct answer is A: Tokenization.
Question #136
A company wants to ensure that only authorized devices can enter an environment.
Which of the following will the company most likely use to implement the control?
- A . Access lists
- B . Remote connection
- C . Screened subnets
- D . Centralized proxy
Correct Answer: A
A
Explanation:
The best answer is A. Access lists.
To ensure that only authorized devices can enter or connect to an environment, the organization needs a control that explicitly allows approved devices and denies unapproved ones. Access lists are used to define which devices, systems, or addresses are permitted access.
This can include allowlists based on:
device identifiers
MAC addresses
IP addresses
approved system entries
predefined access control rules
Why the other options are incorrect:
B. Remote connection This is a method of connecting, not a control that determines which devices are authorized.
C. Screened subnets A screened subnet helps separate public-facing systems from internal systems, but it does not directly ensure only authorized devices can enter.
D. Centralized proxy A proxy mediates traffic requests, but it is not the primary control for allowing only authorized devices into an environment.
From a Security+ perspective, restricting access to only approved devices is best aligned with allow/deny rules through access lists, so A is the strongest answer.
A
Explanation:
The best answer is A. Access lists.
To ensure that only authorized devices can enter or connect to an environment, the organization needs a control that explicitly allows approved devices and denies unapproved ones. Access lists are used to define which devices, systems, or addresses are permitted access.
This can include allowlists based on:
device identifiers
MAC addresses
IP addresses
approved system entries
predefined access control rules
Why the other options are incorrect:
B. Remote connection This is a method of connecting, not a control that determines which devices are authorized.
C. Screened subnets A screened subnet helps separate public-facing systems from internal systems, but it does not directly ensure only authorized devices can enter.
D. Centralized proxy A proxy mediates traffic requests, but it is not the primary control for allowing only authorized devices into an environment.
From a Security+ perspective, restricting access to only approved devices is best aligned with allow/deny rules through access lists, so A is the strongest answer.
Question #137
While reviewing a recent compromise, a forensics team discovers that there are hard-coded credentials in the database connection strings.
Which of the following assessment types should be performed during software development to prevent this from reoccurring?
- A . Vulnerability scan
- B . Penetration test
- C . Static analysis
- D . Quality assurance
Correct Answer: C
C
Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
Static analysis, also known as Static Application Security Testing (SAST), analyzes source code without executing it to identify security weaknesses such as hard-coded passwords, insecure API calls, and improper credential handling. This aligns exactly with the issue described―credentials embedded directly in code.
CompTIA Security+ SY0-701 stresses that secure software development practices must include automated static code analysis tools that scan for credential exposure, insecure dependencies, injection risks, and coding standards violations. Static analysis detects these issues early in the SDLC, long before deployment.
A vulnerability scan (A) examines running systems, not source code. A penetration test (B) actively exploits vulnerabilities but cannot reliably detect embedded secrets. Quality assurance (D) checks functional requirements, not security flaws in code.
Therefore, static analysis is the correct and most effective assessment to prevent reoccurrence of hard-coded credentials in software systems.
C
Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
Static analysis, also known as Static Application Security Testing (SAST), analyzes source code without executing it to identify security weaknesses such as hard-coded passwords, insecure API calls, and improper credential handling. This aligns exactly with the issue described―credentials embedded directly in code.
CompTIA Security+ SY0-701 stresses that secure software development practices must include automated static code analysis tools that scan for credential exposure, insecure dependencies, injection risks, and coding standards violations. Static analysis detects these issues early in the SDLC, long before deployment.
A vulnerability scan (A) examines running systems, not source code. A penetration test (B) actively exploits vulnerabilities but cannot reliably detect embedded secrets. Quality assurance (D) checks functional requirements, not security flaws in code.
Therefore, static analysis is the correct and most effective assessment to prevent reoccurrence of hard-coded credentials in software systems.
Question #138
A security analyst has determined that a security breach would have a financial impact of $15,000 and is expected to occur twice within a three-year period.
Which of the following is the ALE for this risk?
- A . $7,500
- B . $10,000
- C . $15,000
- D . $30,000
Correct Answer: B
Question #139
Which of the following would be the best way to test resiliency in the event of a primary power failure?
- A . Parallel processing
- B . Tabletop exercise
- C . Simulation testing
- D . Production failover
Correct Answer: D
Question #140
Which of the following security controls is a company implementing by deploying HIPS? (Select two)
- A . Directive
- B . Preventive
- C . Physical
- D . Corrective
- E . Compensating
- F . Detective
Correct Answer: B,F
B,F
Explanation:
A Host-based Intrusion Prevention System (HIPS) provides both preventive and detective security controls. Security+ SY0-701 describes HIPS as a host-level security solution that monitors system behavior, blocks malicious activity, and logs suspicious events.
It functions as a preventive control (B) because it can:
Stop malware execution
Block unauthorized changes
Prevent exploit attempts
Enforce endpoint protection policies
It is also a detective control (F) because it can:
Record attempted attacks
Identify suspicious activities
Generate alerts for security teams
Directive controls (A) refer to policies; physical controls (C) refer to locks and barriers; corrective controls (D) restore systems after an incident; compensating controls (E) substitute for missing primary controls.
Therefore, the two correct answers are B (Preventive) and F (Detective).
B,F
Explanation:
A Host-based Intrusion Prevention System (HIPS) provides both preventive and detective security controls. Security+ SY0-701 describes HIPS as a host-level security solution that monitors system behavior, blocks malicious activity, and logs suspicious events.
It functions as a preventive control (B) because it can:
Stop malware execution
Block unauthorized changes
Prevent exploit attempts
Enforce endpoint protection policies
It is also a detective control (F) because it can:
Record attempted attacks
Identify suspicious activities
Generate alerts for security teams
Directive controls (A) refer to policies; physical controls (C) refer to locks and barriers; corrective controls (D) restore systems after an incident; compensating controls (E) substitute for missing primary controls.
Therefore, the two correct answers are B (Preventive) and F (Detective).