CompTIA CompTIA Certifications SY0-701 Questions & Answers

• Question 121:

  An analyst is reviewing an incident in which a user clicked on a link in a phishing email. Which of the following log sources would the analyst utilize to determine whether the connection was successful?

  A. Network

  B. System

  C. Application

  D. Authentication

  Correct Answer: A

  To determine whether the connection was successful after a user clicked on a link in a phishing email, the most relevant log source to analyze would be the network logs. These logs would provide information on outbound and inbound traffic,

  allowing the analyst to see if the user's system connected to the remote server specified in the phishing link. Network logs can include details such as IP addresses, domains accessed, and the success or failure of connections, which are

  crucial for understanding the impact of the phishing attempt.

  References:

  CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations. CompTIA Security+ SY0-601 Study Guide: Chapter on Incident Response.

• Question 122:

  A security analyst developed a script to automate a trivial and repeatable task. Which of the following best describes the benefits of ensuring other team members understand how the script works?

  A. To reduce implementation cost

  B. To identify complexity

  C. To remediate technical debt

  D. To prevent a single point of failure

  Correct Answer: D

  Ensuring that other team members understand how a script works is essential to prevent a single point of failure. If only one person knows how the script operates, the organization risks being unable to maintain or troubleshoot it if that person

  is unavailable. Sharing knowledge ensures continuity and reduces dependence on one individual.

  Reducing implementation cost and remediating technical debt are secondary considerations in this context.

  Identifying complexity is important, but the main benefit is to avoid a single point of failure.

• Question 123:

  Since a recent upgrade to a WLAN infrastructure, several mobile users have been unable to access the internet from the lobby. The networking team performs a heat map survey of the building and finds several WAPs in the area. The WAPs are using similar frequencies with high power settings. Which of the following installation considerations should the security team evaluate next?

  A. Channel overlap

  B. Encryption type

  C. New WLAN deployment

  D. WAP placement

  Correct Answer: A

  When multiple Wireless Access Points (WAPs) are using similar frequencies with high power settings, it can cause channel overlap, leading to interference and connectivity issues. This is likely the reason why mobile users are unable to access the internet in the lobby. Evaluating and adjusting the channel settings on the WAPs to avoid overlap is crucial to resolving the connectivity problems. References: CompTIA Security+ SY0-701 study materials, particularly the domain on Wireless and Mobile Security, which covers WLAN deployment considerations.

• Question 124:

  A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system. Which of the following would detect this behavior?

  A. Implementing encryption

  B. Monitoring outbound traffic

  C. Using default settings

  D. Closing all open ports

  Correct Answer: B

  Monitoring outbound traffic is essential for detecting unauthorized data exfiltration from a system. A new vulnerability that allows malware to move data unauthorizedly would typically attempt to send this data out of the network. By monitoring

  outbound traffic, security tools can detect unusual data transfers, trigger alerts, and help prevent the exfiltration of sensitive information.

  References:

  CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations. CompTIA Security+ SY0-601 Study Guide: Chapter on Threat Detection and Response.

• Question 125:

  A company hired a security manager from outside the organization to lead security operations. Which of the following actions should the security manager perform first in this new role?

  A. Establish a security baseline.

  B. Review security policies.

  C. Adopt security benchmarks.

  D. Perform a user ID revalidation.

  Correct Answer: B

  When a security manager is hired from outside the organization to lead security operations, the first action should be to review the existing security policies. Understanding the current security policies provides a foundation for identifying

  strengths, weaknesses, and areas that require improvement, ensuring that the security program aligns with the organization's goals and regulatory requirements. Review security policies: Provides a comprehensive understanding of the

  existing security framework, helping the new manager to identify gaps and areas for enhancement.

  Establish a security baseline: Important but should be based on a thorough understanding of existing policies and practices.

  Adopt security benchmarks: Useful for setting standards, but reviewing current policies is a necessary precursor.

  Perform a user ID revalidation: Important for ensuring user access is appropriate but not the first step in understanding overall security operations. Reference: CompTIA Security+ SY0-701 Exam Objectives, Domain 5.1 - Summarize elements

  of effective security governance (Reviewing security policies).

• Question 126:

  A systems administrator is auditing all company servers to ensure they meet the minimum security baseline. While auditing a Linux server, the systems administrator observes the /etc/shadow file has permissions beyond the baseline recommendation. Which of the following commands should the systems administrator use to resolve this issue?

  A. chmod

  B. grep

  C. dd

  D. passwd

  Correct Answer: A

  The chmod command is used to change file permissions on Unix and Linux systems. If the /etc/shadow file has permissions beyond the baseline recommendation, the systems administrator should use chmod to modify the file's permissions,

  ensuring it adheres to the security baseline and limits access to authorized users only.

  References: CompTIA Security+ SY0-701 study materials, focusing on system hardening and file permissions management.

• Question 127:

  In a rush to meet an end-of-year business goal, the IT department was told to implement a new business application. The security engineer reviews the attributes of the application and decides the time needed to perform due diligence is insufficient from a cybersecurity perspective. Which of the following best describes the security engineer's response?

  A. Risk tolerance

  B. Risk acceptance

  C. Risk importance

  D. Risk appetite

  Correct Answer: D

  Risk appetite refers to the level of risk that an organization is willing to accept in order to achieve its objectives. In this scenario, the security engineer is concerned that the timeframe for implementing a new application does not allow for sufficient cybersecurity due diligence. This reflects a situation where the organization's risk appetite might be too high if it proceeds without the necessary security checks. References: CompTIA Security+ SY0-701 study materials, particularly in the domain of risk management and understanding organizational risk appetite.

• Question 128:

  A software developer would like to ensure the source code cannot be reverse engineered or debugged. Which of the following should the developer consider?

  A. Version control

  B. Obfuscation toolkit

  C. Code reuse

  D. Continuous integration

  E. Stored procedures

  Correct Answer: B

  An obfuscation toolkit is used by developers to make source code difficult to understand and reverse engineer. This technique involves altering the code's structure and naming conventions without changing its functionality, making it much

  harder for attackers to decipher the code or use debugging tools to analyze it. Obfuscation is an important practice in protecting proprietary software and intellectual property from reverse engineering.

  References:

  CompTIA Security+ SY0-701 Course Content: Domain 03 Security Architecture. CompTIA Security+ SY0-601 Study Guide: Chapter on Secure Coding Practices.

• Question 129:

  The Chief Information Security Officer wants to put security measures in place to protect PlI. The organization needs to use its existing labeling and classification system to accomplish this goal. Which of the following would most likely be configured to meet the requirements?

  A. Tokenization

  B. S/MIME

  C. DLP

  D. MFA

  Correct Answer: C

  Data Loss Prevention (DLP) systems are typically configured to protect sensitive data such as Personally Identifiable Information (PII) within an organization. DLP tools enforce policies that monitor, detect, and block the unauthorized

  transmission of sensitive data. By leveraging the organization's existing labeling and classification system, DLP solutions can identify and protect data based on its classification, ensuring that PII is appropriately secured according to

  organizational policies.

  References:

  CompTIA Security+ SY0-701 Course Content: Domain 03 Security Architecture. CompTIA Security+ SY0-601 Study Guide: Chapter on Network Security and DLP.

• Question 130:

  Which of the following topics would most likely be included within an organization's SDLC?

  A. Service-level agreements

  B. Information security policy

  C. Penetration testing methodology

  D. Branch protection requirements

  Correct Answer: B

  Within an organization's Software Development Life Cycle (SDLC), an Information Security Policy is a vital component. It outlines the rules and procedures for ensuring that the organization's IT assets and data are protected throughout the development process. Ensuring secure coding practices, access controls, and regular security testing is fundamental in preventing vulnerabilities in applications. Other options like service-level agreements and branch protection requirements are less likely to be integral to SDLC processes. Penetration testing methodology, while useful, is generally considered outside the scope of the SDLC.