Practice Free SY0-701 Exam Online Questions
A security analyst is reviewing logs to identify the destination of command-and-control traffic originating from a compromised device within the on-premises network.
Which of the following is the best log to review?
- A . IDS
- B . Antivirus
- C . Firewall
- D . Application
A company is experiencing issues with employees leaving the company for a competitor and taking customer contact information with them.
Which of the following tools will help prevent this from reoccurring?
- A . FIM
- B . NAC
- C . IDS
- D . UBA
D
Explanation:
User Behavior Analytics (UBA) monitors user activities and detects anomalous behavior such as unauthorized data access or exfiltration, including when employees attempt to copy sensitive customer contact information before leaving. UBA can alert security teams to insider threats proactively.
File Integrity Monitoring (FIM) (A) detects unauthorized changes to files but is less effective against data exfiltration by insiders. Network Access Control (NAC) (B) controls device access to the network, and Intrusion Detection Systems (IDS) (C) detect suspicious network activity but do not specifically analyze user behaviors.
UBA is a critical tool for insider threat detection covered in Security Operations 【 6:Chapter 14†CompTIA Security+ Study Guide 】 .
A database administrator is updating the company’s SQL database, which stores credit card information for pending purchases.
Which of the following is the best method to secure the data against a potential breach?
- A . Hashing
- B . Obfuscation
- C . Tokenization
- D . Masking
An administrator has identified and fingerprinted specific files that will generate an alert if an attempt is made to email these files outside of the organization.
Which of the following best describes the tool the administrator is using?
- A . DLP
- B . SNMP traps
- C . SCAP
- D . IPS
A
Explanation:
The administrator is using a Data Loss Prevention (DLP) tool, which is designed to identify, monitor, and protect sensitive data. By fingerprinting specific files, DLP ensures that these files cannot be emailed or sent outside the organization without triggering an alert or blocking the action. This is a key feature of DLP systems, which prevent data exfiltration and ensure data security compliance. SNMP traps are used for network management and monitoring, not data protection.
SCAP (Security Content Automation Protocol) is a set of standards for automating vulnerability management and policy compliance, unrelated to file monitoring.
IPS (Intrusion Prevention System) blocks network-based attacks but does not handle file fingerprinting.
A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications.
Which of the following methods would allow this functionality?
- A . SSO
- B . LEAP
- C . MFA
- D . PEAP
A
Explanation:
SSO stands for single sign-on, which is a method of authentication that allows users to access multiple applications or services with one set of credentials. SSO reduces the number of credentials employees need to maintain and simplifies the login process. SSO can also improve security by reducing the risk of password reuse, phishing, and credential theft. SSO can be implemented using various protocols, such as SAML, OAuth, OpenID Connect, and Kerberos, that enable the exchange of authentication information between different domains or systems. SSO is commonly used for accessing SaaS applications, such as Office 365, Google Workspace, Salesforce, and others, using domain credentials123.
B. LEAP stands for Lightweight Extensible Authentication Protocol, which is a Cisco proprietary protocol that provides authentication for wireless networks. LEAP is not related to SaaS applications or domain credentials4.
C. MFA stands for multi-factor authentication, which is a method of authentication that requires users to provide two or more pieces of evidence to prove their identity. MFA can enhance security by adding an extra layer of protection beyond passwords, such as tokens, biometrics, or codes. MFA is not related to SaaS applications or domain credentials, but it can be used in conjunction with SSO.
D. PEAP stands for Protected Extensible Authentication Protocol, which is a protocol that provides secure authentication for wireless networks. PEAP uses TLS to create an encrypted tunnel between the client and the server, and then uses another authentication method, such as MS-CHAPv2 or EAP-GTC, to verify the user’s identity. PEAP is not related to SaaS applications or domain credentials.
Reference = 1: Security+ (SY0-701) Certification Study Guide | CompTIA IT Certifications 2: What is Single Sign-On (SSO)? – Definition from WhatIs.com 3: Single sign-on – Wikipedia 4: Lightweight Extensible Authentication Protocol – Wikipedia: What is Multi-Factor Authentication (MFA)? – Definition from WhatIs.com: Protected Extensible Authentication Protocol – Wikipedia
A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications.
Which of the following methods would allow this functionality?
- A . SSO
- B . LEAP
- C . MFA
- D . PEAP
A
Explanation:
SSO stands for single sign-on, which is a method of authentication that allows users to access multiple applications or services with one set of credentials. SSO reduces the number of credentials employees need to maintain and simplifies the login process. SSO can also improve security by reducing the risk of password reuse, phishing, and credential theft. SSO can be implemented using various protocols, such as SAML, OAuth, OpenID Connect, and Kerberos, that enable the exchange of authentication information between different domains or systems. SSO is commonly used for accessing SaaS applications, such as Office 365, Google Workspace, Salesforce, and others, using domain credentials123.
B. LEAP stands for Lightweight Extensible Authentication Protocol, which is a Cisco proprietary protocol that provides authentication for wireless networks. LEAP is not related to SaaS applications or domain credentials4.
C. MFA stands for multi-factor authentication, which is a method of authentication that requires users to provide two or more pieces of evidence to prove their identity. MFA can enhance security by adding an extra layer of protection beyond passwords, such as tokens, biometrics, or codes. MFA is not related to SaaS applications or domain credentials, but it can be used in conjunction with SSO.
D. PEAP stands for Protected Extensible Authentication Protocol, which is a protocol that provides secure authentication for wireless networks. PEAP uses TLS to create an encrypted tunnel between the client and the server, and then uses another authentication method, such as MS-CHAPv2 or EAP-GTC, to verify the user’s identity. PEAP is not related to SaaS applications or domain credentials.
Reference = 1: Security+ (SY0-701) Certification Study Guide | CompTIA IT Certifications 2: What is Single Sign-On (SSO)? – Definition from WhatIs.com 3: Single sign-on – Wikipedia 4: Lightweight Extensible Authentication Protocol – Wikipedia: What is Multi-Factor Authentication (MFA)? – Definition from WhatIs.com: Protected Extensible Authentication Protocol – Wikipedia
During a penetration test in a hypervisor, the security engineer is able to inject a malicious payload and access the host filesystem.
Which of the following best describes this vulnerability?
- A . VM escape
- B . Cross-site scripting
- C . Malicious update
- D . SQL injection
A
Explanation:
Injecting malicious payloads into a hypervisor and accessing the host system is an example of VM escape, where the isolation between virtual machines and the host breaks down, allowing unauthorized control.
Cross-site scripting (B), malicious updates (C), and SQL injection (D) are unrelated to hypervisor host access.
VM escape is a critical vulnerability unique to virtualized environments described in SY0-701 【 6:Chapter 2†CompTIA Security+ Study Guide 】 .
A systems administrator is concerned about vulnerabilities within cloud computing instances.
Which of the following is most important for the administrator to consider when architecting a cloud computing environment?
- A . SQL injection
- B . TOC/TOU
- C . VM escape
- D . Tokenization
- E . Password spraying
The security team at a large global company needs to reduce the cost of storing data used for performing investigations.
Which of the following types of data should have its retention length reduced?
- A . Packet capture
- B . Endpoint logs
- C . OS security logs
- D . Vulnerability scan
A
Explanation:
Packet capture data can be very large and may not need to be stored for extended periods compared
to other logs essential for security audits.
Which of the following best describe the benefits of a microservices architecture when compared to a monolithic architecture? (Select two).
- A . Easter debugging of the system
- B . Reduced cost of ownership of the system
- C . Improved scalability of the system
- D . Increased compartmentalization of the system
- E . Stronger authentication of the system
- F . Reduced complexity of the system