Practice Free SY0-701 Exam Online Questions
Question #160
A systems administrator needs to encrypt all data on employee laptops.
Which of the following encryption levels should be implemented?
- A . Volume
- B . Partition
- C . Full disk
- D . File
Correct Answer: C
Question #162
A security analyst is reviewing logs and discovers the following:
Which of the following should be used lo best mitigate this type of attack?
- A . Input sanitization
- B . Secure cookies
- C . Static code analysis
- D . Sandboxing
Correct Answer: A
Question #163
A malicious update was distributed to a common software platform and disabled services at many organizations.
Which of the following best describes this type of vulnerability?
- A . DDoS attack
- B . Rogue employee
- C . Insider threat
- D . Supply chain
Correct Answer: D
Question #164
In order to strengthen a password and prevent a hacker from cracking it, a random string of 36 characters was added to the password.
Which of the following best describes this technique?
- A . Key stretching
- B . Tokenization
- C . Data masking
- D . Salting
Correct Answer: D
D
Explanation:
Adding a random string of characters, known as a "salt," to a password before hashing it is known as salting. This technique strengthens passwords by ensuring that even if two users have the same password, their hashes will be different due to the unique salt, making it much harder for attackers to crack passwords using precomputed tables.
Reference: CompTIA Security+ SY0-701 course content and official CompTIA study resources.
D
Explanation:
Adding a random string of characters, known as a "salt," to a password before hashing it is known as salting. This technique strengthens passwords by ensuring that even if two users have the same password, their hashes will be different due to the unique salt, making it much harder for attackers to crack passwords using precomputed tables.
Reference: CompTIA Security+ SY0-701 course content and official CompTIA study resources.
Question #165
After a recent ransomware attack on a company’s system, an administrator reviewed the log files.
Which of the following control types did the administrator use?
- A . Compensating
- B . Detective
- C . Preventive
- D . Corrective
Correct Answer: B
B
Explanation:
Detective controls are security measures that are designed to identify and monitor any malicious activity or anomalies on a system or network. They can help to discover the source, scope, and impact of an attack, and provide evidence for further analysis or investigation. Detective controls include log files, security audits, intrusion detection systems, network monitoring tools, and antivirus software. In this case, the administrator used log files as a detective control to review the ransomware attack on the company’s system. Log files are records of events and activities that occur on a system or network, such as user actions, system errors, network traffic, and security alerts. They can provide valuable information for troubleshooting, auditing, and forensics.
Reference: Security+ (Plus) Certification | CompTIA IT Certifications, under “About the exam”, bullet point 3: “Operate with an awareness of applicable regulations and policies, including principles of governance, risk, and compliance.”
CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 1, page 14: “Detective controls are designed to identify and monitor any malicious activity or anomalies on a system or network.”
Control Types C CompTIA Security+ SY0-401: 2.1 – Professor Messer IT …, under “Detective Controls”: “Detective controls are security measures that are designed to identify and monitor any malicious activity or anomalies on a system or network.”
B
Explanation:
Detective controls are security measures that are designed to identify and monitor any malicious activity or anomalies on a system or network. They can help to discover the source, scope, and impact of an attack, and provide evidence for further analysis or investigation. Detective controls include log files, security audits, intrusion detection systems, network monitoring tools, and antivirus software. In this case, the administrator used log files as a detective control to review the ransomware attack on the company’s system. Log files are records of events and activities that occur on a system or network, such as user actions, system errors, network traffic, and security alerts. They can provide valuable information for troubleshooting, auditing, and forensics.
Reference: Security+ (Plus) Certification | CompTIA IT Certifications, under “About the exam”, bullet point 3: “Operate with an awareness of applicable regulations and policies, including principles of governance, risk, and compliance.”
CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 1, page 14: “Detective controls are designed to identify and monitor any malicious activity or anomalies on a system or network.”
Control Types C CompTIA Security+ SY0-401: 2.1 – Professor Messer IT …, under “Detective Controls”: “Detective controls are security measures that are designed to identify and monitor any malicious activity or anomalies on a system or network.”
Question #165
After a recent ransomware attack on a company’s system, an administrator reviewed the log files.
Which of the following control types did the administrator use?
- A . Compensating
- B . Detective
- C . Preventive
- D . Corrective
Correct Answer: B
B
Explanation:
Detective controls are security measures that are designed to identify and monitor any malicious activity or anomalies on a system or network. They can help to discover the source, scope, and impact of an attack, and provide evidence for further analysis or investigation. Detective controls include log files, security audits, intrusion detection systems, network monitoring tools, and antivirus software. In this case, the administrator used log files as a detective control to review the ransomware attack on the company’s system. Log files are records of events and activities that occur on a system or network, such as user actions, system errors, network traffic, and security alerts. They can provide valuable information for troubleshooting, auditing, and forensics.
Reference: Security+ (Plus) Certification | CompTIA IT Certifications, under “About the exam”, bullet point 3: “Operate with an awareness of applicable regulations and policies, including principles of governance, risk, and compliance.”
CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 1, page 14: “Detective controls are designed to identify and monitor any malicious activity or anomalies on a system or network.”
Control Types C CompTIA Security+ SY0-401: 2.1 – Professor Messer IT …, under “Detective Controls”: “Detective controls are security measures that are designed to identify and monitor any malicious activity or anomalies on a system or network.”
B
Explanation:
Detective controls are security measures that are designed to identify and monitor any malicious activity or anomalies on a system or network. They can help to discover the source, scope, and impact of an attack, and provide evidence for further analysis or investigation. Detective controls include log files, security audits, intrusion detection systems, network monitoring tools, and antivirus software. In this case, the administrator used log files as a detective control to review the ransomware attack on the company’s system. Log files are records of events and activities that occur on a system or network, such as user actions, system errors, network traffic, and security alerts. They can provide valuable information for troubleshooting, auditing, and forensics.
Reference: Security+ (Plus) Certification | CompTIA IT Certifications, under “About the exam”, bullet point 3: “Operate with an awareness of applicable regulations and policies, including principles of governance, risk, and compliance.”
CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 1, page 14: “Detective controls are designed to identify and monitor any malicious activity or anomalies on a system or network.”
Control Types C CompTIA Security+ SY0-401: 2.1 – Professor Messer IT …, under “Detective Controls”: “Detective controls are security measures that are designed to identify and monitor any malicious activity or anomalies on a system or network.”
Question #167
A security analyst developed a script to automate a trivial and repeatable task.
Which of the following best describes the benefits of ensuring other team members understand how the script works?
- A . To reduce implementation cost
- B . To identify complexity
- C . To remediate technical debt
- D . To prevent a single point of failure
Correct Answer: D
D
Explanation:
Ensuring that other team members understand how a script works is essential to prevent a single point of failure. If only one person knows how the script operates, the organization risks being unable to maintain or troubleshoot it if that person is unavailable. Sharing knowledge ensures continuity and reduces dependence on one individual.
Reducing implementation cost and remediating technical debt are secondary considerations in this context.
Identifying complexity is important, but the main benefit is to avoid a single point of failure.
D
Explanation:
Ensuring that other team members understand how a script works is essential to prevent a single point of failure. If only one person knows how the script operates, the organization risks being unable to maintain or troubleshoot it if that person is unavailable. Sharing knowledge ensures continuity and reduces dependence on one individual.
Reducing implementation cost and remediating technical debt are secondary considerations in this context.
Identifying complexity is important, but the main benefit is to avoid a single point of failure.
Question #168
A security analyst locates a potentially malicious video file on a server and needs to identify both the creation date and the file’s creator.
Which of the following actions would most likely give the security analyst the information required?
- A . Obtain the file’s SHA-256 hash.
- B . Use hexdump on the file’s contents.
- C . Check endpoint logs.
- D . Query the file’s metadata.
Correct Answer: D
D
Explanation:
Metadata is data that describes other data, such as its format, origin, creation date, author, and other attributes. Video files, like other types of files, can contain metadata that can provide useful information for forensic analysis. For example, metadata can reveal the camera model, location, date and time, and software used to create or edit the video file. To query the file’s metadata, a security analyst can use various tools, such as MediaInfo1, ffprobe2, or hexdump3, to extract anddisplay the metadata from the video file. By querying the file’s metadata, the security analyst can most likely identify both the creation date and the file’s creator, as well as other relevant information. Obtaining the file’s SHA-256 hash, checking endpoint logs, or using hexdump on the file’s contents are other possible actions, but they are not the most appropriate to answer the question. The file’s SHA-256 hash is a cryptographic value that can be used to verify the integrity or uniqueness of the file, but it does not reveal any information about the file’s creation date or creator. Checking endpoint logs can provide some clues about the file’s origin or activity, but it may not be reliable or accurate, especially if the logs are tampered with or incomplete. Using hexdump on the file’s contents can show the raw binary data of the file, but it may not be easy or feasible to interpret the metadata from the hex output, especially if the file is large or encrypted.
Reference: 1: How do I get the meta-data of a video file? 2: How to check if an mp4 file contains malware? 3: [Hexdump – Wikipedia]
D
Explanation:
Metadata is data that describes other data, such as its format, origin, creation date, author, and other attributes. Video files, like other types of files, can contain metadata that can provide useful information for forensic analysis. For example, metadata can reveal the camera model, location, date and time, and software used to create or edit the video file. To query the file’s metadata, a security analyst can use various tools, such as MediaInfo1, ffprobe2, or hexdump3, to extract anddisplay the metadata from the video file. By querying the file’s metadata, the security analyst can most likely identify both the creation date and the file’s creator, as well as other relevant information. Obtaining the file’s SHA-256 hash, checking endpoint logs, or using hexdump on the file’s contents are other possible actions, but they are not the most appropriate to answer the question. The file’s SHA-256 hash is a cryptographic value that can be used to verify the integrity or uniqueness of the file, but it does not reveal any information about the file’s creation date or creator. Checking endpoint logs can provide some clues about the file’s origin or activity, but it may not be reliable or accurate, especially if the logs are tampered with or incomplete. Using hexdump on the file’s contents can show the raw binary data of the file, but it may not be easy or feasible to interpret the metadata from the hex output, especially if the file is large or encrypted.
Reference: 1: How do I get the meta-data of a video file? 2: How to check if an mp4 file contains malware? 3: [Hexdump – Wikipedia]
Question #169
A client asked a security company to provide a document outlining the project, the cost, and the completion time frame.
Which of the following documents should the company provide to the client?
- A . MSA
- B . SLA
- C . BPA
- D . SOW
Correct Answer: D
D
Explanation:
An ISOW is a document that outlines the project, the cost, and the completion time frame for a security company to provide a service to a client. ISOW stands for Information Security Operations Work, and it is a type of contract that specifies the scope, deliverables, milestones, and payment terms of a security project. An ISOW is usually used for one-time or short-term projects that have a clear and defined objective and outcome. For example, an ISOW can be used for a security assessment, a penetration test, a security audit, or a security training.
The other options are not correct because they are not documents that outline the project, the cost, and the completion time frame for a security company to provide a service to a client. A MSA is a master service agreement, which is a type of contract that establishes the general terms and conditions for a long-term or ongoing relationship between a security company and a client. A MSA does not specify the details of each individual project, but rather sets the framework for future projects that will be governed by separate statements of work (SOWs). A SLA is a service level agreement, which is a type of contract that defines the quality and performance standards for a security service provided by a security company to a client. A SLA usually includes the metrics, targets, responsibilities, and penalties for measuring and ensuring the service level. A BPA is a business partnership agreement, which is a type of contract that establishes the roles and expectations for a strategic alliance between two or more security companies that collaborate to provide a joint service to a client. A BPA usually covers the objectives, benefits, risks, and obligations of the partnership.
Reference = CompTIA Security+ Study Guide (SY0-701), Chapter 8: Governance, Risk, and Compliance, page 387. Professor Messer’s CompTIA SY0-701 Security+ Training Course, Section 8.2: Compliance and Controls, video: Contracts and Agreements (5:12).
D
Explanation:
An ISOW is a document that outlines the project, the cost, and the completion time frame for a security company to provide a service to a client. ISOW stands for Information Security Operations Work, and it is a type of contract that specifies the scope, deliverables, milestones, and payment terms of a security project. An ISOW is usually used for one-time or short-term projects that have a clear and defined objective and outcome. For example, an ISOW can be used for a security assessment, a penetration test, a security audit, or a security training.
The other options are not correct because they are not documents that outline the project, the cost, and the completion time frame for a security company to provide a service to a client. A MSA is a master service agreement, which is a type of contract that establishes the general terms and conditions for a long-term or ongoing relationship between a security company and a client. A MSA does not specify the details of each individual project, but rather sets the framework for future projects that will be governed by separate statements of work (SOWs). A SLA is a service level agreement, which is a type of contract that defines the quality and performance standards for a security service provided by a security company to a client. A SLA usually includes the metrics, targets, responsibilities, and penalties for measuring and ensuring the service level. A BPA is a business partnership agreement, which is a type of contract that establishes the roles and expectations for a strategic alliance between two or more security companies that collaborate to provide a joint service to a client. A BPA usually covers the objectives, benefits, risks, and obligations of the partnership.
Reference = CompTIA Security+ Study Guide (SY0-701), Chapter 8: Governance, Risk, and Compliance, page 387. Professor Messer’s CompTIA SY0-701 Security+ Training Course, Section 8.2: Compliance and Controls, video: Contracts and Agreements (5:12).
Question #170
Which of the following data types best describes an AI tool developed by a company to automate the ticketing system under a specific contract?
- A . Classified
- B . Regulated information
- C . Open source
- D . Intellectual property
Correct Answer: D
D
Explanation:
An AI tool developed internally for automating ticketing is considered intellectual property (IP), representing proprietary creations and innovations owned by the company.
Classified (A) applies to government or restricted information, regulated information (B) refers to data governed by laws, and open source (C) implies publicly shared code.
IP protection is a key aspect of Security Program Management, especially around proprietary software and tools 【 6:Chapter 16†CompTIA Security+ Study Guide 】 .
D
Explanation:
An AI tool developed internally for automating ticketing is considered intellectual property (IP), representing proprietary creations and innovations owned by the company.
Classified (A) applies to government or restricted information, regulated information (B) refers to data governed by laws, and open source (C) implies publicly shared code.
IP protection is a key aspect of Security Program Management, especially around proprietary software and tools 【 6:Chapter 16†CompTIA Security+ Study Guide 】 .