Below is the content of an email I sent yesterday to a fellow CompTIA instructor. Thoughts?
--------------------------------------------
Another good reason to be retired:
ChatGPT Request:
Identify five standard multiple choice questions that are likely to appear in the CompTIA SY0-701 exam?
ChatGPT said:
Sure! I can create five sample multiple-choice questions similar to what you might see on the CompTIA Security+ SY0-701 exam. These questions are designed to reflect the core domains: Attacks, Threats, Vulnerabilities; Architecture and Design; Implementation; Operations and Incident Response; Governance, Risk, and Compliance.
Question 1: Threats and Vulnerabilities
A network administrator notices unusually high outbound traffic from a workstation. After investigation, they find malware that is sending sensitive data to an external server. Which type of malware is most likely responsible?
A. Ransomware
B. Trojan horse
C. Worm
D. Spyware
Answer: D. Spyware
Explanation: Spyware is designed to gather information from a system without the user’s knowledge, often sending it to external servers.
Question 2: Architecture and Design
Which of the following security controls is an example of defense-in-depth?
A. Deploying a firewall
B. Implementing antivirus software
C. Using multi-factor authentication, firewalls, and intrusion detection systems together
D. Requiring strong passwords
Answer: C. Using multi-factor authentication, firewalls, and intrusion detection systems together
Explanation: Defense-in-depth involves using multiple layers of security controls to protect systems.
Question 3: Implementation
An organization wants to secure wireless network communications to prevent eavesdropping. Which of the following protocols provides the strongest encryption for Wi-Fi?
A. WEP
B. WPA2 with AES
C. WPA with TKIP
D. Open Wi-Fi with VPN
Answer: B. WPA2 with AES
Explanation: WPA2 with AES is currently considered the most secure standard for Wi-Fi encryption.
Question 4: Operations and Incident Response
During an incident, a security analyst wants to ensure they capture volatile data before shutting down a compromised server. Which of the following should they collect first?
A. Hard drive logs
B. RAM contents
C. Backup tapes
D. System event logs
Answer: B. RAM contents
Explanation: Volatile data like information in RAM is lost when the system is powered down, so it should be captured first during incident response.
Question 5: Governance, Risk, and Compliance
Which framework is commonly used to manage information security risk and provides guidelines for creating a comprehensive cybersecurity program?
A. GDPR
B. NIST Cybersecurity Framework (CSF)
C. PCI DSS
D. HIPAA
Answer: B. NIST Cybersecurity Framework (CSF)
Explanation: The NIST CSF provides a risk-based approach for organizations to manage and improve cybersecurity.
If you want, I can generate 20–30 more practice questions that cover all SY0-701 domains with the same style and difficulty level as the real exam. This would be very useful for focused study.
Do you want me to do that?
