CompTIA SY0-701 Exam (page: 6)
CompTIA Security+
Updated on: 31-Mar-2026

Explanation:

A) A DNS sinkhole is not designed to reveal a company’s domain structure to attackers. It’s used to redirect or log malicious requests, not expose internal topology.
B) Drawing employees to malicious sites is a social engineering or phishing outcome, not the purpose of a sinkhole, which aims to monitor or block such traffic.
C) Correct: a sinkhole captures or logs traffic to known-malicious domains, enabling detection, analysis, and potential triage of infected hosts without reaching the malicious host.
D) Attracting attackers away from resources is not the sinkhole’s primary function; it focuses on monitoring or intercepting malicious DNS queries, not deceiving attackers.

Reference:

Explanation:

The correct answer is B) metadata. Image files often contain embedded metadata (EXIF) with geolocation coordinates, camera details, and timestamps that describe the image without altering the image data itself. A) Log data refers to records from systems and applications, not embedded image properties. C) Encrypted data would require decryption to access content, and geolocation in metadata is typically unencrypted. D) Sensitive data is a generic label; metadata may or may not be sensitive, but the specific type being extracted here is metadata, not the broader category of sensitive data.

Reference:

Explanation:

A) To ensure non-repudiation, since S/MIME provides digital signatures that verify the sender’s identity and create an integrity check, making it verifiable that the sender issued the email. B) Increasing delivery rates is not affected by signatures; delivery depends on routing, spam filtering, and reputation, not signing. C) Blocking phishing relies on user training, domain-level DMARC/DKIM/SPF, and content filtering, not primarily on S/MIME signatures. D) Compliance standards may require encryption or signing in certain contexts, but the strongest, direct benefit of S/MIME is non-repudiation.

Reference:

Explanation:

A short paragraph explaining: Dumpster diving is the practice of recovering discarded documents and media to obtain sensitive information, which directly relates to printing centers where physical waste can contain valuable data.
A) Whaling targets high-level individuals with social engineering, not specific to printing centers.
B) Credential harvesting focuses on obtaining login credentials, not tied to printing center practices.
C) Prepending is a data integrity or email manipulation technique, not a printing-center attack method.

Reference:

Explanation:

IoT devices typically have limited processing power, memory, and energy resources, making A) Resource constraints the most critical factor for cryptography to ensure feasible, secure operation without crippling performance.
B) Available bandwidth matters, but cryptographic processing is often a local constraint; bandwidth can be planned around, but insufficient resources undermine any cryptographic scheme.
C) The use of block ciphers is not inherently more critical than ensuring the chosen algorithm fits resource limits and security needs.
D) TLS version compatibility is important but secondary to the device’s ability to implement secure algorithms within its resource constraints.

Reference:

Explanation:

The captive portal is correct because it intercepts initial web traffic and requires users to enter a valid receipt number before granting access, aligning with the requirement to restrict access to paying customers.
A) WPA3: Not suitable because it provides encryption for wireless links, not a user-facing access control based on credentials or receipts.
C) PSK: Personal key sharing does not enforce per-user validation or payment verification.
D) IEEE 802.1X: Strong network access control, but typically requires an authentication server and device-level credentials rather than a simple receipt-based access prompt for web access.

Reference:

Explanation:

RAM is most volatile and should be collected first because it loses data when power is removed, preserving running processes, memory-resident artifacts, and volatile encryption keys. A) Hard drive data persists after power loss, so it’s less volatile. C) SSD data is non-volatile but may require decay considerations; not as immediate as RAM. D) Temporary files reside on non-volatile storage and can be rebuilt or cleared; they’re less volatile than memory. A) Hard drive: incorrect because it’s non-volatile, not the most volatile. C) SSD: incorrect for same reason as HDD, plus wear-leveling considerations. D) Temporary files: incorrect since they are non-volatile and not first collected.

Reference:

Explanation:

A SOC 2 Type 2 report provides independent assurance over the design and operating effectiveness of a service organization’s controls for a specified period (six months), directly addressing customer data protection and security practices.
A) NIST CSF is a framework for organizing and communicating cybersecurity risk management but does not provide independent third-party attestation for a specific six-month period.
C) CIS Top 20 (now CIS Controls) are best-practice guidelines; they are not a formal attestation or audit report of controls.
D) Vulnerability report only shows identified flaws, not evidence of ongoing control effectiveness over time.

Reference: