CompTIA Security+ SY0-701 Practice Tests

CompTIA Security+ SY0-701 Mock Exam 1

A company wants to ensure that its internal database servers are inaccessible from the public internet. What type of firewall rule should be configured?
1. Allow all incoming traffic.
2. Deny all outbound traffic.
3. Deny all incoming traffic to the database server.
4. Allow all traffic on port 80.
What is the benefit of using a centralized proxy for web filtering?
1. It requires no configuration on user devices.
2. It encrypts all web traffic.
3. It reduces the need for antivirus software.
4. It increases bandwidth consumption.
What is an access control vestibule, commonly called a “mantrap”, used for in physical security?
1. To restrict vehicle access to a facility
2. To trap unauthorized personnel between two doors until identification is verified
3. To monitor and log all access attempts to a secure area
4. To provide emergency exits during a security breach
A network administrator must install an intrusion detection system (IDS) to improve the company’s security posture. Which control type is an IDS?
1. Corrective
2. Physical
3. Detective
4. Managerial
After a security incident, the CISO needs the security team to be more specific about each control. How do directive security controls differ from preventive security controls?
1. Directive controls prevent security incidents, while preventive controls guide behavior to follow security policies.
2. Directive controls guide user behavior, while preventive controls are designed to stop security incidents before they occur.
3. Directive controls provide real-time alerts of security breaches, while preventive controls document security events.
4. Directive controls focus on protecting data from loss, while preventive controls focus on compliance with regulations.
Which core principle best defines the zero-trust security model?
1. Trust but verify
2. Least privilege
3. Implicit trust within the network
4. Access based on location
An intrusion prevention system (IPS) differs from an intrusion detection system (IDS) primarily in which of the following ways?
1. An IPS only monitors network traffic without taking any action.
2. An IPS can actively block malicious traffic, whereas an IDS only detects it.
3. An IPS requires manual intervention, while an IDS does not.
4. An IPS is designed only for outbound traffic monitoring.
How does threat scope reduction help in improving network security?
1. By expanding the network’s attack surface to gather more intelligence
2. By reducing the number of potential attack vectors through segmentation and isolation
3. By increasing the number of open ports to enhance communication
4. By using complex encryption algorithms for all network traffic
What is the main purpose of deploying a honeypot in a network security environment?
1. To increase network bandwidth
2. To attract and trap attackers for monitoring and analysis
3. To provide a backup for critical data
4. To enforce access control policies
Which detection method does an intrusion detection system (IDS)/intrusion prevention system (IPS) use to identify known attack patterns?
1. Anomaly-based detection
2. Signature-based detection
3. Heuristic detection
4. Behavioral analysis
The CISO wants the security team to analyze data gaps. What is the primary purpose of conducting a gap analysis in a security context?
1. To identify and document the differences between current security practices and desired security goals.
2. Comparing current security measures with vulnerability scans.
3. Implementing encryption across all data systems.
4. Conducting a vulnerability assessment of the network.
A disgruntled employee who intentionally leaks confidential information is best described as which type of threat actor?
1. Shadow IT
2. Nation-state
3. Insider threat
4. Organized crime
Which of the following best describes the primary purpose of using access control lists (ACLs) in a firewall?
1. To increase network speed
2. To define rules for allowing or denying traffic
3. To monitor network performance
4. To store encryption keys
A security consultant discovers that an organization’s email system has been compromised by attackers using malicious attachments. What is this type of attack best described as?
1. Image-based attack
2. File-based attack
3. Voice call attack
4. Message-based attack
An attacker exploits a company’s outdated software vulnerability to gain unauthorized access to its network. What is the most likely form of this attack vector?
1. Unsupported systems and applications
2. Vulnerable software
3. Removable device
4. Message-based attack
Employees receive phishing emails with malicious links to steal login credentials. What kind of attack is this?
1. Image-based attack
2. File-based attack
3. Message-based attack
4. Voice call attack
A security administrator notices that an application is vulnerable to an attack where arbitrary code is injected into memory, allowing the attacker to execute it. What type of vulnerability is this?
1. Buffer overflow
2. Cross-site scripting (XSS)
3. XML injection
4. Structured Query Language injection (SQLi)
During a security audit, the administrator finds that a web application fails to properly validate input, allowing attackers to execute malicious code in the browser of users who view the affected web page. What type of vulnerability is this?
1. Buffer overflow
2. Race conditions
3. Memory injection
4. Cross-site scripting (XSS)
An attacker exploits a vulnerability in a web application’s database query handling by injecting malicious SQL statements into an input field. What type of attack does this describe?
1. Memory injection
2. Buffer overflow
3. Structured Query Language injection (SQLi)
4. Cross-site scripting (XSS)
A security administrator identifies that a program is susceptible to an attack where more data can be input to the buffer than it can hold, leading to potential system crashes or the execution of malicious code. What vulnerability is this?
1. Race conditions
2. Buffer overflow
3. Cross-site scripting (XSS)
4. Structured Query Language injection (SQLi)
A security team must restrict incoming traffic to a web server on the company’s network to only allow HTTP and HTTPS traffic. Which firewall rule should they implement?
1. Allow traffic on port 25 and port 110.
2. Allow traffic on port 53 and port 123.
3. Allow traffic on port 80 and port 443.
4. Allow traffic on port 21 and port 22.
A security consultant at a large company notices that several computers on the network are performing file encryption while showing a text message demanding payment to restore access. What type of malicious activity does this indicate?
1. Virus
2. Trojan
3. Ransomware
4. Bloatware
A security consultant notices an unusual amount of failed login attempts on the company’s authentication server within a short period. What type of attack does this indicate?
1. Environmental attack
2. RFID cloning
3. Phishing
4. Brute force
A security administrator detects an attacker successfully exploiting an application vulnerability to input arbitrary commands into a database query. What type of attack is this an example of?
1. Buffer overflow
2. Injection
3. Privilege escalation
4. Directory traversal
A security administrator notices that attackers have forced a communication session to use a less secure version of a cryptographic protocol than what the server typically supports. What type of attack is this?
1. Birthday attack
2. Downgrade attack
3. Collision attack
4. Replay attack
A security administrator notices many failed login attempts on a user account spread over a long period, using different passwords each time. What type of password attack does this scenario best describe?
1. Brute-force attack
2. Dictionary attack
3. Password spraying
4. Rainbow table attack
What is the primary purpose of a web filter in an enterprise environment?
1. To speed up web page loading times
2. To block access to unauthorized or malicious websites
3. To encrypt all outbound traffic
4. To manage user credentials for web access
A security administrator notices several user accounts being locked out repeatedly due to failed login attempts from different IP addresses. What does this likely indicate?
1. Concurrent session usage
2. Account lockout due to a brute-force attack
3. Impossible travel
4. Resource consumption
A security consultant sets up rules to specify which users can access a network resource based on IP addresses and protocols. Which access control method is the consultant implementing?
1. Role-based access control (RBAC)
2. Access control list (ACL)
3. Mandatory access control (MAC)
4. Discretionary access control (DAC)
A security consultant advises a company on preventing unauthorized applications from running on its network. Which mitigation technique should the consultant recommend to allow only approved software to execute?
1. Application allow list
2. Firewall rules
3. Block list
4. Antivirus scanning
A security consultant advises a company on handling outdated hardware that the vendor no longer supports. What is the best mitigation technique for reducing the risk associated with these legacy servers?
1. Apply the latest security patches.
2. Increase their physical security.
3. Use the servers in a test environment.
4. Decommission and replace with modern hardware.
A security consultant is implementing hardening measures on company servers. What is a key benefit of installing endpoint protection software?
1. It increases network bandwidth.
2. It provides encryption for data in transit.
3. It helps detect and block malware and other malicious threats.
4. It simplifies user access management.
A company is considering moving its infrastructure to a public cloud environment. What is one of the primary security implications of adopting a public cloud architecture?
1. Increased control over the physical security of hardware
2. Reduced responsibility for managing underlying infrastructure
3. Complete control over all software and hardware configurations
4. Increased complexity in managing internal network security
What is a typical security challenge in a decentralized architecture model where multiple independent systems operate without a central authority?
1. Difficulty in managing individual system configurations
2. Centralized control over data access and encryption
3. Simplicity in scaling and expanding the infrastructure
4. Unified logging and monitoring across all systems
When evaluating a cloud-based architecture, which of the following is a significant consideration regarding availability?
1. The cloud provider guarantees 100% uptime.
2. Availability depends on the provider’s service-level agreement (SLA) and redundancy measures.
3. Availability is managed entirely by the company’s internal IT team.
4. Availability is irrelevant for cloud services due to their inherent flexibility.
For a large-scale e-commerce application, which architecture consideration is most important for ensuring resilience?
1. Implementing high-capacity storage solutions
2. Using a single data center with extensive security controls
3. Deploying a multi-region architecture with failover capabilities
4. Minimizing the use of backup systems to reduce complexity
When designing a network security architecture, which consideration is most important for effectively managing the attack surface?
1. Limiting the number of physical devices in the network
2. Ensuring all devices are placed in a single security zone
3. Minimizing the number of exposed services and interfaces that attackers could target
4. Increasing the physical security of the data center facilities
In a secure enterprise network design, which factor is crucial when determining device placement?
1. Placement should be based on the cost of the devices.
2. Devices should be placed in locations that maximize their accessibility for administrators.
3. Devices should be placed according to their function within different security zones to control access and limit exposure.
4. Placement should prioritize reducing the amount of cabling required.
When planning for failure modes in a network infrastructure, which approach helps ensure continued operations?
1. Deploying single points of failure to simplify troubleshooting
2. Implementing redundant systems and failover mechanisms to maintain functionality during failures
3. Avoiding the use of backup systems to reduce complexity
4. Centralizing all critical systems in one location to streamline management
What is the primary function of remote access solutions in enterprise security?
1. To provide users with secure access to applications and data outside the corporate network.
2. To monitor and control network traffic based on predefined security rules
3. To manage and enforce security policies on endpoint devices
4. To encrypt data stored on disk drives within the data center
A security administrator needs to protect sensitive data that is subject to government regulations such as General Data Protection Regulation (GDPR) or Health Insurance Portability and Accountability Act (HIPAA). What type of data is this?
1. Intellectual property
2. Trade secret
3. Regulated
4. Human-readable
A security administrator is implementing controls to protect data that, if disclosed, could seriously damage the organization’s reputation and operations. What classification best fits this type of data?
1. Public
2. Restricted
3. Critical
4. Confidential
A security administrator is implementing encryption for files stored on a company’s servers to protect them against unauthorized access. Which term best describes this type of data?
1. Data in use
2. Data in transit
3. Data at rest
4. Data sovereignty
What is it known as when a company sets out to mask its data?
1. Hashing
2. Obfuscation
3. Certification
4. Encryption
A security administrator wants to ensure that sensitive data is rendered unreadable during transmission, even if intercepted. Which of the following methods should they implement?
1. Masking
2. Hashing
3. Encryption
4. Tokenization
A security administrator is conducting capacity planning for a new disaster recovery site. Which of the following should be considered to ensure enough human resources to operate the site during an emergency?
1. Network bandwidth
2. Staffing levels
3. Data replication
4. Power supply
What is the primary purpose of an intrusion detection system (IDS) in a corporate network?
1. To block all incoming network traffic
2. To detect and alert on potential security breaches
3. To encrypt all network communications
4. To manage user authentication
A security administrator wants to evaluate the company’s incident response plan without disrupting operations. Which testing method should be used to achieve this?
1. Failover
2. Tabletop exercise
3. Parallel processing
4. Simulation
A security administrator decides where to store backups to ensure data is not lost in case of a physical disaster at the main office. What type of backup location should be prioritized?
1. Onsite
2. Offsite
3. Local drive
4. Cloud only
A security consultant ensures that new servers adhere to the company’s security standards before they are put into production. What is the first step in this process?
1. Deploy the servers with default settings.
2. Conduct regular vulnerability scans.
3. Maintain security updates for the servers.
4. Establish security baselines for the servers.
After defining the security baselines for computing resources, which step involves applying these standards to systems as they are deployed?
1. Establish
2. Deploy
3. Maintain
4. Review
A company implements a policy allowing employees to use their personal devices for work while maintaining control over security policies and data access. Which mobile solution best supports this policy?
1. Corporate-owned personally enabled (COPE)
2. Bring your own device (BYOD)
3. Choose your own device (CYOD)
4. Mobile device management (MDM)
A security consultant wants to implement the latest and most secure encryption standard for a company’s Wi-Fi network. Which protocol should be used?
1. Wi-Fi Protected Access 2 (WPA2)
2. Wired Equivalent Privacy (WEP)
3. Wi-Fi Protected Access 3 (WPA3)
4. Extensible Authentication Protocol (EAP)
What is a standard method for authenticating systems or devices in a network?
1. VPN credentials
2. Digital certificates
3. Security questions
4. Biometric data
A security consultant reviews a web application’s code to ensure it does not contain vulnerabilities that attackers could exploit. Which technique involves analyzing the code without executing it?
1. Static code analysis
2. Dynamic code analysis
3. Penetration testing
4. Code signing
A security administrator is responsible for maintaining department hardware assets. What is this process known as?
1. Configuration management
2. Bring your own device (BYOD)
3. Data encryption
4. Incident response
An administrator is classifying a set of documents that contain sensitive company information. What classification label is most appropriate for these documents?
1. Public
2. Restricted
3. Confidential
4. Internal
A security administrator is responsible for keeping an updated list of all hardware devices connected to the company’s network. What is this process known as?
1. Inventory management
2. Software licensing
3. Data encryption
4. Vulnerability scanning
A security administrator must ensure that sensitive data on retired hard drives cannot be recovered. What is the most secure method for achieving this?
1. Formatting the hard drives
2. Using a secure erase utility
3. Encrypting the hard drives
4. Physically destroying the hard drives
What is the primary goal of data sanitization in the context of decommissioning hardware?
1. To improve the performance of the storage device
2. To completely remove all data so it cannot be recovered
3. To upgrade the hardware to the latest standards
4. To maintain compliance with software licenses
Which of the following processes involves certifying that a piece of hardware has been sanitized according to industry standards?
1. Data encryption
2. Data destruction
3. Data certification
4. Data retention
A security administrator wants to detect known vulnerabilities in the company’s network without exploiting them. Which method should be used?
1. Penetration testing
2. Vulnerability scan
3. Bug bounty program
4. Dynamic analysis
Which method involves analyzing code to find potential security vulnerabilities without executing it?
1. Dynamic analysis
2. Static analysis
3. Vulnerability scan
4. Bug bounty program
A vulnerability scan reports a security flaw in a system, but further investigation reveals that the vulnerability does not exist. What is this scenario an example of?
1. False negative
2. True positive
3. False positive
4. True negative
How do the control plane and data plane interact in a network?
1. The control plane directly transmits user data while the data plane makes routing decisions.
2. The data plane executes the routing decisions made by the control plane and handles user data traffic.
3. The control plane encrypts user data while the data plane decrypts it.
4. The control plane and data plane operate independently without interacting.
A company has an acceptable use policy (AUP) for employees using their mobile devices. Which of the following security control types does this best represent?
1. Detective
2. Compensating
3. Corrective
4. Preventive
Which term describes a vulnerability that exists in a system but was not detected by a security scan?
1. True positive
2. False positive
3. False negative
4. True negative
A security administrator has identified several company systems vulnerabilities. What is the first step the administrator should take to address these vulnerabilities?
1. Perform rescanning to ensure the vulnerabilities are still present
2. Apply patches to the affected systems
3. Purchase cyber insurance to mitigate financial risk
4. Report the vulnerabilities to senior management
After applying patches to systems, what should an administrator do to mitigate the vulnerabilities effectively?
1. Apply additional compensating controls
2. Segregate the network to isolate the patched systems
3. Rescan the systems to verify that the vulnerabilities are no longer present
4. Purchase insurance for any residual risk
After applying patches to critical systems, what should a security administrator do to validate the remediation’s success?
1. Conduct rescanning to check for any remaining vulnerabilities
2. Segregate the patched systems into a different network
3. Apply compensating controls as an extra measure
4. Report the patch application to senior management
A security team is responsible for monitoring the company’s infrastructure to detect anomalies. Which tool is best suited for monitoring server health and performance?
1. Intrusion detection system (IDS)
2. Network access control (NAC)
3. Security information and event management (SIEM)
4. Simple Network Management Protocol (SNMP)
Which monitoring tool is primarily used to gather all log files from various devices to identify potential security incidents?
1. Virtual private network (VPN)
2. Security information and event management (SIEM)
3. Firewall
4. Web application firewall (WAF)
A security team wants to centralize the collection and analysis of logs from multiple systems across the network. Which activity best describes this process?
1. Scanning
2. Log aggregation
3. Alert tuning
4. Archiving
Which activity is focused on identifying vulnerabilities in a company’s network and systems by actively probing them?
1. Alerting
2. Quarantine
3. Reporting
4. Scanning
Which tool is used to automate security compliance assessment by evaluating systems against security benchmarks?
1. Vulnerability scanner
2. Security Content Automation Protocol (SCAP)
3. Data loss prevention (DLP)
4. NetFlow
Which of the following is most likely to conduct cyberattacks for political or social causes rather than financial gain?
1. Organized crime
2. Hacktivist
3. Nation-state
4. Shadow IT
A security team is considering using a tool that does not require installation on each monitored device but collects data from network traffic. Which tool best fits this requirement?
1. NetFlow
2. Security information and event management (SIEM)
3. Data loss prevention (DLP)
4. Vulnerability scanner
A security consultant recommends placing critical servers on separate network segments to prevent unauthorized access from the leading corporate network. Which technique is being used to enhance security?
1. Air-gap
2. Demilitarized zone (DMZ)
3. Virtual local area network (VLAN)
4. Proxy server
What is the primary purpose of file integrity monitoring (FIM)?
1. To encrypt files for confidentiality
2. To detect unauthorized changes to files
3. To back up critical files to the cloud
4. To optimize file storage and management
A security team is implementing a data loss prevention (DLP) solution to prevent sensitive information from being sent outside the company through email. What specific feature should the DLP solution include to achieve this?
1. Monitoring of network bandwidth
2. Scanning and inspecting email attachments for sensitive data
3. Blocking all outgoing emails
4. Encrypting all inbound emails
What is the primary purpose of a quarantine network in a network access control (NAC) environment?
1. To provide a separate network for guest users
2. To isolate non-compliant computers until they are remediated
3. To enforce bandwidth limits on specific devices
4. To create a secure communication channel for sensitive data
What is the primary function of an endpoint detection and response (EDR) solution in a corporate environment?
1. To manage network traffic based on predefined rules
2. To monitor and detect suspicious activity on endpoints such as workstations and servers
3. To enforce access control policies across the network
4. To provide centralized backup and recovery services
A security administrator is tasked with choosing a recovery site that is fully operational and can immediately take over operations in case of a primary site failure. Which type of site should be chosen?
1. Cold site
2. Warm site
3. Hot site
4. Geographic dispersion
A security consultant detects an unusually high volume of traffic directed toward the company’s web server, originating from numerous IP addresses. What type of attack is this most likely indicative of?
1. Reflected attack
2. Distributed denial-of-service (DDoS)
3. Wireless attack
4. Credential replay attack
Which type of threat actor will likely have substantial resources and expertise to conduct sophisticated attacks on critical infrastructure?
1. Hacktivist
2. Insider threat
3. Nation-state
4. Unskilled attacker