Practice Free SY0-701 Exam Online Questions
Question #71
After multiple phishing simulations, the Chief Security Officer announces a new program that incentivizes employees to not click phishing links in the upcoming quarter.
Which of the following security awareness execution techniques does this represent?
- A . Computer-based training
- B . Insider threat awareness
- C . SOAR playbook
- D . Gamification
Correct Answer: D
D
Explanation:
Gamification refers to the use of game elements such as points, rewards, competitions, and incentives to motivate users and enhance engagement in activities such as security awareness training. Incentivizing employees to avoid clicking phishing links by rewarding positive behavior is a classic example of gamification. Computer-based training (A) is traditional online training without game elements. Insider threat awareness (B) focuses on educating about internal threats. SOAR playbook (C) refers to automated incident response workflows, unrelated to employee training methods. Gamification is recognized in the Security Program Management domain as an effective technique to improve user engagement and security behavior 【 7:Chapter 5†CompTIA Security+ Practice Tests 】 .
D
Explanation:
Gamification refers to the use of game elements such as points, rewards, competitions, and incentives to motivate users and enhance engagement in activities such as security awareness training. Incentivizing employees to avoid clicking phishing links by rewarding positive behavior is a classic example of gamification. Computer-based training (A) is traditional online training without game elements. Insider threat awareness (B) focuses on educating about internal threats. SOAR playbook (C) refers to automated incident response workflows, unrelated to employee training methods. Gamification is recognized in the Security Program Management domain as an effective technique to improve user engagement and security behavior 【 7:Chapter 5†CompTIA Security+ Practice Tests 】 .
Question #72
A systems administrator needs to encrypt all data on employee laptops.
Which of the following encryption levels should be implemented?
- A . Volume
- B . Partition
- C . Full disk
- D . File
Correct Answer: C
Question #73
A network administrator deploys an FDE solution on all end user workstations.
Which of the following data protection strategies does this describe?
- A . Masking
- B . Data in transit
- C . Obfuscation
- D . Data at rest
- E . Data sovereignty
Correct Answer: D
D
Explanation:
Full Disk Encryption (FDE) is a data protection strategy that secures data at rest. CompTIA Security+ SY0-701 defines data at rest as information stored on physical or virtual media, such as hard drives, SSDs, or removable storage. FDE encrypts the entire disk, ensuring that all files―including operating system files, user data, temporary files, and swap space―are unreadable without proper authentication.
The primary purpose of FDE is to protect data if a device is lost, stolen, or accessed without authorization. Even if an attacker removes the hard drive and attempts to read it externally, the encrypted data remains inaccessible.
Masking (A) hides sensitive fields but does not encrypt storage. Data in transit (B) applies to data moving across networks. Obfuscation (C) makes data harder to understand but is not cryptographically secure. Data sovereignty (E) relates to legal jurisdiction of data storage.
Therefore, deploying FDE directly implements protection for data at rest, making D the correct answer.
D
Explanation:
Full Disk Encryption (FDE) is a data protection strategy that secures data at rest. CompTIA Security+ SY0-701 defines data at rest as information stored on physical or virtual media, such as hard drives, SSDs, or removable storage. FDE encrypts the entire disk, ensuring that all files―including operating system files, user data, temporary files, and swap space―are unreadable without proper authentication.
The primary purpose of FDE is to protect data if a device is lost, stolen, or accessed without authorization. Even if an attacker removes the hard drive and attempts to read it externally, the encrypted data remains inaccessible.
Masking (A) hides sensitive fields but does not encrypt storage. Data in transit (B) applies to data moving across networks. Obfuscation (C) makes data harder to understand but is not cryptographically secure. Data sovereignty (E) relates to legal jurisdiction of data storage.
Therefore, deploying FDE directly implements protection for data at rest, making D the correct answer.
Question #74
Which of the following cryptographic methods is preferred for securing communications with limited computing resources?
- A . Hashing algorithm
- B . Public key infrastructure
- C . Symmetric encryption
- D . Elliptic curve cryptography
Correct Answer: B
Question #75
Which of the following should be deployed on an externally facing web server in order to establish an encrypted connection?
- A . Public key
- B . Private Key
- C . Asymmetric key
- D . Symmetric key
Correct Answer: A
A
Explanation:
To establish an encrypted connection (such as HTTPS/TLS) with an externally facing web server, the server must deploy a public key as part of its digital certificate. Clients use the server’s public key to initiate secure communication, which is validated by certificate authorities. The server holds the matching private key, but it is the public key that must be made available for encrypted connections to be established.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 1.3: "A public key is made available to anyone and is used to establish secure connections with a web server."
Exam Objectives 1.3: “Explain the importance of cryptographic concepts.”
A
Explanation:
To establish an encrypted connection (such as HTTPS/TLS) with an externally facing web server, the server must deploy a public key as part of its digital certificate. Clients use the server’s public key to initiate secure communication, which is validated by certificate authorities. The server holds the matching private key, but it is the public key that must be made available for encrypted connections to be established.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 1.3: "A public key is made available to anyone and is used to establish secure connections with a web server."
Exam Objectives 1.3: “Explain the importance of cryptographic concepts.”
Question #76
Which of the following techniques would attract the attention of a malicious attacker in an insider threat scenario?
- A . Creating a false text file in /docs/salaries
- B . Setting weak passwords in /etc/shadow
- C . Scheduling vulnerable jobs in /etc/crontab
- D . Adding a fake account to /etc/passwd
Correct Answer: A
A
Explanation:
Placing a false (decoy) text file in a sensitive location (such as /docs/salaries) is an example of a honeytoken or deception technique. This technique is used to attract insider attackers and monitor their actions when they attempt to access the file.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 1.1: "Honeytokens are decoy files or records placed in locations of interest to attract and detect insider threats."
Exam Objectives 1.1: “Explain the importance of security concepts in an enterprise environment.”
A
Explanation:
Placing a false (decoy) text file in a sensitive location (such as /docs/salaries) is an example of a honeytoken or deception technique. This technique is used to attract insider attackers and monitor their actions when they attempt to access the file.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 1.1: "Honeytokens are decoy files or records placed in locations of interest to attract and detect insider threats."
Exam Objectives 1.1: “Explain the importance of security concepts in an enterprise environment.”
Question #77
Which of the following vulnerabilities is associated with installing software outside of a manufacturer’s approved software repository?
- A . Jailbreaking
- B . Memory injection
- C . Resource reuse
- D . Side loading
Correct Answer: D
D
Explanation:
Side loading is the process of installing software outside of a manufacturer’s approved software repository. This can expose the device to potential vulnerabilities, such as malware, spyware, or unauthorized access. Side loading can also bypass security controls and policies that are enforced by the manufacturer or the organization. Side loading is often done by users who want to access applications or features that are not available or allowed on their devices. = Sideloading – CompTIA
Security + Video Training | Interface Technical Training, Security+ (Plus) Certification | CompTIA IT Certifications, Load Balancers C CompTIA Security+ SY0-501 C 2.1, CompTIA Security+ SY0-601 Certification Study Guide.
D
Explanation:
Side loading is the process of installing software outside of a manufacturer’s approved software repository. This can expose the device to potential vulnerabilities, such as malware, spyware, or unauthorized access. Side loading can also bypass security controls and policies that are enforced by the manufacturer or the organization. Side loading is often done by users who want to access applications or features that are not available or allowed on their devices. = Sideloading – CompTIA
Security + Video Training | Interface Technical Training, Security+ (Plus) Certification | CompTIA IT Certifications, Load Balancers C CompTIA Security+ SY0-501 C 2.1, CompTIA Security+ SY0-601 Certification Study Guide.
Question #78
A security engineer needs to quickly identify a signature from a known malicious file.
Which of the following analysis methods would the security engineer most likely use?
- A . Static
- B . Sandbox
- C . Network traffic
- D . Package monitoring
Correct Answer: A
A
Explanation:
Static analysis is the process of examining a file without executing it to identify known malicious signatures, suspicious patterns, strings, embedded resources, or code fragments. When a security engineer needs to quickly extract a signature from a known malicious file, static analysis is the most efficient approach. This method allows analysts to inspect binary code, metadata, file headers, and hashes such as MD5/SHA-256.
According to Security+ SY0-701, static analysis is ideal for identifying:
Malware signatures
Embedded malicious payloads
Hash values for detection
Known indicators of compromise (IOCs)
Sandboxing (B) is used to observe behavior by executing the malware, which takes longer and is unnecessary when the malware is already known. Network traffic analysis (C) is used to observe communications, not generate file signatures. Package monitoring (D) refers to monitoring OS-level changes and system calls, which is a dynamic method.
Static analysis aligns with the requirement for quick identification, making option A the correct choice.
A
Explanation:
Static analysis is the process of examining a file without executing it to identify known malicious signatures, suspicious patterns, strings, embedded resources, or code fragments. When a security engineer needs to quickly extract a signature from a known malicious file, static analysis is the most efficient approach. This method allows analysts to inspect binary code, metadata, file headers, and hashes such as MD5/SHA-256.
According to Security+ SY0-701, static analysis is ideal for identifying:
Malware signatures
Embedded malicious payloads
Hash values for detection
Known indicators of compromise (IOCs)
Sandboxing (B) is used to observe behavior by executing the malware, which takes longer and is unnecessary when the malware is already known. Network traffic analysis (C) is used to observe communications, not generate file signatures. Package monitoring (D) refers to monitoring OS-level changes and system calls, which is a dynamic method.
Static analysis aligns with the requirement for quick identification, making option A the correct choice.
Question #79
A business uses Wi-Fi with content filleting enabled. An employee noticed a coworker accessed a blocked sue from a work computer and repotted the issue. While Investigating the issue, a security administrator found another device providing internet access to certain employees.
Which of the following best describes the security risk?
- A . The host-based security agent Is not running on all computers.
- B . A rogue access point Is allowing users to bypass controls.
- C . Employees who have certain credentials are using a hidden SSID.
- D . A valid access point is being jammed to limit availability.
Correct Answer: B
B
Explanation:
The presence of another device providing internet access that bypasses the content filtering system indicates the existence of a rogue access point. Rogue access points are unauthorized devices that can create a backdoor into the network, allowing users to bypass security controls like content filtering. This presents a significant security risk as it can expose the network to unauthorized access and potential data breaches.
CompTIA Security+ SY0-701 Course Content: Rogue access points are highlighted as a major security risk, allowing unauthorized access to the network and bypassing security measures.
B
Explanation:
The presence of another device providing internet access that bypasses the content filtering system indicates the existence of a rogue access point. Rogue access points are unauthorized devices that can create a backdoor into the network, allowing users to bypass security controls like content filtering. This presents a significant security risk as it can expose the network to unauthorized access and potential data breaches.
CompTIA Security+ SY0-701 Course Content: Rogue access points are highlighted as a major security risk, allowing unauthorized access to the network and bypassing security measures.
Question #80
A software developer would like to ensure. The source code cannot be reverse engineered or debugged.
Which of the following should the developer consider?
- A . Version control
- B . Obfuscation toolkit
- C . Code reuse
- D . Continuous integration
- E . Stored procedures
Correct Answer: B
B
Explanation:
An obfuscation toolkit is used by developers to make source code difficult to understand and reverse engineer. This technique involves altering the code’s structure and naming conventions without changing its functionality, making it much harder for attackers to decipher the code or use debugging tools to analyze it. Obfuscation is an important practice in protecting proprietary software and intellectual property from reverse engineering.
CompTIA Security+ SY0-701 Course Content: Domain 03 Security Architecture.
CompTIA Security+ SY0-601 Study Guide: Chapter on Secure Coding Practices.
B
Explanation:
An obfuscation toolkit is used by developers to make source code difficult to understand and reverse engineer. This technique involves altering the code’s structure and naming conventions without changing its functionality, making it much harder for attackers to decipher the code or use debugging tools to analyze it. Obfuscation is an important practice in protecting proprietary software and intellectual property from reverse engineering.
CompTIA Security+ SY0-701 Course Content: Domain 03 Security Architecture.
CompTIA Security+ SY0-601 Study Guide: Chapter on Secure Coding Practices.