Practice Free SY0-701 Exam Online Questions
Question #81
A company is implementing a policy to allow employees to use their personal equipment for work.
However, the company wants to ensure that only company-approved applications can be installed.
Which of the following addresses this concern?
- A . MDM
- B . Containerization
- C . DLP
- D . FIM
Correct Answer: A
A
Explanation:
Comprehensive and Detailed In-Depth
Mobile Device Management (MDM) is a security solution that allows organizations to enforce policies on employee-owned or company-issued mobile devices. It can restrict the installation of unauthorized applications, ensuring that only company-approved apps are used.
Containerization isolates work applications from personal applications but does not enforce app restrictions.
Data Loss Prevention (DLP)focuses on preventing sensitive data leaks rather than managing app installations.
File Integrity Monitoring (FIM)tracks changes to files and system configurations but does not control app installations.
Therefore, MDM is the best solution for restricting unauthorized applications on personal devices.
A
Explanation:
Comprehensive and Detailed In-Depth
Mobile Device Management (MDM) is a security solution that allows organizations to enforce policies on employee-owned or company-issued mobile devices. It can restrict the installation of unauthorized applications, ensuring that only company-approved apps are used.
Containerization isolates work applications from personal applications but does not enforce app restrictions.
Data Loss Prevention (DLP)focuses on preventing sensitive data leaks rather than managing app installations.
File Integrity Monitoring (FIM)tracks changes to files and system configurations but does not control app installations.
Therefore, MDM is the best solution for restricting unauthorized applications on personal devices.
Question #82
A security technician determines that no additional patches can be applied to an application and the risks of operating as such must be accepted. Additionally, only a limited number of network services should utilize the application.
Which of the following best describes this type of mitigation?
- A . Patching
- B . Segmentation
- C . Isolation
- D . Monitoring
Correct Answer: C
C
Explanation:
The best answer is C. Isolation.
The question describes an application that can no longer be patched, meaning the organization must continue operating it while accepting some risk. To reduce exposure, the application should only be used by a limited number of network services. This points to isolation, which means restricting the application’s interaction with the rest of the environment to contain risk.
Isolation is commonly used for:
legacy systems
unsupported applications
unpatchable systems
high-risk services that must remain operational
By isolating the application, the organization limits the paths through which it can be attacked and reduces the chance that a compromise will spread to other systems.
Why the other options are incorrect:
C
Explanation:
The best answer is C. Isolation.
The question describes an application that can no longer be patched, meaning the organization must continue operating it while accepting some risk. To reduce exposure, the application should only be used by a limited number of network services. This points to isolation, which means restricting the application’s interaction with the rest of the environment to contain risk.
Isolation is commonly used for:
legacy systems
unsupported applications
unpatchable systems
high-risk services that must remain operational
By isolating the application, the organization limits the paths through which it can be attacked and reduces the chance that a compromise will spread to other systems.
Why the other options are incorrect:
Question #83
A store is setting up wireless access for their employees. Management wants to limit the number of access points while ensuring all areas of the store are covered.
Which of the following tools will help management determine the number of access points needed?
- A . Signal locator
- B . WPA3
- C . Heat map
- D . Site survey
Correct Answer: D
D
Explanation:
A site survey is the formal assessment used to determine the optimal number and placement of wireless access points (APs). According to Security+ SY0-701, wireless site surveys evaluate factors such as building layout, RF interference, wall material density, antenna propagation, and signal overlap. The goal is to ensure full wireless coverage while minimizing the number of APs needed, maximizing performance, and reducing dead zones.
During a site survey, technicians analyze:
Signal strength patterns
Interference sources (microwaves, metal shelving, wiring, etc.)
Required coverage zones
Capacity needs (number of users, devices)
Although heat maps (C) visually represent wireless signal distribution, they are a result of a site survey, not the process itself. WPA3 (B) is a security protocol unrelated to determining coverage. A signal locator (A) is not an enterprise-grade planning tool.
Therefore, the correct answer is D: Site survey.
D
Explanation:
A site survey is the formal assessment used to determine the optimal number and placement of wireless access points (APs). According to Security+ SY0-701, wireless site surveys evaluate factors such as building layout, RF interference, wall material density, antenna propagation, and signal overlap. The goal is to ensure full wireless coverage while minimizing the number of APs needed, maximizing performance, and reducing dead zones.
During a site survey, technicians analyze:
Signal strength patterns
Interference sources (microwaves, metal shelving, wiring, etc.)
Required coverage zones
Capacity needs (number of users, devices)
Although heat maps (C) visually represent wireless signal distribution, they are a result of a site survey, not the process itself. WPA3 (B) is a security protocol unrelated to determining coverage. A signal locator (A) is not an enterprise-grade planning tool.
Therefore, the correct answer is D: Site survey.
Question #84
Which of the following risk analysis attributes measures the chance that a vulnerability will be exploited?
- A . Exposure factor
- B . Impact
- C . Severity
- D . Likelihood
Correct Answer: D
D
Explanation:
The best answer is D. Likelihood.
In risk analysis, likelihood refers to the probability or chance that a threat will exploit a vulnerability.
This is a core concept in risk management because risk is commonly evaluated by considering both:
the likelihood of an event occurring, and
the impact if that event occurs.
Why the other options are incorrect:
D
Explanation:
The best answer is D. Likelihood.
In risk analysis, likelihood refers to the probability or chance that a threat will exploit a vulnerability.
This is a core concept in risk management because risk is commonly evaluated by considering both:
the likelihood of an event occurring, and
the impact if that event occurs.
Why the other options are incorrect:
Question #85
Which of the following describes the procedures a penetration tester must follow while conducting a test?
- A . Rules of engagement
- B . Rules of acceptance
- C . Rules of understanding
- D . Rules of execution
Correct Answer: A
A
Explanation:
Detailed Rules of engagement specify the agreed-upon boundaries, scope, and procedures for a penetration test to ensure compliance and avoid disruption to the environment.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 4: Security Operations, Section: "Penetration Testing Procedures".
A
Explanation:
Detailed Rules of engagement specify the agreed-upon boundaries, scope, and procedures for a penetration test to ensure compliance and avoid disruption to the environment.
Reference: CompTIA Security+ SY0-701 Study Guide, Domain 4: Security Operations, Section: "Penetration Testing Procedures".
Question #86
A financial institution would like to store its customer data m the cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution Is not concerned about computational overheads and slow speeds.
Which of the following cryptographic techniques would best meet the requirement?
- A . Asymmetric
- B . Symmetric
- C . Homomorphic
- D . Ephemeral
Correct Answer: C
C
Explanation:
Homomorphic encryption allows data to be encrypted and manipulated without needing to decrypt it first. This cryptographic technique would allow the financial institution to store customer data securely in the cloud while still permitting operations like searching and calculations to be performed on the encrypted data. This ensures that the cloud service provider cannot decipher the sensitive data, meeting the institution’s security requirements.
Reference =
CompTIA Security+ SY0-701 Course Content: Domain 03 Security Architecture.
CompTIA Security+ SY0-601 Study Guide: Chapter on Cryptographic Techniques.
C
Explanation:
Homomorphic encryption allows data to be encrypted and manipulated without needing to decrypt it first. This cryptographic technique would allow the financial institution to store customer data securely in the cloud while still permitting operations like searching and calculations to be performed on the encrypted data. This ensures that the cloud service provider cannot decipher the sensitive data, meeting the institution’s security requirements.
Reference =
CompTIA Security+ SY0-701 Course Content: Domain 03 Security Architecture.
CompTIA Security+ SY0-601 Study Guide: Chapter on Cryptographic Techniques.
Question #87
Which of the following is the first step to take when creating an anomaly detection process?
- A . Selecting events
- B . Building a baseline
- C . Selecting logging options
- D . Creating an event log
Correct Answer: B
B
Explanation:
The first step in creating an anomaly detection process is building a baseline of normal behavior within the system. This baseline serves as a reference point to identify deviations or anomalies that could indicate a security incident. By understanding what normal activity looks like, security teams can more effectively detect and respond to suspicious behavior.
Reference =
CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations.
CompTIA Security+ SY0-601 Study Guide: Chapter on Monitoring and Baselines.
B
Explanation:
The first step in creating an anomaly detection process is building a baseline of normal behavior within the system. This baseline serves as a reference point to identify deviations or anomalies that could indicate a security incident. By understanding what normal activity looks like, security teams can more effectively detect and respond to suspicious behavior.
Reference =
CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations.
CompTIA Security+ SY0-601 Study Guide: Chapter on Monitoring and Baselines.
Question #88
Which of the following should a systems administrator use to decrease the company’s hardware attack surface?
- A . Replication
- B . Isolation
- C . Centralization
- D . Virtualization
Correct Answer: D
D
Explanation:
Virtualization (D)allows multiple systems and services to be hosted on fewer physical machines, thereby reducing the total number of physical devices and consequently the hardware attack surface. This also allows for better patching, monitoring, and control.
The fewer devices you manage physically, the fewer entry points there are for attackers to exploit
hardware-level vulnerabilities.
Reference: CompTIA Security+ SY0-701 Objectives, Domain 3.4 C “Reducing attack surface: Use of virtualization to consolidate systems.”
D
Explanation:
Virtualization (D)allows multiple systems and services to be hosted on fewer physical machines, thereby reducing the total number of physical devices and consequently the hardware attack surface. This also allows for better patching, monitoring, and control.
The fewer devices you manage physically, the fewer entry points there are for attackers to exploit
hardware-level vulnerabilities.
Reference: CompTIA Security+ SY0-701 Objectives, Domain 3.4 C “Reducing attack surface: Use of virtualization to consolidate systems.”
Question #89
During a recent log review, an analyst discovers evidence of successful injection attacks.
Which of the following will best address this issue?
- A . Authentication
- B . Secure cookies
- C . Static code analysis
- D . Input validation
Correct Answer: D
D
Explanation:
Input validation (D)is the most effective way to prevent injection attacks, such as SQL injection, XSS, etc. It ensures that only correctly formatted and expected inputs are processed by the application.
This is clearly identified under Domain 2.3: Application security techniques, where input validation is listed as a primary defense against injection attacks.
Reference: CompTIA Security+ SY0-701 Objectives, Domain 2.3 C “Input validation: Prevents injection and malformed data attacks.”
D
Explanation:
Input validation (D)is the most effective way to prevent injection attacks, such as SQL injection, XSS, etc. It ensures that only correctly formatted and expected inputs are processed by the application.
This is clearly identified under Domain 2.3: Application security techniques, where input validation is listed as a primary defense against injection attacks.
Reference: CompTIA Security+ SY0-701 Objectives, Domain 2.3 C “Input validation: Prevents injection and malformed data attacks.”
Question #90
Which of the following is the most likely to be included as an element of communication in a security awareness program?
- A . Reporting phishing attempts or other suspicious activities
- B . Detecting insider threats using anomalous behavior recognition
- C . Verifying information when modifying wire transfer data
- D . Performing social engineering as part of third-party penetration testing
Correct Answer: A
A
Explanation:
A security awareness program is a set of activities and initiatives that aim to educate and inform the users and employees of an organization about the security policies, procedures, and best practices. A security awareness program can help to reduce the human factor in security risks, such as social engineering, phishing, malware, data breaches, and insider threats. A security awareness program should include various elements of communication, such as newsletters, posters, videos, webinars, quizzes, games, simulations, and feedback mechanisms, to deliver the security messages and reinforce the security culture. One of the most likely elements of communication to be included in a security awareness program is reporting phishing attempts or other suspicious activities, as this can help to raise the awareness of the users and employees about the common types of cyberattacks and how to respond to them. Reporting phishing attempts or other suspicious activities can also help to alert the security team and enable them to take appropriate actions to prevent or mitigate the impact of the attacks. Therefore, this is the best answer among the given options.
The other options are not as likely to be included as elements of communication in a security awareness program, because they are either technical or operational tasks that are not directly related to the security awareness of the users and employees. Detecting insider threats using anomalous behavior recognition is a technical task that involves using security tools or systems to monitor and analyze the activities and behaviors of the users and employees and identify any deviations or anomalies that may indicate malicious or unauthorized actions. This task is usually performed by the security team or the security operations center, and it does not require the communication or participation of the users and employees. Verifying information when modifying wire transfer data is an operational task that involves using verification methods, such as phone calls, emails, or digital signatures, to confirm the authenticity and accuracy of the information related to wire transfers, such as the account number, the amount, or the recipient. This task is usually performed by the financial or accounting department, and it does not involve the security awareness of the users and employees. Performing social engineering as part of third-party penetration testing is a technical task that involves using deception or manipulation techniques, such as phishing, vishing, or impersonation, to test the security posture and the vulnerability of the users and employees to social engineering attacks. This task is usually performed by external security professionals or consultants, and it does not require the communication or consent of the users and employees. Therefore, these options are not the best answer for this question.
Reference = Security Awareness and Training C CompTIA Security+ SY0-701: 5.2, video at 0:00; CompTIA Security+ SY0-701 Certification Study Guide, page 263.
A
Explanation:
A security awareness program is a set of activities and initiatives that aim to educate and inform the users and employees of an organization about the security policies, procedures, and best practices. A security awareness program can help to reduce the human factor in security risks, such as social engineering, phishing, malware, data breaches, and insider threats. A security awareness program should include various elements of communication, such as newsletters, posters, videos, webinars, quizzes, games, simulations, and feedback mechanisms, to deliver the security messages and reinforce the security culture. One of the most likely elements of communication to be included in a security awareness program is reporting phishing attempts or other suspicious activities, as this can help to raise the awareness of the users and employees about the common types of cyberattacks and how to respond to them. Reporting phishing attempts or other suspicious activities can also help to alert the security team and enable them to take appropriate actions to prevent or mitigate the impact of the attacks. Therefore, this is the best answer among the given options.
The other options are not as likely to be included as elements of communication in a security awareness program, because they are either technical or operational tasks that are not directly related to the security awareness of the users and employees. Detecting insider threats using anomalous behavior recognition is a technical task that involves using security tools or systems to monitor and analyze the activities and behaviors of the users and employees and identify any deviations or anomalies that may indicate malicious or unauthorized actions. This task is usually performed by the security team or the security operations center, and it does not require the communication or participation of the users and employees. Verifying information when modifying wire transfer data is an operational task that involves using verification methods, such as phone calls, emails, or digital signatures, to confirm the authenticity and accuracy of the information related to wire transfers, such as the account number, the amount, or the recipient. This task is usually performed by the financial or accounting department, and it does not involve the security awareness of the users and employees. Performing social engineering as part of third-party penetration testing is a technical task that involves using deception or manipulation techniques, such as phishing, vishing, or impersonation, to test the security posture and the vulnerability of the users and employees to social engineering attacks. This task is usually performed by external security professionals or consultants, and it does not require the communication or consent of the users and employees. Therefore, these options are not the best answer for this question.
Reference = Security Awareness and Training C CompTIA Security+ SY0-701: 5.2, video at 0:00; CompTIA Security+ SY0-701 Certification Study Guide, page 263.