Practice Free SY0-701 Exam Online Questions
Question #181
The help desk receives multiple calls that machines with an outdated OS version are running slowly. Several users are seeing virus detection alerts.
Which of the following mitigation techniques should be reviewed first?
- A . Patching
- B . Segmentation
- C . Monitoring
- D . Isolation
Correct Answer: A
A
Explanation:
The best first step is to review patching (A). Outdated OS versions often contain vulnerabilities that can be exploited by malware. Ensuring systems are up-to-date is a foundational cybersecurity practice.
This is highlighted in Domain 2.1: Given a scenario, analyze indicators of malicious activityand Domain 2.2, emphasizing the importance of “Patching” as part of system hardening and mitigation strategy.
Reference: CompTIA Security+ SY0-701 Objectives, Domain 2.2 C “Mitigation techniques: Patching.”
A
Explanation:
The best first step is to review patching (A). Outdated OS versions often contain vulnerabilities that can be exploited by malware. Ensuring systems are up-to-date is a foundational cybersecurity practice.
This is highlighted in Domain 2.1: Given a scenario, analyze indicators of malicious activityand Domain 2.2, emphasizing the importance of “Patching” as part of system hardening and mitigation strategy.
Reference: CompTIA Security+ SY0-701 Objectives, Domain 2.2 C “Mitigation techniques: Patching.”
Question #182
An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards.
Which of the following techniques is the attacker using?
- A . Smishing
- B . Disinformation
- C . Impersonating
- D . Whaling
Correct Answer: D
D
Explanation:
Whaling is a type of phishing attack that targets high-profile individuals, such as executives, celebrities, or politicians. The attacker impersonates someone with authority or influence and tries to trick the victim into performing an action, such as transferring money, revealing sensitive information, or clicking on a malicious link. Whaling is also called CEO fraud or business email compromise2.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 3, page 97.
D
Explanation:
Whaling is a type of phishing attack that targets high-profile individuals, such as executives, celebrities, or politicians. The attacker impersonates someone with authority or influence and tries to trick the victim into performing an action, such as transferring money, revealing sensitive information, or clicking on a malicious link. Whaling is also called CEO fraud or business email compromise2.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 3, page 97.
Question #183
Which of the following would be the best way to block unknown programs from executing?
- A . Access control list
- B . Application allow list.
- C . Host-based firewall
- D . DLP solution
Correct Answer: B
B
Explanation:
An application allow list is a security technique that specifies which applications are permitted to run on a system or a network. An application allow list can block unknown programs from executing by only allowing the execution of programs that are explicitly authorized and verified. An application allow list can prevent malware, unauthorized software, or unwanted applications from running and compromising the security of the system or the network12.
The other options are not the best ways to block unknown programs from executing:
Access control list: This is a security technique that specifies which users or groups are granted or denied access to a resource or an object. An access control list can control the permissions and privileges of users or groups, but it does not directly block unknown programs from executing13. Host-based firewall: This is a security device that monitors and filters the incoming and outgoing network traffic on a single host or system. A host-based firewall can block or allow network connections based on predefined rules, but it does not directly block unknown programs from executing1.
DLP solution: This is a security system that detects and prevents the unauthorized transmission or leakage of sensitive data. A DLP solution can protect the confidentiality and integrity of data, but it does not directly block unknown programs from executing1.
Reference = 1: CompTIA Security+ SY0-701 Certification Study Guide, page 972: Application Whitelisting C CompTIA Security+ SY0-701 C 3.5, video by Professor Messer3: CompTIA Security+SY0-701 Certification Study Guide, page 98.: CompTIA Security+ SY0-701 Certification Study Guide, page 99.: CompTIA Security+ SY0-701 Certification Study Guide, page 100.
B
Explanation:
An application allow list is a security technique that specifies which applications are permitted to run on a system or a network. An application allow list can block unknown programs from executing by only allowing the execution of programs that are explicitly authorized and verified. An application allow list can prevent malware, unauthorized software, or unwanted applications from running and compromising the security of the system or the network12.
The other options are not the best ways to block unknown programs from executing:
Access control list: This is a security technique that specifies which users or groups are granted or denied access to a resource or an object. An access control list can control the permissions and privileges of users or groups, but it does not directly block unknown programs from executing13. Host-based firewall: This is a security device that monitors and filters the incoming and outgoing network traffic on a single host or system. A host-based firewall can block or allow network connections based on predefined rules, but it does not directly block unknown programs from executing1.
DLP solution: This is a security system that detects and prevents the unauthorized transmission or leakage of sensitive data. A DLP solution can protect the confidentiality and integrity of data, but it does not directly block unknown programs from executing1.
Reference = 1: CompTIA Security+ SY0-701 Certification Study Guide, page 972: Application Whitelisting C CompTIA Security+ SY0-701 C 3.5, video by Professor Messer3: CompTIA Security+SY0-701 Certification Study Guide, page 98.: CompTIA Security+ SY0-701 Certification Study Guide, page 99.: CompTIA Security+ SY0-701 Certification Study Guide, page 100.
Question #184
Prior to implementing a design change, the change must go through multiple steps to ensure that it does not cause any security issues.
Which of the following is most likely to be one of those steps?
- A . Management review
- B . Load testing
- C . Maintenance notifications
- D . Procedure updates
Correct Answer: A
A
Explanation:
Management review is a critical step in the change management process. Before implementing any design change, management reviews help evaluate the potential impact, security implications, and alignment with organizational goals and policies. This review ensures that the change is justified, risks are understood, and proper approvals are obtained.
Load testing is a performance test, maintenance notifications are communication steps, and procedure updates are documentation activities ― all important but generally occur after management has approved the change.
The significance of management involvement in change governance is a foundational concept in the Security Program Management and Oversight domain of the SY0-701 exam 【 6:Chapter 16†CompTIA Security+ Study Guide 】 .
A
Explanation:
Management review is a critical step in the change management process. Before implementing any design change, management reviews help evaluate the potential impact, security implications, and alignment with organizational goals and policies. This review ensures that the change is justified, risks are understood, and proper approvals are obtained.
Load testing is a performance test, maintenance notifications are communication steps, and procedure updates are documentation activities ― all important but generally occur after management has approved the change.
The significance of management involvement in change governance is a foundational concept in the Security Program Management and Oversight domain of the SY0-701 exam 【 6:Chapter 16†CompTIA Security+ Study Guide 】 .
Question #185
During a penetration test, a vendor attempts to enter an unauthorized area using an access badge Which of the following types of tests does this represent?
- A . Defensive
- B . Passive
- C . Offensive
- D . Physical
Correct Answer: D
D
Explanation:
Attempting to enter an unauthorized area using an access badge during a penetration test is an example of a physical test. This type of test evaluates the effectiveness of physical security controls, such as access badges, security guards, and locks, in preventing unauthorized access to restricted areas.
Defensive and offensive testing typically refer to digital or network-based penetration testing strategies.
Passive testing involves observing or monitoring but not interacting with the environment.
D
Explanation:
Attempting to enter an unauthorized area using an access badge during a penetration test is an example of a physical test. This type of test evaluates the effectiveness of physical security controls, such as access badges, security guards, and locks, in preventing unauthorized access to restricted areas.
Defensive and offensive testing typically refer to digital or network-based penetration testing strategies.
Passive testing involves observing or monitoring but not interacting with the environment.
Question #186
A company is developing a critical system for the government and storing project information on a file share.
Which of the following describes how this data will most likely be classified? (Select two).
- A . Private
- B . Confidential
- C . Public
- D . Operational
- E . Urgent
- F . Restricted
Correct Answer: B,F
B,F
Explanation:
Data classification is the process of assigning labels to data based on its sensitivity and business impact. Different organizations and sectors may have different data classification schemes, but a common one is the following1:
Public: Data that can be freely disclosed to anyone without any harm or risk.
Private: Data that is intended for internal use only and may cause some harm or risk if disclosed. Confidential: Data that is intended for authorized use only and may cause significant harm or risk if disclosed.
Restricted: Data that is intended for very limited use only and may cause severe harm or risk if disclosed.
In this scenario, the company is developing a critical system for the government and storing project information on a file share. This data is likely to be classified as confidential and restricted, because it is not meant for public or private use, and it may cause serious damage to national security or public safety if disclosed. The government may also have specific requirements or regulations for handling such data, such as encryption, access control, and auditing2.
Reference: 1: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 16-17 2: Data Classification Practices: Final Project
Description Released
B,F
Explanation:
Data classification is the process of assigning labels to data based on its sensitivity and business impact. Different organizations and sectors may have different data classification schemes, but a common one is the following1:
Public: Data that can be freely disclosed to anyone without any harm or risk.
Private: Data that is intended for internal use only and may cause some harm or risk if disclosed. Confidential: Data that is intended for authorized use only and may cause significant harm or risk if disclosed.
Restricted: Data that is intended for very limited use only and may cause severe harm or risk if disclosed.
In this scenario, the company is developing a critical system for the government and storing project information on a file share. This data is likely to be classified as confidential and restricted, because it is not meant for public or private use, and it may cause serious damage to national security or public safety if disclosed. The government may also have specific requirements or regulations for handling such data, such as encryption, access control, and auditing2.
Reference: 1: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 16-17 2: Data Classification Practices: Final Project
Description Released
Question #187
Which of the following roles, according to the shared responsibility model, is responsible for securing the company’s database in an IaaS model for a cloud environment?
- A . Client
- B . Third-party vendor
- C . Cloud provider
- D . DBA
Correct Answer: A
A
Explanation:
According to the shared responsibility model, the client and the cloud provider have different roles and responsibilities for securing the cloud environment, depending on the service model. In an IaaS (Infrastructure as a Service) model, the cloud provider is responsible for securing the physical infrastructure, such as the servers, storage, and network devices, while the client is responsible for securing the operating systems, applications, and data that run on the cloud infrastructure. Therefore, the client is responsible for securing the company’s database in an IaaS model for a cloud environment, as the database is an application that stores data. The client can use various security controls, such as encryption, access control, backup, and auditing, to protect the database from unauthorized access, modification, or loss. The third-party vendor and the DBA (Database Administrator) are not roles defined by the shared responsibility model, but they may be involved in the implementation or management of the database security.
Reference = CompTIA Security+ SY0-701 Certification Study Guide, page 263-264; Professor Messer’s CompTIA SY0-701 Security+ Training Course, video 3.1 – Cloud and Virtualization, 5:00 – 7:40.
A
Explanation:
According to the shared responsibility model, the client and the cloud provider have different roles and responsibilities for securing the cloud environment, depending on the service model. In an IaaS (Infrastructure as a Service) model, the cloud provider is responsible for securing the physical infrastructure, such as the servers, storage, and network devices, while the client is responsible for securing the operating systems, applications, and data that run on the cloud infrastructure. Therefore, the client is responsible for securing the company’s database in an IaaS model for a cloud environment, as the database is an application that stores data. The client can use various security controls, such as encryption, access control, backup, and auditing, to protect the database from unauthorized access, modification, or loss. The third-party vendor and the DBA (Database Administrator) are not roles defined by the shared responsibility model, but they may be involved in the implementation or management of the database security.
Reference = CompTIA Security+ SY0-701 Certification Study Guide, page 263-264; Professor Messer’s CompTIA SY0-701 Security+ Training Course, video 3.1 – Cloud and Virtualization, 5:00 – 7:40.
Question #188
An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits.
Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?
- A . ACL
- B . DLP
- C . IDS
- D . IPS
Correct Answer: D
D
Explanation:
An intrusion prevention system (IPS) is a security device that monitors network traffic and blocks or modifies malicious packets based on predefined rules or signatures. An IPS can prevent attacks that exploit known vulnerabilities in older browser versions by detecting and dropping the malicious packets before they reach the target system. An IPS can also perform other functions, such as rate limiting, encryption, or redirection.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 3: Securing Networks, page 132.
D
Explanation:
An intrusion prevention system (IPS) is a security device that monitors network traffic and blocks or modifies malicious packets based on predefined rules or signatures. An IPS can prevent attacks that exploit known vulnerabilities in older browser versions by detecting and dropping the malicious packets before they reach the target system. An IPS can also perform other functions, such as rate limiting, encryption, or redirection.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 3: Securing Networks, page 132.
Question #189
Which of the following is the best mitigation for a zero-day vulnerability found in mission-critical production servers that must be highly available?
- A . Virtualizing and migrating to a containerized instance
- B . Removing and sandboxing to an isolated network
- C . Monitoring and implementing compensating controls
- D . Patching and redeploying to production as quickly as possible
Correct Answer: C
C
Explanation:
When a zero-day vulnerability is discovered in mission-critical systems that require high availability, immediate patching is often not possible due to lack of available patches or the risk of disrupting critical operations. In such cases, the best practice is to implement compensating controls (such as increased monitoring, access controls, network segmentation, or web application firewalls) to mitigate risk until a patch or permanent solution can be safely applied.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 2.4: "For zero-day vulnerabilities in critical systems, compensating controls and heightened monitoring are often necessary to maintain availability and security until an official patch is available."
Exam Objectives 2.4: “Given a scenario, implement secure system design.”
C
Explanation:
When a zero-day vulnerability is discovered in mission-critical systems that require high availability, immediate patching is often not possible due to lack of available patches or the risk of disrupting critical operations. In such cases, the best practice is to implement compensating controls (such as increased monitoring, access controls, network segmentation, or web application firewalls) to mitigate risk until a patch or permanent solution can be safely applied.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 2.4: "For zero-day vulnerabilities in critical systems, compensating controls and heightened monitoring are often necessary to maintain availability and security until an official patch is available."
Exam Objectives 2.4: “Given a scenario, implement secure system design.”
Question #190
Which of the following is an example of memory injection?
- A . Two processes access the same variable, allowing one to cause a privilege escalation.
- B . A process receives an unexpected amount of data, which causes malicious code to be executed.
- C . Malicious code is copied to the allocated space of an already running process.
- D . An executable is overwritten on the disk, and malicious code runs the next time it is executed.
Correct Answer: C
C
Explanation:
Memory injection occurs when malicious code is written into the memory space of a running process, allowing it to execute without writing anything to disk. This is often used in fileless malware attacks, making detection harder.
A (privilege escalation) describes a race condition, not memory injection.
B (unexpected data causing execution) describes a buffer overflow attack, not memory injection.
D (overwriting an executable) is a persistence technique, but it is not an example of in-memory
injection.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Threats, Vulnerabilities, and Mitigations domain.
C
Explanation:
Memory injection occurs when malicious code is written into the memory space of a running process, allowing it to execute without writing anything to disk. This is often used in fileless malware attacks, making detection harder.
A (privilege escalation) describes a race condition, not memory injection.
B (unexpected data causing execution) describes a buffer overflow attack, not memory injection.
D (overwriting an executable) is a persistence technique, but it is not an example of in-memory
injection.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Threats, Vulnerabilities, and Mitigations domain.