Practice Free SY0-701 Exam Online Questions
Question #171
During a routine audit, an analyst discovers that a department at a high school uses a simulation program that was not properly vetted before deployment.
Which of the following threats is this an example of?
- A . Espionage
- B . Data exfiltration
- C . Shadow IT
- D . Zero-day
Correct Answer: C
C
Explanation:
The use of an unapproved, unvetted simulation program is a classic case of Shadow IT, which Security+ SY0-701 defines as technology deployed without the knowledge, review, or authorization of the IT or security department. Shadow IT introduces significant risks, including vulnerabilities, noncompliance, unmonitored data flows, and potential software containing malware or insecure configurations. In academic or departmental environments where staff independently download tools to support curriculum or instruction, Shadow IT becomes particularly common. This bypasses standard vetting processes such as software approval, patch evaluation, licensing verification, and security risk assessment. Espionage (A) involves covert intelligence gathering by hostile actors. Data exfiltration (B) refers to unauthorized data theft. Zero-day (D) refers to unknown vulnerabilities exploited before patches exist. None of these fit the scenario. Since the core issue is the deployment of an unauthorized application without IT oversight, the correct answer is C: Shadow IT.
C
Explanation:
The use of an unapproved, unvetted simulation program is a classic case of Shadow IT, which Security+ SY0-701 defines as technology deployed without the knowledge, review, or authorization of the IT or security department. Shadow IT introduces significant risks, including vulnerabilities, noncompliance, unmonitored data flows, and potential software containing malware or insecure configurations. In academic or departmental environments where staff independently download tools to support curriculum or instruction, Shadow IT becomes particularly common. This bypasses standard vetting processes such as software approval, patch evaluation, licensing verification, and security risk assessment. Espionage (A) involves covert intelligence gathering by hostile actors. Data exfiltration (B) refers to unauthorized data theft. Zero-day (D) refers to unknown vulnerabilities exploited before patches exist. None of these fit the scenario. Since the core issue is the deployment of an unauthorized application without IT oversight, the correct answer is C: Shadow IT.
Question #172
A security administrator would like to protect data on employees’ laptops.
Which of the following encryption techniques should the security administrator use?
- A . Partition
- B . Asymmetric
- C . Full disk
- D . Database
Correct Answer: C
C
Explanation:
Full disk encryption (FDE) is a technique that encrypts all the data on a hard drive, including the operating system, applications, and files. FDE protects the data from unauthorized access in case the laptop is lost, stolen, or disposed of without proper sanitization. FDE requires the user to enter a password, a PIN, a smart card, or a biometric factor to unlock the drive and boot the system. FDE can be implemented by using software solutions, such as BitLocker, File Vault, or VeraCrypt, or by using hardware solutions, such as self-encrypting drives (SEDs) or Trusted Platform Modules (TPMs). FDE is a recommended encryption technique for laptops and other mobile devices that store sensitive data.
Partition encryption is a technique that encrypts only a specific partition or volume on a hard drive, leaving the rest of the drive unencrypted. Partition encryption is less secure than FDE, as it does not protect the entire drive and may leave traces of data on unencrypted areas. Partition encryption is also less convenient than FDE, as it requires the user to mount and unmount the encrypted partition manually.
Asymmetric encryption is a technique that uses a pair of keys, one public and one private, to encrypt and decrypt data. Asymmetric encryption is mainly used for securing communication, such as email, web, or VPN, rather than for encrypting data at rest. Asymmetric encryption is also slower and more computationally intensive than symmetric encryption, which is the type of encryption used by FDE and partition encryption.
Database encryption is a technique that encrypts data stored in a database, such as tables, columns, rows, or cells. Database encryption can be done at the application level, the database level, or the file system level. Database encryption is useful for protecting data from unauthorized access by database administrators, hackers, or malware, but it does not protect the data from physical theft or loss of the device that hosts the database.
= Data Encryption C CompTIA Security+ SY0-401: 4.4, CompTIA Security+ Cheat Sheet and PDF | Zero To Mastery, CompTIA Security+ SY0-601 Certification Course – Cybr, Application Hardening C SY0-601 CompTIA Security+: 3.2.
C
Explanation:
Full disk encryption (FDE) is a technique that encrypts all the data on a hard drive, including the operating system, applications, and files. FDE protects the data from unauthorized access in case the laptop is lost, stolen, or disposed of without proper sanitization. FDE requires the user to enter a password, a PIN, a smart card, or a biometric factor to unlock the drive and boot the system. FDE can be implemented by using software solutions, such as BitLocker, File Vault, or VeraCrypt, or by using hardware solutions, such as self-encrypting drives (SEDs) or Trusted Platform Modules (TPMs). FDE is a recommended encryption technique for laptops and other mobile devices that store sensitive data.
Partition encryption is a technique that encrypts only a specific partition or volume on a hard drive, leaving the rest of the drive unencrypted. Partition encryption is less secure than FDE, as it does not protect the entire drive and may leave traces of data on unencrypted areas. Partition encryption is also less convenient than FDE, as it requires the user to mount and unmount the encrypted partition manually.
Asymmetric encryption is a technique that uses a pair of keys, one public and one private, to encrypt and decrypt data. Asymmetric encryption is mainly used for securing communication, such as email, web, or VPN, rather than for encrypting data at rest. Asymmetric encryption is also slower and more computationally intensive than symmetric encryption, which is the type of encryption used by FDE and partition encryption.
Database encryption is a technique that encrypts data stored in a database, such as tables, columns, rows, or cells. Database encryption can be done at the application level, the database level, or the file system level. Database encryption is useful for protecting data from unauthorized access by database administrators, hackers, or malware, but it does not protect the data from physical theft or loss of the device that hosts the database.
= Data Encryption C CompTIA Security+ SY0-401: 4.4, CompTIA Security+ Cheat Sheet and PDF | Zero To Mastery, CompTIA Security+ SY0-601 Certification Course – Cybr, Application Hardening C SY0-601 CompTIA Security+: 3.2.
Question #173
An administrator wants to perform a risk assessment without using proprietary company information.
Which of the following methods should the administrator use to gather information?
- A . Network scanning
- B . Penetration testing
- C . Open-source intelligence
- D . Configuration auditing
Correct Answer: C
Question #174
An organization is adopting cloud services at a rapid pace and now has multiple SaaS applications in use. Each application has a separate log-in. so the security team wants to reduce the number of credentials each employee must maintain.
Which of the following is the first step the security team should take?
- A . Enable SAML
- B . Create OAuth tokens.
- C . Use password vaulting.
- D . Select an IdP
Correct Answer: D
D
Explanation:
The first step in reducing the number of credentials each employee must maintain when using multiple SaaS applications is to select an Identity Provider (IdP). An IdP provides a centralized authentication service that supports Single Sign-On (SSO), enabling users to access multiple applications with a single set of credentials.
Enabling SAML would be part of the technical implementation but comes after selecting an IdP.
OAuth tokens are used for authorization, but selecting an IdP is the first step in managing authentication.
Password vaulting stores multiple passwords securely but doesn’t reduce the need for separate logins.
D
Explanation:
The first step in reducing the number of credentials each employee must maintain when using multiple SaaS applications is to select an Identity Provider (IdP). An IdP provides a centralized authentication service that supports Single Sign-On (SSO), enabling users to access multiple applications with a single set of credentials.
Enabling SAML would be part of the technical implementation but comes after selecting an IdP.
OAuth tokens are used for authorization, but selecting an IdP is the first step in managing authentication.
Password vaulting stores multiple passwords securely but doesn’t reduce the need for separate logins.
Question #175
A new corporate policy requires all staff to use multifactor authentication to access company resources.
Which of the following can be utilized to set up this form of identity and access management? (Select two)
- A . Authentication tokens
- B . Least privilege
- C . Biometrics
- D . LDAP
- E . Password vaulting
- F . SAML
Correct Answer: A,C
A,C
Explanation:
Multifactor authentication (MFA) requires users to provide two or more of the following categories:
Something you know (password/PIN)
Something you have (token/smart card)
Something you are (biometrics)
Authentication tokens (A) qualify as something you have, such as hardware tokens, OTP apps, or smart cards.
Biometrics (C) qualify as something you are, such as fingerprint scans, facial recognition, or iris scans.
Using these two together easily establishes MFA.
Least privilege (B) is an authorization principle, not an MFA factor. LDAP (D) is a directory service protocol, not an MFA mechanism. Password vaulting (E) assists with credential storage but does not
implement MFA. SAML (F) is a federation protocol used for Single Sign-On (SSO), not inherently MFA.
Thus, the correct MFA components are A: Authentication tokens and C: Biometrics.
A,C
Explanation:
Multifactor authentication (MFA) requires users to provide two or more of the following categories:
Something you know (password/PIN)
Something you have (token/smart card)
Something you are (biometrics)
Authentication tokens (A) qualify as something you have, such as hardware tokens, OTP apps, or smart cards.
Biometrics (C) qualify as something you are, such as fingerprint scans, facial recognition, or iris scans.
Using these two together easily establishes MFA.
Least privilege (B) is an authorization principle, not an MFA factor. LDAP (D) is a directory service protocol, not an MFA mechanism. Password vaulting (E) assists with credential storage but does not
implement MFA. SAML (F) is a federation protocol used for Single Sign-On (SSO), not inherently MFA.
Thus, the correct MFA components are A: Authentication tokens and C: Biometrics.
Question #176
Which of the following tools is best for logging and monitoring in a cloud environment?
- A . IPS
- B . FIM
- C . NAC
- D . SIEM
Correct Answer: D
Question #177
Which of the following is the best way to prevent data from being leaked from a secure network that does not need to communicate externally?
- A . Air gap
- B . Containerization
- C . Virtualization
- D . Decentralization
Correct Answer: A
A
Explanation:
An air gap is the practice of physically isolating a secure network from any external or unsecured networks, effectively preventing any external communication or data leakage. It is the strongest method to prevent data exfiltration in sensitive environments.
Containerization (B) and virtualization (C) are technologies for isolating applications or systems logically but do not guarantee physical separation. Decentralization (D) distributes resources but doesn’t prevent data leakage.
Air gaps are critical in highly secure environments and covered under Resilience and Physical Security in SY0-701 【 6:Chapter 9†CompTIA Security+ Study Guide 】 .
A
Explanation:
An air gap is the practice of physically isolating a secure network from any external or unsecured networks, effectively preventing any external communication or data leakage. It is the strongest method to prevent data exfiltration in sensitive environments.
Containerization (B) and virtualization (C) are technologies for isolating applications or systems logically but do not guarantee physical separation. Decentralization (D) distributes resources but doesn’t prevent data leakage.
Air gaps are critical in highly secure environments and covered under Resilience and Physical Security in SY0-701 【 6:Chapter 9†CompTIA Security+ Study Guide 】 .
Question #178
Which of the following best explains a concern with OS-based vulnerabilities?
- A . An exploit would give an attacker access to system functions that span multiple applications.
- B . The OS vendor’s patch cycle is not frequent enough to mitigate the large number of threats.
- C . Most users trust the core operating system features and may not notice if the system has been compromised.
- D . Exploitation of an operating system vulnerability is typically easier than any other vulnerability.
Correct Answer: A
A
Explanation:
Comprehensive and Detailed In-Depth
Operating system (OS) vulnerabilities can allow attackers to exploit system functions that affect multiple applications, leading to widespread compromise.
B (patch cycle concerns) is valid but not the primary concern―many OS vendors provide regular patches.
C (user trust in OS features) is a risk, but the more significant issue is that OS vulnerabilities often affect multiple system components.
D (ease of exploitation) is not always true, as application and human-related vulnerabilities can be equally exploitable.
Thus, the main concern is that an OS exploit can impact multiple system functions, leading to broader security risks.
A
Explanation:
Comprehensive and Detailed In-Depth
Operating system (OS) vulnerabilities can allow attackers to exploit system functions that affect multiple applications, leading to widespread compromise.
B (patch cycle concerns) is valid but not the primary concern―many OS vendors provide regular patches.
C (user trust in OS features) is a risk, but the more significant issue is that OS vulnerabilities often affect multiple system components.
D (ease of exploitation) is not always true, as application and human-related vulnerabilities can be equally exploitable.
Thus, the main concern is that an OS exploit can impact multiple system functions, leading to broader security risks.
Question #179
An organization issued new laptops to all employees and wants to provide web filtering both in and out of the office without configuring additional access to the network.
Which of the following types of web filtering should a systems administrator configure?
- A . Agent-based
- B . Centralized proxy
- C . URL scanning
- D . Content categorization
Correct Answer: A
Question #180
A growing company would like to enhance the ability of its security operations center to detect threats but reduce the amount of manual work required tor the security analysts.
Which of the following would best enable the reduction in manual work?
- A . SOAR
- B . SIEM
- C . MDM
- D . DLP
Correct Answer: A
A
Explanation:
Security Orchestration, Automation, and Response (SOAR) systems help organizations automate repetitive security tasks, reduce manual intervention, and improve the efficiency of security operations. By integrating with various security tools, SOAR can automatically respond to incidents, helping to enhance threat detection while reducing the manual workload on security analysts.
= CompTIA Security+ SY0-701 study materials, particularly in the domain of security operations and automation technologies.
A
Explanation:
Security Orchestration, Automation, and Response (SOAR) systems help organizations automate repetitive security tasks, reduce manual intervention, and improve the efficiency of security operations. By integrating with various security tools, SOAR can automatically respond to incidents, helping to enhance threat detection while reducing the manual workload on security analysts.
= CompTIA Security+ SY0-701 study materials, particularly in the domain of security operations and automation technologies.