Practice Free SY0-701 Exam Online Questions
A security engineer at a large company needs to enhance IAM to ensure that employees can only access corporate systems during their shifts.
Which of the following access controls should the security engineer implement?
- A . Role-based
- B . Time-of-day restrictions
- C . Least privilege
- D . Biometric authentication
B
Explanation:
Detailed
Time-of-day restrictions limit access to corporate systems based on predefined schedules. This ensures employees can only access resources during their assigned work hours.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 3: Security Architecture, Section: "Access Control Models".
A penetration tester visits a client’s website and downloads the site’s content.
Which of the following actions is the penetration tester performing?
- A . Unknown environment testing
- B . Vulnerability scan
- C . Due diligence
- D . Passive reconnaissance
D
Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
The described activity―visiting a website and downloading publicly accessible content―is a classic example of passive reconnaissance. Passive reconnaissance involves gathering information about a target without interacting with its internal systems or generating traffic that could be detected by security monitoring tools.
According to SY0-701, passive recon uses open-source intelligence (OSINT), such as:
Public websites
DNS records
News articles
Metadata
Public document repositories
The key distinction is that passive reconnaissance does not probe the system for vulnerabilities, nor does it send active scanning traffic.
Vulnerability scanning (B) requires active probing. Unknown environment testing (A) applies to black-box testing but still may involve active scanning. Due diligence (C) refers to risk assessment or compliance reviews, not technical reconnaissance.
Therefore, downloading the website’s content is a non-intrusive information-gathering technique, perfectly matching passive reconnaissance as defined in the exam materials under Threats, Vulnerabilities, Attack Vectors, and Pen Testing Phases.
A systems administrator receives an alert that a company’s internal file server is very slow and is only working intermittently.
The systems administrator reviews the server management software and finds the following information about the server:
Which of the following indicators most likely triggered this alert?
- A . Concurrent session usage
- B . Network saturation
- C . Account lockout
- D . Resource consumption
A newly identified network access vulnerability has been found in the OS of legacy loT devices.
Which of the following would best mitigate this vulnerability quickly?
- A . Insurance
- B . Patching
- C . Segmentation
- D . Replacement
C
Explanation:
Segmentation is a technique that divides a network into smaller subnetworks or segments, each with its own security policies and controls. Segmentation can help mitigate network access vulnerabilities in legacy loT devices by isolating them from other devices and systems, reducing their attack surface and limiting the potential impact of a breach. Segmentation can also improve network performance and efficiency by reducing congestion and traffic. Patching, insurance, and replacement are other possible strategies to deal with network access vulnerabilities, but they may not be feasible or effective in the short term. Patching may not be available or compatible for legacy loT devices, insurance may not cover the costs or damages of a cyberattack, and replacement may be expensive and time-consuming.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 142-143
Which of the following explains how to determine the global regulations that data is subject to regardless of the country where the data is stored?
- A . Geographic dispersion
- B . Data sovereignty
- C . Geographic restrictions
- D . Data segmentation
A security analyst is investigating a workstation that is suspected of outbound communication to a command-and-control server. During the investigation, the analyst discovered that logs on the endpoint were deleted.
Which of the following logs would the analyst most likely look at next?
- A . IPS
- B . Firewall
- C . ACL
- D . Windows security
B
Explanation:
Since the logs on the endpoint were deleted, the next best option for the analyst is to examine firewall logs. Firewall logs can reveal external communication, including outbound traffic to a command-and-control (C2) server. These logs would contain information about the IP addresses, ports, and protocols used, which can help in identifying suspicious connections.
IPS logs may provide information about network intrusions, but firewall logs are better for tracking communication patterns.
ACL logs (Access Control List) are useful for tracking access permissions but not for identifying C2 communication.
Windows security logs would have been ideal if they had not been deleted
Which of the following describes a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system?
- A . SIEM
- B . DLP
- C . IDS
- D . SNMP
A
Explanation:
SIEM stands for Security Information and Event Management. It is a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system. SIEM can analyze the collected data, correlate events, generate alerts, and provide reports and dashboards. SIEM can also integrate with other security tools and support compliance requirements. SIEM helps organizations to detect and respond to cyber threats, improve security posture, and reduce operational costs.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 10: Monitoring and Auditing, page 393. CompTIA Security+ Practice Tests: Exam SY0-701, 3rd Edition, Chapter 10: Monitoring and Auditing, page 397.
Which of the following is the best mitigation for a zero-day vulnerability found in mission-critical production servers that must be highly available?
- A . Virtualizing and migrating to a containerized instance
- B . Removing and sandboxing to an isolated network
- C . Monitoring and implementing compensating controls
- D . Patching and redeploying to production as quickly as possible
C
Explanation:
When a zero-day vulnerability is discovered in mission-critical systems that require high availability, immediate patching is often not possible due to lack of available patches or the risk of disrupting critical operations. In such cases, the best practice is to implement compensating controls (such as increased monitoring, access controls, network segmentation, or web application firewalls) to mitigate risk until a patch or permanent solution can be safely applied.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 2.4: "For zero-day vulnerabilities in critical systems, compensating controls and heightened monitoring are often necessary to maintain availability and security until an official patch is available."
Exam Objectives 2.4: “Given a scenario, implement secure system design.”
An organization is evaluating new regulatory requirements associated with the implementation of corrective controls on a group of interconnected financial systems.
Which of the following is the most likely reason for the new requirement?
- A . To defend against insider threats altering banking details
- B . To ensure that errors are not passed to other systems
- C . To allow for business insurance to be purchased
- D . To prevent unauthorized changes to financial data
B
Explanation:
The primary goal of corrective controls in financial systems is to ensure that errors do not propagate across interconnected systems. Financial transactions are often interdependent, meaning one
incorrect or unauthorized change can affect multiple systems. Regulations often mandate these controls to maintain accuracy and prevent cascading failures.
A (insider threats altering banking details) is a concern, but this scenario focuses on corrective controls, not insider threats specifically.
C (business insurance) is unrelated to why corrective controls are implemented.
D (preventing unauthorized changes) falls under preventive, not corrective controls.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Security Program Management and Oversight domain.
Which of the following involves an attempt to take advantage of database misconfigurations?
- A . Buffer overflow
- B . SQL injection
- C . VM escape
- D . Memory injection
B
Explanation:
SQL injection is a type of attack that exploits a database misconfiguration or a flaw in the application code that interacts with the database. An attacker can inject malicious SQL statements into the user input fields or the URL parameters that are sent to the database server. These statements can then execute unauthorized commands, such as reading, modifying, deleting, or creating data, or even taking over the database server. SQL injection can compromise the confidentiality, integrity, and availability of the data and the system.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 215 1