CompTIA CompTIA Certifications SY0-701 Questions & Answers

• Question 111:

  A company implemented an MDM policy 10 mitigate risks after repealed instances of employees losing company-provided mobile phones. In several cases. The lost phones were used maliciously to perform social engineering attacks against other employees. Which of the following MDM features should be configured to best address this issue? (Select two).

  A. Screen locks

  B. Remote wipe

  C. Full device encryption

  D. Push notifications

  E. Application management

  F. Geolocation

  Correct Answer: AB

  Integrating each SaaS solution with an Identity Provider (IdP) is the most effective way to address the security issue. This approach allows for Single Sign-On (SSO) capabilities, where users can access multiple SaaS applications with a

  single set of credentials while maintaining strong password policies across all services. It simplifies the user experience and ensures consistent security enforcement across different SaaS platforms.

  References:

  CompTIA Security+ SY0-701 Course Content: Domain 05 Security Program Management and Oversight.

  CompTIA Security+ SY0-601 Study Guide: Chapter on Identity and Access Management.

• Question 112:

  During a recent breach, employee credentials were compromised when a service desk employee issued an MFA bypass code to an attacker who called and posed as an employee. Which of the following should be used to prevent this type of incident in the future?

  A. Hardware token MFA

  B. Biometrics

  C. Identity proofing

  D. Least privilege

  Correct Answer: C

  To prevent the issuance of an MFA bypass code to an attacker posing as an employee, implementing identity proofing would be most effective. Identity proofing involves verifying the identity of individuals before granting access or providing

  sensitive information.

  Identity proofing: Ensures that the person requesting the MFA bypass is who they claim to be, thereby preventing social engineering attacks where attackers pose as legitimate employees.

  Hardware token MFA: Provides an additional factor for authentication but does not address verifying the requester's identity.

  Biometrics: Offers strong authentication based on physical characteristics but is not related to the process of issuing MFA bypass codes. Least privilege: Limits access rights for users to the bare minimum necessary to perform their work but

  does not prevent social engineering attacks targeting the service desk.

  Reference: CompTIA Security+ SY0-701 Exam Objectives, Domain 4.6 - Implement and maintain identity and access management (Identity proofing).

• Question 113:

  Which of the following penetration testing teams is focused only on trying to compromise an organization using an attacker's tactics?

  A. White

  B. Red

  C. Purple

  D. Blue

  Correct Answer: B

  Red teams are focused only on trying to compromise an organization using an attacker's tactics. They simulate real-world attacks to test the effectiveness of the organization's security defenses and identify vulnerabilities. Red team: Acts as

  adversaries to simulate attacks and find security weaknesses. White team: Oversees and ensures the rules of engagement are followed during the penetration test.

  Purple team: Facilitates collaboration between the red team and the blue team to improve security.

  Blue team: Defends against attacks and responds to security incidents.

  Reference: CompTIA Security+ SY0-701 Exam Objectives, Domain 5.5 - Types and purposes of audits and assessments (Penetration testing: Red team).

• Question 114:

  Which of the following is a reason why a forensic specialist would create a plan to preserve data after an modem and prioritize the sequence for performing forensic analysis?

  A. Order of volatility

  B. Preservation of event logs

  C. Chain of custody

  D. Compliance with legal hold

  Correct Answer: A

  When conducting a forensic analysis after an incident, it's essential to prioritize the data collection process based on the "order of volatility." This principle dictates that more volatile data (e.g., data in memory, network connections) should be

  captured before less volatile data (e.g., disk drives, logs). The idea is to preserve the most transient and potentially valuable evidence first, as it is more likely to be lost or altered quickly.

  References:

  CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations. CompTIA Security+ SY0-601 Study Guide: Chapter on Digital Forensics.

• Question 115:

  An organization is required to maintain financial data records for three years and customer data for five years. Which of the following data management policies should the organization implement?

  A. Retention

  B. Destruction

  C. Inventory

  D. Certification

  Correct Answer: A

  The organization should implement a retention policy to ensure that financial data records are kept for three years and customer data for five years. A retention policy specifies how long different types of data should be maintained and when

  they should be deleted.

  Retention: Ensures that data is kept for a specific period to comply with legal, regulatory, or business requirements.

  Destruction: Involves securely deleting data that is no longer needed, which is part of the retention lifecycle but not the primary focus here. Inventory: Involves keeping track of data assets, not specifically about how long to retain data.

  Certification: Ensures that processes and systems meet certain standards, not directly related to data retention periods.

  Reference: CompTIA Security+ SY0-701 Exam Objectives, Domain 5.2 - Risk management process (Data retention).

• Question 116:

  A company is decommissioning its physical servers and replacing them with an architecture that will reduce the number of individual operating systems. Which of the following strategies should the company use to achieve this security requirement?

  A. Microservices

  B. Containerization

  C. Virtualization

  D. Infrastructure as code

  Correct Answer: C

  To reduce the number of individual operating systems while decommissioning physical servers, the company should use containerization. Containerization allows multiple applications to run in isolated environments on a single operating

  system, significantly reducing the overhead compared to running multiple virtual machines, each with its own OS.

  Containerization: Uses containers to run multiple isolated applications on a single OS kernel, reducing the need for multiple OS instances and improving resource utilization. Microservices: An architectural style that structures an application as

  a collection of loosely coupled services, which does not necessarily reduce the number of operating systems. Virtualization: Allows multiple virtual machines to run on a single physical server, but each VM requires its own OS, not reducing the

  number of OS instances. Infrastructure as code: Manages and provisions computing infrastructure through machine-readable configuration files, but it does not directly impact the number of operating systems. Reference: CompTIA Security+

  SY0-701 Exam Objectives, Domain 3.1 - Compare and contrast security implications of different architecture models (Containerization).

• Question 117:

  Which of the following is classified as high availability in a cloud environment?

  A. Access broker

  B. Cloud HSM

  C. WAF

  D. Load balancer

  Correct Answer: D

  In a cloud environment, high availability is typically ensured through the use of a load balancer. A load balancer distributes network or application traffic across multiple servers, ensuring that no single server becomes overwhelmed and that services remain available even if one or more servers fail. This setup enhances the reliability and availability of applications. Load balancer: Ensures high availability by distributing traffic across multiple servers or instances, preventing overload and ensuring continuous availability. Access broker: Typically refers to a service that facilitates secure access to resources, not directly related to high availability. Cloud HSM (Hardware Security Module): Provides secure key management in the cloud but does not specifically ensure high availability. WAF (Web Application Firewall): Protects web applications by filtering and monitoring HTTP traffic but is not primarily focused on ensuring high availability. Reference: CompTIA Security+ SY0-701 Exam Objectives, Domain 4.4 - Security operations (Load balancing for high availability).

• Question 118:

  After conducting a vulnerability scan, a systems administrator notices that one of the identified vulnerabilities is not present on the systems that were scanned. Which of the following describes this example?

  A. False positive

  B. False negative

  C. True positive

  D. True negative

  Correct Answer: A

  A false positive occurs when a vulnerability scan identifies a vulnerability that is not actually present on the systems that were scanned. This means that the scan has incorrectly flagged a system as vulnerable.

  False positive: Incorrectly identifies a vulnerability that does not exist on the scanned systems.

  False negative: Fails to identify an existing vulnerability on the system. True positive: Correctly identifies an existing vulnerability. True negative: Correctly identifies that there is no vulnerability. Reference: CompTIA Security+ SY0-701 Exam

  Objectives, Domain 4.3 - Explain various activities associated with vulnerability management (False positives and false negatives).

• Question 119:

  Which of the following should a systems administrator set up to increase the resilience of an application by splitting the traffic between two identical sites?

  A. Load balancing

  B. Geographic disruption

  C. Failover

  D. Parallel processing

  Correct Answer: A

  To increase the resilience of an application by splitting the traffic between two identical sites, a systems administrator should set up load balancing. Load balancing distributes network or application traffic across multiple servers or sites,

  ensuring no single server becomes overwhelmed and enhancing the availability and reliability of applications. Load balancing: Distributes traffic across multiple servers to ensure high availability and reliability. It helps in managing the load

  efficiently and can prevent server overloads.

  Geographic disruption: Not a standard term related to resilience. This might imply the use of geographically distributed sites but isn't the precise solution described. Failover: Refers to switching to a standby server or system when the primary

  one fails. It doesn't inherently split traffic but rather takes over when a failure occurs. Parallel processing: Refers to the simultaneous processing of tasks, not specifically related to load balancing web traffic. Reference: CompTIA Security+

  SY0-701 Exam Objectives, Domain 4.4 - Security operations (Enhancing security capabilities: load balancing).

• Question 120:

  A spoofed identity was detected for a digital certificate. Which of the following are the type of unidentified key and the certificate mat could be in use on the company domain?

  A. Private key and root certificate

  B. Public key and expired certificate

  C. Private key and self-signed certificate

  D. Public key and wildcard certificate

  Correct Answer: C

  A self-signed certificate is a certificate that is signed by its own private key rather than by a trusted certificate authority (CA). This means that the authenticity of the certificate relies solely on the issuer's own authority. If a spoofed identity was

  detected, it could indicate that a private key associated with a self-signed certificate was compromised. Self-signed certificates are often used internally within organizations, but they carry higher risks since they are not validated by a third-

  party CA, making them more susceptible to spoofing.

  References: CompTIA Security+ SY0-701 study materials, particularly the domains discussing Public Key Infrastructure (PKI) and certificate management.