CompTIA Security+ Certification SY0-701 Exam Practice Test

Page: 1 / 14
Total 642 questions
Question 1

The private key for a website was stolen, and a new certificate has been issued. Which of the following needs to be updated next?



Answer : B


Question 2

After a company was compromised, customers initiated a lawsuit. The company's attorneys have requested that the security team initiate a legal hold in response to the lawsuit. Which of the following describes the action the security team will most likely be required to take?



Answer : B

A legal hold (also known as a litigation hold) is a notification sent from an organization's legal team to employees instructing them not to delete electronically stored information (ESI) or discard paper documents that may be relevant to a new or imminent legal case. A legal hold is intended to preserve evidence and prevent spoliation, which is the intentional or negligent destruction of evidence that could harm a party's case.A legal hold can be triggered by various events, such as a lawsuit, a regulatory investigation, or a subpoena12

In this scenario, the company's attorneys have requested that the security team initiate a legal hold in response to the lawsuit filed by the customers after the company was compromised. This means that the security team will most likely be required to retain any communications related to the security breach until further notice. This could include emails, instant messages, reports, logs, memos, or any other documents that could be relevant to the lawsuit. The security team should also inform the relevant custodians (the employees who have access to or control over the ESI) of their preservation obligations and monitor their compliance.The security team should also document the legal hold process and its scope, as well as take steps to protect the ESI from alteration, deletion, or loss34


1: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 6: Risk Management, page 3032: CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 6: Risk Management, page 3053: Legal Hold (Litigation Hold) - The Basics of E-Discovery - Exterro54: The Legal Implications and Consequences of a Data Breach6

Question 3

Which of the following is a prerequisite for a DLP solution?



Answer : C

Data classification is required before implementing a Data Loss Prevention (DLP) solution because DLP policies depend on identifying and categorizing sensitive data to monitor, block, or encrypt it accordingly.

Data destruction (A) and sanitization (B) remove data, and masking (D) obscures data but classification is foundational for DLP effectiveness.

Data classification is emphasized in Security Program Management and Data Protection topics6:Chapter 16CompTIA Security+ Study Guide.


Question 4

Which of the following security measures is required when using a cloud-based platform for loT management?



Answer : A


Question 5

Which of the following describes the reason root cause analysis should be conducted as part of incident response?



Answer : D

Root cause analysis is a process of identifying and resolving the underlying factors that led to an incident. By conducting root cause analysis as part of incident response, security professionals can learn from the incident and implement corrective actions to prevent future incidents of the same nature. For example, if the root cause of a data breach was a weak password policy, the security team can enforce a stronger password policy and educate users on the importance of password security. Root cause analysis can also help to improve security processes, policies, and procedures, and to enhance security awareness and culture within the organization. Root cause analysis is not meant to gather loCs (indicators of compromise) for the investigation, as this is a task performed during the identification and analysis phases of incident response. Root cause analysis is also not meant to discover which systems have been affected or to eradicate any trace of malware on the network, as these are tasks performed during the containment and eradicationphases of incident response.Reference=CompTIA Security+ SY0-701 Certification Study Guide, page 424-425;Professor Messer's CompTIA SY0-701 Security+ Training Course, video 5.1 - Incident Response, 9:55 - 11:18.


Question 6

Which of the following is a type of vulnerability that involves inserting scripts into web-based applications in order to take control of the client's web browser?



Answer : B

Cross-site scripting (XSS) vulnerabilities allow attackers to inject malicious scripts into a website, which are then executed in the user's web browser, potentially leading to data theft or session hijacking.Reference: Security+ SY0-701 Course Content, Security+ SY0-601 Book.


Question 7

Which of the following is the best way to improve the confidentiality of remote connections to an enterprise's infrastructure?



Answer : B

AVirtual Private Network (VPN) (B)encrypts all data transmitted between remote users and the enterprise infrastructure, ensuringconfidentiality. VPNs are essential in protecting sensitive data from interception over untrusted networks.

This is covered underDomain 3.3: Secure network designs, whereVPNsare listed as a key control forensuring confidentiality of remote connections.


Page:    1 / 14   
Total 642 questions