Practice Free SY0-701 Exam Online Questions
Question #191
An organization would like to store customer data on a separate part of the network that is not accessible to users on the main corporate network.
Which of the following should the administrator use to accomplish this goal?
- A . Segmentation
- B . Isolation
- C . Patching
- D . Encryption
Correct Answer: A
A
Explanation:
Segmentation is a network design technique that divides the network into smaller and isolated segments based on logical or physical boundaries. Segmentation can help improve network security by limiting the scope of an attack, reducing the attack surface, and enforcing access control policies. Segmentation can also enhance network performance, scalability, and manageability. To accomplish the goal of storing customer data on a separate part of the network, the administrator can use segmentation technologies such as subnetting, VLANs, firewalls, routers, or switches.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 308-309 1
A
Explanation:
Segmentation is a network design technique that divides the network into smaller and isolated segments based on logical or physical boundaries. Segmentation can help improve network security by limiting the scope of an attack, reducing the attack surface, and enforcing access control policies. Segmentation can also enhance network performance, scalability, and manageability. To accomplish the goal of storing customer data on a separate part of the network, the administrator can use segmentation technologies such as subnetting, VLANs, firewalls, routers, or switches.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 308-309 1
Question #192
Which of the following security concepts is accomplished when granting access after an individual has logged into a computer network?
- A . Authorization
- B . Identification
- C . Non-repudiation
- D . Authentication
Correct Answer: A
A
Explanation:
Detailed Authorization refers to the process of granting or denying specific rights to a user after verifying their identity through authentication.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 1: General Security Concepts, Section: "Authentication, Authorization, and Accounting (AAA)".
A
Explanation:
Detailed Authorization refers to the process of granting or denying specific rights to a user after verifying their identity through authentication.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 1: General Security Concepts, Section: "Authentication, Authorization, and Accounting (AAA)".
Question #193
A security analyst created a fake account and saved the password in a non-readily accessible directory in a spreadsheet. An alert was also configured to notify the security team if the spreadsheet is opened.
Which of the following best describes the deception method being deployed?
- A . Honeypot
- B . Honey account
- C . Honeytoken
- D . Honeynet
Correct Answer: C
C
Explanation:
A honeytoken is a form of deception technology in which a fake asset (such as credentials, files, or database records) is planted in a system or network to detect unauthorized access or malicious activity. The fake password stored in a hidden spreadsheet, with monitoring for access, is a classic example of a honeytoken. It is not an interactive system (like a honeypot or honeynet) but rather a marker or tripwire intended to alert the security team to suspicious behavior. This method helps identify attackers and their methods early in the intrusion process.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 1.1, "Deception and Disruption Technologies"
CompTIA Security+ Exam Objectives: 1.1
CompTIA Glossary: “Honeytoken―A fictitious record or file intended to attract or identify unauthorized access.”
C
Explanation:
A honeytoken is a form of deception technology in which a fake asset (such as credentials, files, or database records) is planted in a system or network to detect unauthorized access or malicious activity. The fake password stored in a hidden spreadsheet, with monitoring for access, is a classic example of a honeytoken. It is not an interactive system (like a honeypot or honeynet) but rather a marker or tripwire intended to alert the security team to suspicious behavior. This method helps identify attackers and their methods early in the intrusion process.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 1.1, "Deception and Disruption Technologies"
CompTIA Security+ Exam Objectives: 1.1
CompTIA Glossary: “Honeytoken―A fictitious record or file intended to attract or identify unauthorized access.”
Question #194
An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC’s memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network.
Which of the following describes this type of attack?
- A . Privilege escalation
- B . Buffer overflow
- C . SQL injection
- D . Pass-the-hash
Correct Answer: D
D
Explanation:
The scenario describes an attacker who obtained credentials from a compromised system’s memory and used them without cracking to move laterally within the network. This technique is known as a "pass-the-hash" attack, where the attacker captures hashed credentials (e.g., NTLM hashes) and uses them to authenticate and gain access to other systems without needing to know the plaintext password. This is a common attack method in environments where weak security practices or outdated protocols are in use.
Reference =
CompTIA Security+ SY0-701 Course Content: The course discusses credential-based attacks like pass-the-hash, emphasizing their impact and the importance of protecting credential stores.
D
Explanation:
The scenario describes an attacker who obtained credentials from a compromised system’s memory and used them without cracking to move laterally within the network. This technique is known as a "pass-the-hash" attack, where the attacker captures hashed credentials (e.g., NTLM hashes) and uses them to authenticate and gain access to other systems without needing to know the plaintext password. This is a common attack method in environments where weak security practices or outdated protocols are in use.
Reference =
CompTIA Security+ SY0-701 Course Content: The course discusses credential-based attacks like pass-the-hash, emphasizing their impact and the importance of protecting credential stores.
Question #195
Which of the following is the best safeguard to protect against an extended power failure?
- A . Off-site backups
- B . Batteries
- C . Uninterruptible power supplies
- D . Generators
Correct Answer: D
D
Explanation:
For extended power failures, the best safeguard is a generator. CompTIA Security+ SY0-701 emphasizes that generators are designed to provide long-term, sustained power, unlike UPS systems, which only supply temporary emergency power.
Generators ensure that critical operations―including data centers, communication systems, and security infrastructure―stay online for hours or days, depending on fuel capacity. This matches the requirement for mitigating “extended” outages.
UPS units (C) protect against short-term outages and provide time for graceful shutdown or generator startup, but cannot support prolonged power consumption. Batteries (B) provide the least protection and run out quickly. Off-site backups (A) do not maintain operational continuity; they simply preserve data.
Disaster recovery and business continuity planning in SY0-701 highlights generators as essential components for maintaining availability, a core principle of the CIA triad. Generators prevent downtime, maintain productivity, and keep essential systems functioning throughout prolonged outages, making D the best answer.
D
Explanation:
For extended power failures, the best safeguard is a generator. CompTIA Security+ SY0-701 emphasizes that generators are designed to provide long-term, sustained power, unlike UPS systems, which only supply temporary emergency power.
Generators ensure that critical operations―including data centers, communication systems, and security infrastructure―stay online for hours or days, depending on fuel capacity. This matches the requirement for mitigating “extended” outages.
UPS units (C) protect against short-term outages and provide time for graceful shutdown or generator startup, but cannot support prolonged power consumption. Batteries (B) provide the least protection and run out quickly. Off-site backups (A) do not maintain operational continuity; they simply preserve data.
Disaster recovery and business continuity planning in SY0-701 highlights generators as essential components for maintaining availability, a core principle of the CIA triad. Generators prevent downtime, maintain productivity, and keep essential systems functioning throughout prolonged outages, making D the best answer.
Question #196
Which of the following best practices gives administrators a set period to perform changes to an operational system to ensure availability and minimize business impacts?
- A . Impact analysis
- B . Scheduled downtime
- C . Backout plan
- D . Change management boards
Correct Answer: B
B
Explanation:
Scheduled downtime is a planned period of time when a system or service is unavailable for maintenance, updates, upgrades, or other changes. Scheduled downtime gives administrators a set period to perform changes to an operational system without disrupting the normal business operations or affecting the availability of the system or service. Scheduled downtime also allows administrators to inform the users and stakeholders about the expected duration and impact of the changes.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 12: Security Operations and Administration, page 579 1
B
Explanation:
Scheduled downtime is a planned period of time when a system or service is unavailable for maintenance, updates, upgrades, or other changes. Scheduled downtime gives administrators a set period to perform changes to an operational system without disrupting the normal business operations or affecting the availability of the system or service. Scheduled downtime also allows administrators to inform the users and stakeholders about the expected duration and impact of the changes.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 12: Security Operations and Administration, page 579 1
Question #197
Which of the following factors are the most important to address when formulating a training curriculum plan for a security awareness program? (Select two).
- A . Channels by which the organization communicates with customers
- B . The reporting mechanisms for ethics violations
- C . Threat vectors based on the industry in which the organization operates
- D . Secure software development training for all personnel
- E . Cadence and duration of training events
- F . Retraining requirements for individuals who fail phishing simulations
Correct Answer: C,E
C,E
Explanation:
A training curriculum plan for a security awareness program should address the following factors:
The threat vectors based on the industry in which the organization operates. This will help the employees to understand the specific risks and challenges that their organization faces, and how to protect themselves and the organization from cyberattacks. For example, a healthcare organization may face different threat vectors than a financial organization, such as ransomware, data breaches, or medical device hacking1.
The cadence and duration of training events. This will help the employees to retain the information and skills they learn, and to keep up with the changing security landscape. The training events should be frequent enough to reinforce the key concepts and behaviors, but not too long or too short to lose the attention or interest of the employees. For example, a security awareness program may include monthly newsletters, quarterly webinars, annual workshops, or periodic quizzes2.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 2, page 34; CompTIA
Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 2, page 55.
C,E
Explanation:
A training curriculum plan for a security awareness program should address the following factors:
The threat vectors based on the industry in which the organization operates. This will help the employees to understand the specific risks and challenges that their organization faces, and how to protect themselves and the organization from cyberattacks. For example, a healthcare organization may face different threat vectors than a financial organization, such as ransomware, data breaches, or medical device hacking1.
The cadence and duration of training events. This will help the employees to retain the information and skills they learn, and to keep up with the changing security landscape. The training events should be frequent enough to reinforce the key concepts and behaviors, but not too long or too short to lose the attention or interest of the employees. For example, a security awareness program may include monthly newsletters, quarterly webinars, annual workshops, or periodic quizzes2.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 2, page 34; CompTIA
Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 2, page 55.
Question #198
A penetration tester is testing the security of a building’s alarm system.
Which type of penetration test is being conducted?
- A . Physical
- B . Defensive
- C . Integrated
- D . Continuous
Correct Answer: A
A
Explanation:
Testing the security of a building’s alarm system falls under physical penetration testing. According to Security+ SY0-701, physical penetration tests evaluate the effectiveness of physical security controls such as locks, alarms, cameras, sensors, badge readers, and access control points. These tests simulate real-world attempts to bypass or disable physical protections.
Defensive testing (B) refers to defensive security operations, not pen testing scope. Integrated testing (C) relates to combined system evaluations but is not a standard pen testing category. Continuous testing (D) refers to ongoing automated tests, not physical alarm evaluation.
Thus, the correct answer is A: Physical.
A
Explanation:
Testing the security of a building’s alarm system falls under physical penetration testing. According to Security+ SY0-701, physical penetration tests evaluate the effectiveness of physical security controls such as locks, alarms, cameras, sensors, badge readers, and access control points. These tests simulate real-world attempts to bypass or disable physical protections.
Defensive testing (B) refers to defensive security operations, not pen testing scope. Integrated testing (C) relates to combined system evaluations but is not a standard pen testing category. Continuous testing (D) refers to ongoing automated tests, not physical alarm evaluation.
Thus, the correct answer is A: Physical.
Question #199
Which of the following is the most common data loss path for an air-gapped network?
- A . Bastion host
- B . Unsecured Bluetooth
- C . Unpatched OS
- D . Removable devices
Correct Answer: D
D
Explanation:
An air-gapped network is a network that is physically isolated from other networks, such as the internet, to prevent unauthorized access and data leakage. However, an air-gapped network can still be compromised by removable devices, such as USB drives, CDs, DVDs, or external hard drives, that are used to transfer data between the air-gapped network and other networks. Removable devices can carry malware, spyware, or other malicious code that can infect the air-gapped network or exfiltrate data from it. Therefore, removable devices are the most common data loss path for an air-gapped network.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 9: Network Security, page 449 1
D
Explanation:
An air-gapped network is a network that is physically isolated from other networks, such as the internet, to prevent unauthorized access and data leakage. However, an air-gapped network can still be compromised by removable devices, such as USB drives, CDs, DVDs, or external hard drives, that are used to transfer data between the air-gapped network and other networks. Removable devices can carry malware, spyware, or other malicious code that can infect the air-gapped network or exfiltrate data from it. Therefore, removable devices are the most common data loss path for an air-gapped network.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 9: Network Security, page 449 1
Question #200
An employee from the accounting department logs in to the website used for processing the company’s payments. After logging in, a new desktop application automatically downloads on the employee’s computer and causes the computer to restart.
Which of the following attacks has occurred?
- A . XSS
- B . Watering hole
- C . Typosquatting
- D . Buffer overflow
Correct Answer: B
B
Explanation:
A watering hole attack occurs when attackers compromise a website that is frequently visited by targeted users―in this case, the payment processing site used by employees. The compromised site then delivers malicious payloads to visitors, such as downloading malicious applications without user consent.
XSS (Cross-Site Scripting) attacks inject malicious scripts into web pages but typically do not cause automatic application downloads leading to restarts. Typosquatting (C) involves malicious websites mimicking legitimate ones via misspelled URLs. Buffer overflow (D) is an attack targeting software memory but doesn’t typically involve website compromise and automatic downloads.
This attack type is detailed in the Threats, Vulnerabilities, and Mitigations domain of SY0-701 【 6:Chapter 2†CompTIA Security+ Study Guide 】 .
B
Explanation:
A watering hole attack occurs when attackers compromise a website that is frequently visited by targeted users―in this case, the payment processing site used by employees. The compromised site then delivers malicious payloads to visitors, such as downloading malicious applications without user consent.
XSS (Cross-Site Scripting) attacks inject malicious scripts into web pages but typically do not cause automatic application downloads leading to restarts. Typosquatting (C) involves malicious websites mimicking legitimate ones via misspelled URLs. Buffer overflow (D) is an attack targeting software memory but doesn’t typically involve website compromise and automatic downloads.
This attack type is detailed in the Threats, Vulnerabilities, and Mitigations domain of SY0-701 【 6:Chapter 2†CompTIA Security+ Study Guide 】 .