Practice Free SY0-701 Exam Online Questions
Question #221
A company processes and stores sensitive data on its own systems.
Which of the following steps should the company take first to ensure compliance with privacy regulations?
- A . Implement access controls and encryption.
- B . Develop and provide training on data protection policies.
- C . Create incident response and disaster recovery plans.
- D . Purchase and install security software.
Correct Answer: A
Question #222
Which of the following is an example of a false negative vulnerability detection in a scan report?
- A . A vulnerability that does not actually exist
- B . A vulnerability that has already been remediated
- C . A result that shows no known vulnerability
- D . A zero-day vulnerability with a known remediation
Correct Answer: C
C
Explanation:
A false negative occurs when a security control or scanning tool fails to detect a vulnerability that actually exists. In vulnerability scanning, this means the scan reports a system as secure even though it is vulnerable. Therefore, a result that shows no known vulnerability is an example of a false negative if a vulnerability is present but undetected.
CompTIA Security+ SY0-701 explains that false negatives are particularly dangerous because they provide a false sense of security, potentially leaving systems exposed to exploitation. Causes of false negatives include outdated vulnerability signatures, misconfigured scanners, credentialed scan failures, or unsupported legacy systems.
Option A describes a false positive, where a vulnerability is reported but does not exist.
Option B may indicate an outdated scan result, not necessarily a false negative.
Option D is incorrect because zero-day vulnerabilities do not have known remediations and are typically not detected by signature-based scanners.
Thus, the correct example of a false negative is C: A result that shows no known vulnerability.
C
Explanation:
A false negative occurs when a security control or scanning tool fails to detect a vulnerability that actually exists. In vulnerability scanning, this means the scan reports a system as secure even though it is vulnerable. Therefore, a result that shows no known vulnerability is an example of a false negative if a vulnerability is present but undetected.
CompTIA Security+ SY0-701 explains that false negatives are particularly dangerous because they provide a false sense of security, potentially leaving systems exposed to exploitation. Causes of false negatives include outdated vulnerability signatures, misconfigured scanners, credentialed scan failures, or unsupported legacy systems.
Option A describes a false positive, where a vulnerability is reported but does not exist.
Option B may indicate an outdated scan result, not necessarily a false negative.
Option D is incorrect because zero-day vulnerabilities do not have known remediations and are typically not detected by signature-based scanners.
Thus, the correct example of a false negative is C: A result that shows no known vulnerability.
Question #223
Which of the following data states applies to data that is being actively processed by a database server?
- A . In use
- B . At rest
- C . In transit
- D . Being hashed
Correct Answer: A
Question #224
A database administrator is updating the company’s SQL database, which stores credit card information for pending purchases.
Which of the following is the best method to secure the data against a potential breach?
- A . Hashing
- B . Obfuscation
- C . Tokenization
- D . Masking
Correct Answer: C
Question #225
Which of the following environments utilizes a subset of customer data and is most likely to be used to assess the impacts of major system upgrades and demonstrate system features?
- A . Development
- B . Test
- C . Production
- D . Staging
Correct Answer: D
D
Explanation:
A staging environment is a controlled setting that closely mirrors the production environment but uses a subset of customer data. It is used to test major system upgrades, assess their impact, and demonstrate new features before they are rolled out to the live production environment. This ensures that any issues can be identified and addressed in a safe environment before affecting end-users.
Reference = CompTIA Security+ SY0-701 study materials, particularly in the domain of secure system development and testing environments.
D
Explanation:
A staging environment is a controlled setting that closely mirrors the production environment but uses a subset of customer data. It is used to test major system upgrades, assess their impact, and demonstrate new features before they are rolled out to the live production environment. This ensures that any issues can be identified and addressed in a safe environment before affecting end-users.
Reference = CompTIA Security+ SY0-701 study materials, particularly in the domain of secure system development and testing environments.
Question #226
Which of the following should a security operations center use to improve its incident response procedure?
- A . Playbooks
- B . Frameworks
- C . Baselines
- D . Benchmarks
Correct Answer: A
A
Explanation:
A playbook is a documented set of procedures that outlines the step-by-step response to specific types of cybersecurity incidents. Security Operations Centers (SOCs) use playbooks to improve consistency, efficiency, and accuracy during incident response. Playbooks help ensure that the correct procedures are followed based on the type of incident, ensuring swift and effective remediation.
Frameworks provide general guidelines for implementing security but are not specific enough for incident response procedures.
Baselines represent normal system behavior and are used for anomaly detection, not incident response guidance.
Benchmarks are performance standards and are not directly related to incident response.
A
Explanation:
A playbook is a documented set of procedures that outlines the step-by-step response to specific types of cybersecurity incidents. Security Operations Centers (SOCs) use playbooks to improve consistency, efficiency, and accuracy during incident response. Playbooks help ensure that the correct procedures are followed based on the type of incident, ensuring swift and effective remediation.
Frameworks provide general guidelines for implementing security but are not specific enough for incident response procedures.
Baselines represent normal system behavior and are used for anomaly detection, not incident response guidance.
Benchmarks are performance standards and are not directly related to incident response.
Question #227
Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?
- A . Software as a service
- B . Infrastructure as code
- C . Internet of Things
- D . Software-defined networking
Correct Answer: B
B
Explanation:
Infrastructure as code (IaC) is a method of using code and automation to manage and provision cloud resources, such as servers, networks, storage, and applications. IaC allows for easy deployment, scalability, consistency, and repeatability of cloud environments. IaC is also a key component of DevSecOps, which integrates security into the development and operations processes.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 6: Cloud and Virtualization Concepts, page 294.
B
Explanation:
Infrastructure as code (IaC) is a method of using code and automation to manage and provision cloud resources, such as servers, networks, storage, and applications. IaC allows for easy deployment, scalability, consistency, and repeatability of cloud environments. IaC is also a key component of DevSecOps, which integrates security into the development and operations processes.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 6: Cloud and Virtualization Concepts, page 294.
Question #228
Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer’s PII?
- A . SCAP
- B . Net Flow
- C . Antivirus
- D . DLP
Correct Answer: D
D
Explanation:
DLP stands for Data Loss Prevention, which is a tool that can assist with detecting and preventing the unauthorized transmission or leakage of sensitive data, such as a customer’s PII (Personally Identifiable Information). DLP can monitor, filter, and block data in motion (such as emails), data at rest (such as files), and data in use (such as applications). DLP can also alert the sender, the recipient, or the administrator of the data breach, and apply remediation actions, such as encryption, quarantine, or deletion. DLP can help an organization comply with data protection regulations, such as GDPR, HIPAA, or PCI DSS, and protect its reputation and assets.
Reference = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 2, page 78. CompTIA Security+ SY0-701 Exam Objectives, Domain 2.5, page 11.
D
Explanation:
DLP stands for Data Loss Prevention, which is a tool that can assist with detecting and preventing the unauthorized transmission or leakage of sensitive data, such as a customer’s PII (Personally Identifiable Information). DLP can monitor, filter, and block data in motion (such as emails), data at rest (such as files), and data in use (such as applications). DLP can also alert the sender, the recipient, or the administrator of the data breach, and apply remediation actions, such as encryption, quarantine, or deletion. DLP can help an organization comply with data protection regulations, such as GDPR, HIPAA, or PCI DSS, and protect its reputation and assets.
Reference = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 2, page 78. CompTIA Security+ SY0-701 Exam Objectives, Domain 2.5, page 11.
Question #229
An administrator is Investigating an incident and discovers several users’ computers were Infected with malware after viewing files mat were shared with them. The administrator discovers no degraded performance in the infected machines and an examination of the log files does not show excessive failed logins.
Which of the following attacks Is most likely the cause of the malware?
- A . Malicious flash drive
- B . Remote access Trojan
- C . Brute-forced password
- D . Cryptojacking
Correct Answer: D
D
Explanation:
Cryptojacking is the likely cause in this scenario. It involves malware that hijacks the resources of infected computers to mine cryptocurrency, usually without the user’s knowledge. This type of attack doesn’t typically degrade performance significantly or result in obvious system failures, which matches the situation described, where the machines showed no signs of degraded performance or excessive failed logins.
Reference =
CompTIA Security+ SY0-701 Course Content: Cryptojacking is covered under types of malware attacks, highlighting its stealthy nature and impact on infected systems.
D
Explanation:
Cryptojacking is the likely cause in this scenario. It involves malware that hijacks the resources of infected computers to mine cryptocurrency, usually without the user’s knowledge. This type of attack doesn’t typically degrade performance significantly or result in obvious system failures, which matches the situation described, where the machines showed no signs of degraded performance or excessive failed logins.
Reference =
CompTIA Security+ SY0-701 Course Content: Cryptojacking is covered under types of malware attacks, highlighting its stealthy nature and impact on infected systems.
Question #230
Which of the following actions is best performed by ticketing automation to ensure that incidents receive the correct level of attention and response?
- A . Notification
- B . Creation
- C . Closure
- D . Escalation
Correct Answer: D
D
Explanation:
The key phrase is “ensure that incidents receive the correct level of attention and response.” In operations, that aligns most directly with escalation―moving high-severity or time-sensitive incidents to the right people/teams quickly and consistently, according to predefined criteria (severity, impacted systems, threat intel enrichment, SLA timers). The Study Guide lists ticketing and escalation explicitly as automation use cases: “Ticket creation: Automation can streamline the ticketing process, enabling immediate creation and routing of issues to the right teams.” and, crucially for this question, “Escalation: In case of a major incident, scripts can automate the escalation process, alerting key personnel quickly.”
While automation can also handle notification and ticket creation, escalation is the control that most directly enforces that the incident gets the proper priority and response path (for example: paging on-call, invoking the IR lead, opening a bridge, and applying “major incident” workflows). Closure is typically less suitable because it often requires validation and human judgment to ensure containment, eradication, and recovery steps are complete.
Reference: Automation use cases for ticketing, including escalation for major incidents.
D
Explanation:
The key phrase is “ensure that incidents receive the correct level of attention and response.” In operations, that aligns most directly with escalation―moving high-severity or time-sensitive incidents to the right people/teams quickly and consistently, according to predefined criteria (severity, impacted systems, threat intel enrichment, SLA timers). The Study Guide lists ticketing and escalation explicitly as automation use cases: “Ticket creation: Automation can streamline the ticketing process, enabling immediate creation and routing of issues to the right teams.” and, crucially for this question, “Escalation: In case of a major incident, scripts can automate the escalation process, alerting key personnel quickly.”
While automation can also handle notification and ticket creation, escalation is the control that most directly enforces that the incident gets the proper priority and response path (for example: paging on-call, invoking the IR lead, opening a bridge, and applying “major incident” workflows). Closure is typically less suitable because it often requires validation and human judgment to ensure containment, eradication, and recovery steps are complete.
Reference: Automation use cases for ticketing, including escalation for major incidents.