Practice Free SY0-701 Exam Online Questions
Which of the following techniques would identify whether data has been modified in transit?
- A . Hashing
- B . Tokenization
- C . Masking
- D . Encryption
A
Explanation:
Hashing is used to verify data integrity. By comparing the hash value of the data before and after transmission, it is possible to determine if the data has been altered in transit. If the hash values match, the data has not been modified.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 1.3: "Hashing ensures integrity by making it possible to detect unauthorized changes to data."
Exam Objectives 1.3: “Explain the importance of cryptographic concepts.”
Which of the following would be the best way to test resiliency in the event of a primary power failure?
- A . Parallel processing
- B . Tabletop exercise
- C . Simulation testing
- D . Production failover
An organization has issues with deleted network share data and improper permissions.
Which solution helps track and remediate these?
- A . DLP
- B . EDR
- C . FIM
- D . ACL
C
Explanation:
File Integrity Monitoring (FIM) detects unauthorized changes to files, including deletions, modifications, and permission alterations. When protecting shared data, FIM creates baseline hashes of files and monitors them for unexpected changes. Any deviation triggers alerts, enabling rapid investigation and remediation.
Security+ SY0-701 identifies FIM as a crucial tool for:
Integrity monitoring
Detecting unauthorized file deletion
Identifying malicious or accidental permission changes
Supporting compliance (PCI-DSS, HIPAA, etc.)
DLP (A) protects against data leakage but does not detect permission misconfiguration or deleted files. EDR (B) monitors endpoint activity but is not optimized for shared file integrity. ACL (D) defines permissions but does not track changes.
Thus, C (FIM) is the correct solution.
Which of the following actions must an organization take to comply with a person’s request for the right to be forgotten?
- A . Purge all personally identifiable attributes.
- B . Encrypt all of the data.
- C . Remove all of the person’s data.
- D . Obfuscate all of the person’s data.
C
Explanation:
Comprehensive and Detailed In-Depth
The right to be forgotten, as outlined in regulations such as the General Data Protection Regulation (GDPR), requires organizations to permanently delete an individual’s personal data upon request, unless there is a legal or contractual obligation to retain it.
Purging personally identifiable attributes (A)removes some identifying data but does not fully satisfy the request.
Encrypting the data (B)does not remove it, and the data is still accessible with the decryption key.
Obfuscating data (D)makes data unreadable but does not permanently remove it.
To comply with the right to be forgotten, organizations must remove all of the person’s data unless an exception applies.
A university employee logged on to the academic server and attempted to guess the system administrators’ log-in credentials.
Which of the following security measures should the university have implemented to detect the employee’s attempts to gain access to the administrators’ accounts?
- A . Two-factor authentication
- B . Firewall
- C . Intrusion prevention system
- D . User activity logs
A security analyst wants to better understand the behavior of users and devices in order to gain visibility into potential malicious activities. The analyst needs a control to detect when actions deviate from a common baseline.
Which of the following should the analyst use?
- A . Intrusion prevention system
- B . Sandbox
- C . Endpoint detection and response
- D . Antivirus
A small business uses kiosks on the sales floor to display product information for customers. A security team discovers the kiosks use end-of-life operating systems.
Which of the following is the security team most likely to document as a security implication of the current architecture?
- A . Patch availability
- B . Product software compatibility
- C . Ease of recovery
- D . Cost of replacement
A
Explanation:
End-of-life operating systems are those that are no longer supported by the vendor or manufacturer, meaning they do not receive any security updates or patches. This makes them vulnerable to exploits and attacks that take advantage of known or unknown flaws in the software. Patch availability is the security implication of using end-of-life operating systems, as it affects the ability to fix or prevent security issues. Other factors, such as product software compatibility, ease of recovery, or cost of replacement, are not directly related to security, but rather to functionality, availability, or budget.: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 29 1
An administrator investigating an incident is concerned about the downtime of a critical server due to a failed drive.
Which of the following would the administrator use to estimate the time needed to fix the issue?
- A . MTTR
- B . MTBF
- C . RTO
- D . RPO
A
Explanation:
Mean Time To Repair (MTTR) is a key metric used to estimate the average time required to repair a failed component or system and restore it to operational status. In this case, the administrator would rely on MTTR to estimate how long it will take to fix the critical server’s failed drive and get it back online.
Mean Time Between Failures (MTBF) measures the expected operational lifespan between failures, so it does not provide an estimate of repair time.
Recovery Time Objective (RTO) refers to the maximum allowable downtime for a system or service before unacceptable impact occurs, which is a planning metric rather than an actual repair time measure.
Recovery Point Objective (RPO) defines the maximum acceptable data loss measured in time and relates to backup frequency rather than repair duration.
Therefore, MTTR is the appropriate metric to estimate the time to fix a failed drive. This concept is detailed in the Resilience and Physical Security chapter within the Security Operations domain of the SY0-701 exam 【 6:Chapter 9†CompTIA Security+ Study Guide 】
Which of the following activities is the first stage in the incident response process?
- A . Detection
- B . Declaration
- C . Containment
- D . Vacation
An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification.
Which of the following social engineering techniques are being attempted? (Choose two.)
- A . Typosquatting
- B . Phishing
- C . Impersonation
- D . Vishing
- E . Smishing
- F . Misinformation
B,E
Explanation:
Smishing is a type of social engineering technique that uses text messages (SMS) to trick victims into revealing sensitive information, clicking malicious links, or downloading malware. Smishing messages often appear to come from legitimate sources, such as banks, government agencies, or service providers, and use urgent or threatening language to persuade the recipients to take action12. In this scenario, the text message that claims to be from the payroll department is an example of smishing.
Impersonation is a type of social engineering technique that involves pretending to be someone else, such as an authority figure, a trusted person, or a colleague, to gain the trust or cooperation of the target. Impersonation can be done through various channels, such as phone calls, emails, text messages, or in-person visits, and can be used to obtain information, access, or money from the victim34. In this scenario, the text message that pretends to be from the payroll department is an example of impersonation.