CertHead

Security Operations — Security+ practice questions

Domain 4 of the CompTIA Security+ (SY0-701) exam. 272 questions on this domain in the full bank — here are four free samples with answers and explanations.

Question 1 · Difficulty 2/5

Which of the following best describes the primary purpose of the Security Content Automation Protocol (SCAP)? (Select the best answer.)
  1. A framework for aggregating and correlating security event logs from multiple sources in real time
  2. A suite of specifications that standardizes the way software flaws and security configurations are communicated and measured
  3. A network scanning protocol that discovers open ports and running services across an enterprise
  4. A cryptographic standard that ensures integrity verification of configuration files on endpoints
Show answer & explanation

Correct answer: B

A suite of specifications that standardizes the way software flaws and security configurations are communicated and measured
SCAP (Security Content Automation Protocol), maintained by NIST, is a multi-standard suite (including CVE, CVSS, CCE, XCCDF, OVAL, and CPE) designed to standardize how vulnerability and configuration data are expressed, shared, and measured automatically. A SIEM aggregates and correlates log data in real time, which is a separate tool category. Network port scanning (as performed by tools like Nmap) is not SCAP's function. Cryptographic integrity verification (such as file hashing or HMAC) is likewise a distinct control from SCAP's content automation role.

Question 2 · Difficulty 3/5

A security team is deploying a vulnerability scanner and must choose between agent-based and agentless scanning for a set of remote branch-office laptops that frequently operate off the corporate network. Which of the following is the most significant advantage of deploying agents on those laptops? (Select the best answer.)
  1. Agents require no software installation on the endpoint, reducing the deployment burden on IT staff
  2. Agents can collect and report scan data even when the endpoint is not connected to the corporate network
  3. Agents eliminate the need for authenticated credentials because they rely on network-layer discovery
  4. Agents produce less network traffic than agentless scans because they bundle all results into a single nightly packet
Show answer & explanation

Correct answer: B

Agents can collect and report scan data even when the endpoint is not connected to the corporate network
The defining advantage of an agent-based approach for mobile or remote endpoints is continuous, on-device data collection that does not depend on network connectivity to the corporate environment; results are forwarded when the device next connects. Agentless scanning, by contrast, requires network reachability and typically authenticated access to the target at scan time. Agents do require software installation on each endpoint, so the first option is incorrect. Agents do not eliminate credential requirements in general; they authenticate locally instead of remotely. The claim about a single nightly packet is not an accurate characterization of how agents function.

Question 3 · Difficulty 2/5

What is the primary purpose of establishing a secure baseline for an operating system? (Select the best answer.)
  1. To define a minimum-security configuration standard from which deviations can be detected and remediated
  2. To document the full software development lifecycle for applications installed on the system
  3. To create a forensic image of the system for use during incident response investigations
  4. To configure automatic software updates so the system remains patched against known vulnerabilities
Show answer & explanation

Correct answer: A

To define a minimum-security configuration standard from which deviations can be detected and remediated
A secure baseline defines a documented, approved minimum-security configuration (disabled services, required settings, hardened parameters) against which running systems are compared; any drift is treated as a finding. Documenting the software development lifecycle is an application-security and SDLC concern, not a baseline activity. Forensic imaging is an incident-response preservation technique. Automatic patching is one control that may be specified inside a baseline, but patching alone is not the purpose of establishing the baseline itself.

Question 4 · Difficulty 3/5

A security team is building a Windows server baseline. They reference the CIS Benchmarks and NIST SP 800-70 National Checklist Program to select settings, then capture the approved configuration in a machine-readable format for automated deployment. Which phase of the secure baseline lifecycle does this activity represent? (Select the best answer.)
  1. Establishing the baseline
  2. Deploying the baseline
  3. Maintaining the baseline
  4. Auditing the baseline
Show answer & explanation

Correct answer: A

Establishing the baseline
Establishing a baseline encompasses researching authoritative guidance (CIS, NIST SP 800-70, DISA STIGs), selecting the required settings, and documenting or encoding them before any rollout occurs. Deploying the baseline is the subsequent phase in which the approved configuration is pushed to target systems. Maintaining the baseline is the ongoing phase of reviewing and updating settings as new threats, patches, or policy changes emerge. Auditing compares running systems against an already-established baseline to find drift, which presupposes the baseline already exists.

More Security+ domains

Ready to test yourself for real?

The free quiz pulls live questions from the same banks — no account required.

Start the free quiz