CompTIA CompTIA Certifications SY0-701 Questions & Answers

• Question 101:

  While considering the organization's cloud-adoption strategy, the Chief Information Security Officer sets a goal to outsource patching of firmware, operating systems, and applications to the chosen cloud vendor. Which of the following best meets this goal?

  A. Community cloud

  B. PaaS

  C. Containerization

  D. Private cloud

  E. SaaS

  F. laaS

  Correct Answer: E

  Software as a Service (SaaS) is the cloud model that best meets the goal of outsourcing the management, including patching, of firmware, operating systems, and applications to the cloud vendor. In a SaaS environment, the cloud provider is responsible for maintaining and updating the entire software stack, allowing the organization to focus on using the software rather than managing its infrastructure. References: CompTIA Security+ SY0-701 study materials, particularly the domains related to cloud security models.

• Question 102:

  A new employee logs in to the email system for the first time and notices a message from human resources about onboarding. The employee hovers over a few of the links within the email and discovers that the links do not correspond to links associated with the company. Which of the following attack vectors is most likely being used?

  A. Business email

  B. Social engineering

  C. Unsecured network

  D. Default credentials

  Correct Answer: B

  The employee notices that the links in the email do not correspond to the company's official URLs, indicating that this is likely a social engineering attack. Social engineering involves manipulating individuals into divulging confidential information or performing actions that may compromise security. Phishing emails, like the one described, often contain fraudulent links to trick the recipient into providing sensitive information or downloading malware. Business email refers to business email compromise (BEC), which typically involves impersonating a high-level executive to defraud the company. Unsecured network is unrelated to the email content. Default credentials do not apply here, as the issue is with suspicious links, not login credentials.

• Question 103:

  A cybersecurity incident response team at a large company receives notification that malware is present on several corporate desktops. No known Indicators of compromise have been found on the network. Which of the following should the team do first to secure the environment?

  A. Contain the Impacted hosts

  B. Add the malware to the application blocklist.

  C. Segment the core database server.

  D. Implement firewall rules to block outbound beaconing

  Correct Answer: A

  The first step in responding to a cybersecurity incident, particularly when malware is detected, is to contain the impacted hosts. This action prevents the spread of malware to other parts of the network, limiting the potential damage while further investigation and remediation actions are planned. References: CompTIA Security+ SY0-701 study materials, particularly on incident response procedures and the importance of containment in managing security incidents.

• Question 104:

  Which of the following security concepts is accomplished with the installation of a RADIUS server?

  A. CIA

  B. AAA

  C. ACL

  D. PEM

  Correct Answer: B

  The installation of a RADIUS server (Remote Authentication Dial-In User Service) is primarily associated with the security concept of AAA, which stands for Authentication, Authorization, and Accounting. RADIUS servers are used to manage

  user credentials and permissions centrally, ensuring that only authenticated and authorized users can access network resources, and tracking user activity for accounting purposes. Authentication: Verifies the identity of a user or device.

  When a user tries to access a network, the RADIUS server checks their credentials (username and password) against a database.

  Authorization: Determines what an authenticated user is allowed to do. After authentication, the RADIUS server grants permissions based on predefined policies. Accounting: Tracks the consumption of network resources by users. This

  involves logging session details such as the duration of connections and the amount of data transferred.

  Reference: CompTIA Security+ SY0-701 Exam Objectives, Domain 4.6 - Implement and maintain identity and access management.

• Question 105:

  Which of the following control types is AUP an example of?

  A. Physical

  B. Managerial

  C. Technical

  D. Operational

  Correct Answer: B

  An Acceptable Use Policy (AUP) is an example of a managerial control. Managerial controls are policies and procedures that govern an organization's operations, ensuring security through directives and rules. The AUP defines acceptable behavior and usage of company resources, setting guidelines for employees. Physical controls refer to security measures like locks, fences, or security guards. Technical controls involve security mechanisms such as firewalls or encryption. Operational controls are procedures for maintaining security, such as backup and recovery plans.

• Question 106:

  A company recently decided to allow employees to work remotely. The company wants to protect us data without using a VPN. Which of the following technologies should the company Implement?

  A. Secure web gateway

  B. Virtual private cloud end point

  C. Deep packet Inspection

  D. Next-gene ration firewall

  Correct Answer: A

  A Secure Web Gateway (SWG) protects users by filtering unwanted software/malware from user-initiated web traffic and enforcing corporate and regulatory policy compliance. This technology allows the company to secure remote users' data

  and web traffic without relying on a VPN, making it ideal for organizations supporting remote work.

  References: CompTIA Security+ SY0-701 study materials, particularly in the domain of network security and remote access technologies.

• Question 107:

  Which of the following alert types is the most likely to be ignored over time?

  A. True positive

  B. True negative

  C. False positive

  D. False negative

  Correct Answer: C

  A false positive is an alert that incorrectly identifies benign activity as malicious. Over time, if an alerting system generates too many false positives, security teams are likely to ignore these alerts, resulting in "alert fatigue." This increases the

  risk of missing genuine threats.

  True positives and true negatives are accurate and should be acted upon. False negatives are more dangerous because they fail to identify real threats, but they are not "ignored" since they do not trigger alerts.

• Question 108:

  Which of the following best describes the practice of researching laws and regulations related to information security operations within a specific industry?

  A. Compliance reporting

  B. GDPR

  C. Due diligence

  D. Attestation

  Correct Answer: C

  Due diligence refers to the process of researching and understanding the laws, regulations, and best practices that govern information security within a specific industry. Organizations are required to conduct due diligence to ensure

  compliance with legal and regulatory requirements, which helps mitigate risks and avoid penalties. Compliance reporting involves generating reports to demonstrate adherence to legal or regulatory standards.

  GDPR is a specific regulation governing data privacy in the EU, not a general practice of researching laws.

  Attestation is a formal declaration that an organization is compliant with a set of standards but is not the act of researching the laws.

• Question 109:

  A security administrator is configuring fileshares. The administrator removed the default permissions and added permissions for only users who will need to access the fileshares as part of their job duties. Which of the following best describes why the administrator performed these actions?

  A. Encryption standard compliance

  B. Data replication requirements

  C. Least privilege

  D. Access control monitoring

  Correct Answer: C

  The security administrator's actions of removing default permissions and adding permissions only for users who need access as part of their job duties best describe the principle of least privilege. This principle ensures that users are granted the minimum necessary access to perform their job functions, reducing the risk of unauthorized access or data breaches. Least privilege: Limits access rights for users to the bare minimum necessary for their job duties, enhancing security by reducing potential attack surfaces. Encryption standard compliance: Involves meeting encryption requirements, but it does not explain the removal and assignment of specific permissions. Data replication requirements: Focus on duplicating data across different systems for redundancy and availability, not related to user permissions. Access control monitoring: Involves tracking and reviewing access to resources, but the scenario is about setting permissions, not monitoring them. Reference: CompTIA Security+ SY0-701 Exam Objectives, Domain 4.5 - Modify enterprise capabilities to enhance security (Least privilege).

• Question 110:

  Which of the following methods would most likely be used to identify legacy systems?

  A. Bug bounty program

  B. Vulnerability scan

  C. Package monitoring

  D. Dynamic analysis

  Correct Answer: B

  A vulnerability scan is the most likely method to identify legacy systems. These scans assess an organization's network and systems for known vulnerabilities, including outdated or unsupported software (i.e., legacy systems) that may pose a security risk. The scan results can highlight systems that are no longer receiving updates, helping IT teams address these risks. Bug bounty programs are used to incentivize external researchers to find security flaws, but they are less effective at identifying legacy systems. Package monitoring tracks installed software packages for updates or issues but is not as comprehensive for identifying legacy systems. Dynamic analysis is typically used for testing applications during runtime to find vulnerabilities, but not for identifying legacy systems.