Back to Security+ SY0-701 questions

Scenario-based practice

Troubleshooting Scenario Questions

Practise Security+ SY0-701 practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

5
scenario questions
SY0-701
exam code
CompTIA
vendor

Scenario guide

How to approach troubleshooting scenario questions

These questions describe a network symptom and ask you to identify the root cause or the correct fix. They appear across all certification exams and reward systematic thinking over memorisation. The best candidates follow a consistent troubleshooting framework even under time pressure.

Quick answer

Troubleshooting Scenario Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related SY0-701 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1easymultiple choice
Full question →

A help desk team wants users to be unable to install unsanctioned browser extensions or freeware on corporate Windows laptops, while approved business apps still run. Which endpoint control is best?

Question 2hardmulti select
Full question →

A contractor is brought in to investigate a single alert on an ERP system. The contractor gets read-only access to one log source through a jump host, cannot see user payroll records, and the account expires automatically at shift end. Which two principles are being applied? Select two.

Question 3mediummultiple choice
Full question →

A payment processor stores full card numbers in its transaction database, but developers and analysts should never see the real numbers in nonproduction reports or troubleshooting tools. The business still needs to correlate the same card across multiple records. Which technique is the best fit?

Question 4easymultiple choice
Full question →

A SIEM correlation rule alerts when a single user account fails to authenticate 20 times in 5 minutes and then succeeds from the same source IP. What is the most likely reason the team should investigate this event?

Question 5hardmulti select
Full question →

A Windows file server was rebuilt from a gold image, but later troubleshooting re-enabled Remote Desktop, SMBv1, and the Print Spooler. The security team wants to harden the host and catch the same configuration changes early in the future. Which three actions are the best fit? Select three.

These SY0-701 practice questions are part of Courseiva's free CompTIA certification practice question bank. Courseiva provides original exam-style SY0-701 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.