Practice Free SY0-701 Exam Online Questions
A security professional discovers a folder containing an employee’s personal information on the enterprise’s shared drive.
Which of the following best describes the data type the security professional should use to identify organizational policies and standards concerning the storage of employees’ personal information?
- A . Legal
- B . Financial
- C . Privacy
- D . Intellectual property
C
Explanation:
Detailed Privacy data includes information such as Personally Identifiable Information (PII), which relates to employees’ or customers’ personal data. Organizations often maintain policies and standards specifically addressing how such sensitive information should be handled.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 5: Security Program Management, Section: "Data Types and Classifications".
Which of the following is a benefit of an RTO when conducting a business impact analysis?
- A . It determines the likelihood of an incident and its cost.
- B . It determines the roles and responsibilities for incident responders.
- C . It determines the state that systems should be restored to following an incident.
- D . It determines how long an organization can tolerate downtime after an incident.
D
Explanation:
Recovery Time Objective (RTO)defines the maximum acceptable downtime before business operations must be restored. It helps organizations set expectations for recovery speed and prioritize system restoration accordingly.
A (likelihood of an incident and cost) relates to risk assessment, not RTO.
B (roles and responsibilities) falls under incident response planning, not RTO.
C (state of restored systems) is covered by Recovery Point Objective (RPO), not RTO.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Security Program Management and Oversight domain.
Which of the following is a type of vulnerability that involves inserting scripts into web-based applications in order to take control of the client’s web browser?
- A . SQL injection
- B . Cross-site scripting
- C . Zero-day exploit
- D . On-path attack
B
Explanation:
Cross-site scripting (XSS) vulnerabilities allow attackers to inject malicious scripts into a website, which are then executed in the user’s web browser, potentially leading to data theft or session hijacking.
Reference: Security+ SY0-701 Course Content, Security+ SY0-601 Book.
An organization issued new laptops to all employees and wants to provide web filtering both in and out of the office without configuring additional access to the network.
Which of the following types of web filtering should a systems administrator configure?
- A . Agent-based
- B . Centralized proxy
- C . URL scanning
- D . Content categorization
Which of the following describes the process of concealing code or text inside a graphical image?
- A . Symmetric encryption
- B . Hashing
- C . Data masking
- D . Steganography
D
Explanation:
Steganography is the process of hiding information within another medium, such as an image, audio, video, or text file. The hidden information is not visible or noticeable to the casual observer, and can only be extracted by using a specific technique or key. Steganography can be used for various purposes, such as concealing secret messages, watermarking, or evading detection by antivirus software12
Reference: 1: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 5: Cryptography and PKI, page 233 2: CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 5: Cryptography and PKI, page 235
A security analyst sees an increase of vulnerabilities on workstations after a deployment of a company group policy.
Which of the following vulnerability types will the analyst most likely find on the workstations?
- A . Misconfiguration
- B . Zero-day
- C . Malicious update
- D . Supply chain
A
Explanation:
Group policies can inadvertently introduce misconfigurations, such as enabling insecure settings or failing to disable legacy protocols, increasing vulnerabilities.
Zero-day (B) are previously unknown vulnerabilities, malicious updates (C) are attacker-controlled, and supply chain (D) risks come from third-party components.
Misconfiguration vulnerabilities are commonly introduced during changes and are emphasized in Security Operations 【 6:Chapter 14†CompTIA Security+ Study Guide 】 .
Employees sign an agreement that restricts specific activities when leaving the company. Violating the agreement can result in legal consequences.
Which of the following agreements does this best describe?
- A . SLA
- B . BPA
- C . NDA
- D . MOA
C
Explanation:
A non-disclosure agreement (NDA) restricts employees from sharing proprietary or confidential information when they leave the company. Legal consequences may result from violating an NDA.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 5.2: "NDAs are legal agreements to prevent employees from disclosing sensitive information upon termination."
Exam Objectives 5.2: “Summarize business agreement and legal requirements.”
An organization is leveraging a VPN between its headquarters and a branch location.
Which of the following is the VPN protecting?
- A . Data in use
- B . Data in transit
- C . Geographic restrictions
- D . Data sovereignty
B
Explanation:
Data in transit is data that is moving from one location to another, such as over a network or through the air. Data in transit is vulnerable to interception, modification, or theft by malicious actors. A VPN (virtual private network) is a technology that protects data in transit by creating a secure tunnel between two endpoints and encrypting the data that passes through it2.
Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 4, page 145.
Which of the following would be the greatest concern for a company that is aware of the consequences of non-compliance with government regulations?
- A . Right to be forgotten
- B . Sanctions
- C . External compliance reporting
- D . Attestation
B
Explanation:
Detailed
Sanctions imposed for non-compliance can include fines, legal actions, and loss of business licenses. These pose a significant financial and reputational risk to organizations.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 5: Security Program Management, Section: "Regulatory Compliance Risks".
Which of the following allows for the attribution of messages to individuals?
- A . Adaptive identity
- B . Non-repudiation
- C . Authentication
- D . Access logs
B
Explanation:
Non-repudiation is the ability to prove that a message or document was sent or signed by a particular person, and that the person cannot deny sending or signing it. Non-repudiation can be achieved by using cryptographic techniques, such as hashing and digital signatures, that can verify the authenticity and integrity of the message or document. Non-repudiation can be useful for legal, financial, or contractual purposes, as it can provide evidence of the origin and content of the message or document.
Reference = Non-repudiation C CompTIA Security+ SY0-701 C 1.2, CompTIA Security+ SY0-301: 6.1 C Non-repudiation, CompTIA Security+ (SY0-701) Certification Exam Objectives, Domain 1.2, page 2.