Practice Free SY0-701 Exam Online Questions
An administrator implements web-filtering products but still sees that users are visiting malicious links.
Which of the following configuration items does the security administrator need to review?
- A . Intrusion prevention system
- B . Content categorization
- C . Encryption
- D . DNS service
B
Explanation:
Web-filtering effectiveness heavily relies on content categorization to correctly identify and block access to malicious or inappropriate websites. If users are still visiting malicious links, it is likely that the categorization database or configuration needs updating or correction.
Intrusion prevention systems (A) protect against network attacks but do not filter web content by category. Encryption (C) is unrelated to web filtering, and DNS services (D) assist with domain resolution but do not directly categorize content.
Proper configuration and maintenance of content categorization are essential to effective web filtering, as emphasized in the Security Operations domain of SY0-701 【 6:Chapter 12†CompTIA Security+ Study Guide 】 .
A security analyst reviews firewall configurations and finds that firewalls are configured to fail-open mode in the event of a crash.
Which of the following describes the security risk associated with this configuration?
- A . There may be increased latency during failover.
- B . Authentication tokens may be invalidated during an outage.
- C . Traffic will bypass inspection during a failure.
- D . All encrypted traffic will be blocked during an outage.
C
Explanation:
The best answer is C. Traffic will bypass inspection during a failure.
A firewall configured to fail open will allow traffic to continue flowing if the device crashes or fails. This preserves availability, but it creates a security risk because traffic may pass through without being inspected or filtered.
That means malicious traffic, unauthorized connections, or prohibited traffic could traverse the network during the outage.
Why the other options are incorrect:
A company prepares for an upcoming regulatory audit. The company wants to perform a gap analysis in the most cost-effective way.
Which of the following will help the company achieve this goal?
- A . Internal self-assessment
- B . Active reconnaissance
- C . Red team penetration test
- D . Tabletop exercise
A
Explanation:
The best answer is A. Internal self-assessment.
A gap analysis is used to compare the organization’s current security, compliance, or control posture against a required standard, framework, or regulatory requirement. If the company wants to do this in the most cost-effective way, an internal self-assessment is the best choice because it allows the organization to review its own policies, procedures, controls, and documentation without the added expense of external testing or specialized attack simulations.
Why the other options are incorrect:
B. Active reconnaissance Active reconnaissance involves directly interacting with systems to gather information, often as part of security testing or attack emulation. It is not the best option for a compliance-focused gap analysis.
C. Red team penetration test A red team exercise is more advanced and expensive. It simulates real-
world attacks to test detection and response capabilities. This is valuable for security maturity, but it is not the most cost-effective method for identifying compliance gaps before an audit.
D. Tabletop exercise A tabletop exercise is a discussion-based activity used to test incident response plans, communication, and decision-making. It does not primarily identify regulatory compliance gaps.
From a Security+ perspective, self-assessments, audits, and gap analyses are part of governance, risk, and compliance activities. For a low-cost review against regulatory requirements, internal self-assessment is the most appropriate answer.
A systems administrator is redesigning now devices will perform network authentication.
The following requirements need to be met:
• An existing Internal certificate must be used.
• Wired and wireless networks must be supported
• Any unapproved device should be Isolated in a quarantine subnet
• Approved devices should be updated before accessing resources.
Which of the following would best meet the requirements?
- A . 802.IX
- B . EAP
- C . RADIUS
- D . WPA2
A
Explanation:
A certificate authority needs to post information about expired certificates.
Which of the following would accomplish this task?
- A . TPM
- B . CRL
- C . PKI
- D . CSR
B
Explanation:
A Certificate Revocation List (CRL)is a digitally signed list maintained by a Certificate Authority (CA)that contains revoked or expired certificates. This prevents clients from trusting compromised or outdated certificates.
TPM (A)is a hardware security module, unrelated to certificate revocation.
PKI (C)is the overall system managing digital certificates, but it does not store revocation lists.
CSR (D)is a request to obtain a certificate, not to revoke one.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Security Architecture domain.
Which of the following would most likely be deployed to obtain and analyze attacker activity and techniques?
- A . Firewall
- B . IDS
- C . Honeypot
- D . Layer 3 switch
Which of the following most accurately describes the order in which a security engineer should implement secure baselines?
- A . Deploy, maintain, establish
- B . Establish, maintain, deploy
- C . Establish, deploy, maintain
- D . Deploy, establish, maintain
C
Explanation:
Detailed The correct sequence is to first establish secure baselines by determining the required configurations, deploy those configurations across systems, and finally maintain the configurations through regular updates and auditing.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 4: Security Operations, Section: "Secure Baseline Development".
The security operations center is researching an event concerning a suspicious IP address A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced faded log-In attempts when authenticating from the same IP address:
Which of the following most likely describes attack that took place?
- A . Spraying
- B . Brute-force
- C . Dictionary
- D . Rainbow table
One of a company’s vendors sent an analyst a security bulletin that recommends a BIOS update.
Which of the following vulnerability types is being addressed by the patch?
- A . Virtualization
- B . Firmware
- C . Application
- D . Operating system
B
Explanation:
Firmware is a type of software that is embedded in hardware devices, such as BIOS, routers, printers, or cameras. Firmware controls the basic functions and operations of the device, and can be updated or patched to fix bugs, improve performance, or enhance security. Firmware vulnerabilities are flaws or weaknesses in the firmware code that can be exploited by attackers to gain unauthorized access, modify settings, or cause damage to the device or the network. A BIOS update is a patch that addresses a firmware vulnerability in the basic input/output system of a computer, which is responsible for booting the operating system and managing the communication between the hardware and the software. The other options are not types of vulnerabilities, but rather categories of software or technology.
Which of the following security measures is required when using a cloud-based platform for loT management?
- A . Encrypted connection
- B . Federated identity
- C . Firewall
- D . Single sign-on