CompTIA CompTIA Certifications SY0-701 Questions & Answers

• Question 41:

  Which of the following is a common source of unintentional corporate credential leakage in cloud environments?

  A. Code repositories

  B. Dark web

  C. Threat feeds

  D. State actors

  E. Vulnerability databases

  Correct Answer: A

  Code repositories are a common source of unintentional corporate credential leakage, especially in cloud environments. Developers may accidentally commit and push sensitive information, such as API keys, passwords, and other

  credentials, to public or poorly secured repositories. These credentials can then be accessed by unauthorized users, leading to security breaches. Ensuring that repositories are properly secured and that sensitive data is never committed is

  critical for protecting against this type of leakage.

  References:

  CompTIA Security+ SY0-701 Course Content: Domain 03 Security Architecture. CompTIA Security+ SY0-601 Study Guide: Chapter on Threats and Vulnerability Management.

• Question 42:

  An employee in the accounting department receives an email containing a demand for payment for services performed by a vendor. However, the vendor is not in the vendor management database. Which of the following is this scenario an example of?

  A. Pretexting

  B. Impersonation

  C. Ransomware

  D. Invoice scam

  Correct Answer: D

  The scenario describes an instance where an employee receives a fraudulent invoice from a vendor that is not recognized in the company's vendor management system. This is a classic example of an invoice scam, where attackers attempt to trick organizations into making payments for fake or non-existent services. These scams often rely on social engineering tactics to bypass financial controls. References: CompTIA Security+ SY0-701 study materials, particularly in the context of social engineering attacks and common scams.

• Question 43:

  A company is implementing a vendor's security tool in the cloud. The security director does not want to manage users and passwords specific to this tool but would rather utilize the company's standard user directory. Which of the following should the company implement?

  A. 802.1X

  B. SAML

  C. RADIUS

  D. CHAP

  Correct Answer: B

  The company should implement Security Assertion Markup Language (SAML) to integrate the vendor's security tool with their existing user directory. SAML is an open standard that allows identity providers (IdP) to pass authorization

  credentials to service providers (SP), enabling Single Sign-On (SSO). This allows the company to use its existing directory services for authentication, avoiding the need to manage a separate set of user credentials for the new tool.

  References:

  CompTIA Security+ SY0-701 Course Content: Domain 4: Identity and Access Management, which includes SAML as a key identity federation standard for SSO. CompTIA Security+ Study Guide (SY0-601): Chapter 8, "Identity and Access

  Management," details the role of SAML in enabling SSO by utilizing an existing identity provider.

• Question 44:

  A security engineer is working to address the growing risks that shadow IT services are introducing to the organization. The organization has taken a cloud-first approach end does not have an on-premises IT infrastructure. Which of the following would best secure the organization?

  A. Upgrading to a next-generation firewall

  B. Deploying an appropriate in-line CASB solution

  C. Conducting user training on software policies

  D. Configuring double key encryption in SaaS platforms

  Correct Answer: B

  A Cloud Access Security Broker (CASB) solution is the most suitable option for securing an organization that has adopted a cloud-first strategy and does not have an on-premises IT infrastructure. CASBs provide visibility and control over

  shadow IT services, enforce security policies, and protect data across cloud services.

  References: CompTIA Security+ SY0-701 study materials, particularly in the domain of cloud security and managing risks associated with shadow IT.

• Question 45:

  The Chief Information Security Officer (CISO) at a large company would like to gain an understanding of how the company's security policies compare to the requirements imposed by external regulators. Which of the following should the CISO use?

  A. Penetration test

  B. Internal audit

  C. Attestation

  D. External examination

  Correct Answer: D

  An external examination (also known as an external audit or external review) is the best method for the Chief Information Security Officer (CISO) to gain an understanding of how the company's security policies compare to external regulatory

  requirements. External examinations are conducted by third-party entities that assess an organization's compliance with laws, regulations, and industry standards. Penetration tests focus on identifying vulnerabilities, not compliance. Internal

  audits assess internal controls but are not impartial or focused on regulatory requirements.

  Attestation is a formal declaration but does not involve the actual evaluation of compliance.

• Question 46:

  Which of the following environments utilizes a subset of customer data and is most likely to be used to assess the impacts of major system upgrades and demonstrate system features?

  A. Development

  B. Test

  C. Production

  D. Staging

  Correct Answer: D

  A staging environment is a controlled setting that closely mirrors the production environment but uses a subset of customer data. It is used to test major system upgrades, assess their impact, and demonstrate new features before they are rolled out to the live production environment. This ensures that any issues can be identified and addressed in a safe environment before affecting end-users. References: CompTIA Security+ SY0-701 study materials, particularly in the domain of secure system development and testing environments.

• Question 47:

  The Cruel Information Security Officer (CISO) asks a security analyst to install an OS update to a production VM that has a 99% uptime SLA. The CISO tells me analyst the installation must be done as quickly as possible. Which of the following courses of action should the security analyst take first?

  A. Log in to the server and perform a health check on the VM.

  B. Install the patch Immediately.

  C. Confirm that the backup service is running.

  D. Take a snapshot of the VM.

  Correct Answer: D

  Before applying any updates or patches to a production VM, especially one with a 99% uptime SLA, it is crucial to first take a snapshot of the VM. This snapshot serves as a backup that can be quickly restored in case the update causes any

  issues, ensuring that the system can be returned to its previous state without violating the SLA. This step mitigates risk and is a standard best practice in change management for critical systems.

  References: CompTIA Security+ SY0-701 study materials, focusing on change management and backup strategies.

• Question 48:

  A security analyst is assessing several company firewalls. Which of the following tools would the analyst most likely use to generate custom packets to use during the assessment?

  A. hping

  B. Wireshark

  C. PowerShell

  D. netstat

  Correct Answer: A

  Monitoring outbound traffic is essential for detecting unauthorized data exfiltration from a system. A new vulnerability that allows malware to move data unauthorizedly would typically attempt to send this data out of the network. By monitoring

  outbound traffic, security tools can detect unusual data transfers, trigger alerts, and help prevent the exfiltration of sensitive information.

  References:

  CompTIA Security+ SY0-701 Course Content: Domain 04 Security Operations. CompTIA Security+ SY0-601 Study Guide: Chapter on Threat Detection and Response.

• Question 49:

  Which of the following should a security operations center use to improve its incident response procedure?

  A. Playbooks

  B. Frameworks

  C. Baselines

  D. Benchmarks

  Correct Answer: A

  A playbook is a documented set of procedures that outlines the step-by-step response to specific types of cybersecurity incidents. Security Operations Centers (SOCs) use playbooks to improve consistency, efficiency, and accuracy during

  incident response. Playbooks help ensure that the correct procedures are followed based on the type of incident, ensuring swift and effective remediation. Frameworks provide general guidelines for implementing security but are not specific

  enough for incident response procedures.

  Baselines represent normal system behavior and are used for anomaly detection, not incident response guidance.

  Benchmarks are performance standards and are not directly related to incident response.

• Question 50:

  A security engineer needs to configure an NGFW to minimize the impact of the increasing number of various traffic types during attacks. Which of the following types of rules is the engineer the most likely to configure?

  A. Signature-based

  B. Behavioral-based

  C. URL-based

  D. Agent-based

  Correct Answer: B

  To minimize the impact of the increasing number of various traffic types during attacks, a security engineer is most likely to configure behavioral-based rules on a Next-Generation Firewall (NGFW). Behavioral-based rules analyze the

  behavior of traffic patterns and can detect and block unusual or malicious activity that deviates from normal behavior.

  Behavioral-based: Detects anomalies by comparing current traffic behavior to known good behavior, making it effective against various traffic types during attacks.

  Signature-based: Relies on known patterns of known threats, which might not be as effective against new or varied attack types.

  URL-based: Controls access to websites based on URL categories but is not specifically aimed at handling diverse traffic types during attacks. Agent-based: Typically involves software agents on endpoints to monitor and enforce policies, not

  directly related to NGFW rules. Reference: CompTIA Security+ SY0-701 Exam Objectives, Domain 4.5 - Modify enterprise capabilities to enhance security (Behavioral-based rules on NGFW).