Practice Free SY0-701 Exam Online Questions
Which of the following agreements defines response time, escalation points, and performance metrics?
- A . BPA
- B . MOA
- C . NDA
- D . SLA
D
Explanation:
A Service Level Agreement (SLA) defines the expectations between service providers and customers, including response times, escalation procedures, and performance metrics. It ensures accountability and measurable service quality.
BPA (Blanket Purchase Agreement) relates to purchasing terms, MOA (Memorandum of Agreement) outlines responsibilities but is less specific on performance, NDA (Non-Disclosure Agreement) covers confidentiality.
SLAs are key in Security Program Management for managing vendor and internal service expectations 【 6:Chapter 16†CompTIA Security+ Study Guide 】 .
A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider.
Which of the following is a risk in the new system?
- A . Default credentials
- B . Non-segmented network
- C . Supply chain vendor
- D . Vulnerable software
C
Explanation:
A supply chain vendor is a third-party entity that provides goods or services to an organization, such as a SaaS provider. A supply chain vendor can pose a risk to the new system if the vendor has poor security practices, breaches, or compromises that could affect the confidentiality, integrity, or availability of the system or its data. The organization should perform due diligence and establish a service level agreement with the vendor to mitigate this risk. The other options are not specific to the scenario of using a SaaS provider, but rather general risks that could apply to any system.
Client files can only be accessed by employees who need to know the information and have specified roles in the company.
Which of the following best describes this security concept?
- A . Availability
- B . Confidentiality
- C . Integrity
- D . Non-repudiation
B
Explanation:
The scenario described, where client files are only accessible to employees who "need to know" the information, reflects the concept of confidentiality. Confidentiality ensures that sensitive information is only accessible to those who are authorized to view it, preventing unauthorized access.
Availability ensures that data is accessible when needed but doesn’t focus on restricting access. Integrity ensures that data remains accurate and unaltered but doesn’t pertain to access control. Non-repudiation ensures that actions cannot be denied after they are performed, but this concept is unrelated to access control.
Which of the following agreements defines response time, escalation, and performance metrics?
- A . BPA
- B . MOA
- C . NDA
- D . SLA
D
Explanation:
An SLA (D)or Service Level Agreement is a formal contract that defines performance standards, including response times, escalation procedures, uptime guarantees, and other service-related metrics.
This is referenced in Domain 5.2: Explain the importance of managing third-party risk under “Agreements (e.g., SLA, NDA, MOU/MOA, BPA).”
Reference: CompTIA Security+ SY0-701 Objectives, Domain 5.2 C “Agreements: SLA (service-level agreement).”
For which of the following reasons would a systems administrator leverage a 3DES hash from an installer file that is posted on a vendor’s website?
- A . To test the integrity of the file
- B . To validate the authenticity of the file
- C . To activate the license for the file
- D . To calculate the checksum of the file
Which of the following security concepts is accomplished when granting access after an individual has logged into a computer network?
- A . Authorization
- B . Identification
- C . Non-repudiation
- D . Authentication
A
Explanation:
Detailed Authorization refers to the process of granting or denying specific rights to a user after verifying their identity through authentication.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 1: General Security Concepts, Section: "Authentication, Authorization, and Accounting (AAA)".
A company is concerned with supply chain compromise of new servers and wants to limit this risk.
Which of the following should the company review first?
- A . Sanitization procedure
- B . Acquisition process
- C . Change management
- D . Asset tracking
B
Explanation:
When addressing the risk of supply chain compromise (such as the introduction of malicious hardware or firmware during procurement), the acquisition process should be reviewed first.
Ensuring that the process for purchasing, inspecting, and validating new equipment includes appropriate vendor vetting and secure handling practices is the first step in mitigating supply chain risks.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 5.1: "Supply chain risk management begins with evaluating and controlling the acquisition process, including procurement and vendor assessment."
Exam Objectives 5.1: “Explain the importance of organizational security policies, standards, and frameworks.”
A remote employee navigates to a shopping website on their company-owned computer. The employee clicks a link that contains a malicious file.
Which of the following would prevent this file from downloading?
- A . DLP
- B . FIM
- C . NAC
- D . EDR
D
Explanation:
EDR (Endpoint Detection and Response) solutions monitor endpoint activities in real-time and can prevent malicious files from being downloaded or executed by detecting suspicious behaviors. In this case, EDR would block the download or alert the security team.
DLP (Data Loss Prevention) prevents unauthorized data exfiltration rather than blocking malware downloads. FIM (File Integrity Monitoring) tracks changes to files but doesn’t prevent downloads. NAC (Network Access Control) controls device access to the network but does not directly block file downloads.
EDR’s proactive blocking capabilities are covered under the Security Operations domain in SY0-701 【 6:Chapter 11†CompTIA Security+ Study Guide 】 .
A customer of a large company receives a phone call from someone claiming to work for the company and asking for the customer’s credit card information. The customer sees the caller ID is the same as the company’s main phone number.
Which of the following attacks is the customer most likely a target of?
- A . Phishing
- B . Whaling
- C . Smishing
- D . Vishing
Which of the following is the best way to prevent data from being leaked from a secure network that does not need to communicate externally?
- A . Air gap
- B . Containerization
- C . Virtualization
- D . Decentralization
A
Explanation:
An air gap is the practice of physically isolating a secure network from any external or unsecured networks, effectively preventing any external communication or data leakage. It is the strongest method to prevent data exfiltration in sensitive environments.
Containerization (B) and virtualization (C) are technologies for isolating applications or systems logically but do not guarantee physical separation. Decentralization (D) distributes resources but doesn’t prevent data leakage.
Air gaps are critical in highly secure environments and covered under Resilience and Physical Security in SY0-701 【 6:Chapter 9†CompTIA Security+ Study Guide 】 .