Practice Free SY0-701 Exam Online Questions
Question #141
A security analyst is examining a penetration test report and notices that the tester pivoted to critical internal systems with the same local user ID and password.
Which of the following would help prevent this in the future?
- A . Implement centralized authentication with proper password policies
- B . Add password complexity rules and increase password history limits
- C . Connect the systems to an external authentication server
- D . Limit the ability of user accounts to change passwords
Correct Answer: A
A
Explanation:
Centralized authentication (such as Active Directory or LDAP) combined with proper password policies helps prevent the reuse of the same local credentials across multiple systems, reducing the risk of lateral movement during attacks like credential reuse or pass-the-hash.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 3.1: "Centralized authentication and strong password policies reduce risks associated with local account reuse."
Exam Objectives 3.1: “Implement secure network architecture concepts.”
A
Explanation:
Centralized authentication (such as Active Directory or LDAP) combined with proper password policies helps prevent the reuse of the same local credentials across multiple systems, reducing the risk of lateral movement during attacks like credential reuse or pass-the-hash.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 3.1: "Centralized authentication and strong password policies reduce risks associated with local account reuse."
Exam Objectives 3.1: “Implement secure network architecture concepts.”
Question #142
Which of the following should be used to select a label for a file based on the file’s value, sensitivity, or applicable regulations?
- A . Verification
- B . Certification
- C . Classification
- D . Inventory
Correct Answer: C
C
Explanation:
Classification is the process of assigning labels to files or data based on sensitivity, business value, or regulatory requirements. Proper classification guides handling, access controls, and protection measures.
Verification (A) and certification (B) are validation processes, and inventory (D) is a listing of assets.
Data classification is a foundational data governance control in SY0-701 【 6:Chapter 16†CompTIA Security+ Study Guide 】 .
C
Explanation:
Classification is the process of assigning labels to files or data based on sensitivity, business value, or regulatory requirements. Proper classification guides handling, access controls, and protection measures.
Verification (A) and certification (B) are validation processes, and inventory (D) is a listing of assets.
Data classification is a foundational data governance control in SY0-701 【 6:Chapter 16†CompTIA Security+ Study Guide 】 .
Question #143
Which of the following is prevented by proper data sanitization?
- A . Hackers’ ability to obtain data from used hard drives
- B . Devices reaching end-of-life and losing support
- C . Disclosure of sensitive data through incorrect classification
- D . Incorrect inventory data leading to a laptop shortage
Correct Answer: A
A
Explanation:
Detailed Proper data sanitization ensures that sensitive data is securely erased from storage devices, preventing unauthorized access or recovery when the devices are disposed of or reused.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 5: Security Program Management, Section: "Data Sanitization and Disposal Methods".
A
Explanation:
Detailed Proper data sanitization ensures that sensitive data is securely erased from storage devices, preventing unauthorized access or recovery when the devices are disposed of or reused.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 5: Security Program Management, Section: "Data Sanitization and Disposal Methods".
Question #144
Which of the following strategies should an organization use to efficiently manage and analyze multiple types of logs?
- A . Deploy a SIEM solution
- B . Create custom scripts to aggregate and analyze logs
- C . Implement EDR technology
- D . Install a unified threat management appliance
Correct Answer: A
A
Explanation:
Deploying a Security Information and Event Management (SIEM) solution allows for efficient log aggregation, correlation, and analysis across an organization’s infrastructure, providing real-time security insights.: Security+ SY0-701 Course Content, Security+ SY0-601 Book.
A
Explanation:
Deploying a Security Information and Event Management (SIEM) solution allows for efficient log aggregation, correlation, and analysis across an organization’s infrastructure, providing real-time security insights.: Security+ SY0-701 Course Content, Security+ SY0-601 Book.
Question #145
Which of the following tasks is typically included in the BIA process?
- A . Estimating the recovery time of systems
- B . Identifying the communication strategy
- C . Evaluating the risk management plan
- D . Establishing the backup and recovery procedures
- E . Developing the incident response plan
Correct Answer: A
Question #146
Which of the following methods would most likely be used to identify legacy systems?
- A . Bug bounty program
- B . Vulnerability scan
- C . Package monitoring
- D . Dynamic analysis
Correct Answer: B
B
Explanation:
A vulnerability scan is the most likely method to identify legacy systems. These scans assess an organization’s network and systems for known vulnerabilities, including outdated or unsupportedsoftware (i.e., legacy systems) that may pose a security risk. The scan results can highlight systems that are no longer receiving updates, helping IT teams address these risks.
Bug bounty programs are used to incentivize external researchers to find security flaws, but they are less effective at identifying legacy systems.
Package monitoring tracks installed software packages for updates or issues but is not as comprehensive for identifying legacy systems.
Dynamic analysis is typically used for testing applications during runtime to find vulnerabilities, but not for identifying legacy systems.
B
Explanation:
A vulnerability scan is the most likely method to identify legacy systems. These scans assess an organization’s network and systems for known vulnerabilities, including outdated or unsupportedsoftware (i.e., legacy systems) that may pose a security risk. The scan results can highlight systems that are no longer receiving updates, helping IT teams address these risks.
Bug bounty programs are used to incentivize external researchers to find security flaws, but they are less effective at identifying legacy systems.
Package monitoring tracks installed software packages for updates or issues but is not as comprehensive for identifying legacy systems.
Dynamic analysis is typically used for testing applications during runtime to find vulnerabilities, but not for identifying legacy systems.
Question #147
A user would like to install software and features that are not available with a smartphone’s default software.
Which of the following would allow the user to install unauthorized software and enable new features?
- A . SOU
- B . Cross-site scripting
- C . Jailbreaking
- D . Side loading
Correct Answer: C
C
Explanation:
Jailbreaking is the process of removing restrictions imposed by the manufacturer on a smartphone, allowing the user to install unauthorized software and features not available through official app stores. This action typically voids the warranty and can introduce security risks by bypassing built-in protections.
SOU (Statement of Understanding) is not related to modifying devices.
Cross-site scripting is a web-based attack technique, unrelated to smartphone software.
Side loading refers to installing apps from unofficial sources but without necessarily removing built-in restrictions like jailbreaking does.
C
Explanation:
Jailbreaking is the process of removing restrictions imposed by the manufacturer on a smartphone, allowing the user to install unauthorized software and features not available through official app stores. This action typically voids the warranty and can introduce security risks by bypassing built-in protections.
SOU (Statement of Understanding) is not related to modifying devices.
Cross-site scripting is a web-based attack technique, unrelated to smartphone software.
Side loading refers to installing apps from unofficial sources but without necessarily removing built-in restrictions like jailbreaking does.
Question #148
An IT manager is putting together a documented plan describing how the organization will keep operating in the event of a global incident.
Which of the following plans is the IT manager creating?
- A . Business continuity
- B . Physical security
- C . Change management
- D . Disaster recovery
Correct Answer: A
A
Explanation:
The IT manager is creating a Business Continuity Plan (BCP). A BCP describes how an organization will continue to operate during and after a disaster or global incident. It ensures that critical business functions remain operational despite adverse conditions, with a focus on minimizing downtime and maintaining essential services.
Physical security relates to protecting physical assets.
Change management ensures changes in IT systems are introduced smoothly, without disrupting operations.
Disaster recovery is a subset of business continuity but focuses specifically on recovering from IT-related incidents.
A
Explanation:
The IT manager is creating a Business Continuity Plan (BCP). A BCP describes how an organization will continue to operate during and after a disaster or global incident. It ensures that critical business functions remain operational despite adverse conditions, with a focus on minimizing downtime and maintaining essential services.
Physical security relates to protecting physical assets.
Change management ensures changes in IT systems are introduced smoothly, without disrupting operations.
Disaster recovery is a subset of business continuity but focuses specifically on recovering from IT-related incidents.
Question #149
During a SQL update of a database, a temporary field used as part of the update sequence was modified by an attacker before the update completed in order to allow access to the system.
Which of the following best describes this type of vulnerability?
- A . Race condition
- B . Memory injection
- C . Malicious update
- D . Side loading
Correct Answer: A
A
Explanation:
Arace condition occurs when two or more processes attempt to access and modify a shared resource simultaneously, leading to unintended behavior. In this scenario, the attacker was able to modify a temporary field before the SQL update completed, indicating a time-of-check to time-of-use (TOCTOU) vulnerability, which is a type of race condition.
Memory injection (B)refers to inserting malicious code into a running process’s memory, but that is not what is happening here.
Malicious update (C)is too broad and does not specifically describe this scenario.
Side loading (D)is a technique where malicious software is loaded via a trusted application, unrelated to this case.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Threats, Vulnerabilities, and Mitigations domain.
A
Explanation:
Arace condition occurs when two or more processes attempt to access and modify a shared resource simultaneously, leading to unintended behavior. In this scenario, the attacker was able to modify a temporary field before the SQL update completed, indicating a time-of-check to time-of-use (TOCTOU) vulnerability, which is a type of race condition.
Memory injection (B)refers to inserting malicious code into a running process’s memory, but that is not what is happening here.
Malicious update (C)is too broad and does not specifically describe this scenario.
Side loading (D)is a technique where malicious software is loaded via a trusted application, unrelated to this case.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Threats, Vulnerabilities, and Mitigations domain.
Question #149
During a SQL update of a database, a temporary field used as part of the update sequence was modified by an attacker before the update completed in order to allow access to the system.
Which of the following best describes this type of vulnerability?
- A . Race condition
- B . Memory injection
- C . Malicious update
- D . Side loading
Correct Answer: A
A
Explanation:
Arace condition occurs when two or more processes attempt to access and modify a shared resource simultaneously, leading to unintended behavior. In this scenario, the attacker was able to modify a temporary field before the SQL update completed, indicating a time-of-check to time-of-use (TOCTOU) vulnerability, which is a type of race condition.
Memory injection (B)refers to inserting malicious code into a running process’s memory, but that is not what is happening here.
Malicious update (C)is too broad and does not specifically describe this scenario.
Side loading (D)is a technique where malicious software is loaded via a trusted application, unrelated to this case.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Threats, Vulnerabilities, and Mitigations domain.
A
Explanation:
Arace condition occurs when two or more processes attempt to access and modify a shared resource simultaneously, leading to unintended behavior. In this scenario, the attacker was able to modify a temporary field before the SQL update completed, indicating a time-of-check to time-of-use (TOCTOU) vulnerability, which is a type of race condition.
Memory injection (B)refers to inserting malicious code into a running process’s memory, but that is not what is happening here.
Malicious update (C)is too broad and does not specifically describe this scenario.
Side loading (D)is a technique where malicious software is loaded via a trusted application, unrelated to this case.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Threats, Vulnerabilities, and Mitigations domain.