Practice Free SY0-701 Exam Online Questions
Question #31
An organization is leveraging a VPN between its headquarters and a branch location.
Which of the following is the VPN protecting?
- A . Data in use
- B . Data in transit
- C . Geographic restrictions
- D . Data sovereignty
Correct Answer: B
B
Explanation:
Data in transit is data that is moving from one location to another, such as over a network or through the air. Data in transit is vulnerable to interception, modification, or theft by malicious actors. A VPN (virtual private network) is a technology that protects data in transit by creating a secure tunnel between two endpoints and encrypting the data that passes through it2.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 4, page 145.
B
Explanation:
Data in transit is data that is moving from one location to another, such as over a network or through the air. Data in transit is vulnerable to interception, modification, or theft by malicious actors. A VPN (virtual private network) is a technology that protects data in transit by creating a secure tunnel between two endpoints and encrypting the data that passes through it2.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 4, page 145.
Question #32
An organization discovers that its cold site does not have enough storage and computers available.
Which of the following was most likely the cause of this failure?
- A . Capacity planning
- B . Load balancing
- C . Backups
- D . Platform diversity
Correct Answer: A
A
Explanation:
A cold site is a backup facility that provides basic power, space, and environmental controls but does not include hardware or preconfigured systems. It is the organization’s responsibility to ensure the site has adequate storage, servers, and equipment staged or available for rapid procurement.
If the cold site “does not have enough storage and computers,” the cause is a failure in capacity planning (A).
CompTIA Security+ SY0-701 highlights the need for organizations to determine:
Required compute capacity
Storage needs
Network bandwidth
Expected recovery workload
Hardware replacement timelines
Load balancing (B) distributes traffic; it has nothing to do with cold-site readiness. Backups (C) store data, not physical resources. Platform diversity (D) refers to using multiple technologies to reduce systemic risk.
The issue is specifically the lack of resources, which directly reflects inadequate capacity planning.
Therefore, A is the correct answer.
A
Explanation:
A cold site is a backup facility that provides basic power, space, and environmental controls but does not include hardware or preconfigured systems. It is the organization’s responsibility to ensure the site has adequate storage, servers, and equipment staged or available for rapid procurement.
If the cold site “does not have enough storage and computers,” the cause is a failure in capacity planning (A).
CompTIA Security+ SY0-701 highlights the need for organizations to determine:
Required compute capacity
Storage needs
Network bandwidth
Expected recovery workload
Hardware replacement timelines
Load balancing (B) distributes traffic; it has nothing to do with cold-site readiness. Backups (C) store data, not physical resources. Platform diversity (D) refers to using multiple technologies to reduce systemic risk.
The issue is specifically the lack of resources, which directly reflects inadequate capacity planning.
Therefore, A is the correct answer.
Question #33
Which of the following receives logs from various devices and services, and then presents alerts?
- A . SIEM
- B . SCADA
- C . SNMP
- D . SCAP
Correct Answer: A
A
Explanation:
A SIEM (Security Information and Event Management) system aggregates logs from diverse sources, analyzes them, and generates alerts on suspicious activities. It provides centralized monitoring and incident detection.
SCADA (B) is industrial control, SNMP (C) is a protocol for network management, and SCAP (D) is a standard for security content automation.
SIEMs are foundational in Security Operations monitoring 【 6:Chapter 14†CompTIA Security+ Study Guide 】 .
A
Explanation:
A SIEM (Security Information and Event Management) system aggregates logs from diverse sources, analyzes them, and generates alerts on suspicious activities. It provides centralized monitoring and incident detection.
SCADA (B) is industrial control, SNMP (C) is a protocol for network management, and SCAP (D) is a standard for security content automation.
SIEMs are foundational in Security Operations monitoring 【 6:Chapter 14†CompTIA Security+ Study Guide 】 .
Question #34
A network administrator deploys an FDE solution on all end user workstations.
Which of the following data protection strategies does this describe?
- A . Masking
- B . Data in transit
- C . Obfuscation
- D . Data at rest
- E . Data sovereignty
Correct Answer: D
D
Explanation:
Full-disk encryption (FDE) protects the contents of storage media, which is a classic data-at-rest control. The Study Guide explains the “three situations” relevant to confidentiality―at rest, in transit, and in use―and then specifically ties disk encryption/FDE to protecting stored data: “Data at rest, or stored data, is that which resides in a permanent location awaiting access… Examples… hard drives…” It then describes FDE as an encryption method applied to disks: “Full-disk encryption (FDE) is a form of encryption where all the data on a hard drive is automatically encrypted, including the operating system and system files… In the case of loss or theft, FDE can prevent unauthorized access to all data on the hard drive.”
That is exactly the definition of protecting data at rest―it is intended to prevent disclosure if a laptop/workstation is lost, stolen, or the drive is removed. This is not masking (hiding parts of fields), not data in transit (network encryption like TLS/VPN), not obfuscation (making code hard to understand), and not data sovereignty (jurisdiction/location requirements). Therefore, deploying FDE on workstations is a data-at-rest protection strategy.
Reference: Data-at-rest definition and confidentiality contexts; FDE definition and purpose protecting disk-stored data.
D
Explanation:
Full-disk encryption (FDE) protects the contents of storage media, which is a classic data-at-rest control. The Study Guide explains the “three situations” relevant to confidentiality―at rest, in transit, and in use―and then specifically ties disk encryption/FDE to protecting stored data: “Data at rest, or stored data, is that which resides in a permanent location awaiting access… Examples… hard drives…” It then describes FDE as an encryption method applied to disks: “Full-disk encryption (FDE) is a form of encryption where all the data on a hard drive is automatically encrypted, including the operating system and system files… In the case of loss or theft, FDE can prevent unauthorized access to all data on the hard drive.”
That is exactly the definition of protecting data at rest―it is intended to prevent disclosure if a laptop/workstation is lost, stolen, or the drive is removed. This is not masking (hiding parts of fields), not data in transit (network encryption like TLS/VPN), not obfuscation (making code hard to understand), and not data sovereignty (jurisdiction/location requirements). Therefore, deploying FDE on workstations is a data-at-rest protection strategy.
Reference: Data-at-rest definition and confidentiality contexts; FDE definition and purpose protecting disk-stored data.
Question #35
22.48.102 — 26/April/2023 22:05:11.22 GET "http://www.databaseInfo.com/index.html/../storedSQLqueries" 404
Which of the following attacks is most likely being attempted?
- A . Denial of service
- B . Password spraying
- C . SQL injection
- D . Directory traversal
Correct Answer: D
D
Explanation:
The log entries show repeated attempts to access directories using patterns such as ../, which is a common directory traversal attack technique. Directory traversal (or path traversal) aims to access files and directories outside the web server’s root directory by manipulating file paths. The ../ sequence is used to move up one directory level, which attackers exploit to try and retrieve sensitive files.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 2.2: "Directory traversal attacks attempt to access files and directories outside of the web root by manipulating the file path with ../ sequences."
Exam Objectives 2.2: “Given a scenario, analyze potential indicators associated with application attacks.”
D
Explanation:
The log entries show repeated attempts to access directories using patterns such as ../, which is a common directory traversal attack technique. Directory traversal (or path traversal) aims to access files and directories outside the web server’s root directory by manipulating file paths. The ../ sequence is used to move up one directory level, which attackers exploit to try and retrieve sensitive files.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 2.2: "Directory traversal attacks attempt to access files and directories outside of the web root by manipulating the file path with ../ sequences."
Exam Objectives 2.2: “Given a scenario, analyze potential indicators associated with application attacks.”
Question #36
A security analyst is assessing several company firewalls.
Which of the following cools would The analyst most likely use to generate custom packets to use during the assessment?
- A . hping
- B . Wireshark
- C . PowerShell
- D . netstat
Correct Answer: A
A
Explanation:
Monitoring outbound traffic is essential for detecting unauthorized data exfiltration from a system. A new vulnerability that allows malware to move data unauthorizedly would typically attempt to send this data out of the network. By monitoring outbound traffic, security tools can detect unusual data transfers, trigger alerts, and help prevent the exfiltration of sensitive information.
Reference =
CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations.
CompTIA Security+ SY0-601 Study Guide: Chapter on Threat Detection and Response.
A
Explanation:
Monitoring outbound traffic is essential for detecting unauthorized data exfiltration from a system. A new vulnerability that allows malware to move data unauthorizedly would typically attempt to send this data out of the network. By monitoring outbound traffic, security tools can detect unusual data transfers, trigger alerts, and help prevent the exfiltration of sensitive information.
Reference =
CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations.
CompTIA Security+ SY0-601 Study Guide: Chapter on Threat Detection and Response.
Question #37
Sine© a recent upgrade (o a WLAN infrastructure, several mobile users have been unable to access the internet from the lobby. The networking team performs a heat map survey of the building and finds several WAPs in the area. The WAPs are using similar frequencies with high power settings.
Which of the following installation considerations should the security team evaluate next?
- A . Channel overlap
- B . Encryption type
- C . New WLAN deployment
- D . WAP placement
Correct Answer: A
A
Explanation:
When multiple Wireless Access Points (WAPs) are using similar frequencies with high power settings, it can cause channel overlap, leading to interference and connectivity issues. This is likely the reason why mobile users are unable to access the internet in the lobby. Evaluating and adjusting the channel settings on the WAPs to avoid overlap is crucial to resolving the connectivity problems.
Reference = CompTIA Security+ SY0-701 study materials, particularly the domain on Wireless and Mobile Security, which covers WLAN deployment considerations.
A
Explanation:
When multiple Wireless Access Points (WAPs) are using similar frequencies with high power settings, it can cause channel overlap, leading to interference and connectivity issues. This is likely the reason why mobile users are unable to access the internet in the lobby. Evaluating and adjusting the channel settings on the WAPs to avoid overlap is crucial to resolving the connectivity problems.
Reference = CompTIA Security+ SY0-701 study materials, particularly the domain on Wireless and Mobile Security, which covers WLAN deployment considerations.
Question #38
A company uses multiple providers to send its marketing, internal, and support emails. Many of the emails are marked as spam.
Which of the following changes should the company make to ensure legitimate emails are validated?
- A . Disable DKIM to avoid signature conflicts.
- B . Implement DMARC with a "reject" policy to enforce sender validation.
- C . Replace the domain’s MX record with the marketing provider’s services.
- D . Update the SPF record to include all authorized sending sources.
Correct Answer: D
D
Explanation:
The best answer is D. Update the SPF record to include all authorized sending sources.
SPF (Sender Policy Framework) is used to identify which mail servers and third-party services are authorized to send email on behalf of a domain. In this scenario, the company uses multiple providers for marketing, internal, and support emails. If all of those sending sources are not properly listed in the domain’s SPF record, receiving mail servers may treat some valid messages as suspicious or spam.
Updating the SPF record to include all legitimate sending providers helps recipient systems validate that the email came from an approved source. This directly addresses the problem of legitimate emails being flagged.
Why the other options are incorrect:
D
Explanation:
The best answer is D. Update the SPF record to include all authorized sending sources.
SPF (Sender Policy Framework) is used to identify which mail servers and third-party services are authorized to send email on behalf of a domain. In this scenario, the company uses multiple providers for marketing, internal, and support emails. If all of those sending sources are not properly listed in the domain’s SPF record, receiving mail servers may treat some valid messages as suspicious or spam.
Updating the SPF record to include all legitimate sending providers helps recipient systems validate that the email came from an approved source. This directly addresses the problem of legitimate emails being flagged.
Why the other options are incorrect:
Question #39
A company wants to protect a specialized legacy platform that controls the physical flow of gas inside
of pipes.
Which of the following environments does the company need to secure to best achieve this goal?
- A . IaaS
- B . SCADA
- C . SDN
- D . IoT
Correct Answer: B
B
Explanation:
Systems that control physical industrial processes―such as pumping gas, water control, electrical grids, or manufacturing lines―fall under SCADA (Supervisory Control and Data Acquisition) environments. SCADA systems are part of larger OT (Operational Technology) infrastructures and manage sensors, actuators, valves, flow controls, and telemetry.
CompTIA Security+ SY0-701 explains that SCADA environments typically:
Use legacy protocols (e.g., Modbus, DNP3)
Require high availability
Often run outdated operating systems
Have control systems that cannot easily be patched
Require specialized segmentation and monitoring
This exactly matches the scenario describing a “specialized legacy platform controlling gas flow inside pipes.”
IaaS (A) is cloud infrastructure and unrelated to industrial control. SDN (C) relates to software-defined networking, not physical industrial controls. IoT (D) includes smart devices but is not typically used for large-scale industrial gas control.
Thus, securing SCADA is the correct answer.
B
Explanation:
Systems that control physical industrial processes―such as pumping gas, water control, electrical grids, or manufacturing lines―fall under SCADA (Supervisory Control and Data Acquisition) environments. SCADA systems are part of larger OT (Operational Technology) infrastructures and manage sensors, actuators, valves, flow controls, and telemetry.
CompTIA Security+ SY0-701 explains that SCADA environments typically:
Use legacy protocols (e.g., Modbus, DNP3)
Require high availability
Often run outdated operating systems
Have control systems that cannot easily be patched
Require specialized segmentation and monitoring
This exactly matches the scenario describing a “specialized legacy platform controlling gas flow inside pipes.”
IaaS (A) is cloud infrastructure and unrelated to industrial control. SDN (C) relates to software-defined networking, not physical industrial controls. IoT (D) includes smart devices but is not typically used for large-scale industrial gas control.
Thus, securing SCADA is the correct answer.
Question #40
An administrator discovers a cross-site scripting vulnerability on a company website.
Which of the following will most likely remediate the issue?
- A . Input validation
- B . NGFW
- C . Vulnerability scan
- D . WAF
Correct Answer: A
A
Explanation:
Cross-site scripting (XSS) occurs when a web application fails to properly validate or sanitize user input, allowing attackers to inject malicious scripts into web pages viewed by other users. The most effective remediation is input validation, which ensures that only safe, expected data is accepted by the application.
Security+ SY0-701 highlights input validation as a primary defense against:
XSS
SQL injection
Command injection
Path traversal attacks
By validating and sanitizing input at both the client and server layers, organizations can strip harmful characters, block script tags, enforce strict data types, and ensure proper encoding.
A NGFW (B) or WAF (D) can mitigate attacks by blocking malicious payloads, but they do not fix the root cause within the web application. A vulnerability scan (C) identifies the issue but does not remediate it.
Therefore, only input validation (A) directly resolves the underlying coding flaw responsible for XSS.
A
Explanation:
Cross-site scripting (XSS) occurs when a web application fails to properly validate or sanitize user input, allowing attackers to inject malicious scripts into web pages viewed by other users. The most effective remediation is input validation, which ensures that only safe, expected data is accepted by the application.
Security+ SY0-701 highlights input validation as a primary defense against:
XSS
SQL injection
Command injection
Path traversal attacks
By validating and sanitizing input at both the client and server layers, organizations can strip harmful characters, block script tags, enforce strict data types, and ensure proper encoding.
A NGFW (B) or WAF (D) can mitigate attacks by blocking malicious payloads, but they do not fix the root cause within the web application. A vulnerability scan (C) identifies the issue but does not remediate it.
Therefore, only input validation (A) directly resolves the underlying coding flaw responsible for XSS.