. Complete exam .prep,
Complete
practice
exam
resources,
prep, practice
and updated
resources,
studyand
guides
updated
included
study
Page
for
guides
effective
1 of included
10 qualifying
assessment
for effective
examination
preparation.00
assessment
Questions
- SY0-701
preparation.
and Answers
- CompTIA
+ Rationales
Security+ 2023 To
00 - SY0-701 - CompTIA Security+ 2023 Topic 1 - 40 Questions R
Q1. An accounting clerk sent money to an attacker’s bank account after receiving fraudulent instructions to use
a new account. Which of the following would most likely prevent this activity in the future?
A. Standardizing security incident reporting
B. Executing regular phishing campaigns
C. Implementing insider threat detection measures
D. Updating processes for sending wire transfers
Hint answer: D
Q2. A technician is deploying a new security camera. Which of the following should the technician do?
A. Configure the correct VLAN.
B. Perform a vulnerability scan.
C. Disable unnecessary ports.
D. Conduct a site survey.
Before deploying a new security camera, conducting a site survey is crucial. A site survey helps determine the
optimal placement of the camera, assesses environmental factors, ensures there are no blind spots, and
verifies that the camera will effectively cover the desired area. It also helps in planning for network connectivity,
power supply, and other logistical considerations.
Q3. Which of the following factors are the most important to address when formulating a training curriculum
plan for a security awareness program? (Choose two.)
A. Channels by which the organization communicates with customers
B. The reporting mechanisms for ethics violations
C. Threat vectors based on the industry in which the organization operates
D. Secure software development training for all personnel
E. Cadence and duration of training events
F. Retraining requirements for individuals who fail phishing simulations
Hint answer: C E
Q4. Which of the following risk management strategies should an enterprise adopt first if a legacy application
is critical to business operations and there are preventative controls that are not yet implemented?
A. Mitigate
B. Accept
C. Transfer
D. Avoid
Hint answer: A
Page 1 of 10 . Complete exam .prep,
Complete
practice
exam
resources,
prep, practice
and updated
resources,
studyand
guides
updated
included
studyfor
guides
effective
included
assessment
for effective
preparation.
assessment preparation.
, . Complete exam .prep,
Complete
practice
exam
resources,
prep, practice
and updated
resources,
studyand
guides
updated
included
study
Page
for
guides
effective
2 of included
10 qualifying
assessment
for effective
examination
preparation.00
assessment
Questions
- SY0-701
preparation.
and Answers
- CompTIA
+ Rationales
Security+ 2023 To
Q5. Which of the following would be the best way to handle a critical business application that is running on a
legacy server?
A. Segmentation
B. Isolation
C. Hardening
D. Decommissioning
Hint answer: A
Q6. A small business uses kiosks on the sales floor to display product information for customers. A security
team discovers the kiosks use end-of-life operating systems. Which of the following is the security team most
likely to document as a security implication of the current architecture?
A. Patch availability
B. Product software compatibility
C. Ease of recovery
D. Cost of replacement
The security team is most likely to document "Patch availability" as a security implication of the current
architecture. End-of-life operating systems are no longer supported by the vendor, which means they do not
receive regular security updates or patches. This lack of patch availability leaves the kiosks vulnerable to
known and potentially exploitable security vulnerabilities. Attackers can target these vulnerabilities to
compromise the kiosks and gain unauthorized access to the systems or customer information. It is crucial for
the security team to highlight the risk associated with using end-of-life operating systems and recommend
upgrading to a supported and more secure operating system to mitigate potential security threats.
Hint answer: A
Q7. Which of the following are cases in which an engineer should recommend the decommissioning of a
network device? (Choose two.)
A. The device has been moved from a production environment to a test environment.
B. The device is configured to use cleartext passwords.
C. The device is moved to an isolated segment on the enterprise network.
D. The device is moved to a different location in the enterprise.
E. The device’s encryption level cannot meet organizational standards.
F. The device is unable to receive authorized updates.
Hint answer: E F
Q8. An organization disabled unneeded services and placed a firewall in front of a business-critical legacy
system. Which of the following best describes the actions taken by the organization?
A. Exception
B. Segmentation
C. Risk transfer
D. Compensating controls
Page 2 of 10 . Complete exam .prep,
Complete
practice
exam
resources,
prep, practice
and updated
resources,
studyand
guides
updated
included
studyfor
guides
effective
included
assessment
for effective
preparation.
assessment preparation.
Complete
practice
exam
resources,
prep, practice
and updated
resources,
studyand
guides
updated
included
study
Page
for
guides
effective
1 of included
10 qualifying
assessment
for effective
examination
preparation.00
assessment
Questions
- SY0-701
preparation.
and Answers
- CompTIA
+ Rationales
Security+ 2023 To
00 - SY0-701 - CompTIA Security+ 2023 Topic 1 - 40 Questions R
Q1. An accounting clerk sent money to an attacker’s bank account after receiving fraudulent instructions to use
a new account. Which of the following would most likely prevent this activity in the future?
A. Standardizing security incident reporting
B. Executing regular phishing campaigns
C. Implementing insider threat detection measures
D. Updating processes for sending wire transfers
Hint answer: D
Q2. A technician is deploying a new security camera. Which of the following should the technician do?
A. Configure the correct VLAN.
B. Perform a vulnerability scan.
C. Disable unnecessary ports.
D. Conduct a site survey.
Before deploying a new security camera, conducting a site survey is crucial. A site survey helps determine the
optimal placement of the camera, assesses environmental factors, ensures there are no blind spots, and
verifies that the camera will effectively cover the desired area. It also helps in planning for network connectivity,
power supply, and other logistical considerations.
Q3. Which of the following factors are the most important to address when formulating a training curriculum
plan for a security awareness program? (Choose two.)
A. Channels by which the organization communicates with customers
B. The reporting mechanisms for ethics violations
C. Threat vectors based on the industry in which the organization operates
D. Secure software development training for all personnel
E. Cadence and duration of training events
F. Retraining requirements for individuals who fail phishing simulations
Hint answer: C E
Q4. Which of the following risk management strategies should an enterprise adopt first if a legacy application
is critical to business operations and there are preventative controls that are not yet implemented?
A. Mitigate
B. Accept
C. Transfer
D. Avoid
Hint answer: A
Page 1 of 10 . Complete exam .prep,
Complete
practice
exam
resources,
prep, practice
and updated
resources,
studyand
guides
updated
included
studyfor
guides
effective
included
assessment
for effective
preparation.
assessment preparation.
, . Complete exam .prep,
Complete
practice
exam
resources,
prep, practice
and updated
resources,
studyand
guides
updated
included
study
Page
for
guides
effective
2 of included
10 qualifying
assessment
for effective
examination
preparation.00
assessment
Questions
- SY0-701
preparation.
and Answers
- CompTIA
+ Rationales
Security+ 2023 To
Q5. Which of the following would be the best way to handle a critical business application that is running on a
legacy server?
A. Segmentation
B. Isolation
C. Hardening
D. Decommissioning
Hint answer: A
Q6. A small business uses kiosks on the sales floor to display product information for customers. A security
team discovers the kiosks use end-of-life operating systems. Which of the following is the security team most
likely to document as a security implication of the current architecture?
A. Patch availability
B. Product software compatibility
C. Ease of recovery
D. Cost of replacement
The security team is most likely to document "Patch availability" as a security implication of the current
architecture. End-of-life operating systems are no longer supported by the vendor, which means they do not
receive regular security updates or patches. This lack of patch availability leaves the kiosks vulnerable to
known and potentially exploitable security vulnerabilities. Attackers can target these vulnerabilities to
compromise the kiosks and gain unauthorized access to the systems or customer information. It is crucial for
the security team to highlight the risk associated with using end-of-life operating systems and recommend
upgrading to a supported and more secure operating system to mitigate potential security threats.
Hint answer: A
Q7. Which of the following are cases in which an engineer should recommend the decommissioning of a
network device? (Choose two.)
A. The device has been moved from a production environment to a test environment.
B. The device is configured to use cleartext passwords.
C. The device is moved to an isolated segment on the enterprise network.
D. The device is moved to a different location in the enterprise.
E. The device’s encryption level cannot meet organizational standards.
F. The device is unable to receive authorized updates.
Hint answer: E F
Q8. An organization disabled unneeded services and placed a firewall in front of a business-critical legacy
system. Which of the following best describes the actions taken by the organization?
A. Exception
B. Segmentation
C. Risk transfer
D. Compensating controls
Page 2 of 10 . Complete exam .prep,
Complete
practice
exam
resources,
prep, practice
and updated
resources,
studyand
guides
updated
included
studyfor
guides
effective
included
assessment
for effective
preparation.
assessment preparation.
