Practice Free SY0-701 Exam Online Questions
Question #211
A service provider wants a cost-effective way to rapidly expand from providing internet links to managing them.
Which of the following methods will allow the service provider to best scale its services while maintaining performance consistency?
- A . Escalation support
- B . Increased workforce
- C . Baseline enforcement
- D . Technical debt
Correct Answer: C
C
Explanation:
Baseline enforcement involves establishing standard configurations and operational baselines that allow a service provider to scale services efficiently while ensuring consistent performance and security. By enforcing baselines, automation can be applied, reducing manual intervention and variability, which supports rapid, cost-effective expansion.
Increasing workforce (B) adds operational cost and may introduce inconsistency. Escalation support
(A) is reactive and does not inherently support scaling. Technical debt (D) refers to accumulated suboptimal design or quick fixes that hamper future scalability and is a negative factor.
Baseline enforcement is recognized as a best practice in the Security Program Management domain for scaling services reliably 【 6:Chapter 16†CompTIA Security+ Study Guide 】 .
C
Explanation:
Baseline enforcement involves establishing standard configurations and operational baselines that allow a service provider to scale services efficiently while ensuring consistent performance and security. By enforcing baselines, automation can be applied, reducing manual intervention and variability, which supports rapid, cost-effective expansion.
Increasing workforce (B) adds operational cost and may introduce inconsistency. Escalation support
(A) is reactive and does not inherently support scaling. Technical debt (D) refers to accumulated suboptimal design or quick fixes that hamper future scalability and is a negative factor.
Baseline enforcement is recognized as a best practice in the Security Program Management domain for scaling services reliably 【 6:Chapter 16†CompTIA Security+ Study Guide 】 .
Question #212
A network engineer is increasing the overall security of network devices and needs to harden the devices.
Which of the following will best accomplish this task?
- A . Configuring centralized logging
- B . Generating local administrator accounts
- C . Replacing Telnet with SSH
- D . Enabling HTTP administration
Correct Answer: C
Question #213
A company has yearly engagements with a service provider. The general terms and conditions are the same for all engagements. The company wants to simplify the process and revisit the general terms every three years.
Which of the following documents would provide the best way to set the general terms?
- A . MSA
- B . NDA
- C . MOU
- D . SLA
Correct Answer: B
B
Explanation:
A Master Service Agreement (MSA) establishes the general terms and conditions for ongoing business engagements. This allows companies to reuse the same terms across multiple contracts, revisiting them periodically for updates.
NDA (B)protects confidential information but does not define service terms.
MOU (C) is a non-binding agreement, often used for partnerships, not formal service contracts.
SLA (D) focuses on service performance expectations, not overall contract terms.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Security Program Management and Oversight domain.
B
Explanation:
A Master Service Agreement (MSA) establishes the general terms and conditions for ongoing business engagements. This allows companies to reuse the same terms across multiple contracts, revisiting them periodically for updates.
NDA (B)protects confidential information but does not define service terms.
MOU (C) is a non-binding agreement, often used for partnerships, not formal service contracts.
SLA (D) focuses on service performance expectations, not overall contract terms.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Security Program Management and Oversight domain.
Question #214
Which of the following would be the greatest concern for a company that is aware of the consequences of non-compliance with government regulations?
- A . Right to be forgotten
- B . Sanctions
- C . External compliance reporting
- D . Attestation
Correct Answer: B
B
Explanation:
Detailed
Sanctions imposed for non-compliance can include fines, legal actions, and loss of business licenses. These pose a significant financial and reputational risk to organizations.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 5: Security Program Management, Section: "Regulatory Compliance Risks".
B
Explanation:
Detailed
Sanctions imposed for non-compliance can include fines, legal actions, and loss of business licenses. These pose a significant financial and reputational risk to organizations.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 5: Security Program Management, Section: "Regulatory Compliance Risks".
Question #215
An administrator at a small business notices an increase in support calls from employees who receive a blocked page message after trying to navigate to a spoofed website.
Which of the following should the administrator do?
- A . Deploy multifactor authentication.
- B . Decrease the level of the web filter settings
- C . Implement security awareness training.
- D . Update the acceptable use policy
Correct Answer: C
C
Explanation:
In this scenario, employees are attempting to navigate to spoofed websites, which is being blocked by the web filter. To address this issue, the administrator should implement security awareness training. Training helps employees recognize phishing and other social engineering attacks, reducing the likelihood that they will attempt to access malicious websites in the future.
Deploying multifactor authentication (MFA) would strengthen authentication but does not directly address user behavior related to phishing websites.
Decreasing the level of the web filter would expose the organization to more threats.
Updating the acceptable use policy may clarify guidelines but is not as effective as hands-on training for improving user behavior.
C
Explanation:
In this scenario, employees are attempting to navigate to spoofed websites, which is being blocked by the web filter. To address this issue, the administrator should implement security awareness training. Training helps employees recognize phishing and other social engineering attacks, reducing the likelihood that they will attempt to access malicious websites in the future.
Deploying multifactor authentication (MFA) would strengthen authentication but does not directly address user behavior related to phishing websites.
Decreasing the level of the web filter would expose the organization to more threats.
Updating the acceptable use policy may clarify guidelines but is not as effective as hands-on training for improving user behavior.
Question #216
An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification.
Which of the following social engineering techniques are being attempted? (Choose two.)
- A . Typosquatting
- B . Phishing
- C . Impersonation
- D . Vishing
- E . Smishing
- F . Misinformation
Correct Answer: B,E
B,E
Explanation:
Smishing is a type of social engineering technique that uses text messages (SMS) to trick victims into revealing sensitive information, clicking malicious links, or downloading malware. Smishing messages often appear to come from legitimate sources, such as banks, government agencies, or service providers, and use urgent or threatening language to persuade the recipients to take action12. In this scenario, the text message that claims to be from the payroll department is an example of smishing.
Impersonation is a type of social engineering technique that involves pretending to be someone else, such as an authority figure, a trusted person, or a colleague, to gain the trust or cooperation of the target. Impersonation can be done through various channels, such as phone calls, emails, text messages, or in-person visits, and can be used to obtain information, access, or money from the victim34. In this scenario, the text message that pretends to be from the payroll department is an example of impersonation.
B,E
Explanation:
Smishing is a type of social engineering technique that uses text messages (SMS) to trick victims into revealing sensitive information, clicking malicious links, or downloading malware. Smishing messages often appear to come from legitimate sources, such as banks, government agencies, or service providers, and use urgent or threatening language to persuade the recipients to take action12. In this scenario, the text message that claims to be from the payroll department is an example of smishing.
Impersonation is a type of social engineering technique that involves pretending to be someone else, such as an authority figure, a trusted person, or a colleague, to gain the trust or cooperation of the target. Impersonation can be done through various channels, such as phone calls, emails, text messages, or in-person visits, and can be used to obtain information, access, or money from the victim34. In this scenario, the text message that pretends to be from the payroll department is an example of impersonation.
Question #217
Which of the following is an algorithm performed to verify that data has not been modified?
- A . Hash
- B . Code check
- C . Encryption
- D . Checksum
Correct Answer: A
A
Explanation:
A hash is an algorithm used to verify data integrity by generating a fixed-size string of characters from input data. If even a single bit of the input data changes, the hash value will change, allowing users to detect any modification to the data. Hashing algorithms like SHA-256 and MD5 are commonly used to ensure data has not been altered.
Reference: CompTIA Security+ SY0-701 Course Content: Domain 6: Cryptography and PKI, which discusses the role of hashing in verifying data integrity.
A
Explanation:
A hash is an algorithm used to verify data integrity by generating a fixed-size string of characters from input data. If even a single bit of the input data changes, the hash value will change, allowing users to detect any modification to the data. Hashing algorithms like SHA-256 and MD5 are commonly used to ensure data has not been altered.
Reference: CompTIA Security+ SY0-701 Course Content: Domain 6: Cryptography and PKI, which discusses the role of hashing in verifying data integrity.
Question #218
An organization issued new laptops to all employees and wants to provide web filtering both in and out of the office without configuring additional access to the network.
Which of the following types of web filtering should a systems administrator configure?
- A . Agent-based
- B . Centralized proxy
- C . URL scanning
- D . Content categorization
Correct Answer: A
Question #219
A company prevented direct access from the database administrators’ workstations to the network segment that contains database servers.
Which of the following should a database administrator use to access the database servers?
- A . Jump server
- B . RADIUS
- C . HSM
- D . Load balancer
Correct Answer: A
A
Explanation:
A jump server is a device or virtual machine that acts as an intermediary between a user’s workstation and a remote network segment. A jump server can be used to securely access servers or devices that are not directly reachable from the user’s workstation, such as database servers. A jump server can also provide audit logs and access control for the remote connections. A jump server is also known as a jump box or a jump host12.
RADIUS is a protocol for authentication, authorization, and accounting of network access. RADIUS is not a device or a method to access remote servers, but rather a way to verify the identity and permissions of users or devices that request network access34.
HSM is an acronym for Hardware Security Module, which is a physical device that provides secure storage and generation of cryptographic keys. HSMs are used to protect sensitive data and applications, such as digital signatures, encryption, and authentication. HSMs are not used to access remote servers, but rather to enhance the security of the data and applications that reside on them5.
A load balancer is a device or software that distributes network traffic across multiple servers or devices, based on criteria such as availability, performance, or capacity. A load balancer can improve the scalability, reliability, and efficiency of network services, such as web servers, application servers, or database servers. A load balancer is not used to access remote servers, but rather to optimize the delivery of the services that run on them.
Reference =
How to access a remote server using a jump host
Jump server
RADIUS
Remote Authentication Dial-In User Service (RADIUS)
Hardware Security Module (HSM)
[What is an HSM?]
[Load balancing (computing)]
[What is Load Balancing?]
A
Explanation:
A jump server is a device or virtual machine that acts as an intermediary between a user’s workstation and a remote network segment. A jump server can be used to securely access servers or devices that are not directly reachable from the user’s workstation, such as database servers. A jump server can also provide audit logs and access control for the remote connections. A jump server is also known as a jump box or a jump host12.
RADIUS is a protocol for authentication, authorization, and accounting of network access. RADIUS is not a device or a method to access remote servers, but rather a way to verify the identity and permissions of users or devices that request network access34.
HSM is an acronym for Hardware Security Module, which is a physical device that provides secure storage and generation of cryptographic keys. HSMs are used to protect sensitive data and applications, such as digital signatures, encryption, and authentication. HSMs are not used to access remote servers, but rather to enhance the security of the data and applications that reside on them5.
A load balancer is a device or software that distributes network traffic across multiple servers or devices, based on criteria such as availability, performance, or capacity. A load balancer can improve the scalability, reliability, and efficiency of network services, such as web servers, application servers, or database servers. A load balancer is not used to access remote servers, but rather to optimize the delivery of the services that run on them.
Reference =
How to access a remote server using a jump host
Jump server
RADIUS
Remote Authentication Dial-In User Service (RADIUS)
Hardware Security Module (HSM)
[What is an HSM?]
[Load balancing (computing)]
[What is Load Balancing?]
Question #220
A company purchased cyber insurance to address items listed on the risk register.
Which of the following strategies does this represent?
- A . Accept
- B . Transfer
- C . Mitigate
- D . Avoid
Correct Answer: B
B
Explanation:
Cyber insurance is a type of insurance that covers the financial losses and liabilities that result from cyberattacks, such as data breaches, ransomware, denial-of-service, phishing, or malware. Cyber insurance can help a company recover from the costs of restoring data, repairing systems, paying ransoms, compensating customers, or facing legal actions. Cyber insurance is one of the possible strategies that a company can use to address the items listed on the risk register. A riskregister is a document that records the identified risks, their probability, impact, and mitigation strategies for a project or an organization.
The four common risk mitigation strategies are:
Accept: The company acknowledges the risk and decides to accept the consequences without taking any action to reduce or eliminate the risk. This strategy is usually chosen when the risk is low or the cost of mitigation is too high.
Transfer: The company transfers the risk to a third party, such as an insurance company, a vendor, or a partner. This strategy is usually chosen when the risk is high or the company lacks the resources or expertise to handle the risk.
Mitigate: The company implements controls or measures to reduce the likelihood or impact of the risk. This strategy is usually chosen when the risk is moderate or the cost of mitigation is reasonable.
Avoid: The company eliminates the risk by changing the scope, plan, or design of the project or the organization. This strategy is usually chosen when the risk is unacceptable or the cost of mitigation is too high.
By purchasing cyber insurance, the company is transferring the risk to the insurance company, which will cover the financial losses and liabilities in case of a cyberattack. Therefore, the correct answer is B. Transfer.
Reference = CompTIA Security+ Study Guide (SY0-701), Chapter 8: Governance, Risk, and Compliance, page 377. Professor Messer’s CompTIA SY0-701 Security+ Training Course, Section 8.1: Risk Management, video: Risk Mitigation Strategies (5:37).
B
Explanation:
Cyber insurance is a type of insurance that covers the financial losses and liabilities that result from cyberattacks, such as data breaches, ransomware, denial-of-service, phishing, or malware. Cyber insurance can help a company recover from the costs of restoring data, repairing systems, paying ransoms, compensating customers, or facing legal actions. Cyber insurance is one of the possible strategies that a company can use to address the items listed on the risk register. A riskregister is a document that records the identified risks, their probability, impact, and mitigation strategies for a project or an organization.
The four common risk mitigation strategies are:
Accept: The company acknowledges the risk and decides to accept the consequences without taking any action to reduce or eliminate the risk. This strategy is usually chosen when the risk is low or the cost of mitigation is too high.
Transfer: The company transfers the risk to a third party, such as an insurance company, a vendor, or a partner. This strategy is usually chosen when the risk is high or the company lacks the resources or expertise to handle the risk.
Mitigate: The company implements controls or measures to reduce the likelihood or impact of the risk. This strategy is usually chosen when the risk is moderate or the cost of mitigation is reasonable.
Avoid: The company eliminates the risk by changing the scope, plan, or design of the project or the organization. This strategy is usually chosen when the risk is unacceptable or the cost of mitigation is too high.
By purchasing cyber insurance, the company is transferring the risk to the insurance company, which will cover the financial losses and liabilities in case of a cyberattack. Therefore, the correct answer is B. Transfer.
Reference = CompTIA Security+ Study Guide (SY0-701), Chapter 8: Governance, Risk, and Compliance, page 377. Professor Messer’s CompTIA SY0-701 Security+ Training Course, Section 8.1: Risk Management, video: Risk Mitigation Strategies (5:37).