Practice Free SY0-701 Exam Online Questions
Which of the following threat actors would most likely target an organization by using a logic bomb within an internally-developed application?
- A . Nation-state
- B . Trusted insider
- C . Organized crime group
- D . Hacktivist
B
Explanation:
A logic bomb is a malicious code segment hidden inside legitimate software that triggers under specific conditions (dates, system states, user actions). Because logic bombs require direct access to source code or the development environment, the most likely attacker is a trusted insider― especially a disgruntled developer or administrator with the ability to modify internal applications.
Security+ SY0-701 emphasizes that insider threats have:
Elevated access
Knowledge of internal systems
Ability to manipulate production code
Motivation driven by revenge, termination, or personal grievances
These factors make insiders uniquely capable of embedding logic bombs into internally-developed applications.
Nation-state actors (A) typically target critical infrastructure or advanced espionage, not internal business apps. Organized crime groups (C) seek financial gain and generally do not have internal code access. Hacktivists (D) focus on ideological disruption, typically through external attacks, not internal code manipulation.
Thus, the threat actor most likely to plant a logic bomb in internal software is B: Trusted insider.
An administrator wants to automate an account permissions update for a large number of accounts.
Which of the following would best accomplish this task?
- A . Security groups
- B . Federation
- C . User provisioning
- D . Vertical scaling
Which of the following is a benefit of vendor diversity?
- A . Patch availability
- B . Zero-day resiliency
- C . Secure configuration guide applicability
- D . Load balancing
Executives at a company are concerned about employees accessing systems and information about sensitive company projects unrelated to the employees’ normal job duties.
Which of the following enterprise security capabilities will the security team most likely deploy to detect that activity?
- A . UBA
- B . EDR
- C . NAC
- D . DLP
An external vendor recently visited a company’s headquarters tor a presentation. Following the visit a member of the hosting team found a file that the external vendor left behind on a server. The file contained detailed architecture information and code snippets.
Which of the following data types best describes this file?
- A . Government
- B . Public
- C . Proprietary
- D . Critical
C
Explanation:
The file left by the external vendor, containing detailed architecture information and code snippets, is best described as proprietary data. Proprietary data is information that is owned by a company and is essential to its competitive advantage. It includes sensitive business information such as trade secrets, intellectual property, and confidential data that should be protected from unauthorized access.
= CompTIA Security+ SY0-701 study materials, particularly in the domain of data classification and protection.
An external security assessment report indicates a high click rate on suspicious emails. The Chief Intelligence Security Officer (CISO) must reduce this behavior.
Which of the following should the CISO do first?
- A . Update the acceptable use policy.
- B . Deploy a password management solution.
- C . Issue warning letters to affected users.
- D . Implement a phishing awareness campaign.
D
Explanation:
To reduce risky behaviors such as clicking suspicious emails, the first and most effective step is to implement a phishing awareness campaign that educates users about recognizing phishing attempts, the risks involved, and safe practices. Awareness training can significantly reduce successful phishing attacks by changing user behavior.
Updating policies (A) is important but does not directly affect user behavior immediately. Password management solutions (B) help with credential security but do not reduce phishing click rates. Issuing warning letters (C) is punitive and less effective than proactive education.
This approach aligns with Security Program Management principles emphasizing training and awareness as primary controls against phishing risks 【 6:Chapter 16†CompTIA Security+ Study Guide 】 .
After completing an annual external penetration test, a company receives the following guidance:
Decommission two unused web servers currently exposed to the internet.
Close 18 open and unused ports found on their existing production web servers.
Remove company email addresses and contact info from public domain registration records.
Which of the following does this represent?
- A . Attack surface reduction
- B . Vulnerability assessment
- C . Tabletop exercise
- D . Business impact analysis
A
Explanation:
The guidance focuses on attack surface reduction by eliminating unnecessary services, closing unused ports, and limiting publicly available information that attackers could leverage. Reducing the attack surface lowers the organization’s exposure to threats and potential entry points.
Vulnerability assessments (B) identify weaknesses but do not necessarily involve active reduction measures. Tabletop exercises (C) simulate incidents, and business impact analysis (D) assesses the effects of disruptions, neither of which match the described activities.
Attack surface reduction is a core principle in Security Operations and penetration testing remediation strategies in SY0-701 【 6:Chapter 14†CompTIA Security+ Study Guide 】 .
An accounting clerk sent money to an attacker’s bank account after receiving fraudulent instructions over the phone to use a new account.
Which of the following would most likely prevent this activity in the future?
- A . Standardizing security incident reporting
- B . Executing regular phishing campaigns
- C . Implementing insider threat detection measures
- D . Updating processes for sending wire transfers
D
Explanation:
Comprehensive and Detailed In-Depth
Updating wire transfer processes to include verification steps (such as requiring dual approval or verifying account changes via a secondary communication method) can prevent fraudulent transactions. Attackers often use business email compromise (BEC) or pretexting to trick employees into transferring funds to fraudulent accounts.
Standardizing security incident reporting is useful for tracking security events but does not prevent fraud in real time.
Executing regular phishing campaigns improves awareness but does not enforce a verification process for financial transactions.
Implementing insider threat detection focuses on internal risks but does not specifically prevent external fraud.
Amore secure wire transfer process with additional verification steps is the most effective measure against fraudulent transactions.
Which of the following control types involves restricting IP connectivity to a router’s web management interface to protect it from being exploited by a vulnerability?
- A . Corrective
- B . Physical
- C . Preventive
- D . Managerial
C
Explanation:
Restricting access to a router’s web management interface is a preventive control (C). This type of control is implemented before a threat occurs to reduce the likelihood of exploitation.
CompTIA Security+ SY0-701listspreventive controls such as IP whitelisting, ACLs, and firewalls under Domain 1.4: Security controls.
Reference: CompTIA Security+ SY0-701 Objectives, Domain 1.4 C “Security control types: Preventive (e.g., access control).”