Practice Free SY0-701 Exam Online Questions
Which of the following security concepts is accomplished when granting access after an individual has logged into a computer network?
- A . Authorization
- B . Identification
- C . Non-repudiation
- D . Authentication
A
Explanation:
Detailed Authorization refers to the process of granting or denying specific rights to a user after verifying their identity through authentication.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 1: General Security Concepts, Section: "Authentication, Authorization, and Accounting (AAA)".
A security team wants to work with the development team to ensure WAF policies are automatically created when applications are deployed.
Which concept describes this capability?
- A . IaC
- B . IoT
- C . IoC
- D . IaaS
A
Explanation:
The ability to automatically generate WAF (Web Application Firewall) policies during application deployment is a characteristic of Infrastructure as Code (IaC). IaC allows infrastructure components― such as firewalls, WAF policies, load balancers, and security groups―to be defined, version-controlled, and deployed programmatically.
According to Security+ SY0-701, IaC enhances DevSecOps workflows by embedding security controls directly into deployment pipelines, ensuring consistent, repeatable, and automated application protection. This reduces human error, eliminates configuration drift, and ensures that every new application instance is deployed with the correct WAF rules already in place.
IoT (B) involves connected devices.
IoC (C) refers to Indicators of Compromise.
IaaS (D) provides cloud infrastructure but does not itself automate security policy generation.
Thus, A: IaC is the correct concept enabling automated WAF policy creation.
Which of the following describes the maximum allowance of accepted risk?
- A . Risk indicator
- B . Risk level
- C . Risk score
- D . Risk threshold
D
Explanation:
Risk threshold is the maximum amount of risk that an organization is willing to accept for a given activity or decision. It is also known as risk appetite or risk tolerance. Risk threshold helps an organization to prioritize and allocate resources for risk management. Risk indicator, risk level, and risk score are different ways of measuring or expressing the likelihood and impact of a risk, but they do not describe the maximum allowance of accepted risk.: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 34; Accepting Risk: Definition, How It Works, and Alternatives
A systems administrator is redesigning now devices will perform network authentication.
The following requirements need to be met:
• An existing Internal certificate must be used.
• Wired and wireless networks must be supported
• Any unapproved device should be Isolated in a quarantine subnet
• Approved devices should be updated before accessing resources.
Which of the following would best meet the requirements?
- A . 802.IX
- B . EAP
- C . RADIUS
- D . WPA2
A
Explanation:
A company plans to secure its systems by:
Preventing users from sending sensitive data over corporate email
Restricting access to potentially harmful websites
Which of the following features should the company set up? (Select two).
- A . DLP software
- B . DNS filtering
- C . File integrity monitoring
- D . Stateful firewall
- E . Guardralls
- F . Antivirus signatures
An important patch for a critical application has just been released, and a systems administrator is identifying all of the systems requiring the patch.
Which of the following must be maintained in order to ensure that all systems requiring the patch are updated?
- A . Asset inventory
- B . Network enumeration
- C . Data certification
- D . Procurement process
A
Explanation:
To ensure that all systems requiring the patch are updated, the systems administrator must maintain an accurate asset inventory. This inventory lists all hardware and software assets within the organization, allowing the administrator to identify which systems are affected by the patch and ensuring that none are missed during the update process.
Network enumeration is used to discover devices on a network but doesn’t track software that requires patching.
Data certification and procurement process are unrelated to tracking systems for patching purposes.
An organization is looking to optimize its environment and reduce the number of patches necessary for operating systems.
Which of the following will best help to achieve this objective?
- A . Microservices
- B . Virtualization
- C . Real-time operating system
- D . Containers
Which of the following is the most relevant reason a DPO would develop a data inventory?
- A . To manage data storage requirements better
- B . To determine the impact in the event of a breach
- C . To extend the length of time data can be retained
- D . To automate the reduction of duplicated data
Which of the following is the best mitigation for a zero-day vulnerability found in mission-critical production servers that must be highly available?
- A . Virtualizing and migrating to a containerized instance
- B . Removing and sandboxing to an isolated network
- C . Monitoring and implementing compensating controls
- D . Patching and redeploying to production as quickly as possible
C
Explanation:
When a zero-day vulnerability is discovered in mission-critical systems that require high availability, immediate patching is often not possible due to lack of available patches or the risk of disrupting critical operations. In such cases, the best practice is to implement compensating controls (such as increased monitoring, access controls, network segmentation, or web application firewalls) to mitigate risk until a patch or permanent solution can be safely applied.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 2.4: "For zero-day vulnerabilities in critical systems, compensating controls and heightened monitoring are often necessary to maintain availability and security until an official patch is available."
Exam Objectives 2.4: “Given a scenario, implement secure system design.”
A company discovered its data was advertised for sale on the dark web. During the initial investigation, the company determined the data was proprietary data.
Which of the following is the next step the company should take?
- A . Identity the attacker sentry methods.
- B . Report the breach to the local authorities.
- C . Notify the applicable parties of the breach.
- D . Implement vulnerability scanning of the company’s systems.