Practice Free SY0-701 Exam Online Questions
Question #61
Which of the following is a common data removal option for companies that want to wipe sensitive data from hard drives in a repeatable manner but allow the hard drives to be reused?
- A . Sanitization
- B . Formatting
- C . Degaussing
- D . Defragmentation
Correct Answer: A
Question #62
A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours.
Which of the following is most likely occurring?
- A . A worm is propagating across the network.
- B . Data is being exfiltrated.
- C . A logic bomb is deleting data.
- D . Ransomware is encrypting files.
Correct Answer: B
B
Explanation:
Data exfiltration is a technique that attackers use to steal sensitive data from a target system or network by transmitting it through DNS queries and responses. This method is often used in advanced persistent threat (APT) attacks, in which attackers seek to persistently evade detection in the target environment. A large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours is a strong indicator of data exfiltration. A worm, a logic bomb, and ransomware would not use DNS queries to communicate with their command and control servers or perform their malicious actions.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 487; Introduction to DNS Data Exfiltration; Identifying a DNS Exfiltration Attack That Wasn’t Real ― This Time
B
Explanation:
Data exfiltration is a technique that attackers use to steal sensitive data from a target system or network by transmitting it through DNS queries and responses. This method is often used in advanced persistent threat (APT) attacks, in which attackers seek to persistently evade detection in the target environment. A large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours is a strong indicator of data exfiltration. A worm, a logic bomb, and ransomware would not use DNS queries to communicate with their command and control servers or perform their malicious actions.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 487; Introduction to DNS Data Exfiltration; Identifying a DNS Exfiltration Attack That Wasn’t Real ― This Time
Question #63
Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?
- A . To track the status of patching installations
- B . To find shadow IT cloud deployments
- C . To continuously the monitor hardware inventory
- D . To hunt for active attackers in the network
Correct Answer: A
A
Explanation:
Running daily vulnerability scans on all corporate endpoints is primarily done to track the status of patching installations. These scans help identify any missing security patches or vulnerabilities that could be exploited by attackers. Keeping the endpoints up-to-date with the latest patches is critical for maintaining security.
Finding shadow IT cloud deployments and monitoring hardware inventory are better achieved through other tools.
Hunting for active attackers would typically involve more real-time threat detection methods than daily vulnerability scans.
A
Explanation:
Running daily vulnerability scans on all corporate endpoints is primarily done to track the status of patching installations. These scans help identify any missing security patches or vulnerabilities that could be exploited by attackers. Keeping the endpoints up-to-date with the latest patches is critical for maintaining security.
Finding shadow IT cloud deployments and monitoring hardware inventory are better achieved through other tools.
Hunting for active attackers would typically involve more real-time threat detection methods than daily vulnerability scans.
Question #64
Which of the following types of vulnerabilities is primarily caused by improper use and management of cryptographic certificates?
- A . Misconfiguration
- B . Resource reuse
- C . Insecure key storage
- D . Weak cipher suites
Correct Answer: C
C
Explanation:
Detailed Insecure key storage refers to vulnerabilities caused by improper handling of cryptographic keys and certificates, such as storing them in plaintext or lacking access controls.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 2: Threats, Section: "Cryptographic Vulnerabilities and Mitigation".
C
Explanation:
Detailed Insecure key storage refers to vulnerabilities caused by improper handling of cryptographic keys and certificates, such as storing them in plaintext or lacking access controls.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 2: Threats, Section: "Cryptographic Vulnerabilities and Mitigation".
Question #65
A systems administrator wants to use a technical solution to explicitly define file permissions for the entire team.
Which of the following should the administrator implement?
- A . ACL
- B . Monitoring
- C . Isolation
- D . HIPS
Correct Answer: A
A
Explanation:
An Access Control List (ACL) is a technical mechanism used to explicitly define permissions for files, folders, or other resources. ACLs specify which users or system processes are granted access to objects and what operations are allowed on given objects. This allows the administrator to centrally and granularly manage file permissions for a group or team.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 3.1, “Access control lists (ACLs) are used to explicitly define permissions to files and resources for users and groups.” Exam Objectives 3.1: “Implement secure network architecture concepts.”
A
Explanation:
An Access Control List (ACL) is a technical mechanism used to explicitly define permissions for files, folders, or other resources. ACLs specify which users or system processes are granted access to objects and what operations are allowed on given objects. This allows the administrator to centrally and granularly manage file permissions for a group or team.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 3.1, “Access control lists (ACLs) are used to explicitly define permissions to files and resources for users and groups.” Exam Objectives 3.1: “Implement secure network architecture concepts.”
Question #66
While troubleshooting a firewall configuration, a technician determines that a “deny any” policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable.
Which of the following actions would prevent this issue?
- A . Documenting the new policy in a change request and submitting the request to change management
- B . Testing the policy in a non-production environment before enabling the policy in the production network
- C . Disabling any intrusion prevention signatures on the ‘deny any* policy prior to enabling the new policy
- D . Including an ‘allow any1 policy above the ‘deny any* policy
Correct Answer: B
B
Explanation:
A firewall policy is a set of rules that defines what traffic is allowed or denied on a network. A firewall policy should be carefully designed and tested before being implemented, as a misconfigured policy can cause network disruptions or security breaches. A common best practice is to test the policy in a non-production environment, such as a lab or a simulation, before enabling the policy in the production network. This way, the technician can verify the functionality and performance of the policy, and identify and resolve any issues or conflicts, without affecting the live network. Testing the policy in a non-production environment would prevent the issue of the ‘deny any’ policy causing several company servers to become unreachable, as the technician would be able to detect and correct the problem before applying the policy to the production network.
Documenting the new policy in a change request and submitting the request to change management is a good practice, but it would not prevent the issue by itself. Change management is a process that ensures that any changes to the network are authorized, documented, and communicated, but it does not guarantee that the changes are error-free or functional. The technician still needs to test the policy before implementing it.
Disabling any intrusion prevention signatures on the ‘deny any’ policy prior to enabling the new policy would not prevent the issue, and it could reduce the security of the network. Intrusion prevention signatures are patterns that identify malicious or unwanted traffic, and allow the firewall to block or alert on such traffic. Disabling these signatures would make the firewall less effective in detecting and preventing attacks, and it would not affect the reachability of the company servers. Including an ‘allow any’ policy above the ‘deny any’ policy would not prevent the issue, and it would render the ‘deny any’ policy useless. A firewall policy is processed from top to bottom, and the first matching rule is applied. An ‘allow any’ policy would match any traffic and allow it to pass through the firewall, regardless of the source, destination, or protocol. This would negate the purpose of the ‘deny any’ policy, which is to block any traffic that does not match any of the previous rules. Moreover, an ‘allow any’ policy would create a security risk, as it would allow any unauthorized or malicious traffic to enter or exit the network.
Reference = CompTIA Security+ SY0-701 Certification Study Guide, page 204-205; Professor Messer’s CompTIA SY0-701 Security+ Training Course, video 2.1 – Network Security Devices, 8:00 – 10:00.
B
Explanation:
A firewall policy is a set of rules that defines what traffic is allowed or denied on a network. A firewall policy should be carefully designed and tested before being implemented, as a misconfigured policy can cause network disruptions or security breaches. A common best practice is to test the policy in a non-production environment, such as a lab or a simulation, before enabling the policy in the production network. This way, the technician can verify the functionality and performance of the policy, and identify and resolve any issues or conflicts, without affecting the live network. Testing the policy in a non-production environment would prevent the issue of the ‘deny any’ policy causing several company servers to become unreachable, as the technician would be able to detect and correct the problem before applying the policy to the production network.
Documenting the new policy in a change request and submitting the request to change management is a good practice, but it would not prevent the issue by itself. Change management is a process that ensures that any changes to the network are authorized, documented, and communicated, but it does not guarantee that the changes are error-free or functional. The technician still needs to test the policy before implementing it.
Disabling any intrusion prevention signatures on the ‘deny any’ policy prior to enabling the new policy would not prevent the issue, and it could reduce the security of the network. Intrusion prevention signatures are patterns that identify malicious or unwanted traffic, and allow the firewall to block or alert on such traffic. Disabling these signatures would make the firewall less effective in detecting and preventing attacks, and it would not affect the reachability of the company servers. Including an ‘allow any’ policy above the ‘deny any’ policy would not prevent the issue, and it would render the ‘deny any’ policy useless. A firewall policy is processed from top to bottom, and the first matching rule is applied. An ‘allow any’ policy would match any traffic and allow it to pass through the firewall, regardless of the source, destination, or protocol. This would negate the purpose of the ‘deny any’ policy, which is to block any traffic that does not match any of the previous rules. Moreover, an ‘allow any’ policy would create a security risk, as it would allow any unauthorized or malicious traffic to enter or exit the network.
Reference = CompTIA Security+ SY0-701 Certification Study Guide, page 204-205; Professor Messer’s CompTIA SY0-701 Security+ Training Course, video 2.1 – Network Security Devices, 8:00 – 10:00.
Question #67
During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Once the password is created, the company will grant the employee access to other company-owned websites based on the intranet profile.
Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user’s intranet account? (Select two).
- A . Federation
- B . Identity proofing
- C . Password complexity
- D . Default password changes
- E . Password manager
- F . Open authentication
Correct Answer: A,C
A,C
Explanation:
Federation is an access management concept that allows users to authenticate once and access multiple resources or services across different domains or organizations. Federation relies on a trusted third party that stores the user’s credentials and provides them to the requested resources or services without exposing them. Password complexity is a security measure that requires users to create passwords that meet certain criteria, such as length, character types, and uniqueness. Password complexity can help prevent brute-force attacks, password guessing, and credential stuffing by making passwords harder to crack or guess.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 308-309 and 312-313 1
A,C
Explanation:
Federation is an access management concept that allows users to authenticate once and access multiple resources or services across different domains or organizations. Federation relies on a trusted third party that stores the user’s credentials and provides them to the requested resources or services without exposing them. Password complexity is a security measure that requires users to create passwords that meet certain criteria, such as length, character types, and uniqueness. Password complexity can help prevent brute-force attacks, password guessing, and credential stuffing by making passwords harder to crack or guess.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 308-309 and 312-313 1
Question #68
Which of the following actions would reduce the number of false positives for an analyst to manually review?
- A . Create playbooks as part of a SOAR platform
- B . Redefine the patch management process
- C . Replace an EDR tool with an XDR solution
- D . Disable AV heuristics scanning
Correct Answer: A
A
Explanation:
Implementing playbooks as part of a SOAR (Security Orchestration, Automation, and Response) platform enables the automation of routine security tasks and the standardized response to common alerts. Playbooks help filter and validate alerts, reducing the number of false positives that analysts need to manually investigate. SOAR tools are specifically designed to improve efficiency, consistency, and accuracy in incident response, allowing analysts to focus on genuine threats rather than being overwhelmed by noise.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 4.3: "SOAR platforms allow organizations to automate repetitive security tasks, including the use of playbooks, to reduce false positives and the workload on analysts."
Exam Objectives 4.3: “Implement incident response and recovery procedures.”
A
Explanation:
Implementing playbooks as part of a SOAR (Security Orchestration, Automation, and Response) platform enables the automation of routine security tasks and the standardized response to common alerts. Playbooks help filter and validate alerts, reducing the number of false positives that analysts need to manually investigate. SOAR tools are specifically designed to improve efficiency, consistency, and accuracy in incident response, allowing analysts to focus on genuine threats rather than being overwhelmed by noise.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 4.3: "SOAR platforms allow organizations to automate repetitive security tasks, including the use of playbooks, to reduce false positives and the workload on analysts."
Exam Objectives 4.3: “Implement incident response and recovery procedures.”
Question #69
The private key for a website was stolen, and a new certificate has been issued.
Which of the following needs to be updated next?
- A . SCEP
- B . CRL
- C . OCSP
- D . CSR
Correct Answer: B
Question #70
The security team notices that the Always On VPN solution sometimes fails to connect. This leaves remote users unprotected because they cannot connect to the on-premises web proxy.
Which of the following changes will best provide web protection in this scenario?
- A . Implement network access control.
- B . Configure the local gateway to point to the VPN.
- C . Create a public NAT to the on-premises proxy.
- D . Install a host-based content filtering solution.
Correct Answer: D
D
Explanation:
Installing a host-based content filtering solution on the endpoints ensures that web traffic is filtered locally even when the VPN connection to the on-premises proxy fails, maintaining protection for remote users.
Network access control (A) manages device network access, local gateway configuration (B) does not solve protection if VPN fails, and public NAT (C) exposes internal resources and increases risk. Endpoint filtering complements VPN for resilient web security, covered in Security Architecture and Operations 【 6:Chapter 11†CompTIA Security+ Study Guide 】 .
D
Explanation:
Installing a host-based content filtering solution on the endpoints ensures that web traffic is filtered locally even when the VPN connection to the on-premises proxy fails, maintaining protection for remote users.
Network access control (A) manages device network access, local gateway configuration (B) does not solve protection if VPN fails, and public NAT (C) exposes internal resources and increases risk. Endpoint filtering complements VPN for resilient web security, covered in Security Architecture and Operations 【 6:Chapter 11†CompTIA Security+ Study Guide 】 .