Practice Free SY0-701 Exam Online Questions
Question #31
Which of the following best explains a concern with OS-based vulnerabilities?
- A . An exploit would give an attacker access to system functions that span multiple applications.
- B . The OS vendor’s patch cycle is not frequent enough to mitigate the large number of threats.
- C . Most users trust the core operating system features and may not notice if the system has been compromised.
- D . Exploitation of an operating system vulnerability is typically easier than any other vulnerability.
Correct Answer: A
A
Explanation:
Comprehensive and Detailed In-Depth
Operating system (OS) vulnerabilities can allow attackers to exploit system functions that affect multiple applications, leading to widespread compromise.
B (patch cycle concerns) is valid but not the primary concern―many OS vendors provide regular patches.
C (user trust in OS features) is a risk, but the more significant issue is that OS vulnerabilities often affect multiple system components.
D (ease of exploitation) is not always true, as application and human-related vulnerabilities can be equally exploitable.
Thus, the main concern is that an OS exploit can impact multiple system functions, leading to broader security risks.
A
Explanation:
Comprehensive and Detailed In-Depth
Operating system (OS) vulnerabilities can allow attackers to exploit system functions that affect multiple applications, leading to widespread compromise.
B (patch cycle concerns) is valid but not the primary concern―many OS vendors provide regular patches.
C (user trust in OS features) is a risk, but the more significant issue is that OS vulnerabilities often affect multiple system components.
D (ease of exploitation) is not always true, as application and human-related vulnerabilities can be equally exploitable.
Thus, the main concern is that an OS exploit can impact multiple system functions, leading to broader security risks.
Question #32
Which of the following strategies should an organization use to efficiently manage and analyze multiple types of logs?
- A . Deploy a SIEM solution
- B . Create custom scripts to aggregate and analyze logs
- C . Implement EDR technology
- D . Install a unified threat management appliance
Correct Answer: A
A
Explanation:
Deploying a Security Information and Event Management (SIEM) solution allows for efficient log aggregation, correlation, and analysis across an organization’s infrastructure, providing real-time security insights.: Security+ SY0-701 Course Content, Security+ SY0-601 Book.
A
Explanation:
Deploying a Security Information and Event Management (SIEM) solution allows for efficient log aggregation, correlation, and analysis across an organization’s infrastructure, providing real-time security insights.: Security+ SY0-701 Course Content, Security+ SY0-601 Book.
Question #33
Which of the following would most likely be deployed to obtain and analyze attacker activity and techniques?
- A . Firewall
- B . IDS
- C . Honeypot
- D . Layer 3 switch
Correct Answer: C
Question #34
A company is utilizing an offshore team to help support the finance department. The company wants to keep the data secure by keeping it on a company device but does not want to provide equipment to the offshore team.
Which of the following should the company implement to meet this requirement?
- A . VDI
- B . MDM
- C . VPN
- D . VPC
Correct Answer: A
A
Explanation:
Virtual Desktop Infrastructure (VDI) allows a company to host desktop environments on a centralized server. Offshore teams can access these virtual desktops remotely, ensuring that sensitive data stays within the company’s infrastructure without the need to provide physical devices to the team. This solution is ideal for maintaining data security while enabling remote work, as all data processing occurs on the company’s secure servers.
CompTIA Security+ SY0-701 Course Content: VDI is discussed as a method for securely managing remote access to company resources without compromising data security.
A
Explanation:
Virtual Desktop Infrastructure (VDI) allows a company to host desktop environments on a centralized server. Offshore teams can access these virtual desktops remotely, ensuring that sensitive data stays within the company’s infrastructure without the need to provide physical devices to the team. This solution is ideal for maintaining data security while enabling remote work, as all data processing occurs on the company’s secure servers.
CompTIA Security+ SY0-701 Course Content: VDI is discussed as a method for securely managing remote access to company resources without compromising data security.
Question #35
An organization has been experiencing issues with deleted network share data and improperly assigned permissions.
Which of the following would best help track and remediate these issues?
- A . DLP
- B . EDR
- C . FIM
- D . ACL
Correct Answer: C
C
Explanation:
File Integrity Monitoring (FIM) is the best tool for detecting unauthorized file deletions, modifications, or improper permission changes within network shares. FIM works by creating cryptographic hashes and baselines for protected files or directories and then continuously monitoring for deviations. Any unauthorized deletion, modification, or permission change triggers alerts.
Security+ SY0-701 identifies FIM as a foundational integrity control used in compliance frameworks (PCI-DSS, HIPAA) and operational security monitoring. Because the organization is experiencing unpredictable changes to shared files and permissions, FIM provides visibility and accountability for who changed what and when.
DLP (A) prevents data leakage but does not detect permission changes. EDR (B) focuses on endpoint threat behavior, not file integrity on network shares. ACLs (D) define permissions but do not track changes or detect unauthorized modifications.
Therefore, C: FIM is the correct choice.
C
Explanation:
File Integrity Monitoring (FIM) is the best tool for detecting unauthorized file deletions, modifications, or improper permission changes within network shares. FIM works by creating cryptographic hashes and baselines for protected files or directories and then continuously monitoring for deviations. Any unauthorized deletion, modification, or permission change triggers alerts.
Security+ SY0-701 identifies FIM as a foundational integrity control used in compliance frameworks (PCI-DSS, HIPAA) and operational security monitoring. Because the organization is experiencing unpredictable changes to shared files and permissions, FIM provides visibility and accountability for who changed what and when.
DLP (A) prevents data leakage but does not detect permission changes. EDR (B) focuses on endpoint threat behavior, not file integrity on network shares. ACLs (D) define permissions but do not track changes or detect unauthorized modifications.
Therefore, C: FIM is the correct choice.
Question #36
Which of the following would best prepare a security team for a specific incident response scenario?
- A . Situational awareness
- B . Risk assessment
- C . Root cause analysis
- D . Tabletop exercise
Correct Answer: D
D
Explanation:
A Tabletop exercise (D)is a discussion-based simulation of an incident scenario. It allows security teams to walk through procedures, responsibilities, and communications in alow-pressure environment, improving readiness without impacting operations.
It is specifically designed to prepare teams for real-world incident handling.
Reference: CompTIA Security+ SY0-701 Objectives, Domain 5.4 C “Incident response plans and exercises: Tabletop exercises.”
D
Explanation:
A Tabletop exercise (D)is a discussion-based simulation of an incident scenario. It allows security teams to walk through procedures, responsibilities, and communications in alow-pressure environment, improving readiness without impacting operations.
It is specifically designed to prepare teams for real-world incident handling.
Reference: CompTIA Security+ SY0-701 Objectives, Domain 5.4 C “Incident response plans and exercises: Tabletop exercises.”
Question #37
A company is in the process of migrating to cloud-based services. The company’s IT department has limited resources for migration and ongoing support.
Which of the following best meets the company’s needs?
- A . IPS
- B . WAF
- C . SASE
- D . IAM
Correct Answer: C
Question #38
Which of the following is the greatest advantage that network segmentation provides?
- A . End-to-end encryption
- B . Decreased resource utilization
- C . Enhanced endpoint protection
- D . Configuration enforcement
- E . Security zones
Correct Answer: E
E
Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
The greatest advantage of network segmentation is the creation of security zones, which isolate systems into separate logical or physical network sections. According to CompTIA Security+ SY0-701, segmentation is a foundational security architecture practice used to reduce the attack surface, restrict lateral movement, enforce least privilege, and contain breaches. By dividing the network into zones―such as DMZ, internal, restricted, and guest―administrators can apply tailored access controls, firewall rules, IDS/IPS placement, and monitoring boundaries.
Segmentation provides defense-in-depth by preventing attackers from reaching critical systems even if they compromise a less-secure device. It also limits broadcast domains and improves traffic visibility. End-to-end encryption (A) protects confidentiality but is unrelated to segmentation.
Decreased resource utilization (B) is not a primary benefit. Enhanced endpoint protection (C) applies to host controls, not network topology. Configuration enforcement (D) is a benefit of centralized management, not segmentation.
Therefore, the correct answer is Security zones, the core outcome and highest-value advantage of segmentation.
E
Explanation:
Comprehensive and Detailed Explanation From Exact Extract:
The greatest advantage of network segmentation is the creation of security zones, which isolate systems into separate logical or physical network sections. According to CompTIA Security+ SY0-701, segmentation is a foundational security architecture practice used to reduce the attack surface, restrict lateral movement, enforce least privilege, and contain breaches. By dividing the network into zones―such as DMZ, internal, restricted, and guest―administrators can apply tailored access controls, firewall rules, IDS/IPS placement, and monitoring boundaries.
Segmentation provides defense-in-depth by preventing attackers from reaching critical systems even if they compromise a less-secure device. It also limits broadcast domains and improves traffic visibility. End-to-end encryption (A) protects confidentiality but is unrelated to segmentation.
Decreased resource utilization (B) is not a primary benefit. Enhanced endpoint protection (C) applies to host controls, not network topology. Configuration enforcement (D) is a benefit of centralized management, not segmentation.
Therefore, the correct answer is Security zones, the core outcome and highest-value advantage of segmentation.
Question #39
An employee clicked a malicious link in an email and downloaded malware onto the company’s computer network. The malicious program exfiltrated thousands of customer records.
Which of the following should the company implement to prevent this in the future?
- A . User awareness training
- B . Network monitoring
- C . Endpoint protection
- D . Data loss prevention
Correct Answer: A
A
Explanation:
Comprehensive and Detailed In-Depth
User awareness training is essential in preventing security incidents caused by human error, such as clicking on malicious links. Employees need to be educated on recognizing phishing attempts, verifying email senders, and avoiding suspicious downloads.
Network monitoring detects and alerts on malicious activity but does not prevent employees from clicking on harmful links.
Endpoint protection can mitigate malware infections but is not foolproof, especially if users continue to fall for phishing attacks.
Data loss prevention (DLP)can prevent data exfiltration but does not stop malware from being introduced into the system.
By training employees to recognize and avoid phishing scams, organizations can reduce the risk of malware infections and data breaches.
A
Explanation:
Comprehensive and Detailed In-Depth
User awareness training is essential in preventing security incidents caused by human error, such as clicking on malicious links. Employees need to be educated on recognizing phishing attempts, verifying email senders, and avoiding suspicious downloads.
Network monitoring detects and alerts on malicious activity but does not prevent employees from clicking on harmful links.
Endpoint protection can mitigate malware infections but is not foolproof, especially if users continue to fall for phishing attacks.
Data loss prevention (DLP)can prevent data exfiltration but does not stop malware from being introduced into the system.
By training employees to recognize and avoid phishing scams, organizations can reduce the risk of malware infections and data breaches.
Question #40
A systems administrator receives a text message from an unknown number claiming to be the Chief Executive Officer of the company. The message states an emergency situation requires a password reset.
Which of the following threat vectors is being used?
- A . Typo squatting
- B . Smishing
- C . Pretexting
- D . Impersonation
Correct Answer: B
B
Explanation:
Detailed Smishing is a type of phishing attack that uses SMS text messages to deceive recipients into taking actions such as revealing sensitive information. The urgency in the text indicates this vector.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 2: Threats, Section: "Social Engineering Techniques".
B
Explanation:
Detailed Smishing is a type of phishing attack that uses SMS text messages to deceive recipients into taking actions such as revealing sensitive information. The urgency in the text indicates this vector.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 2: Threats, Section: "Social Engineering Techniques".