CompTIA Security+ SY0-701 Dumps in PDF

Free CompTIA SY0-701 Real Questions (page: 14)

Which of the following topics would most likely be included within an organization's SDLC?

  1. Service-level agreements
  2. Information security policy
  3. Penetration testing methodology
  4. Branch protection requirements

Answer(s): D

Explanation:

Option D is correct because SDLC (Software Development Life Cycle) includes requirements and controls for software safety and reliability, such as branch protection to enforce protected code branches in version control, aligning with secure development practices. A) Service-level agreements pertain to operational performance expectations, not SDLC development controls. B) Information security policy is overarching governance, not a specific SDLC topic. C) Penetration testing methodology is part of security testing phases, but not a fundamental SDLC control like branch protection. Therefore D is the best fit; others are peripheral to typical SDLC content.



Which of the following control types is AUP an example of?

  1. Physical
  2. Managerial
  3. Technical
  4. Operational

Answer(s): D

Explanation:

Option D is correct because an Acceptable Use Policy (AUP) governs user behavior and operational procedures, which are classified as operational controls that implement day-to-day security practices. A) Incorrect — Physical controls manage tangible assets (fences, locks) not user conduct. B) Incorrect — Managerial controls relate to governance, risk management, and policies at an organizational level, but AUPs are executed in daily operations. C) Incorrect — Technical controls deploys technology (firewalls, IDS); AUPs do not rely on technical enforcement.



An organization is adopting cloud services at a rapid pace and now has multiple SaaS applications in use. Each application has a separate log-in, so the security team wants to reduce the number of credentials each employee must maintain. Which of the following is the first step the security team should take?

  1. Enable SAML.
  2. Create OAuth tokens.
  3. Use password vaulting.
  4. Select an IdP.

Answer(s): D

Explanation:

Option D is correct because selecting an Identity Provider (IdP) enables centralized authentication and supports single sign-on across multiple SaaS applications, reducing credential management for users. A) Enable SAML: SAML is a protocol used by an IdP; enabling it is part of using an IdP but not the initial step itself. B) Create OAuth tokens: OAuth tokens are for delegated access, not the foundational step to unify logins. C) Use password vaulting: Password vaulting helps store credentials but does not provide SSO or centralized authentication across SaaS apps. INSUFFICIENT_KNOWLEDGE



A company's online shopping website became unusable shortly after midnight on January 30, 2023. When a security analyst reviewed the database server, the analyst noticed the following code used for backing up data:




Which of the following should the analyst do next?

  1. Check for recently terminated DBAs.
  2. Review WAF logs for evidence of command injection.
  3. Scan the database server for malware.
  4. Search the web server for ransomware notes.

Answer(s): B

Explanation:

Option B is correct because reviewing WAF logs for evidence of command injection helps identify a web app attack that could compromise server databases and disrupt service.
A) Incorrect — Terminated DBAs would be unlikely to directly cause an immediate outage; the scenario focuses on attacker techniques, not personnel.
C) Incorrect — Malware scan may be useful, but the specific clue points to input-based exploitation visible in WAF logs rather than generic malware presence.
D) Incorrect — Ransomware notes would indicate extortion but are not the primary indicator of a live command-injection attack affecting backups and uptime.



Which of the following would be the best way to test resiliency in the event of a primary power failure?

  1. Parallel processing
  2. Tabletop exercise
  3. Simulation testing
  4. Production failover

Answer(s): D

Explanation:

Option D is correct because production failover directly tests operational continuity by switching to an alternate power or site, validating real-world recovery and SLA compliance. A) Parallel processing tests throughput, not resiliency to power loss. B) Tabletop exercise is discussion-based and lacks real system failover validation. C) Simulation testing models scenarios but may not involve actual failover of systems and power sources. D) Production failover is the only approach that proves systems remain available during a primary power loss.



Which of the following would be the most appropriate way to protect data in transit?

  1. SHA-256
  2. SSL3.0
  3. TLS 1.3
  4. AES-256

Answer(s): C

Explanation:

Option C is correct because TLS 1.3 provides strong encryption and integrity protections for data in transit with modern cryptographic suites and reduced attack surface.
A) Incorrect — SHA-256 is a hashing algorithm, not used for protecting data in transit.
B) Incorrect — SSL 3.0 is deprecated and vulnerable; not suitable for protecting data in transit.
D) Incorrect — AES-256 is a symmetric encryption algorithm, but alone it does not specify protection for data in transit or provide the complete TLS protocol protections.



Which of the following is a common, passive reconnaissance technique employed by penetration testers in the early phases of an engagement?

  1. Open-source intelligence
  2. Port scanning
  3. Pivoting
  4. Exploit validation

Answer(s): A

Explanation:

Option A is correct because open-source intelligence (OSINT) is a passive reconnaissance method used in early engagement to gather information from publicly available sources without directly interacting with the target’s systems. Incorrect — B: Port scanning is an active discovery technique that probes a target’s ports and services. Incorrect — C: Pivoting is an exploitation activity after initial access to move laterally. Incorrect — D: Exploit validation involves testing specific vulnerabilities to confirm they can be exploited, typically during later stages.



Which of the following threat actors is the most likely to seek financial gain through the use of ransomware attacks?

  1. Organized crime
  2. Insider threat
  3. Nation-state
  4. Hacktivists

Answer(s): A

Explanation:

Organized crime groups are primarily motivated by financial gain. Ransomware attacks are a popular tool for these groups because they can encrypt a victim's data and demand a ransom payment (often in cryptocurrency) to restore access. This form of attack can yield a high financial return if victims choose to pay.



Share your comments for CompTIA SY0-701 exam with other users:

A
Aderonke
10/31/2023 12:51:00 AM

fantastic assessments

P
Priscila
7/22/2022 9:59:00 AM

i find the xengine test engine simulator to be more fun than reading from pdf.

S
suresh
12/16/2023 10:54:00 PM

nice document

W
Wali
6/4/2023 10:07:00 PM

thank you for making the questions and answers intractive and selectable.

N
Nawaz
7/18/2023 1:10:00 AM

answers are correct?

D
das
6/23/2023 7:57:00 AM

can i belive this dump

S
Sanjay
10/15/2023 1:34:00 PM

great site to practice for sitecore exam

J
jaya
12/17/2023 8:36:00 AM

good for students

B
Bsmaind
8/20/2023 9:23:00 AM

nice practice dumps

K
kumar
11/15/2023 11:24:00 AM

nokia 4a0-114 dumps

V
Vetri
10/3/2023 12:59:00 AM

great content and wonderful to have the answers with explanation

R
Ranjith
8/21/2023 3:39:00 PM

for question #118, the answer is option c. the screen shot is showing the drop down, but the answer is marked incorrectly please update . thanks for sharing such nice questions.

E
Eduardo Ramírez
12/11/2023 9:55:00 PM

the correct answer for the question 29 is d.

D
Dass
11/2/2023 7:43:00 AM

question no 22: correct answers: bc, 1 per session 1 per page 1 per component always

R
Reddy
12/14/2023 2:42:00 AM

these are pretty useful

D
Daisy Delgado
1/9/2023 1:05:00 PM

awesome

A
Atif
6/13/2023 4:09:00 AM

yes please upload

X
Xunil
6/12/2023 3:04:00 PM

great job whoever put this together, for the greater good! thanks!

L
Lakshmi
10/2/2023 5:26:00 AM

just started to view all questions for the exam

R
rani
1/19/2024 11:52:00 AM

helpful material

G
Greg
11/16/2023 6:59:00 AM

hope for the best

H
hi
10/5/2023 4:00:00 AM

will post exam has finished

V
Vmotu
8/24/2023 11:14:00 AM

really correct and good analyze!

H
hicham
5/30/2023 8:57:00 AM

excellent thanks a lot

S
Suman C
7/7/2023 8:13:00 AM

will post once pass the cka exam

R
Ram
11/3/2023 5:10:00 AM

good content

N
Nagendra Pedipina
7/13/2023 2:12:00 AM

q:32 answer has to be option c

T
Tamer Barakat
12/7/2023 5:17:00 PM

nice questions

D
Daryl
8/1/2022 11:33:00 PM

i really like the support team in this website. they are fast in communication and very helpful.

C
Curtis Nakawaki
6/29/2023 9:13:00 PM

a good contemporary exam review

X
x-men
5/23/2023 1:02:00 AM

q23, its an array, isnt it? starts with [ and end with ]. its an array of objects, not object.

A
abuti
7/21/2023 6:24:00 PM

cool very helpfull

K
Krishneel
3/17/2023 10:34:00 AM

i just passed. this exam dumps is the same one from prepaway and examcollection. it has all the real test questions.

R
Regor
12/4/2023 2:01:00 PM

is this a valid prince2 practitioner dumps?

AI Tutor 👋 I’m here to help!