Practice Free SY0-701 Exam Online Questions
Question #241
An engineer has ensured that the switches are using the latest OS, the servers have the latest patches, and the endpoints’ definitions are up to date.
Which of the following will these actions most effectively prevent?
- A . Zero-day attacks
- B . Insider threats
- C . End-of-life support
- D . Known exploits
Correct Answer: D
D
Explanation:
Applying the latest OS updates, patches, and endpoint definitions is the most effective way to prevent known exploits, which are attacks leveraging previously discovered vulnerabilities for which fixes are available.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 2.3: "Applying patches and updates prevents exploitation of known vulnerabilities."
Exam Objectives 2.3: “Analyze potential indicators associated with network attacks.”
D
Explanation:
Applying the latest OS updates, patches, and endpoint definitions is the most effective way to prevent known exploits, which are attacks leveraging previously discovered vulnerabilities for which fixes are available.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 2.3: "Applying patches and updates prevents exploitation of known vulnerabilities."
Exam Objectives 2.3: “Analyze potential indicators associated with network attacks.”
Question #242
Which of the following provides resilience by hosting critical VMs within different IaaS providers while being maintained by internal application owners?
- A . Multicloud architectures
- B . SaaS provider diversity
- C . On-premises server load balancing
- D . Corporate-owned, off-site locations
Correct Answer: A
A
Explanation:
Multicloud architectures use two or more IaaS providers (e.g., AWS + Azure + GCP) to distribute workloads, increase redundancy, and reduce single points of failure.
Security+ SY0-701 emphasizes multicloud strategies for enhancing:
Resilience
Availability
Fault tolerance
Geographic redundancy
Vendor independence
The question specifies:
Critical VMs
Hosted across different IaaS providers
Still maintained by internal application owners
This perfectly matches a multicloud deployment, where organizations maintain control over VM configuration while leveraging multiple cloud vendors for resilience.
SaaS provider diversity (B) applies to application services, not internally managed VMs.
On-prem load balancing (C) does not involve cloud providers.
Corporate-owned off-site locations (D) refer to DR sites, not multi-vendor cloud hosting.
Thus, A: Multicloud architectures is the correct answer.
A
Explanation:
Multicloud architectures use two or more IaaS providers (e.g., AWS + Azure + GCP) to distribute workloads, increase redundancy, and reduce single points of failure.
Security+ SY0-701 emphasizes multicloud strategies for enhancing:
Resilience
Availability
Fault tolerance
Geographic redundancy
Vendor independence
The question specifies:
Critical VMs
Hosted across different IaaS providers
Still maintained by internal application owners
This perfectly matches a multicloud deployment, where organizations maintain control over VM configuration while leveraging multiple cloud vendors for resilience.
SaaS provider diversity (B) applies to application services, not internally managed VMs.
On-prem load balancing (C) does not involve cloud providers.
Corporate-owned off-site locations (D) refer to DR sites, not multi-vendor cloud hosting.
Thus, A: Multicloud architectures is the correct answer.
Question #243
A security administrator needs to reduce the attack surface in the company’s data centers.
Which of the following should the security administrator do to complete this task?
- A . Implement a honeynet.
- B . Define Group Policy on the servers.
- C . Configure the servers for high availability.
- D . Upgrade end-of-support operating systems.
Correct Answer: D
D
Explanation:
Upgrading end-of-support operating systems is one of the most effective ways to reduce the attack surface. Unsupported OS versions no longer receive security patches, making them prime targets for attackers. Removing outdated software ensures that known vulnerabilities cannot be exploited.
A (honeynet)is used for threat analysis, not reducing the attack surface.
B (Group Policy) helps enforce security policies but does not address outdated vulnerabilities.
C (High availability) focuses on uptime, not security risk reduction.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Security Architecture domain.
D
Explanation:
Upgrading end-of-support operating systems is one of the most effective ways to reduce the attack surface. Unsupported OS versions no longer receive security patches, making them prime targets for attackers. Removing outdated software ensures that known vulnerabilities cannot be exploited.
A (honeynet)is used for threat analysis, not reducing the attack surface.
B (Group Policy) helps enforce security policies but does not address outdated vulnerabilities.
C (High availability) focuses on uptime, not security risk reduction.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Security Architecture domain.
Question #244
Which of the following cryptographic methods is preferred for securing communications with limited computing resources?
- A . Hashing algorithm
- B . Public key infrastructure
- C . Symmetric encryption
- D . Elliptic curve cryptography
Correct Answer: B
Question #245
A newly appointed board member with cybersecurity knowledge wants the board of directors to receive a quarterly report detailing the number of incidents that impacted the organization. The systems administrator is creating a way to present the data to the board of directors.
Which of the following should the systems administrator use?
- A . Packet captures
- B . Vulnerability scans
- C . Metadata
- D . Dashboard
Correct Answer: D
D
Explanation:
A dashboard is a graphical user interface that provides a visual representation of key performance indicators, metrics, and trends related to security events and incidents. A dashboard can help the board of directors to understand the number and impact of incidents that affected the organization in a given period, as well as the status and effectiveness of the security controls and processes. A dashboard can also allow the board of directors to drill down into specific details or filter the data by various criteria12.
A packet capture is a method of capturing and analyzing the network traffic that passes through a device or a network segment. A packet capture can provide detailed information about the source, destination, protocol, and content of each packet, but it is not a suitable way to present a summary of incidents to the board of directors13.
A vulnerability scan is a process of identifying and assessing the weaknesses and exposures in a system or a network that could be exploited by attackers. A vulnerability scan can help the organization to prioritize and remediate the risks and improve the security posture, but it is not a relevant way to report the number of incidents that occurred in a quarter14.
Metadata is data that describes other data, such as its format, origin, structure, or context. Metadata can provide useful information about the characteristics and properties of data, but it is not a meaningful way to communicate the impact and frequency of incidents to the board of directors.
Reference = 1: CompTIA Security+ SY0-701 Certification Study Guide, page 3722: SIEM Dashboards C SY0-601 CompTIA Security+: 4.3, video by Professor Messer3: CompTIA Security+ SY0-701 Certification Study Guide, page 3464: CompTIA Security+ SY0-701 Certification Study Guide, page 362.: CompTIA Security+ SY0-701 Certification Study Guide, page 97.
D
Explanation:
A dashboard is a graphical user interface that provides a visual representation of key performance indicators, metrics, and trends related to security events and incidents. A dashboard can help the board of directors to understand the number and impact of incidents that affected the organization in a given period, as well as the status and effectiveness of the security controls and processes. A dashboard can also allow the board of directors to drill down into specific details or filter the data by various criteria12.
A packet capture is a method of capturing and analyzing the network traffic that passes through a device or a network segment. A packet capture can provide detailed information about the source, destination, protocol, and content of each packet, but it is not a suitable way to present a summary of incidents to the board of directors13.
A vulnerability scan is a process of identifying and assessing the weaknesses and exposures in a system or a network that could be exploited by attackers. A vulnerability scan can help the organization to prioritize and remediate the risks and improve the security posture, but it is not a relevant way to report the number of incidents that occurred in a quarter14.
Metadata is data that describes other data, such as its format, origin, structure, or context. Metadata can provide useful information about the characteristics and properties of data, but it is not a meaningful way to communicate the impact and frequency of incidents to the board of directors.
Reference = 1: CompTIA Security+ SY0-701 Certification Study Guide, page 3722: SIEM Dashboards C SY0-601 CompTIA Security+: 4.3, video by Professor Messer3: CompTIA Security+ SY0-701 Certification Study Guide, page 3464: CompTIA Security+ SY0-701 Certification Study Guide, page 362.: CompTIA Security+ SY0-701 Certification Study Guide, page 97.
Question #246
Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software?
- A . Configure all systems to log scheduled tasks.
- B . Collect and monitor all traffic exiting the network.
- C . Block traffic based on known malicious signatures.
- D . Install endpoint management software on all systems.
Correct Answer: D
D
Explanation:
Endpoint management software is a tool that allows security engineers to monitor and control the configuration, security, and performance of workstations and servers from a central console. Endpoint management software can help detect and prevent unauthorized changes and software installations, enforce policies and compliance, and provide reports and alerts on the status of the endpoints. The other options are not as effective or comprehensive as endpoint management software for this purpose.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 137 1
D
Explanation:
Endpoint management software is a tool that allows security engineers to monitor and control the configuration, security, and performance of workstations and servers from a central console. Endpoint management software can help detect and prevent unauthorized changes and software installations, enforce policies and compliance, and provide reports and alerts on the status of the endpoints. The other options are not as effective or comprehensive as endpoint management software for this purpose.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 137 1
Question #247
Which of the following describes the reason root cause analysis should be conducted as part of incident response?
- A . To gather loCs for the investigation
- B . To discover which systems have been affected
- C . To eradicate any trace of malware on the network
- D . To prevent future incidents of the same nature
Correct Answer: D
D
Explanation:
Root cause analysis is a process of identifying and resolving the underlying factors that led to an incident. By conducting root cause analysis as part of incident response, security professionals can learn from the incident and implement corrective actions to prevent future incidents of the same nature. For example, if the root cause of a data breach was a weak password policy, the security team can enforce a stronger password policy and educate users on the importance of password security. Root cause analysis can also help to improve security processes, policies, and procedures, and to enhance security awareness and culture within the organization. Root cause analysis is not meant to gather loCs (indicators of compromise) for the investigation, as this is a task performed during the identification and analysis phases of incident response. Root cause analysis is also not meant to discover which systems have been affected or to eradicate any trace of malware on the network, as these are tasks performed during the containment and eradication phases of incident response.
Reference = CompTIA Security+ SY0-701 Certification Study Guide, page 424-425; Professor Messer’s CompTIA SY0-701 Security+ Training Course, video 5.1 – Incident Response, 9:55 – 11:18.
D
Explanation:
Root cause analysis is a process of identifying and resolving the underlying factors that led to an incident. By conducting root cause analysis as part of incident response, security professionals can learn from the incident and implement corrective actions to prevent future incidents of the same nature. For example, if the root cause of a data breach was a weak password policy, the security team can enforce a stronger password policy and educate users on the importance of password security. Root cause analysis can also help to improve security processes, policies, and procedures, and to enhance security awareness and culture within the organization. Root cause analysis is not meant to gather loCs (indicators of compromise) for the investigation, as this is a task performed during the identification and analysis phases of incident response. Root cause analysis is also not meant to discover which systems have been affected or to eradicate any trace of malware on the network, as these are tasks performed during the containment and eradication phases of incident response.
Reference = CompTIA Security+ SY0-701 Certification Study Guide, page 424-425; Professor Messer’s CompTIA SY0-701 Security+ Training Course, video 5.1 – Incident Response, 9:55 – 11:18.
Question #248
Which of the following is a directive managerial control?
- A . Acceptable use policy
- B . Login warning banner
- C . Master service agreement
- D . No trespassing sign
Correct Answer: A
A
Explanation:
A directive managerial control provides guidance and expectations for behavior through policy and governance. An Acceptable Use Policy (AUP) is a classic example, as it defines how users may and may not use organizational systems and data. Security+ SY0-701 categorizes policies as managerial (administrative) controls that direct user behavior and establish accountability.
A login warning banner (B) is typically a deterrent/administrative control but is not managerial in nature. A master service agreement (C) is a contractual/legal document, not a managerial directive for internal users. A “No trespassing” sign (D) is a physical deterrent control.
Because an AUP formally directs behavior and is enforced through management processes, A: Acceptable use policy is correct.
A
Explanation:
A directive managerial control provides guidance and expectations for behavior through policy and governance. An Acceptable Use Policy (AUP) is a classic example, as it defines how users may and may not use organizational systems and data. Security+ SY0-701 categorizes policies as managerial (administrative) controls that direct user behavior and establish accountability.
A login warning banner (B) is typically a deterrent/administrative control but is not managerial in nature. A master service agreement (C) is a contractual/legal document, not a managerial directive for internal users. A “No trespassing” sign (D) is a physical deterrent control.
Because an AUP formally directs behavior and is enforced through management processes, A: Acceptable use policy is correct.
Question #249
A company’s web filter is configured to scan the URL for strings and deny access when matches are found.
Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?
- A . encryption=off
- B . http://
- C . www.*.com
- D . :443
Correct Answer: B
B
Explanation:
A web filter is a device or software that can monitor, block, or allow web traffic based on predefined rules or policies. One of the common methods of web filtering is to scan the URL for strings and deny access when matches are found. For example, a web filter can block access to websites that contain the words “gambling”, “porn”, or “malware” in their URLs. A URL is a uniform resource locator that identifies the location and protocol of a web resource. A URL typically consists of the following components: protocol://domain:port/path?query#fragment.The protocol specifies the communication method used to access the web resource, such as HTTP, HTTPS, FTP, or SMTP. The domain is the name of the web server that hosts the web resource, such as www.google.com or www.bing.com. The port is an optional number that identifies the specific service or application running on the web server, such as 80 for HTTP or 443 for HTTPS. The path is the specific folder or file name of the web resource, such as /index.html or /images/logo.png. The query is an optional string that contains additional information or parameters for the web resource, such as ?q=security or ?lang=en. The fragment is an optional string that identifies a specific part or section of the web resource, such as #introduction or #summary.
To prohibit access to non-encrypted websites, an analyst should employ a search string that matches the protocol of non-encrypted web traffic, which is HTTP. HTTP stands for hypertext transfer protocol, and it is a standard protocol for transferring data between web servers and web browsers. However, HTTP does not provide any encryption or security for the data, which means that anyone who intercepts the web traffic can read or modify the data. Therefore, non-encrypted websites are vulnerable to eavesdropping, tampering, or spoofing attacks. To access a non-encrypted website, the URL usually starts with http://, followed by the domain name and optionally the port number. For example, http://www.example.com or http://www.example.com:80. By scanning the URL for the string http://, the web filter can identify and block non-encrypted websites.
The other options are not correct because they do not match the protocol of non-encrypted web traffic. Encryption=off is a possible query string that indicates the encryption status of the web resource, but it is not a standard or mandatory parameter. Https:// is the protocol of encrypted web traffic, which uses hypertext transfer protocol secure (HTTPS) to provide encryption and security for the data. Www.*.com is a possible domain name that matches any website that starts with www and ends with .com, but it does not specify the protocol. :443 is the port number of HTTPS, which is the protocol of encrypted web traffic.
Reference = CompTIA Security+ Study Guide (SY0-701), Chapter 2: Securing Networks, page 69. Professor Messer’s CompTIA SY0-701 Security+ Training Course, Section 2.1: Network Devices and Technologies, video: Web Filter (5:16).
B
Explanation:
A web filter is a device or software that can monitor, block, or allow web traffic based on predefined rules or policies. One of the common methods of web filtering is to scan the URL for strings and deny access when matches are found. For example, a web filter can block access to websites that contain the words “gambling”, “porn”, or “malware” in their URLs. A URL is a uniform resource locator that identifies the location and protocol of a web resource. A URL typically consists of the following components: protocol://domain:port/path?query#fragment.The protocol specifies the communication method used to access the web resource, such as HTTP, HTTPS, FTP, or SMTP. The domain is the name of the web server that hosts the web resource, such as www.google.com or www.bing.com. The port is an optional number that identifies the specific service or application running on the web server, such as 80 for HTTP or 443 for HTTPS. The path is the specific folder or file name of the web resource, such as /index.html or /images/logo.png. The query is an optional string that contains additional information or parameters for the web resource, such as ?q=security or ?lang=en. The fragment is an optional string that identifies a specific part or section of the web resource, such as #introduction or #summary.
To prohibit access to non-encrypted websites, an analyst should employ a search string that matches the protocol of non-encrypted web traffic, which is HTTP. HTTP stands for hypertext transfer protocol, and it is a standard protocol for transferring data between web servers and web browsers. However, HTTP does not provide any encryption or security for the data, which means that anyone who intercepts the web traffic can read or modify the data. Therefore, non-encrypted websites are vulnerable to eavesdropping, tampering, or spoofing attacks. To access a non-encrypted website, the URL usually starts with http://, followed by the domain name and optionally the port number. For example, http://www.example.com or http://www.example.com:80. By scanning the URL for the string http://, the web filter can identify and block non-encrypted websites.
The other options are not correct because they do not match the protocol of non-encrypted web traffic. Encryption=off is a possible query string that indicates the encryption status of the web resource, but it is not a standard or mandatory parameter. Https:// is the protocol of encrypted web traffic, which uses hypertext transfer protocol secure (HTTPS) to provide encryption and security for the data. Www.*.com is a possible domain name that matches any website that starts with www and ends with .com, but it does not specify the protocol. :443 is the port number of HTTPS, which is the protocol of encrypted web traffic.
Reference = CompTIA Security+ Study Guide (SY0-701), Chapter 2: Securing Networks, page 69. Professor Messer’s CompTIA SY0-701 Security+ Training Course, Section 2.1: Network Devices and Technologies, video: Web Filter (5:16).