Start free

CompTIA Security+ SY0-701 Practice Exam A — Kerala PSC PYQ Practice with Answers

Browse preview questions from CompTIA Security+ SY0-701 Practice Exam A. Sign in for timed full-paper practice in the app.

English
Practice this paper nowSign in free

Paper details

  • Paper code: comptia-security-plus-practice-exam-a
  • Format: Full previous year paper — PYQ practice with answers

How to open this paper in PSC PYQ

Open the app and navigate: Exam Browse → CompTIA Security+ SY0-701 Practice Exam A.

Attempt the full paper under timed conditions, then review weak topics using the preview links below or topic-wise practice in the app.

Preview questions (5)

Sample PYQs from this paper with answers and explanations — sign in for the full paper in the app.

Question 1 Network Security
A company has hired a third-party to gather information about the company's servers and data. This third-party will not have direct access to the company's internal network, but they can gather information from any other source. Which of the following would BEST describe this approach?
  1. A. Vulnerability scanning
  2. B. Passive reconnaissance
  3. C. Supply chain analysis
  4. D. Regulatory audit

Correct answer: B. Passive reconnaissance

Correct answer (Option B):\nPassive reconnaissance focuses on gathering as much information from open sources such as social media, corporate websites, and business organizations without directly contacting or interacting with the target systems.\n\nWhy others are wrong:\nOption A is incorrect because vulnerability scanning actively queries or tests systems directly. Option C is incorrect because supply chain analysis examines the security profiles of suppliers, not the company's own data. Option D is incorrect because a regulatory audit is a detailed validation based on compliance laws requiring internal system access.
Question 2 Network Security
A company's email server has received an email from a third-party, but the origination server does not match the list of authorized devices. Which of the following would determine the disposition of this message?
  1. A. SPF
  2. B. NAC
  3. C. DMARC
  4. D. DKIM

Correct answer: C. DMARC

Correct answer (Option C):\nDMARC (Domain-based Message Authentication Reporting and Conformance) specifically determines and dictates the operational disposition (such as reject, quarantine, or accept) of emails that fail SPF or DKIM validation checks.\n\nWhy others are wrong:\nOption A is incorrect because SPF only publishes a list of authorized servers but does not define disposition rules. Option B is incorrect because NAC is used for system network access controls rather than email routing. Option D is incorrect because DKIM provides digital signatures to validate authenticity but does not define compliance dispositions.
Question 3 General Knowledge
Which of these threat actors would be MOST likely to attack systems for direct financial gain?
  1. A. Organized crime
  2. B. Hacktivist
  3. C. Nation state
  4. D. Shadow IT

Correct answer: A. Organized crime

Correct answer (Option A):\nAn organized crime actor is primarily motivated by money. Their hacking infrastructure and operational objectives are usually built around monetizable targets that can be easily exchanged for financial capital, such as ransomware or data theft.\n\nWhy others are wrong:\nOption B is incorrect because hacktivists are driven by ideological or political agendas. Option C is incorrect because nation states focus on espionage, political disruption, or strategic intelligence rather than financial gains. Option D is incorrect because shadow IT consists of internal groups bypassing corporate constraints.
Question 4 General Knowledge
A security administrator has examined a server recently compromised by an attacker, and has determined the system was exploited due to a known operating system vulnerability. Which of the following would BEST describe this finding?
  1. A. Root cause analysis
  2. B. E-discovery
  3. C. Risk appetite
  4. D. Data subject

Correct answer: A. Root cause analysis

Correct answer (Option A):\nThe ultimate goal of a root cause analysis is to uncover and explain the definitive fundamental reason why a security breach or system failure occurred, making it easier to mitigate similar vulnerabilities in the future.\n\nWhy others are wrong:\nOption B is incorrect because e-discovery relates to collecting and producing electronic documents for legal proceedings. Option C is incorrect because risk appetite describes the amount of risk an organization accepts. Option D is incorrect because a data subject refers to an individual associated with private data fields.
Question 5 General Knowledge
A city is building an ambulance service network for emergency medical dispatching. Which of the following should have the highest priority?
  1. A. Integration costs
  2. B. Patch availability
  3. C. System availability
  4. D. Power usage

Correct answer: C. System availability

Correct answer (Option C):\nRequests to emergency dispatching systems are life-critical in nature. It is vital that the underlying infrastructure guarantees high system availability so that dispatch operations are responsive whenever an emergency occurs.\n\nWhy others are wrong:\nOption A is incorrect because financial integration costs are secondary when protecting human lives. Option B is incorrect because while patching updates maintain stability, continuous service availability takes precedence. Option D is incorrect because power optimization is less crucial than providing immediate operational uptime.

Frequently asked questions

Browse preview questions on this page, or sign in at https://pscpyq.online/app/ and open the same paper in Exam Browse.
Sign in at PSC PYQ to practice the complete previous year paper with all questions and explanations.

Ready to secure your government job?

Start CompTIA Security+ SY0-701 Practice Exam A PYQ practice with instant answers and progress tracking.

Practice this paper nowBack to home