CompTIA SY0-701 Exam Dumps & Practice Test Questions

Question No 1:

You're analyzing how foreign actors might target vital national systems like energy grids or defense databases. When a government wants to secretly launch cyberattacks on another country’s critical infrastructure, 

Which type of group is most likely to be covertly employed to carry out the operation?

A. Hacktivist
B. Whistleblower
C. Organized crime
D. Unskilled attacker

Correct Answer: C

Explanation:

When a government needs to discreetly launch cyberattacks against another nation's critical infrastructure, they often seek external help to maintain plausible deniability. Among the choices, organized crime groups are the most probable candidates. These criminal networks are not only technologically advanced but also highly structured, often mimicking legitimate corporate hierarchies. They maintain specialized teams for tasks such as malware development, vulnerability exploitation, data theft, and network infiltration.

Governments may avoid using their official cyber units directly for attacks because doing so could escalate geopolitical tensions or provoke retaliation. Instead, they contract organized cybercrime groups, allowing them to carry out operations while distancing themselves from the fallout. These groups are typically motivated by financial gain but are willing to accept lucrative government deals for espionage or infrastructure sabotage.

Real-world evidence shows that organized cybercriminals have been involved in major state-sponsored attacks, particularly where strategic denial is critical. This practice provides governments with a “buffer layer” of operational anonymity.

Let’s review why the other choices are less appropriate:

• A (Hacktivist): Although hacktivists can be effective in disrupting systems, they usually act independently, motivated by ideological causes like free speech or political reform. They rarely work for state entities.

• B (Whistleblower): Whistleblowers are not attackers. They expose internal misconduct or unethical behavior, usually with the intention of prompting reform, not destruction.

• D (Unskilled attacker): Often referred to as "script kiddies," these individuals use pre-written tools without deep understanding. They lack the technical capacity to penetrate complex, secured infrastructure.

Thus, organized crime stands out as the most logical and dangerous threat actor in scenarios where governments need skilled but deniable agents to strike foreign infrastructure targets.

Question No 2:

You're learning about how hashed passwords can be protected against precomputed attacks. 

What is the name of the technique that involves adding a unique, random value to a password before hashing it to enhance security?

A. Key stretching
B. Data masking
C. Steganography
D. Salting

Correct Answer: D

Explanation:

The correct answer is salting, a fundamental technique in cybersecurity used to protect stored credentials from being easily compromised. A salt is a random string of data that is added to the user's password before it undergoes a one-way hash transformation. This ensures that even if two users have identical passwords, their final stored hashes will be completely different due to their unique salt values.

Salting primarily defends against rainbow table attacks, where attackers use a precompiled list of common password hashes to crack systems. If passwords are hashed without a salt, these tables can be very effective. But with salting, the hash result becomes unique, rendering rainbow tables ineffective unless they also account for each possible salt — an infeasible task due to the increased complexity.

Another advantage of salting is its ability to prevent precomputed hash attacks, where attackers use massive databases of hashed passwords to guess credentials. By salting each password uniquely, attackers would need to compute the hash for every combination of salt and password, making the attack computationally expensive and inefficient.

Here's why the other options are incorrect:

• A (Key stretching): This technique increases the processing time required to hash a password (e.g., via multiple iterations). While often used alongside salting, it does not introduce randomness by itself.

• B (Data masking): Data masking is about hiding sensitive information in non-production environments. It doesn’t relate to hashing or enhancing password security.

• C (Steganography): Steganography hides data within other media formats, like embedding messages in images. It’s unrelated to password protection or hashing.

In conclusion, salting is essential to secure password storage. It not only thwarts large-scale hash-based attacks but also ensures that even leaked hash databases provide limited utility to attackers.

Question No 3:

An employee received an email that looked like it came from a legitimate payment platform, urging them to update their profile. After clicking the link and entering their credentials, the site returned a “page not found” message. Later analysis revealed the site and email were fakes. 

What kind of cyberattack does this best illustrate?

A. Brand impersonation
B. Pretexting
C. Typosquatting
D. Phishing

Correct Answer: D

Explanation:

This situation is a textbook example of phishing — a type of social engineering attack where a threat actor masquerades as a trusted source to trick victims into revealing confidential information. In this case, the attacker crafted an email that appeared to originate from a well-known payment service, luring the employee into clicking a malicious link. The fake website imitated the legitimate one and captured the entered login credentials. The subsequent "page not found" error was likely a distraction tactic to avoid immediate detection.

Phishing exploits human trust and urgency. Victims often don’t scrutinize emails that appear legitimate, especially if they come from a known brand and request urgent action. Phishing can lead to credential theft, financial fraud, or unauthorized access to sensitive corporate systems.

Why the other choices don't fit:

• A (Brand impersonation): This technique is often part of a phishing campaign — using logos and branding to make fake emails and websites look legitimate. But on its own, brand impersonation doesn’t describe the entire attack process of deceiving a user into submitting sensitive data.

• B (Pretexting): Pretexting involves a fabricated scenario or lie to gain trust and extract information. It's usually more personal and direct, like a fake phone call or impersonating a coworker. It doesn’t typically involve fake websites.

• C (Typosquatting): This method relies on users mistyping URLs (e.g., “goggle.com” instead of “google.com”) and accidentally landing on malicious sites. In this case, the employee clicked a crafted link, not a mistyped domain.

Ultimately, phishing fits best here, as the core method was deception via a fraudulent communication that led to the user voluntarily giving up sensitive credentials. These attacks remain one of the most common and effective methods used in cybercrime today.

Question No 4:

Your organization needs to strictly regulate which internal devices can initiate DNS requests to external servers. Only the machine with IP address 10.50.10.25 should be authorized to send outbound DNS queries. All other outbound DNS requests must be denied by the firewall.

Which of the following ACL configurations best fulfills this security requirement?

A. Allow all sources to any destination on port 53; deny 10.50.10.25 to any destination on port 53
B. Allow any source to 10.50.10.25 on port 53; deny all other traffic
C. Allow any source to any destination on port 53; deny any source to 10.50.10.25 on port 53
D. Allow 10.50.10.25 to any destination on port 53; deny all others

Correct Answer: D

Explanation:

To achieve precise control over outbound DNS traffic, a firewall access control list (ACL) must specifically allow DNS requests only from the trusted device — 10.50.10.25 — and deny all other outbound DNS queries from the rest of the network.

In ACL processing, rule order is critical. The firewall evaluates packets top to bottom, applying the first matching rule it encounters. Therefore, the correct implementation starts with a permit statement explicitly allowing outbound DNS traffic from 10.50.10.25 to any external destination (0.0.0.0/0) on port 53 (UDP or TCP). This rule authorizes DNS access for the trusted device.

Following this, a deny rule must be placed immediately to block all remaining outbound DNS traffic, regardless of source or destination. This guarantees that no other internal system can resolve external DNS addresses, which strengthens security against potential malware or data exfiltration via DNS tunneling.

Why other choices are incorrect:

• A allows all DNS traffic, then tries to block just 10.50.10.25, doing the exact opposite of the requirement.

• B uses 10.50.10.25 as the destination rather than the source, misapplying the rule.

• C permits all outbound DNS traffic first, rendering the later deny ineffective, and it misidentifies 10.50.10.25 as the destination.

Only Option D correctly allows DNS traffic from the specified IP while denying it from all others, making it the correct and secure configuration.

Question No 5:

A company is integrating a new SaaS platform and wants its employees to use their existing domain login credentials for access. The aim is to simplify user experience by reducing the number of separate logins and passwords employees must manage.

Which authentication method is best suited for this objective?

A. SSO
B. LEAP
C. MFA
D. PEAP

Correct Answer: A

Explanation:

The ideal authentication method in this case is Single Sign-On (SSO). SSO allows users to log in once using their domain credentials and gain access to multiple applications and systems without needing to log in repeatedly. This approach is commonly used in enterprise environments where users interact with multiple systems throughout the day.

SSO integrates with existing directory services such as Active Directory, enabling seamless and secure access to SaaS applications using the same credentials employees already use internally. This reduces the risk of password fatigue, password reuse, and potential security incidents stemming from weak or repeated credentials.

Let’s review the other options and why they are not suitable:

• LEAP (Lightweight Extensible Authentication Protocol): A Cisco-specific protocol used for securing wireless networks. It is outdated and not appropriate for SaaS authentication scenarios.

• MFA (Multi-Factor Authentication): While MFA enhances security by requiring multiple forms of verification (e.g., password and a mobile code), it does not reduce the number of passwords — it adds more layers to authentication.

• PEAP (Protected Extensible Authentication Protocol): Like LEAP, PEAP is mainly used for protecting wireless authentication and does not serve the need for simplifying access to SaaS applications.

By using SSO, the organization achieves not only simplified user experience but also centralized control, improved compliance, and reduced help desk tickets due to fewer forgotten passwords. It’s a scalable solution well-aligned with modern identity management practices.

Question No 6:

Cybercriminals increasingly use email to impersonate executives and manipulate employees into taking unauthorized actions. These attacks don’t rely on malware but instead exploit trust and authority.
Which of the following examples is the clearest case of a Business Email Compromise (BEC) attack?

A. An employee receives a request for gift cards in an email that shows an executive’s name.
B. Opening an email attachment triggers a ransomware message demanding payment.
C. A fake HR email asks for cloud admin credentials from a help desk employee.
D. An email contains a link to a fake login page resembling the company’s site.

Correct Answer: A

Explanation:

Business Email Compromise (BEC) is a type of cyberattack that relies on impersonation, social engineering, and psychological manipulation — not malware. In a BEC scenario, the attacker typically poses as a high-ranking executive and sends convincing emails to employees, requesting urgent actions such as transferring funds or buying gift cards.

Option A represents the most accurate example of a BEC attack. The attacker impersonates an executive — likely by spoofing the display name — and asks the recipient to purchase gift cards. The combination of urgency, financial request, and executive impersonation are textbook signs of BEC. These scams are highly successful because employees often hesitate to question what appears to be a direct request from leadership.

Here’s why the other options do not match BEC characteristics:

• B describes a ransomware attack, which involves malicious code, not impersonation or social engineering alone.

• C is closer to credential phishing, where an attacker seeks login details through deception, usually using fake titles or job roles — but lacks the financial or transactional focus typical of BEC.

• D outlines a phishing attack using a fake login page, again relying more on technical deceit than executive impersonation.

BEC attacks are particularly dangerous because they’re often invisible to traditional antivirus tools — there are no links or attachments. Their success depends entirely on deceiving the human recipient.

In summary, Option A captures the essence of a BEC threat: executive impersonation, emotional pressure, and financial manipulation, making it the correct answer.

Question No 7:

A company has implemented strict security controls preventing direct connections from personal workstations to critical database servers. How can a database administrator securely access these servers while staying compliant with the security policy?

A. Jump server
B. RADIUS
C. HSM
D. Load balancer

Correct Answer: A

Explanation:

In environments where direct access to sensitive network areas is restricted, a jump server is often employed as a secure intermediary. Also known as a jump box, this system acts as a controlled gateway between a less secure environment (such as a user’s workstation) and critical internal infrastructure like database servers.

Here’s how it works: instead of connecting directly to the database servers, the administrator first logs into the jump server. This system sits in a specially protected segment of the network and is hardened with enhanced security controls—such as strict access rules, multi-factor authentication, and session recording. From the jump server, the administrator can then initiate a second, secured connection to the database servers.

This approach provides multiple benefits. It enforces centralized access control, ensures all sessions are logged and auditable, and significantly reduces the attack surface by limiting which machines can access sensitive areas. The setup is especially useful for complying with security policies and regulatory requirements.

The other options, while important in different contexts, are not suitable here:

• B. RADIUS is a protocol used for centralized authentication, but it doesn’t act as an access gateway.

• C. HSM (Hardware Security Module) manages cryptographic keys and functions, unrelated to user access routing.

• D. Load balancer distributes traffic among servers to optimize performance—not control administrator access.

Therefore, deploying a jump server is the most effective and policy-compliant method for allowing secure administrative access to sensitive database systems.

Question No 8:

After an attacker exploited a buffer overflow vulnerability to compromise a company’s public website, what solution should be implemented to help prevent similar web-based attacks in the future?

A. NGFW
B. WAF
C. TLS
D. SD-WAN

Correct Answer: B

Explanation:

A Web Application Firewall (WAF) is the most effective solution to mitigate risks from web-based attacks such as buffer overflows. WAFs are designed to protect web applications by filtering and monitoring HTTP requests between the internet and the web server.

Buffer overflow attacks occur when an attacker sends more data to an application than it can handle, which can lead to crashes or allow the attacker to execute malicious code. A WAF can detect such attempts by applying specific rules and behavior analysis to incoming requests. It blocks or challenges suspicious activity in real time, thereby preventing the exploit from reaching the vulnerable application layer.

WAFs can also protect against other threats such as SQL injection, cross-site scripting (XSS), and file inclusion attacks. This makes them an essential part of any web security architecture, especially for public-facing websites.

Other options offer less targeted protection:

• A. NGFW (Next-Generation Firewall) provides broad network protection but is not optimized for application-layer threats.

• C. TLS (Transport Layer Security) encrypts data in transit but does not prevent vulnerabilities within the web application itself.

• D. SD-WAN enhances network routing and performance but doesn’t address security at the web application level.

In conclusion, a WAF offers specialized defense mechanisms to guard against buffer overflow and similar application-layer attacks, making it the best choice for protecting compromised websites moving forward.

Question No 9:

An administrator notices unauthorized login attempts to employee accounts from unusual IP addresses. After resetting the passwords, what security control should be implemented to prevent such breaches in the future?

A. Multifactor authentication
B. Permissions assignment
C. Access management
D. Password complexity

Correct Answer: A

Explanation:

When user accounts are accessed from suspicious IP addresses, the underlying issue often involves compromised credentials. While resetting passwords helps in the short term, a more robust solution is needed to safeguard against future unauthorized access. The best long-term measure is to implement Multifactor Authentication (MFA).

MFA requires users to provide two or more verification factors to gain access. These factors include:

• Something they know (like a password),

• Something they have (like a smartphone or security token), and

• Something they are (like a fingerprint or facial recognition).

Even if attackers obtain a valid password, they still cannot log in without the second authentication factor, thereby dramatically reducing the risk of account compromise.

The other choices do not offer the same level of protection against external intrusions:

• B. Permissions assignment controls what users can access after they log in, not how they authenticate.

• C. Access management is a broader concept for managing roles and entitlements but doesn’t prevent credential theft.

• D. Password complexity helps make passwords harder to guess but doesn’t protect against phishing or credential stuffing attacks.
  
  

MFA is recognized as one of the most effective defenses against unauthorized access, especially in environments with sensitive data or frequent remote access. It adds a critical layer of security that significantly enhances identity verification. Therefore, implementing MFA is the most appropriate and proactive solution in this case.

Question No 10:

An employee receives a text message, supposedly from payroll, urging them to confirm login credentials through a link. 

Which two social engineering techniques are being used here? (Select two.)

A. Typosquatting
B. Phishing
C. Impersonation
D. Vishing
E. Smishing
F. Misinformation

Correct Answers:  B, E

Explanation:

The scenario describes a classic case of social engineering that combines phishing and smishing. The attacker is pretending to be a trusted department—payroll—to manipulate the employee into revealing their login credentials. This is the hallmark of phishing, where the attacker’s goal is to deceive users into divulging sensitive information under false pretenses.

However, since the medium of communication is SMS (text message), the attack also qualifies as smishing, which stands for SMS-based phishing. Smishing is increasingly used because people are generally more trusting of text messages and are more likely to respond quickly without scrutinizing the message's legitimacy.

While C. Impersonation could technically be argued as a secondary tactic—since the attacker is pretending to be payroll—the defining vectors in this case are phishing (the deceptive request) and smishing (via SMS).

Other options are incorrect:

• A. Typosquatting involves fake websites with lookalike URLs, not text messages.

• D. Vishing is phishing done through voice calls.

• F. Misinformation refers to spreading false information, not credential theft attempts.

Therefore, the two primary social engineering methods being used are phishing for deception and smishing as the delivery mechanism. These tactics exploit trust and urgency to compromise user credentials quickly and effectively.