Practice Free SY0-701 Exam Online Questions
Question #201
Which of the following Is a common, passive reconnaissance technique employed by penetration testers in the early phases of an engagement?
- A . Open-source intelligence
- B . Port scanning
- C . Pivoting
- D . Exploit validation
Correct Answer: A
Question #202
An administrator is reviewing a single server’s security logs and discovers the following;
Which of the following best describes the action captured in this log file?
- A . Brute-force attack
- B . Privilege escalation
- C . Failed password audit
- D . Forgotten password by the user
Correct Answer: A
A
Explanation:
A brute-force attack is a type of attack that involves systematically trying all possible combinations of passwords or keys until the correct one is found. The log file shows multiple failed login attempts in a short amount of time, which is a characteristic of a brute-force attack. The attacker is trying to guess the password of the Administrator account on the server. The log file also shows the event ID 4625, which indicates a failed logon attempt, and the status code0xC000006A, which means the user name is correct but the password is wrong. These are indicators of compromise (IoC) that suggest a brute-force attack is taking place.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 215-216 and 223 1
A
Explanation:
A brute-force attack is a type of attack that involves systematically trying all possible combinations of passwords or keys until the correct one is found. The log file shows multiple failed login attempts in a short amount of time, which is a characteristic of a brute-force attack. The attacker is trying to guess the password of the Administrator account on the server. The log file also shows the event ID 4625, which indicates a failed logon attempt, and the status code0xC000006A, which means the user name is correct but the password is wrong. These are indicators of compromise (IoC) that suggest a brute-force attack is taking place.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 215-216 and 223 1
Question #203
An organization recently updated its security policy to include the following statement:
Regular expressions are included in source code to remove special characters such as $, |, ;. &, `, and ? from variables set by forms in a web application.
Which of the following best explains the security technique the organization adopted by making this addition to the policy?
- A . Identify embedded keys
- B . Code debugging
- C . Input validation
- D . Static code analysis
Correct Answer: C
C
Explanation:
Input validation is a security technique that checks the user input for any malicious or unexpected data before processing it by the application. Input validation can prevent various types of attacks, such as injection, cross-site scripting, buffer overflow, and command execution, that exploit the vulnerabilities in the application code. Input validation can be performed on both the client-side and the server-side, using methods such as whitelisting, blacklisting, filtering, sanitizing, escaping, and encoding. By including regular expressions in the source code to remove special characters from the variables set by the forms in the web application, the organization adopted input validation as a security technique. Regular expressions are patterns that match a specific set of characters or strings, and can be used to filter out any unwanted or harmful input. Special characters, such as $, |, ;, &, `, and ?, can be used by attackers to inject commands or scripts into the application, and cause damage or data theft. By removing these characters from the input, the organization can reduce the risk of such attacks.
Identify embedded keys, code debugging, and static code analysis are not the security techniques that the organization adopted by making this addition to the policy. Identify embedded keys is a process of finding and removing any hard-coded keys or credentials from the source code, as these can pose a security risk if exposed or compromised. Code debugging is a process of finding and fixing any errors or bugs in the source code, which can affect the functionality or performance of the application. Static code analysis is a process of analyzing the source code without executing it, to identify any vulnerabilities, flaws, or coding standards violations. These techniques are not related to the use of regular expressions to remove special characters from the input.
Reference = CompTIA Security+ SY0-701 Certification Study Guide, page 375-376; Professor Messer’s CompTIA SY0-701 Security+ Training Course, video 4.1 – Vulnerability Scanning, 8:00 – 9:08; Application Security C SY0-601 CompTIA Security+: 3.2, 0:00 – 2:00.
C
Explanation:
Input validation is a security technique that checks the user input for any malicious or unexpected data before processing it by the application. Input validation can prevent various types of attacks, such as injection, cross-site scripting, buffer overflow, and command execution, that exploit the vulnerabilities in the application code. Input validation can be performed on both the client-side and the server-side, using methods such as whitelisting, blacklisting, filtering, sanitizing, escaping, and encoding. By including regular expressions in the source code to remove special characters from the variables set by the forms in the web application, the organization adopted input validation as a security technique. Regular expressions are patterns that match a specific set of characters or strings, and can be used to filter out any unwanted or harmful input. Special characters, such as $, |, ;, &, `, and ?, can be used by attackers to inject commands or scripts into the application, and cause damage or data theft. By removing these characters from the input, the organization can reduce the risk of such attacks.
Identify embedded keys, code debugging, and static code analysis are not the security techniques that the organization adopted by making this addition to the policy. Identify embedded keys is a process of finding and removing any hard-coded keys or credentials from the source code, as these can pose a security risk if exposed or compromised. Code debugging is a process of finding and fixing any errors or bugs in the source code, which can affect the functionality or performance of the application. Static code analysis is a process of analyzing the source code without executing it, to identify any vulnerabilities, flaws, or coding standards violations. These techniques are not related to the use of regular expressions to remove special characters from the input.
Reference = CompTIA Security+ SY0-701 Certification Study Guide, page 375-376; Professor Messer’s CompTIA SY0-701 Security+ Training Course, video 4.1 – Vulnerability Scanning, 8:00 – 9:08; Application Security C SY0-601 CompTIA Security+: 3.2, 0:00 – 2:00.
Question #204
A security administrator recently reset local passwords and the following values were recorded in the system:
Which of the following in the security administrator most likely protecting against?
- A . Account sharing
- B . Weak password complexity
- C . Pass-the-hash attacks
- D . Password compromise
Correct Answer: C
C
Explanation:
The scenario shows MD5 hashed password values. The most likely reason the security administrator is focusing on these values is to protect against pass-the-hash attacks. In this type of attack, an attacker can use a captured hash to authenticate without needing to know the actual plaintext password. By managing and monitoring these hashes, the administrator can implement strategies to mitigate this type of threat.
Reference =
CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations.
CompTIA Security+ SY0-601 Study Guide: Chapter on Identity and Access Management.
C
Explanation:
The scenario shows MD5 hashed password values. The most likely reason the security administrator is focusing on these values is to protect against pass-the-hash attacks. In this type of attack, an attacker can use a captured hash to authenticate without needing to know the actual plaintext password. By managing and monitoring these hashes, the administrator can implement strategies to mitigate this type of threat.
Reference =
CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations.
CompTIA Security+ SY0-601 Study Guide: Chapter on Identity and Access Management.
Question #205
Which of the following is most likely associated with introducing vulnerabilities on a corporate network by the deployment of unapproved software?
- A . Hacktivists
- B . Script kiddies
- C . Competitors
- D . Shadow IT
Correct Answer: D
D
Explanation:
Shadow IT refers to the use of information technology systems, devices, software, applications, and services without explicit IT department approval. This is the most likely cause of introducing vulnerabilities on a corporate network by deploying unapproved software, as such software may not have been vetted for security compliance, increasing the risk of vulnerabilities.
Reference = CompTIA Security+ SY0-701 Course Content: The concept of Shadow IT is discussed as a significant risk due to the introduction of unapproved and potentially vulnerable software into the corporate network.
D
Explanation:
Shadow IT refers to the use of information technology systems, devices, software, applications, and services without explicit IT department approval. This is the most likely cause of introducing vulnerabilities on a corporate network by deploying unapproved software, as such software may not have been vetted for security compliance, increasing the risk of vulnerabilities.
Reference = CompTIA Security+ SY0-701 Course Content: The concept of Shadow IT is discussed as a significant risk due to the introduction of unapproved and potentially vulnerable software into the corporate network.
Question #206
Which of the following techniques would identify whether data has been modified in transit?
- A . Hashing
- B . Tokenization
- C . Masking
- D . Encryption
Correct Answer: A
A
Explanation:
Hashing is used to verify data integrity. By comparing the hash value of the data before and after transmission, it is possible to determine if the data has been altered in transit. If the hash values match, the data has not been modified.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 1.3: "Hashing ensures integrity by making it possible to detect unauthorized changes to data."
Exam Objectives 1.3: “Explain the importance of cryptographic concepts.”
A
Explanation:
Hashing is used to verify data integrity. By comparing the hash value of the data before and after transmission, it is possible to determine if the data has been altered in transit. If the hash values match, the data has not been modified.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 1.3: "Hashing ensures integrity by making it possible to detect unauthorized changes to data."
Exam Objectives 1.3: “Explain the importance of cryptographic concepts.”
Question #207
A company wants to update its disaster recovery plan to include a dedicated location for immediate continued operations if a catastrophic event occurs.
Which of the following options is best to include in the disaster recovery plan?
- A . Hot site
- B . Warm site
- C . Geolocation
- D . Cold site
Correct Answer: A
A
Explanation:
A hot site is a fully operational data center equipped with hardware, software, and network connectivity, ready for immediate use after a disaster. It allows near-zero downtime, making it ideal for critical systems needing continuous operations.
Warm sites (B) have some infrastructure but require additional setup time. Cold sites (D) provide space and power but no equipment, leading to longer recovery. Geolocation (C) is unrelated. Hot sites are a key disaster recovery solution discussed in SY0-701’s Resilience and Recovery domain 【 6:Chapter 9†CompTIA Security+ Study Guide 】 .
A
Explanation:
A hot site is a fully operational data center equipped with hardware, software, and network connectivity, ready for immediate use after a disaster. It allows near-zero downtime, making it ideal for critical systems needing continuous operations.
Warm sites (B) have some infrastructure but require additional setup time. Cold sites (D) provide space and power but no equipment, leading to longer recovery. Geolocation (C) is unrelated. Hot sites are a key disaster recovery solution discussed in SY0-701’s Resilience and Recovery domain 【 6:Chapter 9†CompTIA Security+ Study Guide 】 .
Question #208
A security analyst needs to improve the company’s authentication policy following a password audit.
Which of the following should be included in the policy? (Select two).
- A . Length
- B . Complexity
- C . Least privilege
- D . Something you have
- E . Security keys
- F . Biometrics
Correct Answer: A,B
A,B
Explanation:
A strong authentication policy should enforce password length (e.g., minimum of 12-16 characters) and complexity (mix of uppercase, lowercase, numbers, and symbols). These measures significantly reduce the risk of brute-force attacks.
Least privilege (C)relates to access control, not authentication policies.
Something you have (D)and biometrics (F)pertain to multi-factor authentication (MFA) but are not password policy requirements.
Reference: CompTIA Security+ SY0-701 Official Study Guide, General Security Concepts domain.
A,B
Explanation:
A strong authentication policy should enforce password length (e.g., minimum of 12-16 characters) and complexity (mix of uppercase, lowercase, numbers, and symbols). These measures significantly reduce the risk of brute-force attacks.
Least privilege (C)relates to access control, not authentication policies.
Something you have (D)and biometrics (F)pertain to multi-factor authentication (MFA) but are not password policy requirements.
Reference: CompTIA Security+ SY0-701 Official Study Guide, General Security Concepts domain.
Question #209
During a SQL update of a database, a temporary field used as part of the update sequence was modified by an attacker before the update completed in order to allow access to the system.
Which of the following best describes this type of vulnerability?
- A . Race condition
- B . Memory injection
- C . Malicious update
- D . Side loading
Correct Answer: A
A
Explanation:
Arace condition occurs when two or more processes attempt to access and modify a shared resource simultaneously, leading to unintended behavior. In this scenario, the attacker was able to modify a temporary field before the SQL update completed, indicating a time-of-check to time-of-use (TOCTOU) vulnerability, which is a type of race condition.
Memory injection (B)refers to inserting malicious code into a running process’s memory, but that is not what is happening here.
Malicious update (C)is too broad and does not specifically describe this scenario.
Side loading (D)is a technique where malicious software is loaded via a trusted application, unrelated to this case.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Threats, Vulnerabilities, and Mitigations domain.
A
Explanation:
Arace condition occurs when two or more processes attempt to access and modify a shared resource simultaneously, leading to unintended behavior. In this scenario, the attacker was able to modify a temporary field before the SQL update completed, indicating a time-of-check to time-of-use (TOCTOU) vulnerability, which is a type of race condition.
Memory injection (B)refers to inserting malicious code into a running process’s memory, but that is not what is happening here.
Malicious update (C)is too broad and does not specifically describe this scenario.
Side loading (D)is a technique where malicious software is loaded via a trusted application, unrelated to this case.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Threats, Vulnerabilities, and Mitigations domain.
Question #210
Which of the following best describes the concept of information being stored outside of its country of origin while still being subject to the laws and requirements of the country of origin?
- A . Data sovereignty
- B . Geolocation
- C . Intellectual property
- D . Geographic restrictions
Correct Answer: A
A
Explanation:
Detailed Data sovereignty refers to the principle that data stored in another country remains subject to the originating country’s laws. This is a common concern in cloud computing.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 3: Security Architecture, Section: "Data Sovereignty and Regulatory Compliance".
A
Explanation:
Detailed Data sovereignty refers to the principle that data stored in another country remains subject to the originating country’s laws. This is a common concern in cloud computing.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 3: Security Architecture, Section: "Data Sovereignty and Regulatory Compliance".