Text preview & study summary
CompTIA Security+ SY0-701 — Readiness Assessment (Mastery)
A free sample of 5 questions from this quiz, shown in full with answer choices and explanations. No interactivity — everything is visible on this page for study and review.
Want to test your knowledge? Launch the Interactive Exam Simulator
Question 1
A payroll manager receives a chat message that appears to come from the CFO asking them to review a vendor payment portal. The link opens a Microsoft 365 consent screen for an app named InvoiceReview Sync. The user approves the request.
Within an hour, the SOC observes:
- Successful sign-ins from two countries
- New mailbox forwarding rules
- API activity reading SharePoint files
- No failed password attempts
- Continued activity after the user's password is reset
Which response best addresses the root cause?
Explanation
The OAuth consent grant is the key issue. The attacker obtained delegated access through an approved application, so a password reset alone may not remove the application's token-based access. The best response is to revoke the app consent, disable or remove the malicious enterprise application, revoke sessions/tokens, reset credentials, and investigate mailbox rules and file access.
Disabling the mailbox or blocking forwarding may reduce one symptom but does not address the app grant. Reimaging the laptop assumes endpoint malware without evidence and ignores the cloud API activity. Blocking the sender domain is too narrow because the compromise has already moved into identity and application authorization.
Question 2
After renewing a TLS certificate for an internal finance portal, most browsers continue to work. A new mobile application refuses to connect and reports: certificate chain could not be validated. The certificate is not expired, the hostname matches, and the root CA is trusted by the mobile device. A packet capture shows the server is presenting only the leaf certificate.
What is the most likely fix?
Explanation
The server is not presenting the intermediate chain needed to build trust from the leaf certificate to the trusted root. Some browsers may retrieve missing intermediates automatically, while stricter clients often fail. Installing the proper intermediate chain fixes the validation path.
A wildcard certificate does not solve a missing chain. Disabling validation weakens security and masks the problem. DNSSEC protects DNS integrity but does not replace the PKI certificate chain.
Question 3
Developers want to log full payment card numbers in a production troubleshooting log because encrypted database storage already protects cardholder data at rest. The logs are searchable by several support teams and retained for one year.
Which design best meets troubleshooting needs while reducing compliance risk?
Explanation
Logs are a common source of sensitive data exposure. Tokenization or masking allows troubleshooting without storing full payment card data. Access control, retention limits, and monitoring further reduce risk.
Encryption at rest alone does not prevent authorized support users from viewing sensitive data. MD5 is weak and hashing full card numbers may still create compliance and privacy problems. Disabling all logging harms operations and incident response.
Question 4
A plant control workstation runs an unsupported operating system required by a vendor application. Replacing it will take nine months. The device is not internet-facing, but it is reachable from the engineering VLAN. A scan flags multiple critical vulnerabilities. Operations leadership refuses immediate replacement because downtime would halt production.
Which approach is most appropriate?
Explanation
When immediate remediation is not feasible, the organization should formally document the risk, assign ownership, set an expiration or remediation plan, and implement compensating controls. This keeps the risk visible and managed.
Calling real vulnerabilities false positives is dishonest. Unofficial patches may destabilize a control system and violate support constraints. Removing visibility from reports does not reduce risk.
Question 5
Match each evidence pattern to the most likely attack or abuse technique.
Explanation
Long randomized subdomains are a common indicator of DNS tunneling or DNS-based exfiltration. Repeated push prompts indicate MFA fatigue. Persistent access after password reset points to OAuth consent or token abuse. Attempts to read /etc/passwd through a path parameter indicate local file inclusion or traversal. Compressing directories and sending them externally over HTTPS indicates data exfiltration over an allowed protocol.
The distractors are intentionally close because all five patterns involve legitimate-looking infrastructure being abused: DNS, MFA, OAuth, web parameters, and HTTPS.
