Practice Free SY0-701 Exam Online Questions
Question #61
A client demands at least 99.99% uptime from a service provider’s hosted security services.
Which of the following documents includes the information the service provider should return to the client?
- A . MOA
- B . SOW
- C . MOU
- D . SLA
Correct Answer: D
D
Explanation:
A service level agreement (SLA) is a document that defines the level of service expected by a customer from a service provider, indicating the metrics by which that service is measured, and the remedies or penalties, if any, should the agreed-upon levels not be achieved. An SLA can specify the minimum uptime or availability of a service, such as 99.99%, and the consequences for failing to meet that standard. A memorandum of agreement (MOA), a statement of work (SOW), and a memorandum of understanding (MOU) are other types of documents that can be used to establish a relationship between parties, but they do not typically include the details of service levels and performance metrics that an SLA does.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 16-17
D
Explanation:
A service level agreement (SLA) is a document that defines the level of service expected by a customer from a service provider, indicating the metrics by which that service is measured, and the remedies or penalties, if any, should the agreed-upon levels not be achieved. An SLA can specify the minimum uptime or availability of a service, such as 99.99%, and the consequences for failing to meet that standard. A memorandum of agreement (MOA), a statement of work (SOW), and a memorandum of understanding (MOU) are other types of documents that can be used to establish a relationship between parties, but they do not typically include the details of service levels and performance metrics that an SLA does.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 16-17
Question #62
Which of the following metrics impacts the backup schedule as part of the BIA?
- A . RTO
- B . RPO
- C . MTTR
- D . MTBF
Correct Answer: B
B
Explanation:
Recovery Point Objective (RPO) defines the maximum acceptable amount of data loss measured in time. It directly impacts how frequently backups should occur to ensure data can be restored to a point no older than the RPO after a disruption.
Recovery Time Objective (RTO) (A) defines how quickly systems must be restored but does not dictate backup frequency. Mean Time To Repair (MTTR) (C) and Mean Time Between Failures (MTBF) (D) relate to system repair and reliability metrics, not backup schedules.
Understanding and defining RPO is a key part of the Business Impact Analysis (BIA) process covered in the Risk Management domain 【 6:Chapter 17†CompTIA Security+ Study Guide 】 .
B
Explanation:
Recovery Point Objective (RPO) defines the maximum acceptable amount of data loss measured in time. It directly impacts how frequently backups should occur to ensure data can be restored to a point no older than the RPO after a disruption.
Recovery Time Objective (RTO) (A) defines how quickly systems must be restored but does not dictate backup frequency. Mean Time To Repair (MTTR) (C) and Mean Time Between Failures (MTBF) (D) relate to system repair and reliability metrics, not backup schedules.
Understanding and defining RPO is a key part of the Business Impact Analysis (BIA) process covered in the Risk Management domain 【 6:Chapter 17†CompTIA Security+ Study Guide 】 .
Question #62
Which of the following metrics impacts the backup schedule as part of the BIA?
- A . RTO
- B . RPO
- C . MTTR
- D . MTBF
Correct Answer: B
B
Explanation:
Recovery Point Objective (RPO) defines the maximum acceptable amount of data loss measured in time. It directly impacts how frequently backups should occur to ensure data can be restored to a point no older than the RPO after a disruption.
Recovery Time Objective (RTO) (A) defines how quickly systems must be restored but does not dictate backup frequency. Mean Time To Repair (MTTR) (C) and Mean Time Between Failures (MTBF) (D) relate to system repair and reliability metrics, not backup schedules.
Understanding and defining RPO is a key part of the Business Impact Analysis (BIA) process covered in the Risk Management domain 【 6:Chapter 17†CompTIA Security+ Study Guide 】 .
B
Explanation:
Recovery Point Objective (RPO) defines the maximum acceptable amount of data loss measured in time. It directly impacts how frequently backups should occur to ensure data can be restored to a point no older than the RPO after a disruption.
Recovery Time Objective (RTO) (A) defines how quickly systems must be restored but does not dictate backup frequency. Mean Time To Repair (MTTR) (C) and Mean Time Between Failures (MTBF) (D) relate to system repair and reliability metrics, not backup schedules.
Understanding and defining RPO is a key part of the Business Impact Analysis (BIA) process covered in the Risk Management domain 【 6:Chapter 17†CompTIA Security+ Study Guide 】 .
Question #64
Which of the following is prevented by proper data sanitization?
- A . Hackers’ ability to obtain data from used hard drives
- B . Devices reaching end-of-life and losing support
- C . Disclosure of sensitive data through incorrect classification
- D . Incorrect inventory data leading to a laptop shortage
Correct Answer: A
A
Explanation:
Detailed Proper data sanitization ensures that sensitive data is securely erased from storage devices, preventing unauthorized access or recovery when the devices are disposed of or reused.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 5: Security Program Management, Section: "Data Sanitization and Disposal Methods".
A
Explanation:
Detailed Proper data sanitization ensures that sensitive data is securely erased from storage devices, preventing unauthorized access or recovery when the devices are disposed of or reused.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 5: Security Program Management, Section: "Data Sanitization and Disposal Methods".
Question #65
A security analyst must prevent remote users from accessing malicious URLs. The sites need to be checked inline for reputation, content, or categorization.
Which of the following technologies will help secure the enterprise?
- A . VPN
- B . SASE
- C . IDS
- D . SD-WAN
Correct Answer: B
B
Explanation:
Secure Access Service Edge (SASE) is the technology best suited for preventing remote users from accessing malicious URLs. According to the CompTIA Security+ SY0-701 framework, SASE integrates cloud-native security capabilities such as DNS filtering, secure web gateways, CASB, and URL categorization, all delivered inline. This means every URL request from a remote user is checked in real time for reputation, content, and category before access is granted.
This solution is specifically designed for remote workforces because security enforcement happens in the cloud, regardless of user location―eliminating reliance on on-premise proxies or VPN routing. SASE also enables consistent policy application and real-time enforcement across distributed networks.
A VPN (A) only encrypts traffic; it does not perform URL reputation checks. IDS (C) detects malicious activity but does not block URL access. SD-WAN (D) optimizes WAN routing but is not focused on content filtering or URL reputation.
Therefore, SASE is the correct and most effective solution for inline URL inspection and preventing remote users from reaching malicious sites.
B
Explanation:
Secure Access Service Edge (SASE) is the technology best suited for preventing remote users from accessing malicious URLs. According to the CompTIA Security+ SY0-701 framework, SASE integrates cloud-native security capabilities such as DNS filtering, secure web gateways, CASB, and URL categorization, all delivered inline. This means every URL request from a remote user is checked in real time for reputation, content, and category before access is granted.
This solution is specifically designed for remote workforces because security enforcement happens in the cloud, regardless of user location―eliminating reliance on on-premise proxies or VPN routing. SASE also enables consistent policy application and real-time enforcement across distributed networks.
A VPN (A) only encrypts traffic; it does not perform URL reputation checks. IDS (C) detects malicious activity but does not block URL access. SD-WAN (D) optimizes WAN routing but is not focused on content filtering or URL reputation.
Therefore, SASE is the correct and most effective solution for inline URL inspection and preventing remote users from reaching malicious sites.
Question #66
A manufacturing organization receives the results from a penetration test. According to the results, legacy devices that are critical to continued business function display vulnerabilities. The devices have minimal vendor support and should be segmented and monitored closely.
Which of the following devices were most likely identified?
- A . Workstations
- B . Embedded systems
- C . Core router
- D . DNS server
Correct Answer: B
B
Explanation:
The scenario describes legacy, business-critical devices with minimal vendor support that must be segmented and closely monitored. This strongly matches embedded systems commonly found in manufacturing environments (e.g., industrial machinery controllers, sensors, ICS/SCADA components). The Study Guide defines embedded systems as: “Embedded systems are computer systems that are built into other devices. Industrial machinery, appliances, and cars are all places where you may have encountered embedded systems.” Manufacturing organizations often can’t easily replace or patch these systems because they have long lifecycles and may depend on specialized firmware/RTOS and proprietary integrations. The same guide warns that legacy/unsupported platforms create risk due to lack of vendor security patches and recommends compensating controls: “Lack of support implies that no new security patches… will be released… In cases where the organization simply must continue using an unsupported operating system, best practice dictates isolating the system as much as possible… and applying as many compensating security controls as possible, such as increased monitoring and implementing strict network firewall rules.”
That guidance directly supports the question’s “segmented and monitored closely” language. Workstations typically have stronger patch/support options; core routers and DNS servers are important, but they are not usually described as embedded legacy devices with minimal vendor support in a manufacturing context.
Reference: Embedded systems definition and manufacturing examples; legacy/unsupported systems require isolation/monitoring compensating controls.
B
Explanation:
The scenario describes legacy, business-critical devices with minimal vendor support that must be segmented and closely monitored. This strongly matches embedded systems commonly found in manufacturing environments (e.g., industrial machinery controllers, sensors, ICS/SCADA components). The Study Guide defines embedded systems as: “Embedded systems are computer systems that are built into other devices. Industrial machinery, appliances, and cars are all places where you may have encountered embedded systems.” Manufacturing organizations often can’t easily replace or patch these systems because they have long lifecycles and may depend on specialized firmware/RTOS and proprietary integrations. The same guide warns that legacy/unsupported platforms create risk due to lack of vendor security patches and recommends compensating controls: “Lack of support implies that no new security patches… will be released… In cases where the organization simply must continue using an unsupported operating system, best practice dictates isolating the system as much as possible… and applying as many compensating security controls as possible, such as increased monitoring and implementing strict network firewall rules.”
That guidance directly supports the question’s “segmented and monitored closely” language. Workstations typically have stronger patch/support options; core routers and DNS servers are important, but they are not usually described as embedded legacy devices with minimal vendor support in a manufacturing context.
Reference: Embedded systems definition and manufacturing examples; legacy/unsupported systems require isolation/monitoring compensating controls.
Question #67
A company performs risk analysis on its equipment and estimates it will experience about ten incidents over a five-year period.
Which of the following is the correct ARO for the equipment?
- A . 2
- B . 5
- C . 10
- D . 50
Correct Answer: A
A
Explanation:
The best answer is A. 2.
ARO (Annualized Rate of Occurrence) measures how many times an incident is expected to occur per year.
The company expects:
10 incidents over 5 years
So the calculation is:
ARO=10/5=2
This means the expected annual rate of occurrence is 2 incidents per year.
Why the other options are incorrect:
B. 5This would not represent the yearly average based on the numbers given.
C. 10This is the total number of incidents over five years, not the annualized value.
D. 50This is not supported by the information in the question.
From a Security+ risk calculation standpoint, when a total event count is spread across multiple years, the ARO is found by dividing the total incidents by the number of years. Therefore, A is correct.
A
Explanation:
The best answer is A. 2.
ARO (Annualized Rate of Occurrence) measures how many times an incident is expected to occur per year.
The company expects:
10 incidents over 5 years
So the calculation is:
ARO=10/5=2
This means the expected annual rate of occurrence is 2 incidents per year.
Why the other options are incorrect:
B. 5This would not represent the yearly average based on the numbers given.
C. 10This is the total number of incidents over five years, not the annualized value.
D. 50This is not supported by the information in the question.
From a Security+ risk calculation standpoint, when a total event count is spread across multiple years, the ARO is found by dividing the total incidents by the number of years. Therefore, A is correct.
Question #68
A client asked a security company to provide a document outlining the project, the cost, and the completion time frame.
Which of the following documents should the company provide to the client?
- A . MSA
- B . SLA
- C . BPA
- D . SOW
Correct Answer: D
D
Explanation:
An ISOW is a document that outlines the project, the cost, and the completion time frame for a security company to provide a service to a client. ISOW stands for Information Security Operations Work, and it is a type of contract that specifies the scope, deliverables, milestones, and payment terms of a security project. An ISOW is usually used for one-time or short-term projects that have a clear and defined objective and outcome. For example, an ISOW can be used for a security assessment, a penetration test, a security audit, or a security training.
The other options are not correct because they are not documents that outline the project, the cost, and the completion time frame for a security company to provide a service to a client. A MSA is a master service agreement, which is a type of contract that establishes the general terms and conditions for a long-term or ongoing relationship between a security company and a client. A MSA does not specify the details of each individual project, but rather sets the framework for future projects that will be governed by separate statements of work (SOWs). A SLA is a service level agreement, which is a type of contract that defines the quality and performance standards for a security service provided by a security company to a client. A SLA usually includes the metrics, targets, responsibilities, and penalties for measuring and ensuring the service level. A BPA is a business partnership agreement, which is a type of contract that establishes the roles and expectations for a strategic alliance between two or more security companies that collaborate to provide a joint service to a client. A BPA usually covers the objectives, benefits, risks, and obligations of the partnership.
Reference = CompTIA Security+ Study Guide (SY0-701), Chapter 8: Governance, Risk, and Compliance, page 387. Professor Messer’s CompTIA SY0-701 Security+ Training Course, Section 8.2: Compliance and Controls, video: Contracts and Agreements (5:12).
D
Explanation:
An ISOW is a document that outlines the project, the cost, and the completion time frame for a security company to provide a service to a client. ISOW stands for Information Security Operations Work, and it is a type of contract that specifies the scope, deliverables, milestones, and payment terms of a security project. An ISOW is usually used for one-time or short-term projects that have a clear and defined objective and outcome. For example, an ISOW can be used for a security assessment, a penetration test, a security audit, or a security training.
The other options are not correct because they are not documents that outline the project, the cost, and the completion time frame for a security company to provide a service to a client. A MSA is a master service agreement, which is a type of contract that establishes the general terms and conditions for a long-term or ongoing relationship between a security company and a client. A MSA does not specify the details of each individual project, but rather sets the framework for future projects that will be governed by separate statements of work (SOWs). A SLA is a service level agreement, which is a type of contract that defines the quality and performance standards for a security service provided by a security company to a client. A SLA usually includes the metrics, targets, responsibilities, and penalties for measuring and ensuring the service level. A BPA is a business partnership agreement, which is a type of contract that establishes the roles and expectations for a strategic alliance between two or more security companies that collaborate to provide a joint service to a client. A BPA usually covers the objectives, benefits, risks, and obligations of the partnership.
Reference = CompTIA Security+ Study Guide (SY0-701), Chapter 8: Governance, Risk, and Compliance, page 387. Professor Messer’s CompTIA SY0-701 Security+ Training Course, Section 8.2: Compliance and Controls, video: Contracts and Agreements (5:12).
Question #69
An enterprise security team is researching a new security architecture to better protect the company’s networks and applications against the latest cyberthreats. The company has a fully remote workforce. The solution should be highly redundant and enable users to connect to a VPN with an integrated, software-based firewall.
Which of the following solutions meets these requirements?
- A . IPS
- B . SIEM
- C . SASE
- D . CASB
Correct Answer: C
C
Explanation:
The requirements point to a cloud-delivered, remote-user-first architecture that provides secure connectivity and security controls as an integrated service. Secure Access Service Edge (SASE) matches this because it combines remote connectivity capabilities (often replacing or modernizing traditional VPN approaches) with cloud-based security services, including firewalling, in a way that supports distributed users and resilient global access. The Study Guide explicitly states: “Secure Access Service Edge (SASE… ) combines virtual private networks, SD-WAN, and cloud-based security tools like firewalls, cloud access security brokers (CASBs), and zero-trust networks to provide secure access for devices regardless of their location.” This directly aligns with a fully remote workforce (“regardless of their location”), VPN capability, and an integrated firewall (“cloud-based security tools like firewalls”).
Why the other options don’t fit as well: IPS is a specific protective control, not an end-to-end remote access architecture; SIEM is for log aggregation/correlation and monitoring, not VPN + firewall delivery; and CASB is a component used to enforce cloud policy, but the guide distinguishes it as a policy enforcement point rather than a full connectivity + firewall architecture: “A CASB is a policy enforcement point…”. Therefore, SASE is the best match.
Reference: Sybex CompTIA Security+ Study Guide (SY0-701) ― SASE definition and included capabilities (also duplicated in).
C
Explanation:
The requirements point to a cloud-delivered, remote-user-first architecture that provides secure connectivity and security controls as an integrated service. Secure Access Service Edge (SASE) matches this because it combines remote connectivity capabilities (often replacing or modernizing traditional VPN approaches) with cloud-based security services, including firewalling, in a way that supports distributed users and resilient global access. The Study Guide explicitly states: “Secure Access Service Edge (SASE… ) combines virtual private networks, SD-WAN, and cloud-based security tools like firewalls, cloud access security brokers (CASBs), and zero-trust networks to provide secure access for devices regardless of their location.” This directly aligns with a fully remote workforce (“regardless of their location”), VPN capability, and an integrated firewall (“cloud-based security tools like firewalls”).
Why the other options don’t fit as well: IPS is a specific protective control, not an end-to-end remote access architecture; SIEM is for log aggregation/correlation and monitoring, not VPN + firewall delivery; and CASB is a component used to enforce cloud policy, but the guide distinguishes it as a policy enforcement point rather than a full connectivity + firewall architecture: “A CASB is a policy enforcement point…”. Therefore, SASE is the best match.
Reference: Sybex CompTIA Security+ Study Guide (SY0-701) ― SASE definition and included capabilities (also duplicated in).
Question #69
An enterprise security team is researching a new security architecture to better protect the company’s networks and applications against the latest cyberthreats. The company has a fully remote workforce. The solution should be highly redundant and enable users to connect to a VPN with an integrated, software-based firewall.
Which of the following solutions meets these requirements?
- A . IPS
- B . SIEM
- C . SASE
- D . CASB
Correct Answer: C
C
Explanation:
The requirements point to a cloud-delivered, remote-user-first architecture that provides secure connectivity and security controls as an integrated service. Secure Access Service Edge (SASE) matches this because it combines remote connectivity capabilities (often replacing or modernizing traditional VPN approaches) with cloud-based security services, including firewalling, in a way that supports distributed users and resilient global access. The Study Guide explicitly states: “Secure Access Service Edge (SASE… ) combines virtual private networks, SD-WAN, and cloud-based security tools like firewalls, cloud access security brokers (CASBs), and zero-trust networks to provide secure access for devices regardless of their location.” This directly aligns with a fully remote workforce (“regardless of their location”), VPN capability, and an integrated firewall (“cloud-based security tools like firewalls”).
Why the other options don’t fit as well: IPS is a specific protective control, not an end-to-end remote access architecture; SIEM is for log aggregation/correlation and monitoring, not VPN + firewall delivery; and CASB is a component used to enforce cloud policy, but the guide distinguishes it as a policy enforcement point rather than a full connectivity + firewall architecture: “A CASB is a policy enforcement point…”. Therefore, SASE is the best match.
Reference: Sybex CompTIA Security+ Study Guide (SY0-701) ― SASE definition and included capabilities (also duplicated in).
C
Explanation:
The requirements point to a cloud-delivered, remote-user-first architecture that provides secure connectivity and security controls as an integrated service. Secure Access Service Edge (SASE) matches this because it combines remote connectivity capabilities (often replacing or modernizing traditional VPN approaches) with cloud-based security services, including firewalling, in a way that supports distributed users and resilient global access. The Study Guide explicitly states: “Secure Access Service Edge (SASE… ) combines virtual private networks, SD-WAN, and cloud-based security tools like firewalls, cloud access security brokers (CASBs), and zero-trust networks to provide secure access for devices regardless of their location.” This directly aligns with a fully remote workforce (“regardless of their location”), VPN capability, and an integrated firewall (“cloud-based security tools like firewalls”).
Why the other options don’t fit as well: IPS is a specific protective control, not an end-to-end remote access architecture; SIEM is for log aggregation/correlation and monitoring, not VPN + firewall delivery; and CASB is a component used to enforce cloud policy, but the guide distinguishes it as a policy enforcement point rather than a full connectivity + firewall architecture: “A CASB is a policy enforcement point…”. Therefore, SASE is the best match.
Reference: Sybex CompTIA Security+ Study Guide (SY0-701) ― SASE definition and included capabilities (also duplicated in).