Practice Free SY0-701 Exam Online Questions
Question #21
An accountant is transferring information to a bank over FTP.
Which of the following mitigations should the accountant use to protect the confidentiality of the data?
- A . Tokenization
- B . Data masking
- C . Encryption
- D . Obfuscation
Correct Answer: C
Question #22
A company is utilizing an offshore team to help support the finance department. The company wants to keep the data secure by keeping it on a company device but does not want to provide equipment to the offshore team.
Which of the following should the company implement to meet this requirement?
- A . VDI
- B . MDM
- C . VPN
- D . VPC
Correct Answer: A
A
Explanation:
Virtual Desktop Infrastructure (VDI) allows a company to host desktop environments on a centralized server. Offshore teams can access these virtual desktops remotely, ensuring that sensitive data stays within the company’s infrastructure without the need to provide physical devices to the team. This solution is ideal for maintaining data security while enabling remote work, as all data processing occurs on the company’s secure servers.
Reference =
CompTIA Security+ SY0-701 Course Content: VDI is discussed as a method for securely managing remote access to company resources without compromising data security.
A
Explanation:
Virtual Desktop Infrastructure (VDI) allows a company to host desktop environments on a centralized server. Offshore teams can access these virtual desktops remotely, ensuring that sensitive data stays within the company’s infrastructure without the need to provide physical devices to the team. This solution is ideal for maintaining data security while enabling remote work, as all data processing occurs on the company’s secure servers.
Reference =
CompTIA Security+ SY0-701 Course Content: VDI is discussed as a method for securely managing remote access to company resources without compromising data security.
Question #23
Which of the following phases of the incident response process attempts to minimize disruption?
- A . Recovery
- B . Containment
- C . Preparation
- D . Analysis
Correct Answer: B
B
Explanation:
containment is the phase where an organization attempts to minimize the damage caused by a security incident. This may involve isolating affected systems, blocking malicious traffic, or temporarily shutting down compromised services to prevent further impact.
Recovery (A)focuses on restoring normal operations after an incident.
Preparation (C)involves planning and readiness before an incident occurs.
Analysis (D) involves investigating the root cause and assessing the damage.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Security Operations domain.
B
Explanation:
containment is the phase where an organization attempts to minimize the damage caused by a security incident. This may involve isolating affected systems, blocking malicious traffic, or temporarily shutting down compromised services to prevent further impact.
Recovery (A)focuses on restoring normal operations after an incident.
Preparation (C)involves planning and readiness before an incident occurs.
Analysis (D) involves investigating the root cause and assessing the damage.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Security Operations domain.
Question #24
Which of the following should be used to prevent changes to system-level data?
- A . NIDS
- B . DLP
- C . NAC
- D . FIM
Correct Answer: D
D
Explanation:
File Integrity Monitoring (FIM) is specifically designed to detect and prevent unauthorized changes to critical system files, configuration files, registry entries, binaries, and logs. According to CompTIA Security+ SY0-701, FIM creates a cryptographic baseline (usually via hashing) of protected system files. Any attempt to modify, add, or delete protected files immediately triggers an alert, enabling rapid detection of tampering―whether caused by malware, insider threats, or misconfigurations.
NIDS (A) monitors network traffic, not system-level modifications. DLP (B) prevents unauthorized data exfiltration, not system-file tampering. NAC (C) controls device access to the network but does not protect system files.
FIM is a core tool for ensuring system integrity in compliance frameworks such as PCI-DSS, which explicitly requires organizations to monitor critical system files. By preventing unauthorized changes to system-level data and alerting administrators to suspicious activity, FIM provides a strong defensive mechanism against malware, ransomware, and configuration drift.
Thus, FIM is the correct answer.
D
Explanation:
File Integrity Monitoring (FIM) is specifically designed to detect and prevent unauthorized changes to critical system files, configuration files, registry entries, binaries, and logs. According to CompTIA Security+ SY0-701, FIM creates a cryptographic baseline (usually via hashing) of protected system files. Any attempt to modify, add, or delete protected files immediately triggers an alert, enabling rapid detection of tampering―whether caused by malware, insider threats, or misconfigurations.
NIDS (A) monitors network traffic, not system-level modifications. DLP (B) prevents unauthorized data exfiltration, not system-file tampering. NAC (C) controls device access to the network but does not protect system files.
FIM is a core tool for ensuring system integrity in compliance frameworks such as PCI-DSS, which explicitly requires organizations to monitor critical system files. By preventing unauthorized changes to system-level data and alerting administrators to suspicious activity, FIM provides a strong defensive mechanism against malware, ransomware, and configuration drift.
Thus, FIM is the correct answer.
Question #25
A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations.
Which of the following should the hosting provider consider first?
- A . Local data protection regulations
- B . Risks from hackers residing in other countries
- C . Impacts to existing contractual obligations
- D . Time zone differences in log correlation
Correct Answer: A
A
Explanation:
Local data protection regulations are the first thing that a cloud-hosting provider should consider before expanding its data centers to new international locations. Data protection regulations are laws or standards that govern how personal or sensitive data is collected, stored, processed, and transferred across borders. Different countries or regions may have different data protection regulations, such as the General Data Protection Regulation (GDPR) in the European Union, the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, or the California Consumer Privacy Act (CCPA) in the United States. A cloud-hosting provider must comply with the local data protection regulations of the countries or regions where it operates or serves customers, or else it may face legal penalties, fines, or reputational damage. Therefore, a cloud-hosting provider should research and understand the local data protection regulations of the new international locations before expanding its data centers there.
Reference = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 7, page 269. CompTIA Security+ SY0-701 Exam Objectives, Domain 5.1, page 14.
A
Explanation:
Local data protection regulations are the first thing that a cloud-hosting provider should consider before expanding its data centers to new international locations. Data protection regulations are laws or standards that govern how personal or sensitive data is collected, stored, processed, and transferred across borders. Different countries or regions may have different data protection regulations, such as the General Data Protection Regulation (GDPR) in the European Union, the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, or the California Consumer Privacy Act (CCPA) in the United States. A cloud-hosting provider must comply with the local data protection regulations of the countries or regions where it operates or serves customers, or else it may face legal penalties, fines, or reputational damage. Therefore, a cloud-hosting provider should research and understand the local data protection regulations of the new international locations before expanding its data centers there.
Reference = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 7, page 269. CompTIA Security+ SY0-701 Exam Objectives, Domain 5.1, page 14.
Question #26
Which of the following is used to add extra complexity before using a one-way data transformation
algorithm?
- A . Key stretching
- B . Data masking
- C . Steganography
- D . Salting
Correct Answer: D
D
Explanation:
Salting is the process of adding extra random data to a password or other data before applying a one-way data transformation algorithm, such as a hash function. Salting increases the complexity and randomness of the input data, making it harder for attackers to guess or crack the original data using precomputed tables or brute force methods. Salting also helps prevent identical passwords from producing identical hash values, which could reveal the passwords to attackers who have access to the hashed data. Salting is commonly used to protect passwords stored in databases or transmitted over networks.
Reference =
Passwords technical overview
Encryption, hashing, salting C what’s the difference?
Salt (cryptography)
D
Explanation:
Salting is the process of adding extra random data to a password or other data before applying a one-way data transformation algorithm, such as a hash function. Salting increases the complexity and randomness of the input data, making it harder for attackers to guess or crack the original data using precomputed tables or brute force methods. Salting also helps prevent identical passwords from producing identical hash values, which could reveal the passwords to attackers who have access to the hashed data. Salting is commonly used to protect passwords stored in databases or transmitted over networks.
Reference =
Passwords technical overview
Encryption, hashing, salting C what’s the difference?
Salt (cryptography)
Question #27
During a recent log review, an analyst found evidence of successful injection attacks.
Which of the following will best address this issue?
- A . Authentication
- B . Secure cookies
- C . Static code analysis
- D . Input validation
Correct Answer: D
D
Explanation:
Comprehensive and Detailed In-Depth
Input validation ensures that only properly formatted and expected input is accepted by an application, preventing injection attacks such as SQL injection and command injection. Properly validating and sanitizing user inputs can mitigate these types of attacks.
Authentication (A)helps verify user identity but does not prevent injection attacks.
Secure cookies (B)protect session data but do not stop injection-based exploits.
Static code analysis (C)can help identify vulnerabilities but does not actively prevent injection attacks in real-time.
Implementing strong input validation can prevent malicious code from being executed, reducing the risk of injection attacks.
D
Explanation:
Comprehensive and Detailed In-Depth
Input validation ensures that only properly formatted and expected input is accepted by an application, preventing injection attacks such as SQL injection and command injection. Properly validating and sanitizing user inputs can mitigate these types of attacks.
Authentication (A)helps verify user identity but does not prevent injection attacks.
Secure cookies (B)protect session data but do not stop injection-based exploits.
Static code analysis (C)can help identify vulnerabilities but does not actively prevent injection attacks in real-time.
Implementing strong input validation can prevent malicious code from being executed, reducing the risk of injection attacks.
Question #28
A security engineer is installing an IPS to block signature-based attacks in the environment.
Which of the following modes will best accomplish this task?
- A . Monitor
- B . Sensor
- C . Audit
- D . Active
Correct Answer: D
D
Explanation:
To block signature-based attacks, the Intrusion Prevention System (IPS) must be in active mode. In this mode, the IPS can actively monitor and block malicious traffic in real time based on predefined signatures. This is the best mode to prevent known attack types from reaching the internal network.
Monitor mode and sensor mode are typically passive, meaning they only observe and log traffic without actively blocking it.
Audit mode is used for review purposes and does not actively block traffic.
D
Explanation:
To block signature-based attacks, the Intrusion Prevention System (IPS) must be in active mode. In this mode, the IPS can actively monitor and block malicious traffic in real time based on predefined signatures. This is the best mode to prevent known attack types from reaching the internal network.
Monitor mode and sensor mode are typically passive, meaning they only observe and log traffic without actively blocking it.
Audit mode is used for review purposes and does not actively block traffic.
Question #29
A vendor salesperson is a personal friend of a company’s Chief Financial Officer (CFO). The company recently made a large purchase from the vendor, which was directly approved by the CFO.
Which of the following best describes this situation?
- A . Rules of engagement
- B . Conflict of interest
- C . Due diligence
- D . Contractual impact
- E . Reputational damage
Correct Answer: B
B
Explanation:
A conflict of interest (B)arises when personal relationships or interests could potentially influence professional decisions. In this case, the CFO’s friendship with the vendor could improperly affect the procurement decision-making process.
This scenario falls under Domain 5.3: Explain the importance of frameworks, policies, procedures, and controls―specifically under “Personnel policies (e.g., conflict of interest, mandatory vacations, job rotation).”
Reference: CompTIA Security+ SY0-701 Objectives, Domain 5.3 C “Personnel policies: Conflict of interest.”
B
Explanation:
A conflict of interest (B)arises when personal relationships or interests could potentially influence professional decisions. In this case, the CFO’s friendship with the vendor could improperly affect the procurement decision-making process.
This scenario falls under Domain 5.3: Explain the importance of frameworks, policies, procedures, and controls―specifically under “Personnel policies (e.g., conflict of interest, mandatory vacations, job rotation).”
Reference: CompTIA Security+ SY0-701 Objectives, Domain 5.3 C “Personnel policies: Conflict of interest.”
Question #30
After a series of account compromises and credential misuse, a company hires a security manager to develop a security program.
Which of the following steps should the security manager take first to increase security awareness?
- A . Evaluate tools that identify risky behavior and distribute reports on the findings.
- B . Send quarterly newsletters that explain the importance of password management.
- C . Develop phishing campaigns and notify the management team of any successes.
- D . Update policies and handbooks to ensure all employees are informed of the new procedures.
Correct Answer: D