SYO 701 CompTIA Security Plus Certification Exam Version 1
Practice exam for CompTIA under IT Certification Exams (Licensing Exams). 5 sample questions.
Sample Questions
You're viewing a limited preview. Log in and subscribe to access all questions.
Log InExam Questions
Question 1
A company's antivirus solution is effective in blocking malware but often has false positives. The security team has spent a significant amount of time on investigations but cannot determine a root cause. The company is looking for a heuristic solution. Which of the following should replace the antivirus solution?
Correct Answer: B
Rationale: The current antivirus uses signature-based detection, which causes false positives because it flags harmless files that match known malware patterns. A heuristic solution looks at behavior, not just signatures. EDR (Endpoint Detection and Response) monitors real-time activity on devices and uses behavior analysis to detect suspicious actions—even if the file isn’t known malware. This reduces false positives and gives context for investigations. A (SIEM) is wrong—it collects logs but doesn’t replace antivirus or do heuristic detection. C (DLP) prevents data leaks, not malware. D (IDS) watches network traffic, not endpoint behavior.
Rationale: The current antivirus uses signature-based detection, which causes false positives because it flags harmless files that match known malware patterns. A heuristic solution looks at behavior, not just signatures. EDR (Endpoint Detection and Response) monitors real-time activity on devices and uses behavior analysis to detect suspicious actions—even if the file isn’t known malware. This reduces false positives and gives context for investigations. A (SIEM) is wrong—it collects logs but doesn’t replace antivirus or do heuristic detection. C (DLP) prevents data leaks, not malware. D (IDS) watches network traffic, not endpoint behavior.
Question 2
During a penetration test in a hypervisor
Correct Answer: A
Rationale: VM escape means an attacker breaks out of a virtual machine (guest) to access the host system (hypervisor). That’s exactly what happened—using a script to reach the host filesystem. B (XSS) is a web attack injecting code into a browser. C (malicious update) is fake software patches. D (SQL injection) targets databases. Only A matches the hypervisor breakout.
Rationale: VM escape means an attacker breaks out of a virtual machine (guest) to access the host system (hypervisor). That’s exactly what happened—using a script to reach the host filesystem. B (XSS) is a web attack injecting code into a browser. C (malicious update) is fake software patches. D (SQL injection) targets databases. Only A matches the hypervisor breakout.
Question 3
An administrator at a small business notices an increase in support calls from employees who receive a blocked page message after trying to navigate to a spoofed website. Which of the following should the administrator do?
Correct Answer: C
Rationale: Employees are clicking spoofed (fake) websites that look real—this is phishing. The web filter blocks them, which is good, but users keep trying. The root problem is lack of knowledge. Security awareness training teaches users to spot fake URLs, suspicious emails, and avoid clicking. A (MFA) helps login security, not phishing. B (lowering filter) would allow dangerous sites. D (AUP update) sets rules but doesn’t teach recognition.
Rationale: Employees are clicking spoofed (fake) websites that look real—this is phishing. The web filter blocks them, which is good, but users keep trying. The root problem is lack of knowledge. Security awareness training teaches users to spot fake URLs, suspicious emails, and avoid clicking. A (MFA) helps login security, not phishing. B (lowering filter) would allow dangerous sites. D (AUP update) sets rules but doesn’t teach recognition.
Question 4
Which of the following strategies most effectively protects sensitive data at rest in a database?
Correct Answer: A
Rationale: Data at rest means stored in the database. Hashing turns data into a fixed-length code (e.g., password → sha256 hash). It’s one-way—you can’t reverse it. This is best for passwords or sensitive fields where you only need to compare (not see) the original. B (masking) hides parts (e.g., XXXX-1234) but can be reversed. C (tokenization) replaces data with a token but needs a secure vault to retrieve original. D (obfuscation) scrambles but can often be undone. Hashing gives strongest protection with no recovery needed for verification.
Rationale: Data at rest means stored in the database. Hashing turns data into a fixed-length code (e.g., password → sha256 hash). It’s one-way—you can’t reverse it. This is best for passwords or sensitive fields where you only need to compare (not see) the original. B (masking) hides parts (e.g., XXXX-1234) but can be reversed. C (tokenization) replaces data with a token but needs a secure vault to retrieve original. D (obfuscation) scrambles but can often be undone. Hashing gives strongest protection with no recovery needed for verification.
Question 5
An employee from the accounting department logs in to the website used for processing the company's payments. After logging in
Correct Answer: B
Rationale: A watering hole attack infects a trusted website (here, the payment site) so that when legitimate users visit, they get malware. The site was compromised—after login, a malicious app downloads and forces a restart. A (XSS) runs script in the browser, not downloads apps. C (typosquatting) is fake domain names. D (buffer overflow) is memory exploit, not automatic download.
Rationale: A watering hole attack infects a trusted website (here, the payment site) so that when legitimate users visit, they get malware. The site was compromised—after login, a malicious app downloads and forces a restart. A (XSS) runs script in the browser, not downloads apps. C (typosquatting) is fake domain names. D (buffer overflow) is memory exploit, not automatic download.