Practice Free SY0-701 Exam Online Questions
An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC’s memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network.
Which of the following describes this type of attack?
- A . Privilege escalation
- B . Buffer overflow
- C . SQL injection
- D . Pass-the-hash
D
Explanation:
The scenario describes an attacker who obtained credentials from a compromised system’s memory and used them without cracking to move laterally within the network. This technique is known as a "pass-the-hash" attack, where the attacker captures hashed credentials (e.g., NTLM hashes) and uses them to authenticate and gain access to other systems without needing to know the plaintext password. This is a common attack method in environments where weak security practices or outdated protocols are in use.
CompTIA Security+ SY0-701 Course Content: The course discusses credential-based attacks like pass-the-hash, emphasizing their impact and the importance of protecting credential stores.
A business is expanding to a new country and must protect customers from accidental disclosure of specific national identity information.
Which of the following should the security engineer update to best meet business requirements?
- A . SIEM
- B . SCAP
- C . DLP
- D . WAF
C
Explanation:
The requirement is to prevent the accidental disclosure of national identity information―highly sensitive personal data. The best solution is DLP (Data Loss Prevention).
DLP tools monitor, detect, and block unauthorized transmission or exposure of sensitive data across:
Cloud storage
Endpoints
Networks
Databases
In Security+ SY0-701, DLP is specifically recommended for ensuring compliance with privacy regulations, including those related to national identifiers (e.g., Social Security numbers, national ID numbers).
A SIEM (A) aggregates logs but does not prevent data leakage. SCAP (B) provides standardized security configuration assessments, unrelated to data protection. A WAF (D) helps protect web applications but does not prevent sensitive data exfiltration.
Since the requirement focuses on preventing accidental disclosure, DLP is the only technology capable of detecting, labeling, blocking, and reporting attempts to move or expose sensitive national identity data. Therefore, the correct answer is C.
Which of the following would most likely prevent exploitation of an end-of-life, business-critical system?
- A . Monitoring
- B . Isolation
- C . Decommissioning
- D . Encryption
B
Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
End-of-life (EOL) systems no longer receive security patches, vendor support, or vulnerability updates. Because of this, they are highly susceptible to exploitation, especially if attackers can reach them over a network. When the system is business-critical and cannot be decommissioned, the most effective strategy is isolation, also known as network segmentation, air-gapping, or restrictive network zoning. Isolation removes direct exposure to external and internal threats by limiting communication paths to only essential systems and users.
According to the Security+ SY0-701 guidance, isolating legacy systems helps reduce the attack surface when patching is no longer possible. Monitoring (A) is useful for detection but does not prevent exploitation. Decommissioning (C) would be ideal but is not possible for business-critical systems, as stated in the question. Encryption (D) protects data confidentiality but does not stop an attacker from exploiting vulnerabilities in an unpatched OS or application.
Isolation is a recommended compensating control for legacy and unsupported systems in SY0-701’s Security Architecture & Resilience domain, which emphasizes micro-segmentation, firewalls, and restricted access to minimize risk when systems cannot be replaced or patched.
An attorney prints confidential documents to a copier in an office space near multiple workstations and a reception desk. When the attorney goes to the copier to retrieve the documents, the documents are missing.
Which of the following would best prevent this from reoccurring?
- A . Place the copier in the legal department.
- B . Configure DLP on the attorney’s workstation.
- C . Set up LDAP authentication on the printer.
- D . Conduct a physical penetration test.
C
Explanation:
LDAP authentication on the printer (C)would require users to authenticate before printing, enabling secure print release. This ensures that documents are not printed until the authorized user is physically present, which directly addresses the issue of missing confidential documents.
As per CompTIA Security+ SY0-701, Domain 3.1 (Access management), integrating authentication mechanisms like LDA Pimproves physical and document security in shared environments.
Reference: CompTIA Security+ SY0-701 Objectives, Domain 3.1 C “Access management: Authentication mechanisms (e.g., LDAP).”
Which of the following is the best way to prevent data from being leaked from a secure network that does not need to communicate externally?
- A . Air gap
- B . Containerization
- C . Virtualization
- D . Decentralization
A
Explanation:
An air gap is the practice of physically isolating a secure network from any external or unsecured networks, effectively preventing any external communication or data leakage. It is the strongest method to prevent data exfiltration in sensitive environments.
Containerization (B) and virtualization (C) are technologies for isolating applications or systems logically but do not guarantee physical separation. Decentralization (D) distributes resources but doesn’t prevent data leakage.
Air gaps are critical in highly secure environments and covered under Resilience and Physical Security in SY0-701 【 6:Chapter 9†CompTIA Security+ Study Guide 】 .
A company expects its provider to ensure servers and networks maintain 97% uptime.
Which of the following would most likely list this expectation?
- A . BPA
- B . MOU
- C . NDA
- D . SLA
D
Explanation:
An SLA (Service-Level Agreement) defines the expected performance, availability, uptime, response times, and responsibilities between a provider and a client. The requirement in the scenario―“97% uptime”―is a classic example of an SLA metric. Security+ SY0-701 emphasizes that SLAs outline measurable service expectations so the client can assess compliance and performance.
A BPA (A) outlines business partnership terms, not performance uptime. An MOU (B) documents mutual understanding but is not legally binding and does not include uptime metrics. An NDA (C) protects confidentiality, not availability or service guarantees.
Thus, the correct answer is D: SLA.
A company is in the process of cutting jobs to manage costs. The Chief Information Security Officer is concerned about the increased risk of an insider threat.
Which of the following would most likely help the security awareness team address this potential threat?
- A . Immediately disable the accounts of staff who are likely to be terminated.
- B . Train supervisors to identify and manage disgruntled employees.
- C . Configure DLP to monitor staff who will be terminated.
- D . Raise awareness for business leaders on social engineering techniques.
B
Explanation:
When layoffs occur, disgruntled employees pose a significant insider threat risk. Training supervisors to identify signs of disgruntlement and manage employees empathetically helps reduce insider threat risks by addressing issues before they escalate. Supervisors act as the first line of defense in recognizing behavioral changes and intervening.
Immediately disabling accounts (A) may cause operational issues if done prematurely; monitoring with DLP (C) is reactive and less proactive than awareness; raising awareness about social engineering (D) targets external threats more than insider risks.
This approach is part of insider threat awareness and workforce management in Security Program Management 【 6:Chapter 16†CompTIA Security+ Study Guide 】 .
An administrator is Investigating an incident and discovers several users’ computers were Infected with malware after viewing files mat were shared with them. The administrator discovers no degraded performance in the infected machines and an examination of the log files does not show excessive failed logins.
Which of the following attacks Is most likely the cause of the malware?
- A . Malicious flash drive
- B . Remote access Trojan
- C . Brute-forced password
- D . Cryptojacking
D
Explanation:
Cryptojacking is the likely cause in this scenario. It involves malware that hijacks the resources of infected computers to mine cryptocurrency, usually without the user’s knowledge. This type of attack doesn’t typically degrade performance significantly or result in obvious system failures, which matches the situation described, where the machines showed no signs of degraded performance or excessive failed logins.
CompTIA Security+ SY0-701 Course Content: Cryptojacking is covered under types of malware attacks, highlighting its stealthy nature and impact on infected systems.
The Cruel Information Security Officer (CISO) asks a security analyst to install an OS update to a production VM that has a 99% uptime SLA. The CISO tells me analyst the installation must be done as quickly as possible.
Which of the following courses of action should the security analyst take first?
- A . Log in to the server and perform a health check on the VM.
- B . Install the patch Immediately.
- C . Confirm that the backup service is running.
- D . Take a snapshot of the VM.
D
Explanation:
Before applying any updates or patches to a production VM, especially one with a 99% uptime SLA, it is crucial to first take a snapshot of the VM. This snapshot serves as a backup that can be quickly restored in case the update causes any issues, ensuring that the system can be returned to its previous state without violating the SLA. This step mitigates risk and is a standard best practice in change management for critical systems.
= CompTIA Security+ SY0-701 study materials, focusing on change management and backup strategies.
Which of the following would best allow a company to prevent access to systems from the Internet?
- A . Containerization
- B . Virtualization
- C . SD-WAN
- D . Air-gapped
D
Explanation:
An air-gapped system is physically isolated from unsecured networks (like the public Internet), ensuring that there is no direct or indirect network connection. This is the most effective way to prevent Internet-based access to sensitive systems.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 3.2: "Air-gapped systems are isolated from external networks and prevent Internet access."
Exam Objectives 3.2: “Summarize security implications of embedded and specialized systems.”