👻🕸️ Cybersecurity Awareness Month Sale - 50% off select memberships! 🕸️👻

12 hours, 4 minutes remaining!
00:15:00

Free CompTIA Security+ SY0-701 Practice Test

Prepare for the CompTIA Security+ SY0-701 exam with this free practice test. Randomly generated and customizable, this test allows you to choose the number of questions.

  • Questions: 15
  • Time: 15 minutes (60 seconds per question)
  • Included Objectives:
    • General Security Concepts
    • Threats, Vulnerabilities, and Mitigations
    • Security Architecture
    • Security Operations
    • Security Program Management and Oversight
Question 1 of 15

A company has developed an algorithm that provides them with a competitive advantage in the market. They want to ensure this information remains confidential and protected from competitors. Which of the following data types BEST describes the algorithm?

  • Trade secret

  • Financial information

  • Intellectual property

  • Legal information

Question 2 of 15

A company is introducing a new policy which mandates the inclusion of security measures throughout their software development process. To align with best practices, when should the development team perform security risk assessments?

  • At the beginning of system testing.

  • During the requirements gathering phase.

  • Immediately after deployment.

  • Prior to user acceptance testing.

Question 3 of 15

What best describes a 'Recurring' process within risk management practices?

  • An ongoing operation without set intervals

  • An action taken as needed, without a regular schedule

  • An activity that is conducted at regular intervals

  • A unique process that occurs once and is not intended to be repeated

Question 4 of 15

Which document should an organization develop to define the constraints on how employees may use company systems and networks?

  • Information Security Policies

  • Technical Standards

  • Acceptable Use Policy

  • Security Guidelines

Question 5 of 15

You are the IT manager overseeing a security assessment project. To ensure the third-party security firm's penetration test activities align with company policies and legal requirements, which document must be established to detail the testing boundaries, methods, timelines, and communication protocols?

  • Acceptable Use Policy (AUP)

  • Rules of Engagement (ROE)

  • Master Service Agreement (MSA)

  • Interconnection Security Agreement (ISA)

Question 6 of 15

Which network appliance is primarily used to balance traffic among multiple servers to enhance performance and scalability?

  • Jump server

  • Load balancer

  • Proxy server

  • Intrusion prevention system (IPS)/intrusion detection system (IDS)

Question 7 of 15

During an authorized security assessment, the security team at XYZ Corp is tasked with identifying potential vulnerabilities without alerting the target systems. Which of the following options best describes an method that the security team should employ to gather intelligence without raising suspicion?

  • Running an automated crawler on the company's public website

  • Engaging in social engineering calls to the employees

  • Executing a full network scan to map out live hosts

  • Performing passive DNS analysis

Question 8 of 15

Key Escrow is required for all implementations of Public Key Infrastructure to ensure third-party access to encrypted data in case of emergencies.

  • False

  • True

Question 9 of 15

Automated systems for compliance monitoring eradicate the necessity for any manual verification processes to maintain adherence to relevant legal and industry-specific guidelines.

  • False

  • True

Question 10 of 15

A company is revising its security monitoring strategies to enhance incident detection and response. Their current system is primarily manual, resulting in delayed identification and inconsistent reporting of suspicious activities. Which of the following is the BEST method to improve their incident reporting and monitoring process?

  • Conducting more comprehensive employee training sessions

  • Expanding the in-house security team

  • Increasing the frequency of manual security audits

  • Implementing real-time automated monitoring and alerting systems

Question 11 of 15

In Mandatory Access Control systems, permissions to access specific resources are determined at the discretion of the resource owner.

  • True

  • False

Question 12 of 15

Which of the following is the BEST method to protect credit card information in a database while still allowing for customer data analysis?

  • Tokenize the credit card information within the database

  • Encrypt the entire database with a strong encryption algorithm

  • Use data masking to obscure credit card numbers in the database

  • Hash the credit card information and store the hash value in the database

Question 13 of 15

When configuring a security device, which mode will allow traffic to pass through if the device fails to process the traffic normally?

  • Failover

  • Fail-open

  • Fail-secure

  • Fail-closed

Question 14 of 15

Regular application of patches provides immunity against all forms of malware.

  • True

  • False

Question 15 of 15

As a network architect, you have been asked to design a network infrastructure for a financial services provider that requires extremely high levels of security due to the sensitive nature of the data being processed. The client also demands that certain systems must remain operational and isolated even in the event of a catastrophic network failure. Which of the following solutions would BEST meet these requirements?

  • Implementing an air-gapped network for those critical systems

  • Implementing a Virtual Private Network (VPN) for all internal communications

  • Deploying an Intrusion Prevention System (IPS) throughout the network

  • Creating logical segmentation of the network using VLANs