Practice Free SY0-701 Exam Online Questions
Question #51
An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25.
Which of the following firewall ACLs will accomplish this goal?
- A . Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53
Access list outbound deny 10.50.10.25/32 0.0.0.0/0 port 53 - B . Access list outbound permit 0.0.0.0/0 10.50.10.25/32 port 53
Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53 - C . Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53
Access list outbound deny 0.0.0.0/0 10.50.10.25/32 port 53 - D . Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53
Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53
Correct Answer: D
D
Explanation:
A firewall ACL (access control list) is a set of rules that determines which traffic is allowed or denied by the firewall. The rules are processed in order, from top to bottom, until a match is found.
The syntax of a firewall ACL rule is:
Access list <direction> <action> <source address> <destination address> <protocol> <port>
To limit outbound DNS traffic originating from the internal network, the firewall ACL should allow only the device with the IP address 10.50.10.25 to send DNS requests to any destination on port 53, and deny all other outbound traffic on port 53. The correct firewall ACL is:
Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53
The first rule permits outbound traffic from the source address 10.50.10.25/32 (a single host) to any destination address (0.0.0.0/0) on port 53 (DNS). The second rule denies all other outbound traffic on port 532.
: CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 4, page 175.
D
Explanation:
A firewall ACL (access control list) is a set of rules that determines which traffic is allowed or denied by the firewall. The rules are processed in order, from top to bottom, until a match is found.
The syntax of a firewall ACL rule is:
Access list <direction> <action> <source address> <destination address> <protocol> <port>
To limit outbound DNS traffic originating from the internal network, the firewall ACL should allow only the device with the IP address 10.50.10.25 to send DNS requests to any destination on port 53, and deny all other outbound traffic on port 53. The correct firewall ACL is:
Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53
The first rule permits outbound traffic from the source address 10.50.10.25/32 (a single host) to any destination address (0.0.0.0/0) on port 53 (DNS). The second rule denies all other outbound traffic on port 532.
: CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 4, page 175.
Question #52
A security officer observes that a software development team is not complying with its corporate security policy on encrypting confidential data.
Which of the following categories refers to this type of non-compliance?
- A . External
- B . Standard
- C . Regulation
- D . Internal
Correct Answer: D
D
Explanation:
Non-compliance with internal policies, such as corporate security policies, falls under internal non-compliance. These are rules created and enforced within the organization to maintain security standards.
External non-compliance (A) refers to violations of outside regulations or laws. Standards (B) are generally established best practices or industry guidelines, and regulation (C) refers to legal or governmental requirements.
Internal compliance management is a key focus area in the Security Program Management domain of SY0-701 【 6:Chapter 16†CompTIA Security+ Study Guide 】 .
D
Explanation:
Non-compliance with internal policies, such as corporate security policies, falls under internal non-compliance. These are rules created and enforced within the organization to maintain security standards.
External non-compliance (A) refers to violations of outside regulations or laws. Standards (B) are generally established best practices or industry guidelines, and regulation (C) refers to legal or governmental requirements.
Internal compliance management is a key focus area in the Security Program Management domain of SY0-701 【 6:Chapter 16†CompTIA Security+ Study Guide 】 .
Question #53
Which of the following describes the difference between encryption and hashing?
- A . Encryption protects data in transit, while hashing protects data at rest.
- B . Encryption replaces cleartext with ciphertext, while hashing calculates a checksum.
- C . Encryption ensures data integrity, while hashing ensures data confidentiality.
- D . Encryption uses a public-key exchange, while hashing uses a private key.
Correct Answer: B
B
Explanation:
Encryption is a reversible process that transforms cleartext data into ciphertext to protect confidentiality. It uses cryptographic keys to both encrypt and decrypt data, ensuring that only authorized parties can access the original data.
Hashing, on the other hand, is a one-way function that converts data into a fixed-length hash value or checksum. Hashing is primarily used to verify data integrity by detecting changes, since any modification in the input will produce a different hash output. Unlike encryption, hashing cannot be reversed to obtain the original data.
While encryption can protect data both at rest and in transit, hashing does not protect data confidentiality but supports integrity verification. Public-key exchange is a cryptographic mechanism within asymmetric encryption but is unrelated to hashing key usage.
This distinction is thoroughly explained in the Cryptography chapter of the SY0-701 syllabus 【 6:Chapter 7†CompTIA Security+ Study Guide 】 .
B
Explanation:
Encryption is a reversible process that transforms cleartext data into ciphertext to protect confidentiality. It uses cryptographic keys to both encrypt and decrypt data, ensuring that only authorized parties can access the original data.
Hashing, on the other hand, is a one-way function that converts data into a fixed-length hash value or checksum. Hashing is primarily used to verify data integrity by detecting changes, since any modification in the input will produce a different hash output. Unlike encryption, hashing cannot be reversed to obtain the original data.
While encryption can protect data both at rest and in transit, hashing does not protect data confidentiality but supports integrity verification. Public-key exchange is a cryptographic mechanism within asymmetric encryption but is unrelated to hashing key usage.
This distinction is thoroughly explained in the Cryptography chapter of the SY0-701 syllabus 【 6:Chapter 7†CompTIA Security+ Study Guide 】 .
Question #54
Which of the following architectures is most suitable to provide redundancy for critical business processes?
- A . Network-enabled
- B . Server-side
- C . Cloud-native
- D . Multitenant
Correct Answer: C
Question #55
Which of the following can be used to identify potential attacker activities without affecting production servers?
- A . Honey pot
- B . Video surveillance
- C . Zero Trust
- D . Geofencing
Correct Answer: A
A
Explanation:
A honey pot is a system or a network that is designed to mimic a real production server and attract potential attackers. A honey pot can be used to identify the attacker’s methods, techniques, and objectives without affecting the actual production servers. A honey pot can also divert the attacker’s attention from the real targets and waste their time and resources12.
The other options are not effective ways to identify potential attacker activities without affecting production servers:
Video surveillance: This is a physical security technique that uses cameras and monitors to record and observe the activities in a certain area. Video surveillance can help to deter, detect, and investigate physical intrusions, but it does not directly identify the attacker’s activities on the network or the servers3.
Zero Trust: This is a security strategy that assumes that no user, device, or network is trustworthy by default and requires strict verification and validation for every request and transaction. Zero Trust can help to improve the security posture and reduce the attack surface of an organization, but it does not directly identify the attacker’s activities on the network or the servers4.
Geofencing: This is a security technique that uses geographic location as a criterion to restrict or allow access to data or resources. Geofencing can help to protect the data sovereignty andcompliance of an organization, but it does not directly identify the attacker’s activities on the network or the servers5.
= 1: CompTIA Security+ SY0-701 Certification Study Guide, page 542: Honeypots and Deception C SY0-601 CompTIA Security+: 2.1, video by Professor Messer3: CompTIA Security+ SY0-701 Certification Study Guide, page 974: CompTIA Security+ SY0-701 Certification Study Guide, page 985: CompTIA Security+ SY0-701 Certification Study Guide, page 99.
A
Explanation:
A honey pot is a system or a network that is designed to mimic a real production server and attract potential attackers. A honey pot can be used to identify the attacker’s methods, techniques, and objectives without affecting the actual production servers. A honey pot can also divert the attacker’s attention from the real targets and waste their time and resources12.
The other options are not effective ways to identify potential attacker activities without affecting production servers:
Video surveillance: This is a physical security technique that uses cameras and monitors to record and observe the activities in a certain area. Video surveillance can help to deter, detect, and investigate physical intrusions, but it does not directly identify the attacker’s activities on the network or the servers3.
Zero Trust: This is a security strategy that assumes that no user, device, or network is trustworthy by default and requires strict verification and validation for every request and transaction. Zero Trust can help to improve the security posture and reduce the attack surface of an organization, but it does not directly identify the attacker’s activities on the network or the servers4.
Geofencing: This is a security technique that uses geographic location as a criterion to restrict or allow access to data or resources. Geofencing can help to protect the data sovereignty andcompliance of an organization, but it does not directly identify the attacker’s activities on the network or the servers5.
= 1: CompTIA Security+ SY0-701 Certification Study Guide, page 542: Honeypots and Deception C SY0-601 CompTIA Security+: 2.1, video by Professor Messer3: CompTIA Security+ SY0-701 Certification Study Guide, page 974: CompTIA Security+ SY0-701 Certification Study Guide, page 985: CompTIA Security+ SY0-701 Certification Study Guide, page 99.
Question #56
The security team at a large global company needs to reduce the cost of storing data used for performing investigations.
Which of the following types of data should have its retention length reduced?
- A . Packet capture
- B . Endpoint logs
- C . OS security logs
- D . Vulnerability scan
Correct Answer: A
A
Explanation:
Packet capture data can be very large and may not need to be stored for extended periods compared to other logs essential for security audits.
A
Explanation:
Packet capture data can be very large and may not need to be stored for extended periods compared to other logs essential for security audits.
Question #57
Which of the following should a security analyst consider when prioritizing remediation efforts against known vulnerabilities?
- A . The impact of reporting to executive management
- B . The overall organizational risk tolerance
- C . Information gathered from open sources
- D . The source of the reported risk
Correct Answer: B
B
Explanation:
Organizational risk tolerance is the primary factor determining how quickly and aggressively vulnerabilities should be remediated. Security+ SY0-701 explains that organizations have different appetites for risk depending on business needs, regulatory expectations, operational constraints, and financial impact.
A company with low risk tolerance may prioritize almost every vulnerability and remediate quickly.
A company with high risk tolerance may delay or accept some lower-impact risks.
This consideration directly influences patch prioritization, resource allocation, and mitigation timelines.
Option A―executive reporting―does not influence technical prioritization.
Option C―open-source intelligence―helps identify vulnerabilities but does not determine urgency.
Option D―the source of the reported risk―is irrelevant; what matters is severity and business impact.
Thus, B: The overall organizational risk tolerance is the key factor for prioritizing remediation.
B
Explanation:
Organizational risk tolerance is the primary factor determining how quickly and aggressively vulnerabilities should be remediated. Security+ SY0-701 explains that organizations have different appetites for risk depending on business needs, regulatory expectations, operational constraints, and financial impact.
A company with low risk tolerance may prioritize almost every vulnerability and remediate quickly.
A company with high risk tolerance may delay or accept some lower-impact risks.
This consideration directly influences patch prioritization, resource allocation, and mitigation timelines.
Option A―executive reporting―does not influence technical prioritization.
Option C―open-source intelligence―helps identify vulnerabilities but does not determine urgency.
Option D―the source of the reported risk―is irrelevant; what matters is severity and business impact.
Thus, B: The overall organizational risk tolerance is the key factor for prioritizing remediation.
Question #58
A security analyst learns that an attack vector, used as part of a recent incident, was a well-known IoT device exploit. The analyst needs to review logs to identify the time of the initial exploit.
Which of the following logs should the analyst review first?
- A . Endpoint
- B . Application
- C . Firewall
- D . NAC
Correct Answer: A
A
Explanation:
Detailed Firewall logs provide details of all network traffic, including connections to and from IoT devices. They are typically the first source of evidence for identifying the time of an exploit.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 4: Security Operations, Section: "Log Analysis for Incident Response".
A
Explanation:
Detailed Firewall logs provide details of all network traffic, including connections to and from IoT devices. They are typically the first source of evidence for identifying the time of an exploit.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 4: Security Operations, Section: "Log Analysis for Incident Response".
Question #59
Which of the following elements of digital forensics should a company use If It needs to ensure the
integrity of evidence?
- A . Preservation
- B . E-discovery
- C . Acquisition
- D . Containment
Correct Answer: A
Question #60
Which of the following is a prerequisite for a DLP solution?
- A . Data destruction
- B . Data sanitization
- C . Data classification
- D . Data masking
Correct Answer: C
C
Explanation:
Data classification is required before implementing a Data Loss Prevention (DLP) solution because DLP policies depend on identifying and categorizing sensitive data to monitor, block, or encrypt it accordingly.
Data destruction (A) and sanitization (B) remove data, and masking (D) obscures data but classification is foundational for DLP effectiveness.
Data classification is emphasized in Security Program Management and Data Protection topics 【 6:Chapter 16†CompTIA Security+ Study Guide 】 .
C
Explanation:
Data classification is required before implementing a Data Loss Prevention (DLP) solution because DLP policies depend on identifying and categorizing sensitive data to monitor, block, or encrypt it accordingly.
Data destruction (A) and sanitization (B) remove data, and masking (D) obscures data but classification is foundational for DLP effectiveness.
Data classification is emphasized in Security Program Management and Data Protection topics 【 6:Chapter 16†CompTIA Security+ Study Guide 】 .