Practice Free SY0-701 Exam Online Questions
Question #21
Which of the following best describe a penetration test that resembles an actual external attach?
- A . Known environment
- B . Partially known environment
- C . Bug bounty
- D . Unknown environment
Correct Answer: D
D
Explanation:
An unknown environment in penetration testing, also known as a black-box test, simulates an actual external attack where the tester has no prior knowledge of the system. This type of penetration test is designed to mimic real-world attack scenarios, where an attacker has little to no information about the target environment. The tester must rely on various reconnaissance and attack techniques to uncover vulnerabilities, much like a real-world attacker would. This approach helps organizations understand their security posture from an external perspective, providing insights into how their defenses would hold up against a true outsider threat.
CompTIA Security+ SY0-701 Course Content: The course highlights the importance of understanding different penetration testing environments, including black-box testing, which aligns with the "unknown environment" in the provided answer.
CompTIA Security+ SY0-601 Study Guide: The guide details penetration testing methodologies, including black-box testing, which is crucial for simulating real external attacks.
D
Explanation:
An unknown environment in penetration testing, also known as a black-box test, simulates an actual external attack where the tester has no prior knowledge of the system. This type of penetration test is designed to mimic real-world attack scenarios, where an attacker has little to no information about the target environment. The tester must rely on various reconnaissance and attack techniques to uncover vulnerabilities, much like a real-world attacker would. This approach helps organizations understand their security posture from an external perspective, providing insights into how their defenses would hold up against a true outsider threat.
CompTIA Security+ SY0-701 Course Content: The course highlights the importance of understanding different penetration testing environments, including black-box testing, which aligns with the "unknown environment" in the provided answer.
CompTIA Security+ SY0-601 Study Guide: The guide details penetration testing methodologies, including black-box testing, which is crucial for simulating real external attacks.
Question #22
Which of the following metrics impacts the backup schedule as part of the BIA?
- A . RTO
- B . RPO
- C . MTTR
- D . MTBF
Correct Answer: B
B
Explanation:
Recovery Point Objective (RPO) defines the maximum acceptable amount of data loss measured in time. It directly impacts how frequently backups should occur to ensure data can be restored to a point no older than the RPO after a disruption.
Recovery Time Objective (RTO) (A) defines how quickly systems must be restored but does not dictate backup frequency. Mean Time To Repair (MTTR) (C) and Mean Time Between Failures (MTBF) (D) relate to system repair and reliability metrics, not backup schedules.
Understanding and defining RPO is a key part of the Business Impact Analysis (BIA) process covered in the Risk Management domain 【 6:Chapter 17†CompTIA Security+ Study Guide 】 .
B
Explanation:
Recovery Point Objective (RPO) defines the maximum acceptable amount of data loss measured in time. It directly impacts how frequently backups should occur to ensure data can be restored to a point no older than the RPO after a disruption.
Recovery Time Objective (RTO) (A) defines how quickly systems must be restored but does not dictate backup frequency. Mean Time To Repair (MTTR) (C) and Mean Time Between Failures (MTBF) (D) relate to system repair and reliability metrics, not backup schedules.
Understanding and defining RPO is a key part of the Business Impact Analysis (BIA) process covered in the Risk Management domain 【 6:Chapter 17†CompTIA Security+ Study Guide 】 .
Question #23
An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software.
Which of the following security techniques is the IT manager setting up?
- A . Hardening
- B . Employee monitoring
- C . Configuration enforcement
- D . Least privilege
Correct Answer: D
D
Explanation:
The principle of least privilege is a security concept that limits access to resources to the minimum level needed for a user, a program, or a device to perform a legitimate function. It is a cybersecurity best practice that protects high-value data and assets from compromise or insider threat. Least privilege can be applied to different abstraction layers of a computing environment, such as processes, systems, or connected devices. However, it is rarely implemented in practice.
In this scenario, the IT manager is setting up the principle of least privilege by restricting access to the administrator console of the help desk software to only two authorized users: the IT manager and the help desk lead. This way, the IT manager can prevent unauthorized or accidental changes to the software configuration, data, or functionality by other help desk staff. The other help desk staff will only have access to the normal user interface of the software, which is sufficient for them to
perform their job functions.
The other options are not correct. Hardening is the process of securing a system by reducing its surface of vulnerability, such as by removing unnecessary software, changing default passwords, or disabling unnecessary services. Employee monitoring is the surveillance of workers’ activity, such as by tracking web browsing, application use, keystrokes, or screenshots. Configuration enforcement is the process of ensuring that a system adheres to a predefined set of security settings, such as by applying a patch, a policy, or a template.
=
https://en.wikipedia.org/wiki/Principle_of_least_privilege
https://en.wikipedia.org/wiki/Principle_of_least_privilege
D
Explanation:
The principle of least privilege is a security concept that limits access to resources to the minimum level needed for a user, a program, or a device to perform a legitimate function. It is a cybersecurity best practice that protects high-value data and assets from compromise or insider threat. Least privilege can be applied to different abstraction layers of a computing environment, such as processes, systems, or connected devices. However, it is rarely implemented in practice.
In this scenario, the IT manager is setting up the principle of least privilege by restricting access to the administrator console of the help desk software to only two authorized users: the IT manager and the help desk lead. This way, the IT manager can prevent unauthorized or accidental changes to the software configuration, data, or functionality by other help desk staff. The other help desk staff will only have access to the normal user interface of the software, which is sufficient for them to
perform their job functions.
The other options are not correct. Hardening is the process of securing a system by reducing its surface of vulnerability, such as by removing unnecessary software, changing default passwords, or disabling unnecessary services. Employee monitoring is the surveillance of workers’ activity, such as by tracking web browsing, application use, keystrokes, or screenshots. Configuration enforcement is the process of ensuring that a system adheres to a predefined set of security settings, such as by applying a patch, a policy, or a template.
=
https://en.wikipedia.org/wiki/Principle_of_least_privilege
https://en.wikipedia.org/wiki/Principle_of_least_privilege
Question #24
A company’s antivirus solution is effective in blocking malware but often has false positives. The security team has spent a significant amount of time on investigations but cannot determine a root cause. The company is looking for a heuristic solution.
Which of the following should replace the antivirus solution?
- A . SIEM
- B . EDR
- C . DLP
- D . IDS
Correct Answer: B
B
Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
Endpoint Detection and Response (EDR) platforms use behavioral analytics, machine learning, heuristics, and anomaly detection to identify malware and suspicious activity more accurately than traditional signature-based antivirus. EDR solutions also provide rich telemetry, process tracking, sandboxing, and automated investigation capabilities.
The SY0-701 exam emphasizes EDR as a replacement for legacy antivirus in modern threat environments. EDR can significantly reduce false positives by establishing behavioral baselines and analyzing file, process, and memory activity rather than relying solely on signatures. The scenario states the company wants a heuristic solution, which directly aligns with EDR’s advanced detection approach.
SIEM (A) is for log aggregation and correlation―not endpoint protection. DLP (C) prevents data exfiltration but does not detect malware. IDS (D) analyzes network traffic, not endpoint behavior.
Thus, EDR is the correct solution to reduce false positives and improve malware-detection accuracy.
B
Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
Endpoint Detection and Response (EDR) platforms use behavioral analytics, machine learning, heuristics, and anomaly detection to identify malware and suspicious activity more accurately than traditional signature-based antivirus. EDR solutions also provide rich telemetry, process tracking, sandboxing, and automated investigation capabilities.
The SY0-701 exam emphasizes EDR as a replacement for legacy antivirus in modern threat environments. EDR can significantly reduce false positives by establishing behavioral baselines and analyzing file, process, and memory activity rather than relying solely on signatures. The scenario states the company wants a heuristic solution, which directly aligns with EDR’s advanced detection approach.
SIEM (A) is for log aggregation and correlation―not endpoint protection. DLP (C) prevents data exfiltration but does not detect malware. IDS (D) analyzes network traffic, not endpoint behavior.
Thus, EDR is the correct solution to reduce false positives and improve malware-detection accuracy.
Question #25
Which of the following best describes the practice of researching laws and regulations related to information security operations within a specific industry?
- A . Compliance reporting
- B . GDPR
- C . Due diligence
- D . Attestation
Correct Answer: C
C
Explanation:
Due diligence refers to the process of researching and understanding the laws, regulations, and best practices that govern information security within a specific industry. Organizations are required to conduct due diligence to ensure compliance with legal and regulatory requirements, which helps mitigate risks and avoid penalties.
Compliance reporting involves generating reports to demonstrate adherence to legal or regulatory standards.
GDPR is a specific regulation governing data privacy in the EU, not a general practice of researching laws.
Attestation is a formal declaration that an organization is compliant with a set of standards but is not the act of researching the laws.
C
Explanation:
Due diligence refers to the process of researching and understanding the laws, regulations, and best practices that govern information security within a specific industry. Organizations are required to conduct due diligence to ensure compliance with legal and regulatory requirements, which helps mitigate risks and avoid penalties.
Compliance reporting involves generating reports to demonstrate adherence to legal or regulatory standards.
GDPR is a specific regulation governing data privacy in the EU, not a general practice of researching laws.
Attestation is a formal declaration that an organization is compliant with a set of standards but is not the act of researching the laws.
Question #25
Which of the following best describes the practice of researching laws and regulations related to information security operations within a specific industry?
- A . Compliance reporting
- B . GDPR
- C . Due diligence
- D . Attestation
Correct Answer: C
C
Explanation:
Due diligence refers to the process of researching and understanding the laws, regulations, and best practices that govern information security within a specific industry. Organizations are required to conduct due diligence to ensure compliance with legal and regulatory requirements, which helps mitigate risks and avoid penalties.
Compliance reporting involves generating reports to demonstrate adherence to legal or regulatory standards.
GDPR is a specific regulation governing data privacy in the EU, not a general practice of researching laws.
Attestation is a formal declaration that an organization is compliant with a set of standards but is not the act of researching the laws.
C
Explanation:
Due diligence refers to the process of researching and understanding the laws, regulations, and best practices that govern information security within a specific industry. Organizations are required to conduct due diligence to ensure compliance with legal and regulatory requirements, which helps mitigate risks and avoid penalties.
Compliance reporting involves generating reports to demonstrate adherence to legal or regulatory standards.
GDPR is a specific regulation governing data privacy in the EU, not a general practice of researching laws.
Attestation is a formal declaration that an organization is compliant with a set of standards but is not the act of researching the laws.
Question #27
A security analyst sees an increase of vulnerabilities on workstations after a deployment of a company group policy.
Which of the following vulnerability types will the analyst most likely find on the workstations?
- A . Misconfiguration
- B . Zero-day
- C . Malicious update
- D . Supply chain
Correct Answer: A
A
Explanation:
Group policies can inadvertently introduce misconfigurations, such as enabling insecure settings or failing to disable legacy protocols, increasing vulnerabilities.
Zero-day (B) are previously unknown vulnerabilities, malicious updates (C) are attacker-controlled, and supply chain (D) risks come from third-party components.
Misconfiguration vulnerabilities are commonly introduced during changes and are emphasized in Security Operations 【 6:Chapter 14†CompTIA Security+ Study Guide 】 .
A
Explanation:
Group policies can inadvertently introduce misconfigurations, such as enabling insecure settings or failing to disable legacy protocols, increasing vulnerabilities.
Zero-day (B) are previously unknown vulnerabilities, malicious updates (C) are attacker-controlled, and supply chain (D) risks come from third-party components.
Misconfiguration vulnerabilities are commonly introduced during changes and are emphasized in Security Operations 【 6:Chapter 14†CompTIA Security+ Study Guide 】 .
Question #28
An IT manager is putting together a documented plan describing how the organization will keep operating in the event of a global incident.
Which of the following plans is the IT manager creating?
- A . Business continuity
- B . Physical security
- C . Change management
- D . Disaster recovery
Correct Answer: A
A
Explanation:
The IT manager is creating a Business Continuity Plan (BCP). A BCP describes how an organization will continue to operate during and after a disaster or global incident. It ensures that critical business functions remain operational despite adverse conditions, with a focus on minimizing downtime and maintaining essential services.
Physical security relates to protecting physical assets.
Change management ensures changes in IT systems are introduced smoothly, without disrupting operations.
Disaster recovery is a subset of business continuity but focuses specifically on recovering from IT-related incidents.
A
Explanation:
The IT manager is creating a Business Continuity Plan (BCP). A BCP describes how an organization will continue to operate during and after a disaster or global incident. It ensures that critical business functions remain operational despite adverse conditions, with a focus on minimizing downtime and maintaining essential services.
Physical security relates to protecting physical assets.
Change management ensures changes in IT systems are introduced smoothly, without disrupting operations.
Disaster recovery is a subset of business continuity but focuses specifically on recovering from IT-related incidents.
Question #29
A certificate authority needs to post information about expired certificates.
Which of the following would accomplish this task?
- A . TPM
- B . CRL
- C . PKI
- D . CSR
Correct Answer: B
B
Explanation:
A Certificate Revocation List (CRL)is a digitally signed list maintained by a Certificate Authority (CA)that contains revoked or expired certificates. This prevents clients from trusting compromised or outdated certificates.
TPM (A)is a hardware security module, unrelated to certificate revocation.
PKI (C)is the overall system managing digital certificates, but it does not store revocation lists.
CSR (D)is a request to obtain a certificate, not to revoke one.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Security Architecture domain.
B
Explanation:
A Certificate Revocation List (CRL)is a digitally signed list maintained by a Certificate Authority (CA)that contains revoked or expired certificates. This prevents clients from trusting compromised or outdated certificates.
TPM (A)is a hardware security module, unrelated to certificate revocation.
PKI (C)is the overall system managing digital certificates, but it does not store revocation lists.
CSR (D)is a request to obtain a certificate, not to revoke one.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Security Architecture domain.
Question #30
A network manager wants to protect the company’s VPN by implementing multifactor authentication that uses:
. Something you know
. Something you have
. Something you are
Which of the following would accomplish the manager’s goal?
- A . Domain name, PKI, GeolP lookup
- B . VPN IP address, company ID, facial structure
- C . Password, authentication token, thumbprint
- D . Company URL, TLS certificate, home address
Correct Answer: C
C
Explanation:
The correct answer is C. Password, authentication token, thumbprint. This combination of authentication factors satisfies the manager’s goal of implementing multifactor authentication that uses something you know, something you have, and something you are.
Something you know is a type of authentication factor that relies on the user’s knowledge of a secret or personal information, such as a password, a PIN, or a security question. A password is a common example of something you know that can be used to access a VPN12
Something you have is a type of authentication factor that relies on the user’s possession of a physical object or device, such as a smart card, a token, or a smartphone. An authentication token is a common example of something you have that can be used to generate a one-time password (OTP) or a code that can be used to access a VPN12
Something you are is a type of authentication factor that relies on the user’s biometric characteristics, such as a fingerprint, a face, or an iris. A thumbprint is a common example of something you are that can be used to scan and verify the user’s identity to access a VPN12
1: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 4: Identity and Access Management, page 177 2: CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 4: Identity and Access Management, page 179
C
Explanation:
The correct answer is C. Password, authentication token, thumbprint. This combination of authentication factors satisfies the manager’s goal of implementing multifactor authentication that uses something you know, something you have, and something you are.
Something you know is a type of authentication factor that relies on the user’s knowledge of a secret or personal information, such as a password, a PIN, or a security question. A password is a common example of something you know that can be used to access a VPN12
Something you have is a type of authentication factor that relies on the user’s possession of a physical object or device, such as a smart card, a token, or a smartphone. An authentication token is a common example of something you have that can be used to generate a one-time password (OTP) or a code that can be used to access a VPN12
Something you are is a type of authentication factor that relies on the user’s biometric characteristics, such as a fingerprint, a face, or an iris. A thumbprint is a common example of something you are that can be used to scan and verify the user’s identity to access a VPN12
1: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 4: Identity and Access Management, page 177 2: CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 4: Identity and Access Management, page 179