Practice Free SY0-701 Exam Online Questions
Which of the following explains why an attacker cannot easily decrypt passwords using a rainbow table attack?
- A . Digital signatures
- B . Salting
- C . Hashing
- D . Perfect forward secrecy
B
Explanation:
Salting is a technique used to enhance the security of hashed passwords by adding a unique, random value (salt) to each password before hashing it. This prevents attackers from easily decrypting passwords using rainbow tables, which are precomputed tables for reversing cryptographic hash functions. Since each password has a unique salt, the same password will produce different hash values, making rainbow table attacks ineffective.
CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations.
CompTIA Security+ SY0-601 Study Guide: Chapter on Cryptography and Hashing Techniques.
The marketing department set up its own project management software without telling the appropriate departments.
Which of the following describes this scenario?
- A . Shadow IT
- B . Insider threat
- C . Data exfiltration
- D . Service disruption
A
Explanation:
Shadow IT is the term used to describe the use of unauthorized or unapproved IT resources within an organization. The marketing department set up its own project management software without telling the appropriate departments, such as IT, security, or compliance. This could pose a risk to the organization’s security posture, data integrity, and regulatory compliance1.
: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 2, page 35.
A systems administrator receives an alert that a company’s internal file server is very slow and is only working intermittently.
The systems administrator reviews the server management software and finds the following information about the server:
Which of the following indicators most likely triggered this alert?
- A . Concurrent session usage
- B . Network saturation
- C . Account lockout
- D . Resource consumption
A software developer released a new application and is distributing application files via the developer’s website.
Which of the following should the developer post on the website to allow users to verify the integrity of the downloaded files?
- A . Hashes
- B . Certificates
- C . Algorithms
- D . Salting
A
Explanation:
Posting hashes allows users to verify the integrity of downloaded files. As outlined in Security+ SY0-701, a cryptographic hash (e.g., SHA-256) produces a fixed-length digest unique to the file’s contents. Users can compute the hash of the downloaded file and compare it to the published value; a match confirms the file has not been altered.
Certificates (B) establish identity and trust but do not directly verify file integrity post-download unless combined with signing workflows. Algorithms (C) are general methods, not verification artifacts. Salting (D) is used with password hashing and is irrelevant here.
Therefore, A: Hashes is the correct choice.
An IT team rolls out a new management application that uses a randomly generated MFA token sent to the administrator’s phone. Despite this new MFA precaution, there is a security breach of the same software.
Which of the following describes this kind of attack?
- A . Smishing
- B . Typosquatting
- C . Espionage
- D . Pretexting
D
Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
If MFA is in place yet attackers still breach the system, the compromise most likely resulted from social engineering, specifically pretexting. Pretexting occurs when an attacker fabricates a convincing scenario (a “pretext”) to trick the victim into revealing authentication information, such as OTP codes, MFA prompts, or login details. Even strong MFA cannot prevent an attack when a human is tricked into voluntarily providing the code.
Smishing (A) involves fraudulent SMS messages, but no messaging is mentioned in the scenario. Typosquatting (B) involves deceptive URLs that appear similar to legitimate sites and is unrelated to MFA compromise. Espionage (C) refers to stealing sensitive or national-security-related information, not bypassing MFA protections.
Security+ SY0-701 details pretexting under Social Engineering Attacks, emphasizing that MFA does not fully mitigate human manipulation. Attackers frequently impersonate IT staff, vendors, or automated systems to convince victims to “verify” or “confirm” credentials. This perfectly matches a breach where MFA was present but still circumvented through deception.
Which of the following methods to secure data is most often used to protect data in transit?
- A . Encryption
- B . Obfuscation
- C . Permission restrictions
- D . Hashing
A
Explanation:
Encryption is the standard method for protecting data in transit, ensuring that intercepted communications cannot be read without the appropriate decryption key.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 1.3: "Encryption protects data confidentiality, especially for data in transit over networks."
Exam Objectives 1.3: “Explain the importance of cryptographic concepts.”
An IT manager is increasing the security capabilities of an organization after a data classification initiative determined that sensitive data could be exfiltrated from the environment.
Which of the following solutions would mitigate the risk?
- A . XDR
- B . SPF
- C . DLP
- D . DMARC
C
Explanation:
To mitigate the risk of sensitive data being exfiltrated from the environment, the IT manager should implement a Data Loss Prevention (DLP) solution. DLP monitors and controls the movement of sensitive data, ensuring that unauthorized transfers are blocked and potential data breaches are prevented.
XDR (Extended Detection and Response) is useful for threat detection across multiple environments but doesn’t specifically address data exfiltration.
SPF (Sender Policy Framework) helps prevent email spoofing, not data exfiltration.
DMARC (Domain-based Message Authentication, Reporting & Conformance) also addresses email security and spoofing, not data exfiltration.
The security team at a large global company needs to reduce the cost of storing data used for performing investigations.
Which of the following types of data should have its retention length reduced?
- A . Packet capture
- B . Endpoint logs
- C . OS security logs
- D . Vulnerability scan
A
Explanation:
Packet capture data can be very large and may not need to be stored for extended periods compared to other logs essential for security audits.
Which of the following is the most likely reason a security analyst would review SIEM logs?
- A . To check for recent password reset attempts
- B . To monitor for potential DDoS attacks
- C . To assess the scope of a privacy breach
- D . To see correlations across multiple hosts
D
Explanation:
One of the primary advantages of SIEM tools is their ability to correlate events across multiple hosts and devices to identify patterns that may indicate coordinated attacks or advanced threats. Reviewing logs for correlations helps detect complex incidents that might be missed when looking at individual systems.
Checking password resets (A) and monitoring DDoS (B) are possible but less common primary reasons. Assessing privacy breach scope (C) is usually done post-incident, not typically during initial SIEM log reviews.
Log correlation capabilities are a core SIEM feature described in Security Operations 【 6:Chapter 14†CompTIA Security+ Study Guide 】
A company requires hard drives to be securely wiped before sending decommissioned systems to recycling.
Which of the following best describes this policy?
- A . Enumeration
- B . Sanitization
- C . Destruction
- D . Inventory
B
Explanation:
Sanitization is the process of removing sensitive data from a storage device or a system before it is disposed of or reused. Sanitization can be done by using software tools or hardware devices that overwrite the data with random patterns or zeros, making it unrecoverable. Sanitization is different from destruction, which is the physical damage of the storage device to render it unusable. Sanitization is also different from enumeration, which is the identification of network resources or devices, and inventory, which is the tracking of assets and their locations. The policy of securely wiping hard drives before sending decommissioned systems to recycling is an example of sanitization, as it ensures that no confidential data can be retrieved from the recycled
devices. = Secure Data Destruction C SY0-601 CompTIA Security+: 2.7, video at 1:00; CompTIA Security+ SY0-701 Certification Study Guide, page 387.