2025
Practice Exam || With
Complete Questions &
Answers (Graded A+)
Conceptial Research ||
, CompTIA SEC+ SYO 701 Practice Exam
|| With Complete Questions & Answers
(Graded A+)
Which type of tool is commonly used to automate incident response?
PKI
MDM
SOAR
SIEM - ANSWER - SOAR is correct. Security orchestration, automation, and response
(SOAR) solutions use runbooks to automate incident response thus reducing incident
response time.
Imagine a Superhero Helper:
SOAR is like a superhero helper for computer security. It stands for Security
Orchestration, Automation, and Response.
Runbooks are like Superhero Plans:
In SOAR, there are things called runbooks. Think of runbooks like plans that
superheroes follow to tackle problems. These plans help them know what to do when
there's trouble.
Super Speedy Incident Response:
SOAR makes these plans super fast! It automates responses to computer problems,
making it quicker to fix things when there's a security issue. It's like having a superhero
who can solve problems in a blink!
So, SOAR is the Super Sidekick for Computer Security:
In simple terms, SOAR is like a sidekick that helps computers stay safe. It follows fast
plans (runbooks) to fix things quickly when there's a problem, making sure everything is
secure. It's like having a superhero buddy for computer safety!
In which order should the following items be conducted?
ALE, business analysis, risk analysis
ALE, risk analysis, business impact analysis
Business impact analysis, ALE, risk analysis
Risk analysis, ALE, business impact analysis - ANSWER - ALE, risk analysis, business
impact analysis is correct.
ALE stands for Annualized Loss Expectancy. It's like a dollar figure used in risk
analysis to help prioritize which risks are most important to tackle first.
, The ALE is a dollar figure used in quantitative risk analysis to prioritize risks; therefore,
it cannot be calculated after a risk analysis. The business impact analysis can occur
only after risks have been identified.
ALE is like a money calculator for risks, helping you focus on the ones that could cost
the most. It's a key part of risk analysis.
Marcel, a security specialist, configures a network appliance to detect and block
suspicious network activity. What has Marcel configured?
Host-based NIDS
Anomaly-based NIDS
Signature-based NIDS
Anomaly-based NIPS - ANSWER - Anomaly-Based NIPS is correct.
Which of the following answers can be used to describe technical security controls?
(Select 3 answers)
a Focused on protecting material assets
b Sometimes called logical security controls
c Executed by computer systems (instead of people)
d Also known as administrative controls
e Implemented with technology f Primarily implemented and executed by people (as
opposed to computer systems) - ANSWER - b. Sometimes called logical security
controls
c. Executed by computer systems (instead of people)
e. Implemented with technology
*Any control that is implemented and executed with technology
What does Thrid party Vendor Risk Mean? - ANSWER - Your security is comprised by
outside parties, like vendors, suppliers and business that do business with you.
Supply Chain Risk with hardware manufacturing. - ANSWER - devices must be vetted
to be used by the a low risk appetite like the DOD.
Supply Chain Attack - ANSWER - Attackers target the weakest link, or weaker links in
supply chain in order to bring down main targets within the supply chain.
Vendor Assesment - ANSWER - Organizations evaluate the security, reliability and
performance of external entities.
What is governance? - ANSWER - Is a system of rules and guidelines that help an
organization align its IT infrastructure with its business goals.
, You must distribute the network traffic among a collection of mirrored servers. Which
device should you use? - ANSWER - LOAD BALANCER Imagine a load balancer as a
traffic manager for websites. Its job is to make sure that when people visit a website, the
load balancer distributes the visitors evenly among multiple servers, like having multiple
cashiers at a store.
You are modifying the backup schedule for the thirteen Windows and seven Unix
servers in your server room. Full backups will occur Saturdays at 9:00 A.M. and
incremental backups will occur every weekday starting at 7:00 P.M. Each server
contains an average of 400GB of data. Backup tapes are stored in a safe down the hall
in the IT manager's office. What problems exist with this scenario?
-There is not enough time to perform incremental backups if the start time is 7:00 P.M.
-Backup tapes should be stored offsite.
-Differential backups can be used only with full backups.
-Incremental backups must be used with differential backups. - ANSWER - Backup
tapes should be stored offsite. In case of damage to the same location where other
backups are stored. An alternate location should be used.
Imagine a guard for computers called Anomaly-based NIPS. It watches for weird
computer behavior that doesn't look normal. When it spots something strange (an
anomaly), it can stop the strange activity, like a superhero stopping a villain's plan.
Key Points:
Anomaly-based NIPS is like a computer guard.
It stops weird computer behavior (anomalies).
It can prevent the strange activity from causing problems.
NIPSs (network intrusion prevention systems)
Which of the following are examples of spyware? (Choose three.)
Changing the web browser home page
Gathering entered user keystrokes
Broadcasting ARP cache updates to network hosts
Flooding a host with network traffic
Manipulating search engine results - ANSWER - Gathering entered user keystrokes,
Manipulating search engine results, and Changing the web browser home page are
correct.
Simple Summary:
Spyware is like a sneaky computer spy. It can record what you type, trick you with fake
search results, and even change the starting page of your web browser to show things
you might not want.
Key Points:
Spyware records what you type.
It tricks with fake search results.