⚡️Lightning Sale: 50% off lifetime membership! ⚡️

41 minutes, 52 seconds remaining!
CompTIA Study Materials
AWS Study Materials
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free CompTIA Security+ SY0-701 Practice Test

Prepare for the CompTIA Security+ SY0-701 exam with our free practice test. Randomly generated and customizable, this test allows you to choose the number of questions.

  • Questions: 15
  • Time: 60 seconds per question (0 hours, 15 minutes, 0 seconds)
  • Included Objectives:
    • Threats, Vulnerabilities, and Mitigations
    • General Security Concepts
    • Security Architecture
    • Security Operations
    • Security Program Management and Oversight

You work for a large national realty company in the networking department. Recently your department received a help desk call from a smaller satellite office stating their WiFi is no longer working. The trouble ticket was escalated to you because company policy does not allow wireless networks. After further investigation you learn that an employee in the office setup a simple wireless router themselves. Which option best defines this situation?

  • Disassociation

  • Rogue AP

  • Evil twin

  • Unauthorized twin

When a digital certificate needs to be invalidated prior to its expiration, which of the following is updated to indicate that this certificate should no longer be trusted?

  • Online Certificate Status Protocol (OCSP)

  • Certificate Revocation List (CRL)

  • Certificate Signing Request (CSR)

  • Root of Trust

  • Wildcard Certificate

When configuring a network appliance to view traffic without altering it, which device attribute should it have?

  • Passive

  • Active

  • Inline

  • Tap/Monitor in active mode

You are selecting a biometrics system for your company. You want to make sure you select a system that is going to be the most accurate choice. What calculation would you use to compare the different systems?

  • FAR

  • Efficacy rates

  • CER

  • FRR

During a third-party risk assessment of potential cloud service providers, what topic should be emphasized in the questionnaire to ascertain the provider’s ability to maintain the confidentiality and integrity of your organization’s data?

  • Yearly employee turnover rates within the provider’s IT department

  • Percentage of the provider’s IT budget allocated to research and development

  • Disaster recovery time objectives for service continuity

  • Techniques and protocols for data encryption in transit and at rest

Which type of malware infects one computer then replicates itself to infect other vulnerable systems without the need to be executed by a user?

  • Trojan

  • Virus

  • Worm

  • Ransomware

Which process is used to identify the difference between the current security measures and the desired state of security within an organization?

  • Risk Assessment

  • Business Impact Analysis

  • Gap Analysis

  • Threat Modeling

A company's network design includes a device that acts as an intermediary between users and the web services they access. It is intended to prevent direct access to database servers and to provide a central point of authentication and authorization for users accessing web applications. Which network appliance serves this purpose?

  • Gateway

  • Load balancer

  • Reverse proxy

  • Firewall

During an authorized penetration test, you uncovered a server susceptible to an injection attack. To proceed according to best practices, what step should be taken before attempting to exploit this vulnerability?

  • Immediately exploit the vulnerability to determine the impact without altering any data on the server.

  • Review the rules of engagement and testing scope to ensure that exploitation of the vulnerability does not exceed authorized activities.

  • Document the vulnerability in detail and continue testing other areas, leaving exploitation for the final phase.

  • Inform the organization's IT department about the vulnerability, requesting permission to exploit it.

What type of malware is designed to replicate itself from one computer to another with the intention of spreading as much as possible, often consuming system resources and potentially causing denial of service?

  • Spyware

  • Worm

  • Rootkit

  • Ransomware

Crucial Technologies wants to invest in a tool to assist in preventing intellectual property from being exfiltrated from the company network. Which tool would you suggest?

  • DLP

  • SCAP

  • SIEM

  • Antivirus

Your company has decided to implement a new cloud-based Customer Relationship Management (CRM) system. As part of the compliance requirements, all backups of the CRM data must be encrypted. The Chief Information Security Officer (CISO) asks for a recommendation on the encryption approach, emphasizing the need for both strong encryption and efficient key management. Which encryption method should be recommended?

  • Key Management Service (KMS) with encryption capabilities

  • Whole disk encryption

  • Manual symmetric key management with AES-256

  • Database field encryption using public key infrastructure

During a security assessment, you identified that an employee's desktop application for managing customer data allows for executing arbitrary database queries by modifying inputs within the application. This vulnerability can be exploited by attackers to manipulate or exfiltrate sensitive data from the company database. Which specific type of vulnerability does this scenario describe?

  • Buffer overflow

  • SQL injection (SQLi)

  • Directory traversal

  • Cross-site scripting (XSS)

During an annual review of security policies, a company discovered that multiple incidents related to data leakage were a result of employees accidentally sending proprietary information to external contacts. Which of the following would be the BEST approach to mitigate this type of unintentional data loss?

  • Implement data loss prevention (DLP) systems that can detect and block sensitive data from being sent via email.

  • Review and update the procedures for external communications to include stricter guidelines.

  • Enforce more stringent role-based access controls on proprietary data.

  • Increase the frequency of employee training on the acceptable use policy and proper data handling.

Your bank has contacted you and informed you they recognized an unusual login with your username and password on their website. As a precaution they have locked your account and stated the login came from a foreign country. You run a security scan on your PC which finds malware. The description of the malware states that it intercepts normal web traffic from your browser executable. What type of attack best describes this?

  • Man-in-the-browser

  • Domain hijacking

  • Amplification

  • Consensus attack

Remaining Time: