SY0-701 COMPTIA SECURITY+
CERTIFICATION EXAM QUESTIONS WITH
CORRECT ANSWERS LATEST UPDATE
A security operations center determines that the malicious activity detected on a
server isnormal. Which of the following activities describes the act of ignoring
detected activity in the future?
A. Tuning
B. Aggregating
C. Quarantining
D. Archiving --CORRECT ANSWER--A. Tuning
A security administrator is deploying a DLP solution to prevent the exfiltration
of sensitivecustomer dat a. Which of the following should the administrator do
first?
A. Block access to cloud storage websites.
B. Create a rule to block outgoing email attachments.
C. Apply classifications to the data.
Page 1 of 72
,D. Remove all user permissions from shares on the file server --CORRECT
ANSWER--C. Apply classifications to the data.
A company hired a consultant to perform an offensive security assessment
coveringpenetration testing and social engineering.Which of the following
teams will conduct this assessment activity?
A. White
B. Purple
C. Blue
D. Red --CORRECT ANSWER--D. Red
Which of the following describes the process of concealing code or text inside a
graphicalimage?
A. Symmetric encryption
B. Hashing
C. Data masking
D. Steganography --CORRECT ANSWER--D. Steganography
Which of the following vulnerabilities is exploited when an attacker overwrites
a register with amalicious address?
Page 2 of 72
,A. VM escape
B. SQL injection
C. Buffer overflow
D. Race condition --CORRECT ANSWER--C. Buffer overflow
Which of the following is a primary security concern for a company setting up a
BYODprogram?
A. End of life
B. Buffer overflow
C. VM escape
D. Jailbreaking --CORRECT ANSWER--D. Jailbreaking
Which of the following security control types does an acceptable use policy best
represent?
A. Detective
B. Compensating
C. Corrective
D. Preventive --CORRECT ANSWER--D. Preventive
Page 3 of 72
, Employees in the research and development business unit receive extensive
training to ensure they understand how to best protect company data. Which of
the following is the type of data theseemployees are most likely to use in day-
to-day work activities?
A. Encrypted
B. Intellectual property
C. Critical
D. Data in transit --CORRECT ANSWER--B. Intellectual property
A data administrator is configuring authentication for a SaaS application and
would like to reduce the number of credentials employees need to maintain. The
company prefers to use domain credentials to access new SaaS applications.
Which of the following methods would allow this functionality?
A. SSO
B. LEAP
C. MFA
D. PEAP --CORRECT ANSWER--A. SSO
A company must ensure sensitive data at rest is rendered unreadable. Which of
the followingwill the company most likely use?
Page 4 of 72
CERTIFICATION EXAM QUESTIONS WITH
CORRECT ANSWERS LATEST UPDATE
A security operations center determines that the malicious activity detected on a
server isnormal. Which of the following activities describes the act of ignoring
detected activity in the future?
A. Tuning
B. Aggregating
C. Quarantining
D. Archiving --CORRECT ANSWER--A. Tuning
A security administrator is deploying a DLP solution to prevent the exfiltration
of sensitivecustomer dat a. Which of the following should the administrator do
first?
A. Block access to cloud storage websites.
B. Create a rule to block outgoing email attachments.
C. Apply classifications to the data.
Page 1 of 72
,D. Remove all user permissions from shares on the file server --CORRECT
ANSWER--C. Apply classifications to the data.
A company hired a consultant to perform an offensive security assessment
coveringpenetration testing and social engineering.Which of the following
teams will conduct this assessment activity?
A. White
B. Purple
C. Blue
D. Red --CORRECT ANSWER--D. Red
Which of the following describes the process of concealing code or text inside a
graphicalimage?
A. Symmetric encryption
B. Hashing
C. Data masking
D. Steganography --CORRECT ANSWER--D. Steganography
Which of the following vulnerabilities is exploited when an attacker overwrites
a register with amalicious address?
Page 2 of 72
,A. VM escape
B. SQL injection
C. Buffer overflow
D. Race condition --CORRECT ANSWER--C. Buffer overflow
Which of the following is a primary security concern for a company setting up a
BYODprogram?
A. End of life
B. Buffer overflow
C. VM escape
D. Jailbreaking --CORRECT ANSWER--D. Jailbreaking
Which of the following security control types does an acceptable use policy best
represent?
A. Detective
B. Compensating
C. Corrective
D. Preventive --CORRECT ANSWER--D. Preventive
Page 3 of 72
, Employees in the research and development business unit receive extensive
training to ensure they understand how to best protect company data. Which of
the following is the type of data theseemployees are most likely to use in day-
to-day work activities?
A. Encrypted
B. Intellectual property
C. Critical
D. Data in transit --CORRECT ANSWER--B. Intellectual property
A data administrator is configuring authentication for a SaaS application and
would like to reduce the number of credentials employees need to maintain. The
company prefers to use domain credentials to access new SaaS applications.
Which of the following methods would allow this functionality?
A. SSO
B. LEAP
C. MFA
D. PEAP --CORRECT ANSWER--A. SSO
A company must ensure sensitive data at rest is rendered unreadable. Which of
the followingwill the company most likely use?
Page 4 of 72
