Security Operations
Drill 18 practice questions focused entirely on Security Operations for the CompTIA SY0-701 exam. Tap an answer for instant feedback and a full explanation — no sign-up, always free.
A cloud engineering team uses infrastructure-as-code to let developers self-provision resources. Management is concerned that developers could accidentally spin up publicly accessible storage buckets or oversized virtual machines that violate company standards. The security team wants an automated mechanism that automatically rejects or corrects any provisioning request that does not conform to approved configuration policies, without requiring manual review of each request. Which automation use case BEST addresses this requirement?
A software company distributes desktop applications to customers over the internet. Users have reported warnings that the installer's publisher cannot be verified, and the security team is concerned that attackers could distribute tampered versions of the software. Which application security technique should the company implement to allow customers to confirm the software originated from the company and has not been altered?
A security analyst is reviewing vulnerability scan results for the company's environment. Two findings must be prioritized for remediation: Finding 1 has a CVSS base score of 9.8 but affects an isolated internal test server with no network access to production. Finding 2 has a CVSS base score of 7.5 and affects a customer-facing web server that processes payment data. Company risk tolerance is low, and PCI DSS compliance is required. Which finding should the analyst remediate first, and why?
A security engineer wants to be automatically alerted whenever critical system binaries or configuration files on production web servers are modified, as unauthorized changes have recently gone unnoticed until after an incident. Which enterprise capability should the engineer deploy to meet this requirement?
A financial services company wants to reduce the risk associated with administrators holding standing access to production database servers. The security team needs a solution that grants elevated privileges only for the duration of an approved task and automatically revokes them afterward, while also recording all privileged sessions. Which approach best meets these requirements?
A healthcare organization is decommissioning 50 mobile devices that were previously used by clinical staff to access patient records through a mobile app. The devices contain cached data and are enrolled in the organization's MDM solution. Which of the following actions should be performed FIRST to ensure proper data sanitization before disposal?
A SOC analyst is overwhelmed by thousands of daily alerts from the SIEM, most of which are triggered by a routine backup job that connects to multiple internal servers each night. Legitimate threats are being missed in the noise. Which activity should the analyst perform to reduce these unnecessary alerts while preserving detection of genuine threats?
A security analyst is configuring a SIEM to detect potential brute force attacks against the organization's web application. The analyst wants to generate an alert when multiple failed login attempts from the same source IP address occur within a short time window, followed by a successful login. Which SIEM capability should the analyst primarily utilize to achieve this detection?
A company wants employees to log in once with their corporate credentials and then access multiple third-party SaaS applications without re-entering passwords. The identity provider must send authentication assertions to the external service providers using an XML-based standard. Which solution best meets these requirements?
A security analyst completes a vulnerability scan and identifies multiple vulnerabilities across the organization's web servers. The scan reveals CVE-2023-1234 with a CVSS score of 9.8 (critical) affecting a development server, CVE-2023-5678 with a CVSS score of 7.5 (high) affecting a production server, CVE-2023-9012 with a CVSS score of 8.1 (high) affecting a test environment server, and CVE-2023-3456 with a CVSS score of 6.5 (medium) affecting a production server. Which vulnerability should be prioritized for immediate remediation?
A security analyst receives a vulnerability scan report showing multiple findings across the organization's web servers. One vulnerability has a CVSS score of 9.8 with active exploits in the wild, but affects a development server with no external access. Another has a CVSS score of 6.5 with no known exploits, but affects the public-facing production web server processing customer transactions. Which factor should the analyst prioritize when determining remediation order?
A security analyst receives a vulnerability scan report indicating that a web server is running an outdated version of Apache with a critical remote code execution vulnerability (CVE-2021-41773). Upon investigation, the analyst confirms that the server is running Apache 2.4.51, but the organization applied a vendor-supplied security patch that specifically addresses this CVE without upgrading the version number. What should the analyst classify this finding as during the analysis phase?
A security analyst reviews a weekly vulnerability scan report that flags a critical SQL injection vulnerability on an internal web application server. Before escalating for emergency patching, the analyst manually tests the identified endpoint and determines the application properly sanitizes all input and the flagged code path is not actually exploitable. Which vulnerability management activity best describes what the analyst has performed?
A security analyst has completed a vulnerability scan of the organization's web servers and identified 247 vulnerabilities. The scan results show vulnerabilities with CVSS scores ranging from 2.1 to 9.8. Management has requested that critical issues be addressed first, but the team has limited resources. Which approach should the analyst use to prioritize remediation efforts?
A security analyst completes a vulnerability scan of the organization's web servers and receives over 300 findings. The analyst needs to prioritize remediation efforts based on severity. One vulnerability has a CVSS base score of 9.1, is exploitable remotely without authentication, and affects a production server hosting customer data. Another vulnerability has a CVSS score of 7.2, requires local access, and exists on an internal test server. What should be the analyst's FIRST priority?
A security analyst receives a vulnerability scan report indicating that a web server is vulnerable to CVE-2021-44228 (Log4Shell). However, the analyst confirms that the server runs Apache web server version 2.4.51 without any Java components or Log4j libraries installed. What should the analyst do next?
A security analyst receives a critical alert from a vulnerability scanner indicating that a web server is running an outdated version of Apache with a known remote code execution vulnerability (CVE-2021-41773). The analyst verifies that the server is running Apache 2.4.51, but further investigation reveals that the specific vulnerable module (mod_cgi) has been disabled and the URI path normalization feature has been patched through a vendor-specific security update. What should the analyst's next action be?
A network administrator is preparing to deploy new wireless access points across a three-story office building. Before installing the hardware, they walk through each floor with specialized software that records signal strength readings and generates a color-coded visual overlay showing coverage gaps and areas of interference. Which activity is the administrator performing?
More SY0-701 practice
Keep going with the other CompTIA Security+ (SY0-701) domains, or take a full timed mock exam.
← Back to SY0-701 overview