Practice Free SY0-701 Exam Online Questions
A company’s accounting department receives an urgent payment message from the company’s bank domain with instructions to wire transfer funds. The sender requests that the transfer be completed as soon as possible.
Which of the following attacks is described?
- A . Business email compromise
- B . Vishing
- C . Spear phishing
- D . Impersonation
A
Explanation:
This is a classic example of Business Email Compromise (BEC), where attackers spoof or compromise trusted email accounts to trick employees into performing unauthorized financial transactions. Vishing (B) is voice phishing, spear phishing (C) targets individuals with customized messages, and impersonation (D) is a general term for identity deception but BEC specifically describes financial fraud via email.
BEC is a major threat covered in the Threats domain of SY0-701 【 6:Chapter 2†CompTIA Security+ Study Guide 】
The security operations center is researching an event concerning a suspicious IP address A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced faded log-In attempts when authenticating from the same IP address:
Which of the following most likely describes attack that took place?
- A . Spraying
- B . Brute-force
- C . Dictionary
- D . Rainbow table
A
Explanation:
Password spraying is a type of attack where an attacker tries a small number of commonly used passwords across a large number of accounts. The event logs showing failed login attempts for many user accounts from the same IP address are indicative of a password spraying attack, where the attacker is attempting to gain access by guessing common passwords.
Reference = CompTIA Security+ SY0-701 study materials, particularly in the domain of identity and access management and common attack vectors like password spraying.
An organization failed to account for the right-to-be-forgotten regulations.
Which of the following impacts might this action have on the company?
- A . Fines
- B . Data breaches
- C . Revenue loss
- D . Blackmail
A
Explanation:
Failure to comply with right-to-be-forgotten (data privacy) regulations can lead to significant fines imposed by regulatory authorities like GDPR enforcers. Such laws require companies to delete personal data upon user request.
Data breaches (B) are security incidents; revenue loss (C) and blackmail (D) may occur indirectly but fines are the direct legal consequence.
Regulatory compliance and consequences are critical topics in Security Program Management 【 6:Chapter 16†CompTIA Security+ Study Guide 】
Several customers want an organization to verify its security controls are operating effectively and have requested an independent opinion.
Which of the following is the most efficient way to address these requests?
- A . Hire a vendor to perform a penetration test.
- B . Perform an annual self-assessment.
- C . Allow each client the right to audit.
- D . Provide a third-party attestation report.
A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption.
Which of the following best describes this step?
- A . Capacity planning
- B . Redundancy
- C . Geographic dispersion
- D . Tablet exercise
A
Explanation:
Capacity planning is the process of determining the resources needed to meet the current and future demands of an organization. Capacity planning can help a company develop a business continuity strategy by estimating how many staff members would be required to sustain the business in the case of a disruption, such as a natural disaster, a cyberattack, or a pandemic. Capacity planning can also help a company optimize the use of its resources, reduce costs, and improve performance.
Reference = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 4, page 184. CompTIA Security+ (SY0-701) Certification Exam Objectives, Domain 4.1, page 14. Business Continuity C SY0-601 CompTIA Security+: 4.1
A security analyst is examining a penetration test report and notices that the tester pivoted to critical internal systems with the same local user ID and password.
Which of the following would help prevent this in the future?
- A . Implement centralized authentication with proper password policies
- B . Add password complexity rules and increase password history limits
- C . Connect the systems to an external authentication server
- D . Limit the ability of user accounts to change passwords
A
Explanation:
Centralized authentication (such as Active Directory or LDAP) combined with proper password policies helps prevent the reuse of the same local credentials across multiple systems, reducing the risk of lateral movement during attacks like credential reuse or pass-the-hash.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 3.1: "Centralized authentication and strong password policies reduce risks associated with local account reuse." Exam Objectives 3.1: “Implement secure network architecture concepts.”
A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message.
Which of the following should the analyst do?
- A . Place posters around the office to raise awareness of common phishing activities.
- B . Implement email security filters to prevent phishing emails from being delivered
- C . Update the EDR policies to block automatic execution of downloaded programs.
- D . Create additional training for users to recognize the signs of phishing attempts.
C
Explanation:
An endpoint detection and response (EDR) system is a security tool that monitors and analyzes the activities and behaviors of endpoints, such as computers, laptops, mobile devices, and servers. An EDR system can detect, prevent, and respond to various types of threats, such as malware, ransomware, phishing, and advanced persistent threats (APTs). One of the features of an EDR system is to block the automatic execution of downloaded programs, which can prevent malicious code from running on the endpoint when a user clicks on a link in a phishing message. This can reduce the impact of a phishing attack and protect the endpoint from compromise. Updating the EDR policies to block automatic execution of downloaded programs is a technical control that can mitigate the risk of phishing, regardless of the user’s awareness or behavior. Therefore, this is the best answer among the given options.
The other options are not as effective as updating the EDR policies, because they rely on administrative or physical controls that may not be sufficient to prevent or stop a phishing attack. Placing posters around the office to raise awareness of common phishing activities is a physical control that can increase the user’s knowledge of phishing, but it may not change their behavior or prevent them from clicking on a link in a phishing message. Implementing email security filters to prevent phishing emails from being delivered is an administrative control that can reduce the exposure to phishing, but it may not be able to block all phishing emails, especially if they are crafted to bypass the filters. Creating additional training for users to recognize the signs of phishing attempts is an administrative control that can improve the user’s skills of phishing detection, but it may not guarantee that they will always be vigilant or cautious when receiving an email. Therefore, these options are not the best answer for this question.
Reference = Endpoint Detection and Response C CompTIA Security+ SY0-701 C 2.2, video at 5:30; CompTIA Security+ SY0-701 Certification Study Guide, page 163.
A technician needs to apply a high-priority patch to a production system.
Which of the following steps should be taken first?
- A . Air gap the system.
- B . Move the system to a different network segment.
- C . Create a change control request.
- D . Apply the patch to the system.
C
Explanation:
= A change control request is a document that describes the proposed change to a system, the reason for the change, the expected impact, the approval process, the testing plan, the implementation plan, the rollback plan, and the communication plan. A change control request is a best practice for applying any patch to a production system, especially a high-priority one, as it ensures that the change is authorized, documented, tested, and communicated. A change control request also minimizes the risk of unintended consequences, such as system downtime, data loss, or security breaches.
Reference = CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 6, page 235. CompTIA Security+ SY0-701 Exam
Objectives, Domain 4.1, page 13.
Which of the following techniques would attract the attention of a malicious attacker in an insider threat scenario?
- A . Creating a false text file in /docs/salaries
- B . Setting weak passwords in /etc/shadow
- C . Scheduling vulnerable jobs in /etc/crontab
- D . Adding a fake account to /etc/passwd
A
Explanation:
Placing a false (decoy) text file in a sensitive location (such as /docs/salaries) is an example of a honeytoken or deception technique. This technique is used to attract insider attackers and monitor their actions when they attempt to access the file.
Reference: CompTIA Security+ SY0-701 Official Study Guide, Domain 1.1: "Honeytokens are decoy files or records placed in locations of interest to attract and detect insider threats."
Exam Objectives 1.1: “Explain the importance of security concepts in an enterprise environment.”
An organization has too many variations of a single operating system and needs to standardize the arrangement prior to pushing the system image to users.
Which of the following should the organization implement first?
- A . Standard naming convention
- B . Mashing
- C . Network diagrams
- D . Baseline configuration
D
Explanation:
Baseline configuration is the process of standardizing the configuration settings for a system or network. In this scenario, the organization needs to standardize the operating system configurations before deploying them across the network. Establishing a baseline configuration ensures that all systems adhere to the organization’s security policies and operational requirements.
Reference = CompTIA Security+ SY0-701 study materials, particularly in the domain of system hardening and configuration management.