CompTIA CompTIA Certifications SY0-701 Questions & Answers

• Question 351:

  A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the following best describes this step?

  A. Capacity planning

  B. Redundancy

  C. Geographic dispersion

  D. Tablet exercise

  Correct Answer: A

  Capacity planning is the process of determining the resources needed to meet the current and future demands of an organization. Capacity planning can help a company develop a business continuity strategy by estimating how many staff members would be required to sustain the business in the case of a disruption, such as a natural disaster, a cyberattack, or a pandemic. Capacity planning can also help a company optimize the use of its resources, reduce costs, and improve performance.

  References: CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701, 9th Edition, Chapter 4, page 184. CompTIA Security+ (SY0- 701) Certification Exam Objectives, Domain 4.1, page 14. Business Continuity -SY0-601 CompTIA Security+ : 4.1

• Question 352:

  A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users. Which of the following would be a good use case for this task?

  A. Off-the-shelf software

  B. Orchestration

  C. Baseline

  D. Policy enforcement

  Correct Answer: B

  Orchestration is the process of automating multiple tasks across different systems and applications. It can help save time and reduce human error by executing predefined workflows and scripts. In this case, the systems administrator can use orchestration to create accounts for a large number of end users without having to manually enter their information and assign permissions.

  References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 457 1

• Question 353:

  A user is attempting to patch a critical system, but the patch fails to transfer. Which of the following access controls is most likely inhibiting the transfer?

  A. Attribute-based

  B. Time of day

  C. Role-based

  D. Least privilege

  Correct Answer: D

  The least privilege principle states that users and processes should only have the minimum level of access required to perform their tasks. This helps to prevent unauthorized or unnecessary actions that could compromise security. In this case, the patch transfer might be failing because the user or process does not have the appropriate permissions to access the critical system or the network resources needed for the transfer. Applying the least privilege principle can help to avoid this issue by granting the user or process the necessary access rights for the patching activity.

  References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page

• Question 354:

  Which of the following exercises should an organization use to improve its incident response process?

  A. Tabletop

  B. Replication

  C. Failover

  D. Recovery

  Correct Answer: A

  A tabletop exercise is a simulated scenario that tests the organization's incident response plan and procedures. It involves key stakeholders and decision-makers who discuss their roles and actions in response to a hypothetical incident. It can help identify gaps, weaknesses, and improvement areas in the incident response process. It can also enhance communication, coordination, and collaboration among the participants.

  References: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, page 525 1

• Question 355:

  Which of the following threat actors is the most likely to be hired by a foreign government to attack critical systems located in other countries?

  A. Hacktivist

  B. Whistleblower

  C. Organized crime

  D. Unskilled attacker

  Correct Answer: C

  Organized crime is a type of threat actor that is motivated by financial gain and often operates across national borders. Organized crime groups may be hired by foreign governments to conduct cyberattacks on critical systems located in other countries, such as power grids, military networks, or financial institutions. Organized crime groups have the resources, skills, and connections to carry out sophisticated and persistent attacks that can cause significant damage and disruption.

  References: 1: Threat Actors - CompTIA Security+ SY0-701 - 2.1 2: CompTIA Security+ SY0-701 Certification Study Guide

• Question 356:

  Which of the following must be considered when designing a high-availability network? (Select two).

  A. Ease of recovery

  B. Ability to patch

  C. Physical isolation

  D. Responsiveness

  E. Attack surface

  F. Extensible authentication

  Correct Answer: AD

• Question 357:

  Which of the following can be used to identify potential attacker activities without affecting production servers?

  A. Honey pot

  B. Video surveillance

  C. Zero Trust

  D. Geofencing

  Correct Answer: A

  A honey pot is a system or a network that is designed to mimic a real production server and attract potential attackers. A honey pot can be used to identify the attacker's methods, techniques, and objectives without affecting the actual production servers. A honey pot can also divert the attacker's attention from the real targets and waste their time and resources12. The other options are not effective ways to identify potential attacker activities without affecting production servers: Video surveillance: This is a physical security technique that uses cameras and monitors to record and observe the activities in a certain area. Video surveillance can help to deter, detect, and investigate physical intrusions, but it does not directly identify the attacker's activities on the network or the servers3. Zero Trust: This is a security strategy that assumes that no user, device, or network is trustworthy by default and requires strict verification and validation for every request and transaction. Zero Trust can help to improve the security posture and reduce the attack surface of an organization, but it does not directly identify the attacker's activities on the network or the servers4. Geofencing: This is a security technique that uses geographic location as a criterion to restrict or allow access to data or resources. Geofencing can help to protect the data sovereignty and compliance of an organization, but it does not directly identify the attacker's activities on the network or the servers5.

  References: 1: CompTIA Security+ SY0-701 Certification Study Guide, page 542: Honeypots and Deception -SY0-601 CompTIA Security+ : 2.1, video by Professor Messer3: CompTIA Security+ SY0-701 Certification Study Guide, page 974: CompTIA Security+ SY0-701 Certification Study Guide, page 985: CompTIA Security+ SY0-701 Certification Study Guide, page 99.

• Question 358:

  Which of the following agreement types defines the time frame in which a vendor needs to respond?

  A. SOW

  B. SLA

  C. MOA

  D. MOU

  Correct Answer: B

  A service level agreement (SLA) is a type of agreement that defines the expectations and responsibilities between a service provider and a customer. It usually includes the quality, availability, and performance metrics of the service, as well

  as the time frame in which the provider needs to respond to service requests, incidents, or complaints. An SLA can help ensure that the customer receives the desired level of service and that the provider is accountable for meeting the

  agreed-upon standards.

  References:

  Security+ (Plus) Certification | CompTIA IT Certifications, under "About the exam", bullet point 3: "Operate with an awareness of applicable regulations and policies, including principles of governance, risk, and compliance." CompTIA Security

  + Certification Kit: Exam SY0-701, 7th Edition, Chapter 1, page

  14: "Service Level Agreements (SLAs) are contracts between a service provider and a customer that specify the level of service expected from the service provider."

• Question 359:

  A network manager wants to protect the company's VPN by implementing multifactor authentication that uses:

  1.

  Something you know

  2.

  Something you have

  3.

  Something you are

  Which of the following would accomplish the manager's goal?

  A. Domain name, PKI, GeolP lookup

  B. VPN IP address, company ID, facial structure

  C. Password, authentication token, thumbprint

  D. Company URL, TLS certificate, home address

  Correct Answer: C

  The correct answer is C. Password, authentication token, thumbprint. This combination of authentication factors satisfies the manager's goal of implementing multifactor authentication that uses something you know, something you have, and something you are. Something you know is a type of authentication factor that relies on the user's knowledge of a secret or personal information, such as a password, a PIN, or a security question. A password is a common example of something you know that can be used to access a VPN12 Something you have is a type of authentication factor that relies on the user's possession of a physical object or device, such as a smart card, a token, or a smartphone. An authentication token is a common example of something you have that can be used to generate a one-time password (OTP) or a code that can be used to access a VPN12 Something you are is a type of authentication factor that relies on the user's biometric characteristics, such as a fingerprint, a face, or an iris. A thumbprint is a common example of something you are that can be used to scan and verify the user's identity to access a VPN12

  References:

  1: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 4: Identity and Access Management, page 177 2: CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 4: Identity and Access Management, page

• Question 360:

  Several employees received a fraudulent text message from someone claiming to be the Chief Executive Officer (CEO). The message stated: "I'm in an airport right now with no access to email. I need you to buy gift cards for employee recognition awards. Please send the gift cards to following email address."

  Which of the following are the best responses to this situation? (Choose two).

  A. Cancel current employee recognition gift cards.

  B. Add a smishing exercise to the annual company training.

  C. Issue a general email warning to the company.

  D. Have the CEO change phone numbers.

  E. Conduct a forensic investigation on the CEO's phone.

  F. Implement mobile device management.

  Correct Answer: BC

  This situation is an example of smishing, which is a type of phishing that uses text messages (SMS) to entice individuals into providing personal or sensitive information to cybercriminals. The best responses to this situation are to add a smishing exercise to the annual company training and to issue a general email warning to the company. A smishing exercise can help raise awareness and educate employees on how to recognize and avoid smishing attacks. An email warning can alert employees to the fraudulent text message and remind them to verify the identity and legitimacy of any requests for information or money.

  References: What Is Phishing | Cybersecurity | CompTIA, Phishing -SY0-601 CompTIA Security+ : 1.1 - Professor Messer IT Certification Training Courses