Practice Free SY0-701 Exam Online Questions
Question #81
Which of the following makes Infrastructure as Code (IaC) a preferred security architecture over traditional infrastructure models?
- A . Common attacks are less likely to be effective.
- B . Configuration can be better managed and replicated.
- C . Outsourcing to a third party with more expertise in network defense is possible.
- D . Optimization can occur across a number of computing instances.
Correct Answer: B
B
Explanation:
Infrastructure as Code (IaC)enables automated provisioning and configuration of infrastructure, making environments repeatable, consistent, and scalable. The ability to better manage and replicate configurations (B)ensures that security settings are not missed and reduces misconfigurations. According to the CompTIA Security+ SY0-701exam objectives under Domain 4.1 (Explain the security implications of different architecture models), IaCprovides the ability to “automatically enforce security controls “and manage consistent configuration states, reducing human error.
Reference: CompTIA Security+ SY0-701 Objectives, Domain 4.1 C "Infrastructure as Code (IaC):
Standardized deployment, version control, configuration consistency."
B
Explanation:
Infrastructure as Code (IaC)enables automated provisioning and configuration of infrastructure, making environments repeatable, consistent, and scalable. The ability to better manage and replicate configurations (B)ensures that security settings are not missed and reduces misconfigurations. According to the CompTIA Security+ SY0-701exam objectives under Domain 4.1 (Explain the security implications of different architecture models), IaCprovides the ability to “automatically enforce security controls “and manage consistent configuration states, reducing human error.
Reference: CompTIA Security+ SY0-701 Objectives, Domain 4.1 C "Infrastructure as Code (IaC):
Standardized deployment, version control, configuration consistency."
Question #82
A Chief Information Security Officer wants to monitor the company’s servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring.
Which of the following strategies would best accomplish this goal?
- A . Logging all NetFlow traffic into a SIEM
- B . Deploying network traffic sensors on the same subnet as the servers
- C . Logging endpoint and OS-specific security logs
- D . Enabling full packet capture for traffic entering and exiting the servers
Correct Answer: D
D
Explanation:
Full packet capture is a technique that records all network traffic passing through a device, such as a router or firewall. It allows for detailed analysis and investigation of network events, such as SQLi attacks, by providing the complete content and context of the packets. Full packet capture can help identify the source, destination, payload, and timing of an SQLi attack, as well as the impact on the server and database. Logging NetFlow traffic, network traffic sensors, and endpoint and OS-specific security logs can provide some information about network activity, but they do not capture the full content of the packets, which may limit the scope and depth of the investigation.: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 372-373
D
Explanation:
Full packet capture is a technique that records all network traffic passing through a device, such as a router or firewall. It allows for detailed analysis and investigation of network events, such as SQLi attacks, by providing the complete content and context of the packets. Full packet capture can help identify the source, destination, payload, and timing of an SQLi attack, as well as the impact on the server and database. Logging NetFlow traffic, network traffic sensors, and endpoint and OS-specific security logs can provide some information about network activity, but they do not capture the full content of the packets, which may limit the scope and depth of the investigation.: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 372-373
Question #83
Which of the following agreements defines response time, escalation points, and performance metrics?
- A . BPA
- B . MOA
- C . NDA
- D . SLA
Correct Answer: D
D
Explanation:
A Service Level Agreement (SLA) defines the expectations between service providers and customers, including response times, escalation procedures, and performance metrics. It ensures accountability and measurable service quality.
BPA (Blanket Purchase Agreement) relates to purchasing terms, MOA (Memorandum of Agreement) outlines responsibilities but is less specific on performance, NDA (Non-Disclosure Agreement) covers confidentiality.
SLAs are key in Security Program Management for managing vendor and internal service expectations 【 6:Chapter 16†CompTIA Security+ Study Guide 】 .
D
Explanation:
A Service Level Agreement (SLA) defines the expectations between service providers and customers, including response times, escalation procedures, and performance metrics. It ensures accountability and measurable service quality.
BPA (Blanket Purchase Agreement) relates to purchasing terms, MOA (Memorandum of Agreement) outlines responsibilities but is less specific on performance, NDA (Non-Disclosure Agreement) covers confidentiality.
SLAs are key in Security Program Management for managing vendor and internal service expectations 【 6:Chapter 16†CompTIA Security+ Study Guide 】 .
Question #84
A security analyst learns that an attack vector, which was used as a part of a recent incident, was a well-known IoT device exploit. The analyst needs to review logs to identify the time of initial exploit.
Which of the following logs should the analyst review first?
- A . Wireless access point
- B . Switch
- C . Firewall
- D . NAC
Correct Answer: A
A
Explanation:
Many IoT devices connect to the network via wireless access points. Reviewing these logs would reveal when the IoT device first connected, as well as any suspicious or anomalous traffic patterns associated with the exploit’s initiation.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 4.1: "Wireless access point logs can help determine initial connectivity and exploitation of IoT devices."
Exam Objectives 4.1: “Summarize the importance of logging and monitoring activities.”
A
Explanation:
Many IoT devices connect to the network via wireless access points. Reviewing these logs would reveal when the IoT device first connected, as well as any suspicious or anomalous traffic patterns associated with the exploit’s initiation.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 4.1: "Wireless access point logs can help determine initial connectivity and exploitation of IoT devices."
Exam Objectives 4.1: “Summarize the importance of logging and monitoring activities.”
Question #85
Which of the following provides the best protection against unwanted or insecure communications to and from a device?
- A . System hardening
- B . Host-based firewall
- C . Intrusion detection system
- D . Anti-malware software
Correct Answer: B
B
Explanation:
A host-based firewall controls incoming and outgoing network traffic on a device by enforcing security rules, effectively blocking unwanted or insecure communications. It is specifically designed to protect the device from unauthorized access and malicious traffic.
System hardening (A) reduces vulnerabilities by disabling unnecessary services and patching but does not control communications dynamically. Intrusion detection systems (C) detect suspicious traffic but typically do not block it (unless paired with prevention). Anti-malware (D) protects against malicious software but not directly network communication filtering.
Host-based firewalls are a fundamental component of endpoint security highlighted in the Security Operations domain of SY0-701 【 6:Chapter 11†CompTIA Security+ Study Guide 】 .
B
Explanation:
A host-based firewall controls incoming and outgoing network traffic on a device by enforcing security rules, effectively blocking unwanted or insecure communications. It is specifically designed to protect the device from unauthorized access and malicious traffic.
System hardening (A) reduces vulnerabilities by disabling unnecessary services and patching but does not control communications dynamically. Intrusion detection systems (C) detect suspicious traffic but typically do not block it (unless paired with prevention). Anti-malware (D) protects against malicious software but not directly network communication filtering.
Host-based firewalls are a fundamental component of endpoint security highlighted in the Security Operations domain of SY0-701 【 6:Chapter 11†CompTIA Security+ Study Guide 】 .
Question #86
Which of the following is an example of a certificate that is generated by an internal source?
- A . Digital signature
- B . Asymmetric key
- C . Self-signed
- D . Symmetric key
Correct Answer: C
C
Explanation:
A self-signed certificate is generated internally without involving an external Certificate Authority (CA). In a self-signed certificate, the certificate issuer and certificate subject are the same entity. Security+ SY0-701 explains that organizations frequently use self-signed certificates for internal systems, lab environments, or testing scenarios where external trust chains are unnecessary.
A digital signature (A) is a cryptographic function, not a certificate. Asymmetric keys (B) are used in public-key cryptography but do not constitute a certificate by themselves. Symmetric keys (D) are encryption tools, not certificates.
Therefore, the example of a certificate generated internally is C: Self-signed.
C
Explanation:
A self-signed certificate is generated internally without involving an external Certificate Authority (CA). In a self-signed certificate, the certificate issuer and certificate subject are the same entity. Security+ SY0-701 explains that organizations frequently use self-signed certificates for internal systems, lab environments, or testing scenarios where external trust chains are unnecessary.
A digital signature (A) is a cryptographic function, not a certificate. Asymmetric keys (B) are used in public-key cryptography but do not constitute a certificate by themselves. Symmetric keys (D) are encryption tools, not certificates.
Therefore, the example of a certificate generated internally is C: Self-signed.
Question #86
Which of the following is an example of a certificate that is generated by an internal source?
- A . Digital signature
- B . Asymmetric key
- C . Self-signed
- D . Symmetric key
Correct Answer: C
C
Explanation:
A self-signed certificate is generated internally without involving an external Certificate Authority (CA). In a self-signed certificate, the certificate issuer and certificate subject are the same entity. Security+ SY0-701 explains that organizations frequently use self-signed certificates for internal systems, lab environments, or testing scenarios where external trust chains are unnecessary.
A digital signature (A) is a cryptographic function, not a certificate. Asymmetric keys (B) are used in public-key cryptography but do not constitute a certificate by themselves. Symmetric keys (D) are encryption tools, not certificates.
Therefore, the example of a certificate generated internally is C: Self-signed.
C
Explanation:
A self-signed certificate is generated internally without involving an external Certificate Authority (CA). In a self-signed certificate, the certificate issuer and certificate subject are the same entity. Security+ SY0-701 explains that organizations frequently use self-signed certificates for internal systems, lab environments, or testing scenarios where external trust chains are unnecessary.
A digital signature (A) is a cryptographic function, not a certificate. Asymmetric keys (B) are used in public-key cryptography but do not constitute a certificate by themselves. Symmetric keys (D) are encryption tools, not certificates.
Therefore, the example of a certificate generated internally is C: Self-signed.
Question #88
A spoofed identity was detected for a digital certificate.
Which of the following are the type of unidentified key and the certificate mat could be in use on the company domain?
- A . Private key and root certificate
- B . Public key and expired certificate
- C . Private key and self-signed certificate
- D . Public key and wildcard certificate
Correct Answer: C
C
Explanation:
A self-signed certificate is a certificate that is signed by its own private key rather than by a trusted certificate authority (CA). This means that the authenticity of the certificate relies solely on the issuer’s own authority. If a spoofed identity was detected, it could indicate that a private key associated with a self-signed certificate was compromised. Self-signed certificates are often used internally within organizations, but they carry higher risks since they are not validated by a third-party CA, making them more susceptible to spoofing.
= CompTIA Security+ SY0-701 study materials, particularly the domains discussing Public Key Infrastructure (PKI) and certificate management.
C
Explanation:
A self-signed certificate is a certificate that is signed by its own private key rather than by a trusted certificate authority (CA). This means that the authenticity of the certificate relies solely on the issuer’s own authority. If a spoofed identity was detected, it could indicate that a private key associated with a self-signed certificate was compromised. Self-signed certificates are often used internally within organizations, but they carry higher risks since they are not validated by a third-party CA, making them more susceptible to spoofing.
= CompTIA Security+ SY0-701 study materials, particularly the domains discussing Public Key Infrastructure (PKI) and certificate management.
Question #89
A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system.
Which of the following would detect this behavior?
- A . Implementing encryption
- B . Monitoring outbound traffic
- C . Using default settings
- D . Closing all open ports
Correct Answer: B
B
Explanation:
Monitoring outbound traffic is essential for detecting unauthorized data exfiltration from a system. A new vulnerability that allows malware to move data unauthorizedly would typically attempt to send this data out of the network. By monitoring outbound traffic, security tools can detect unusual data transfers, trigger alerts, and help prevent the exfiltration of sensitive information.
CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations.
CompTIA Security+ SY0-601 Study Guide: Chapter on Threat Detection and Response.
B
Explanation:
Monitoring outbound traffic is essential for detecting unauthorized data exfiltration from a system. A new vulnerability that allows malware to move data unauthorizedly would typically attempt to send this data out of the network. By monitoring outbound traffic, security tools can detect unusual data transfers, trigger alerts, and help prevent the exfiltration of sensitive information.
CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations.
CompTIA Security+ SY0-601 Study Guide: Chapter on Threat Detection and Response.
Question #90
Which of the following is the best mitigation for a zero-day vulnerability found in mission-critical production servers that must be highly available?
- A . Virtualizing and migrating to a containerized instance
- B . Removing and sandboxing to an isolated network
- C . Monitoring and implementing compensating controls
- D . Patching and redeploying to production as quickly as possible
Correct Answer: C
C
Explanation:
When a zero-day vulnerability is discovered in mission-critical systems that require high availability, immediate patching is often not possible due to lack of available patches or the risk of disrupting critical operations. In such cases, the best practice is to implement compensating controls (such as increased monitoring, access controls, network segmentation, or web application firewalls) to mitigate risk until a patch or permanent solution can be safely applied.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 2.4: "For zero-day vulnerabilities in critical systems, compensating controls and heightened monitoring are often necessary to maintain availability and security until an official patch is available."
Exam Objectives 2.4: “Given a scenario, implement secure system design.”
C
Explanation:
When a zero-day vulnerability is discovered in mission-critical systems that require high availability, immediate patching is often not possible due to lack of available patches or the risk of disrupting critical operations. In such cases, the best practice is to implement compensating controls (such as increased monitoring, access controls, network segmentation, or web application firewalls) to mitigate risk until a patch or permanent solution can be safely applied.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 2.4: "For zero-day vulnerabilities in critical systems, compensating controls and heightened monitoring are often necessary to maintain availability and security until an official patch is available."
Exam Objectives 2.4: “Given a scenario, implement secure system design.”