CompTIA SY0-701 Exam Practice Questions to Pass CompTIA Security+ Exam

Question 1

Which of the following Is a common, passive reconnaissance technique employed by penetration testers in the early phases of an engagement?

AOpen-source intelligence

BPort scanning

CPivoting

DExploit validation

Answer : A

Question 2

Which of the following security measures is required when using a cloud-based platform for loT management?

AEncrypted connection

BFederated identity

CFirewall

DSingle sign-on

Answer : A

Question 3

Which of the following must be considered when designing a high-availability network? (Select two).

AEase of recovery

BAbility to patch

CPhysical isolation

DResponsiveness

EAttack surface

FExtensible authentication

Answer : A, E

A high-availability network is a network that is designed to minimize downtime and ensure continuous operation of critical services and applications. To achieve this goal, a high-availability network must consider two important factors: ease of recovery and attack surface.

Ease of recovery refers to the ability of a network to quickly restore normal functionality after a failure, disruption, or disaster. A high-availability network should have mechanisms such as redundancy, failover, backup, and restore to ensure that any single point of failure does not cause a complete network outage. A high-availability network should also have procedures and policies for incident response, disaster recovery, and business continuity to minimize the impact of any network issue on the organization's operations and reputation.

Attack surface refers to the exposure of a network to potential threats and vulnerabilities. A high-availability network should have measures such as encryption, authentication, authorization,firewall, intrusion detection and prevention, and patch management to protect the network from unauthorized access, data breaches, malware, denial-of-service attacks, and other cyberattacks. A high-availability network should also have processes and tools for risk assessment, threat intelligence, vulnerability scanning, and penetration testing to identify and mitigate any weaknesses or gaps in the network security.

Question 4

In which of the following scenarios is tokenization the best privacy technique 10 use?

AProviding pseudo-anonymization tor social media user accounts

BServing as a second factor for authentication requests

CEnabling established customers to safely store credit card Information

DMasking personal information inside databases by segmenting data

Answer : C

Tokenization is a process that replaces sensitive data, such as credit card information, with a non-sensitive equivalent (token) that can be used in place of the actual data. This technique is particularly useful in securely storing payment information because the token can be safely stored and transmitted without exposing the original credit card number.

Reference =

CompTIA Security+ SY0-701 Course Content: Domain 03 Security Architecture.

CompTIA Security+ SY0-601 Study Guide: Chapter on Cryptography and Data Protection.

Question 5

A company makes a change during the appropriate change window, but the unsuccessful change extends beyond the scheduled time and impacts customers. Which of the following would prevent this from reoccurring?

AUser notification

BChange approval

CRisk analysis

DBackout plan

Answer : D

A backout plan provides a documented procedure to revert or undo a change if it fails or causes issues, helping to restore the environment quickly and prevent extended downtime. Having a backout plan in place minimizes impact during failed changes.

User notification (A) informs users but does not prevent failures. Change approval (B) and risk analysis (C) occur before the change and cannot fix issues after failure.

Backout planning is a best practice in Change Management covered in Security Program Management6:Chapter 16CompTIA Security+ Study Guide

Question 6

A business needs a recovery site but does not require immediate failover. The business also wants to reduce the workload required to recover from an outage. Which of the following recovery sites is the best option?

AHot

BCold

CWarm

DGeographically dispersed

Answer : C

A warm site is the best option for a business that does not require immediate failover but wants to reduce the workload required for recovery. A warm site has some pre-installed equipment and data, allowing for quicker recovery than a cold site, but it still requires some setup before becoming fully operational.

Hot sites provide immediate failover but are more expensive and require constant maintenance.

Cold sites require significant time and effort to get up and running after an outage.

Geographically dispersed sites refer to a specific location strategy rather than the readiness of the recovery site.

Question 7

Which of the following methods would most likely be used to identify legacy systems?

ABug bounty program

BVulnerability scan

CPackage monitoring

DDynamic analysis

Answer : B

A vulnerability scan is the most likely method to identify legacy systems. These scans assess an organization's network and systems for known vulnerabilities, including outdated or unsupportedsoftware (i.e., legacy systems) that may pose a security risk. The scan results can highlight systems that are no longer receiving updates, helping IT teams address these risks.

Bug bounty programs are used to incentivize external researchers to find security flaws, but they are less effective at identifying legacy systems.

Package monitoring tracks installed software packages for updates or issues but is not as comprehensive for identifying legacy systems.

Dynamic analysis is typically used for testing applications during runtime to find vulnerabilities, but not for identifying legacy systems.

CompTIA Security+ Certification Exam SY0-701 Practice Questions