Summer Special Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 713PS592

SY0-701 CompTIA Security+ Exam 2025 Questions and Answers

Questions 4

A security administrator is addressing an issue with a legacy system that communicates data using an unencrypted protocol to transfer sensitive data to a third party. No software updates that use an encrypted protocol are available, so a compensating control is needed. Which of the following are the most appropriate for the administrator to suggest? (Select two.)

Options:

A.

Tokenization

B.

Cryptographic downgrade

C.

SSH tunneling

D.

Segmentation

E.

Patch installation

F.

Data masking

Buy Now
Questions 5

Which of the following is a benefit of an RTO when conducting a business impact analysis?

Options:

A.

It determines the likelihood of an incident and its cost.

B.

It determines the roles and responsibilities for incident responders.

C.

It determines the state that systems should be restored to following an incident.

D.

It determines how long an organization can tolerate downtime after an incident.

Buy Now
Questions 6

A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?

Options:

A.

Cross-site scripting

B.

Buffer overflow

C.

Jailbreaking

D.

Side loading

Buy Now
Questions 7

Which of the following would be best suited for constantly changing environments?

Options:

A.

RTOS

B.

Containers

C.

Embedded systems

D.

SCADA

Buy Now
Questions 8

A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users. Which of the following would be a good use case for this task?

Options:

A.

Off-the-shelf software

B.

Orchestration

C.

Baseline

D.

Policy enforcement

Buy Now
Questions 9

A company with a high-availability website is looking to harden its controls at any cost. The company wants to ensure that the site is secure by finding any possible issues. Which of the following would most likely achieve this goal?

Options:

A.

Permission restrictions

B.

Bug bounty program

C.

Vulnerability scan

D.

Reconnaissance

Buy Now
Questions 10

While investigating a possible incident, a security analyst discovers the following log entries:

67.118.34.157 ----- [28/Jul/2022:10:26:59 -0300] "GET /query.php?q-wireless%20headphones / HTTP/1.0" 200 12737

132.18.222.103 ----[28/Jul/2022:10:27:10 -0300] "GET /query.php?q=123 INSERT INTO users VALUES('temp', 'pass123')# / HTTP/1.0" 200 935

12.45.101.121 ----- [28/Jul/2022:10:27:22 -0300] "GET /query.php?q=mp3%20players I HTTP/1.0" 200 14650

Which of the following should the analyst do first?

Options:

A.

Implement a WAF

B.

Disable the query .php script

C.

Block brute-force attempts on temporary users

D.

Check the users table for new accounts

Buy Now
Questions 11

An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC’s memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack?

Options:

A.

Privilege escalation

B.

Buffer overflow

C.

SQL injection

D.

Pass-the-hash

Buy Now
Questions 12

As part of new compliance audit requirements, multiple servers need to be segmented on different networks and should be reachable only from authorized internal systems. Which of the following would meet the requirements?

Options:

A.

Configure firewall rules to block external access to Internal resources.

B.

Set up a WAP to allow internal access from public networks.

C.

Implement a new IPSec tunnel from internal resources.

D.

Deploy an Internal Jump server to access resources.

Buy Now
Questions 13

A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations. Which of the following should the hosting provider consider first?

Options:

A.

Local data protection regulations

B.

Risks from hackers residing in other countries

C.

Impacts to existing contractual obligations

D.

Time zone differences in log correlation

Buy Now
Questions 14

An administrator wants to automate an account permissions update for a large number of accounts. Which of the following would best accomplish this task?

Options:

A.

Security groups

B.

Federation

C.

User provisioning

D.

Vertical scaling

Buy Now
Questions 15

Which of the following allows a systems administrator to tune permissions for a file?

Options:

A.

Patching

B.

Access control list

C.

Configuration enforcement

D.

Least privilege

Buy Now
Questions 16

After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training?

Options:

A.

Insider threat

B.

Email phishing

C.

Social engineering

D.

Executive whaling

Buy Now
Questions 17

After a company was compromised, customers initiated a lawsuit. The company's attorneys have requested that the security team initiate a legal hold in response to the lawsuit. Which of the following describes the action the security team will most likely be required to take?

Options:

A.

Retain the emails between the security team and affected customers for 30 days.

B.

Retain any communications related to the security breach until further notice.

C.

Retain any communications between security members during the breach response.

D.

Retain all emails from the company to affected customers for an indefinite period of time.

Buy Now
Questions 18

A company wants to reduce the time and expense associated with code deployment. Which of the following technologies should the company utilize?

Options:

A.

Serverless architecture

B.

Thin clients

C.

Private cloud

D.

Virtual machines

Buy Now
Questions 19

Visitors to a secured facility are required to check in with a photo ID and enter the facility through an access control vestibule Which of the following but describes this form of security control?

Options:

A.

Physical

B.

Managerial

C.

Technical

D.

Operational

Buy Now
Questions 20

A legal department must maintain a backup from all devices that have been shredded and recycled by a third party. Which of the following best describes this requirement?

Options:

A.

Data retention

B.

Certification

C.

Sanitation

D.

Destruction

Buy Now
Questions 21

Which of the following best describes why me SMS DIP authentication method is more risky to implement than the TOTP method?

Options:

A.

The SMS OTP method requires an end user to have an active mobile telephone service and SIM card.

B.

Generally. SMS OTP codes are valid for up to 15 minutes while the TOTP time frame is 30 to 60 seconds

C.

The SMS OTP is more likely to be intercepted and lead to unauthorized disclosure of the code than the TOTP method.

D.

The algorithm used to generate on SMS OTP code is weaker than the one used to generate a TOTP code

Buy Now
Questions 22

A security practitioner completes a vulnerability assessment on a company’s network and finds several vulnerabilities, which the operations team remediates. Which of the following should be done next?

Options:

A.

Conduct an audit.

B.

Initiate a penetration test.

C.

Rescan the network.

D.

Submit a report.

Buy Now
Questions 23

An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period. Which of the following data policies is the administrator carrying out?

Options:

A.

Compromise

B.

Retention

C.

Analysis

D.

Transfer

E.

Inventory

Buy Now
Questions 24

Which of the following can a security director use to prioritize vulnerability patching within a company's IT environment?

Options:

A.

SOAR

B.

CVSS

C.

SIEM

D.

CVE

Buy Now
Questions 25

Which of the following is the best way to improve the confidentiality of remote connections to an enterprise's infrastructure?

Options:

A.

Firewalls

B.

Virtual private networks

C.

Extensive logging

D.

Intrusion detection systems

Buy Now
Questions 26

An accountant is transferring information to a bank over FTP. Which of the following mitigations should the accountant use to protect the confidentiality of the data?

Options:

A.

Tokenization

B.

Data masking

C.

Encryption

D.

Obfuscation

Buy Now
Questions 27

A company wants to improve the availability of its application with a solution that requires minimal effort in the event a server needs to be replaced or added. Which of the following would be the best solution to meet these objectives?

Options:

A.

Load balancing

B.

Fault tolerance

C.

Proxy servers

D.

Replication

Buy Now
Questions 28

A network administrator wants to ensure that network traffic is highly secure while in transit. Which of the following actions best describes the actions the network administrator should take?

Options:

A.

Ensure that NAC is enforced on all network segments, and confirm that firewalls have updated policies to block unauthorized traffic.

B.

Ensure only TLS and other encrypted protocols are selected for use on the network, and only permit authorized traffic via secure protocols.

C.

Configure the perimeter IPS to block inbound HTTPS directory traversal traffic, and verify that signatures are updated on a daily basis.

D.

Ensure the EDR software monitors for unauthorized applications that could be used by threat actors, and configure alerts for the security team.

Buy Now
Questions 29

A company's accounts payable clerk receives a message from a vendor asking to change their bank account before paying an invoice. The clerk makes the change and sends the payment to the new account. Days later, the clerk receives another message from the same vendor with a request for a missing payment to the original bank account. Which of the following has most likely occurred?

Options:

A.

Phishing campaign

B.

Data exfiltration

C.

Pretext calling

D.

Business email compromise

Buy Now
Questions 30

An organization is implementing a COPE mobile device management policy. Which of the following should the organization include in the COPE policy? (Select two).

Options:

A.

Remote wiping of the device

B.

Data encryption

C.

Requiring passwords with eight characters

D.

Data usage caps

E.

Employee data ownership

F.

Personal application store access

Buy Now
Questions 31

A security analyst needs to propose a remediation plan 'or each item in a risk register. The item with the highest priority requires employees to have separate logins for SaaS solutions and different password complexity requirements for each solution. Which of the following implementation plans will most likely resolve this security issue?

Options:

A.

Creating a unified password complexity standard

B.

Integrating each SaaS solution with the Identity provider

C.

Securing access to each SaaS by using a single wildcard certificate

D.

Configuring geofencing on each SaaS solution

Buy Now
Questions 32

One of a company's vendors sent an analyst a security bulletin that recommends a BIOS update. Which of the following vulnerability types is being addressed by the patch?

Options:

A.

Virtualization

B.

Firmware

C.

Application

D.

Operating system

Buy Now
Questions 33

Which of the following is used to add extra complexity before using a one-way data transformation algorithm?

Options:

A.

Key stretching

B.

Data masking

C.

Steganography

D.

Salting

Buy Now
Questions 34

A security analyst finds a rogue device during a monthly audit of current endpoint assets that are connected to the network. The corporate network utilizes 002.1X for access control. To be allowed on the network, a device must have a Known hardware address, and a valid user name and password must be entered in a captive portal. The following is the audit report:

SY0-701 Question 34

Which of the following is the most likely way a rogue device was allowed to connect?

Options:

A.

A user performed a MAC cloning attack with a personal device.

B.

A DMCP failure caused an incorrect IP address to be distributed

C.

An administrator bypassed the security controls for testing.

D.

DNS hijacking let an attacker intercept the captive portal traffic.

Buy Now
Questions 35

You are security administrator investigating a potential infection on a network.

Click on each host and firewall. Review all logs to determine which host originated the Infecton and then deny each remaining hosts clean or infected.

SY0-701 Question 35

SY0-701 Question 35

SY0-701 Question 35

SY0-701 Question 35

SY0-701 Question 35

SY0-701 Question 35

SY0-701 Question 35

Options:

Buy Now
Questions 36

Which of the following is the primary purpose of a service that tracks log-ins and time spent using the service?

Options:

A.

Availability

B.

Accounting

C.

Authentication

D.

Authorization

Buy Now
Questions 37

Which of the following security measures is required when using a cloud-based platform for loT management?

Options:

A.

Encrypted connection

B.

Federated identity

C.

Firewall

D.

Single sign-on

Buy Now
Questions 38

An employee used a company's billing system to issue fraudulent checks. The administrator is looking for evidence of other occurrences of this activity. Which of the following should the administrator examine?

Options:

A.

Application logs

B.

Vulnerability scanner logs

C.

IDS/IPS logs

D.

Firewall logs

Buy Now
Questions 39

A client asked a security company to provide a document outlining the project, the cost, and the completion time frame. Which of the following documents should the company provide to the client?

Options:

A.

MSA

B.

SLA

C.

BPA

D.

SOW

Buy Now
Questions 40

A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message. Which of the following should the analyst do?

Options:

A.

Place posters around the office to raise awareness of common phishing activities.

B.

Implement email security filters to prevent phishing emails from being delivered

C.

Update the EDR policies to block automatic execution of downloaded programs.

D.

Create additional training for users to recognize the signs of phishing attempts.

Buy Now
Questions 41

A security audit of an organization revealed that most of the IT staff members have domain administrator credentials and do not change the passwords regularly. Which of the following solutions should the security learn propose to resolve the findings in the most complete way?

Options:

A.

Creating group policies to enforce password rotation on domain administrator credentials

B.

Reviewing the domain administrator group, removing all unnecessary administrators, and rotating all passwords

C.

Integrating the domain administrator's group with an IdP and requiring SSO with MFA for all access

D.

Securing domain administrator credentials in a PAM vault and controlling access with role-based access control

Buy Now
Questions 42

Which of the following Is a common, passive reconnaissance technique employed by penetration testers in the early phases of an engagement?

Options:

A.

Open-source intelligence

B.

Port scanning

C.

Pivoting

D.

Exploit validation

Buy Now
Questions 43

The security operations center is researching an event concerning a suspicious IP address A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced faded log-In attempts when authenticating from the same IP address:

SY0-701 Question 43

Which of the following most likely describes attack that took place?

Options:

A.

Spraying

B.

Brute-force

C.

Dictionary

D.

Rainbow table

Buy Now
Questions 44

A systems administrator is working on a solution with the following requirements:

• Provide a secure zone.

• Enforce a company-wide access control policy.

• Reduce the scope of threats.

Which of the following is the systems administrator setting up?

Options:

A.

Zero Trust

B.

AAA

C.

Non-repudiation

D.

CIA

Buy Now
Questions 45

A company is changing its mobile device policy. The company has the following requirements:

Company-owned devices

Ability to harden the devices

Reduced security risk

Compatibility with company resources

Which of the following would best meet these requirements?

Options:

A.

BYOD

B.

CYOD

C.

COPE

D.

COBO

Buy Now
Questions 46

A systems administrator is looking for a low-cost application-hosting solution that is cloud-based. Which of the following meets these requirements?

Options:

A.

Serverless framework

B.

Type 1 hvpervisor

C.

SD-WAN

D.

SDN

Buy Now
Questions 47

After creating a contract for IT contractors, the human resources department changed several clauses. The contract has gone through three revisions. Which of the following processes should the human resources department follow to track revisions?

Options:

A.

Version validation

B.

Version changes

C.

Version updates

D.

Version control

Buy Now
Questions 48

A site reliability engineer is designing a recovery strategy that requires quick failover to an identical site if the primary facility goes down. Which of the following types of sites should the engineer consider?

Options:

A.

Recovery site

B.

Hot site

C.

Cold site

D.

Warm site

Buy Now
Questions 49

Which of the following actors attacking an organization is the most likely to be motivated by personal beliefs?

Options:

A.

Nation-state

B.

Organized crime

C.

Hacktvist

D.

Insider threat

Buy Now
Questions 50

A security manager is implementing MFA and patch management. Which of the following would best describe the control type and category? (Select two).

Options:

A.

Physical

B.

Managerial

C.

Detective

D.

Administrator

E.

Preventative

F.

Technical

Buy Now
Questions 51

A company is concerned with supply chain compromise of new servers and wants to limit this risk. Which of the following should the company review first?

Options:

A.

Sanitization procedure

B.

Acquisition process

C.

Change management

D.

Asset tracking

Buy Now
Questions 52

A security analyst wants to automate a task that shares data between systems. Which of the following is the best option for the analyst to use?

Options:

A.

SOAR

B.

API

C.

SFTP

D.

RDP

Buy Now
Questions 53

A forensic engineer determines that the root cause of a compromise is a SQL injection attack. Which of the following should the engineer review to identify the command used by the threat actor?

Options:

A.

Metadata

B.

Application log

C.

System log

D.

Netflow log

Buy Now
Questions 54

Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?

Options:

A.

To track the status of patching installations

B.

To find shadow IT cloud deployments

C.

To continuously the monitor hardware inventory

D.

To hunt for active attackers in the network

Buy Now
Questions 55

Which of the following risk management strategies should an enterprise adopt first if a legacy application is critical to business operations and there are preventative controls that are not yet implemented?

Options:

A.

Mitigate

B.

Accept

C.

Transfer

D.

Avoid

Buy Now
Questions 56

A growing company would like to enhance the ability of its security operations center to detect threats but reduce the amount of manual work required tor the security analysts. Which of the following would best enable the reduction in manual work?

Options:

A.

SOAR

B.

SIEM

C.

MDM

D.

DLP

Buy Now
Questions 57

A company has begun labeling all laptops with asset inventory stickers and associating them with employee IDs. Which of the following security benefits do these actions provide? (Choose two.)

Options:

A.

If a security incident occurs on the device, the correct employee can be notified.

B.

The security team will be able to send user awareness training to the appropriate device.

C.

Users can be mapped to their devices when configuring software MFA tokens.

D.

User-based firewall policies can be correctly targeted to the appropriate laptops.

E.

When conducting penetration testing, the security team will be able to target the desired laptops.

F.

Company data can be accounted for when the employee leaves the organization.

Buy Now
Questions 58

After a security incident, a systems administrator asks the company to buy a NAC platform. Which of the following attack surfaces is the systems administrator trying to protect?

Options:

A.

Bluetooth

B.

Wired

C.

NFC

D.

SCADA

Buy Now
Questions 59

An analyst is reviewing an incident in which a user clicked on a link in a phishing email. Which of the following log sources would the analyst utilize to determine whether the connection was successful?

Options:

A.

Network

B.

System

C.

Application

D.

Authentication

Buy Now
Questions 60

A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering.

Which of the following teams will conduct this assessment activity?

Options:

A.

White

B.

Purple

C.

Blue

D.

Red

Buy Now
Questions 61

A company is currently utilizing usernames and passwords, and it wants to integrate an MFA method that is seamless, can Integrate easily into a user's workflow, and can utilize employee-owned devices. Which of the following will meet these requirements?

Options:

A.

Push notifications

B.

Phone call

C.

Smart card

D.

Offline backup codes

Buy Now
Questions 62

A bank set up a new server that contains customers' Pll. Which of the following should the bank use to make sure the sensitive data is not modified?

Options:

A.

Full disk encryption

B.

Network access control

C.

File integrity monitoring

D.

User behavior analytics

Buy Now
Questions 63

A security engineer would like to enhance the use of automation and orchestration within the SIEM. Which of the following would be the primary benefit of this enhancement?

Options:

A.

It increases complexity.

B.

It removes technical debt.

C.

It adds additional guard rails.

D.

It acts as a workforce multiplier.

Buy Now
Questions 64

A business uses Wi-Fi with content filleting enabled. An employee noticed a coworker accessed a blocked sue from a work computer and repotted the issue. While Investigating the issue, a security administrator found another device providing internet access to certain employees. Which of the following best describes the security risk?

Options:

A.

The host-based security agent Is not running on all computers.

B.

A rogue access point Is allowing users to bypass controls.

C.

Employees who have certain credentials are using a hidden SSID.

D.

A valid access point is being jammed to limit availability.

Buy Now
Questions 65

While investigating a recent security breach an analyst finds that an attacker gained access by SOL infection through a company website. Which of the following should the analyst recommend to the website developers to prevent this from reoccurring?

Options:

A.

Secure cookies

B.

Input sanitization

C.

Code signing

D.

Blocklist

Buy Now
Questions 66

After an audit, an administrator discovers all users have access to confidential data on a file server. Which of the following should the administrator use to restrict access to the data quickly?

Options:

A.

Group Policy

B.

Content filtering

C.

Data loss prevention

D.

Access control lists

Buy Now
Questions 67

A security administrator protects passwords by using hashing. Which of the following best describes what the administrator is doing?

Options:

A.

Adding extra characters at the end to increase password length

B.

Generating a token to make the passwords temporal

C.

Using mathematical algorithms to make passwords unique

D.

Creating a rainbow table to protect passwords in a list

Buy Now
Questions 68

A security analyst has determined that a security breach would have a financial impact of $15,000 and is expected to occur twice within a three-year period. Which of the following is the ALE for this risk?

Options:

A.

$7,500

B.

$10,000

C.

$15,000

D.

$30,000

Buy Now
Questions 69

Which of the following agreement types defines the time frame in which a vendor needs to respond?

Options:

A.

SOW

B.

SLA

C.

MOA

D.

MOU

Buy Now
Questions 70

Which of the following would be the most appropriate way to protect data in transit?

Options:

A.

SHA-256

B.

SSL 3.0

C.

TLS 1.3

D.

AES-256

Buy Now
Questions 71

Which of the following documents details how to accomplish a technical security task?

Options:

A.

Standard

B.

Policy

C.

Guideline

D.

Procedure

Buy Now
Questions 72

A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?

Options:

A.

Testing input validation on the user input fields

B.

Performing code signing on company-developed software

C.

Performing static code analysis on the software

D.

Ensuring secure cookies are use

Buy Now
Questions 73

Which of the following describes the maximum allowance of accepted risk?

Options:

A.

Risk indicator

B.

Risk level

C.

Risk score

D.

Risk threshold

Buy Now
Questions 74

Which of the following roles, according to the shared responsibility model, is responsible for securing the company’s database in an IaaS model for a cloud environment?

Options:

A.

Client

B.

Third-party vendor

C.

Cloud provider

D.

DBA

Buy Now
Questions 75

An incident response specialist must stop a malicious attack from expanding to other parts of an organization. Which of the following should the incident response specialist perform first?

Options:

A.

Eradication

B.

Recovery

C.

Containment

D.

Simulation

Buy Now
Questions 76

An administrator must replace an expired SSL certificate. Which of the following does the administrator need to create the new SSL certificate?

Options:

A.

CSR

B.

OCSP

C.

Key

D.

CRL

Buy Now
Questions 77

A user needs to complete training at https://comptiatraining.com. After manually entering the URL, the user sees that the accessed website is noticeably different from the standard company website. Which of the following is the most likely explanation for the difference?

Options:

A.

Cross-site scripting

B.

Pretexting

C.

Typosquatting

D.

Vishing

Buy Now
Questions 78

An employee who was working remotely lost a mobile device containing company data. Which of the following provides the best solution to prevent future data loss?

Options:

A.

MDM

B.

DLP

C.

FDE

D.

EDR

Buy Now
Questions 79

Which of the following factors are the most important to address when formulating a training curriculum plan for a security awareness program? (Select two).

Options:

A.

Channels by which the organization communicates with customers

B.

The reporting mechanisms for ethics violations

C.

Threat vectors based on the industry in which the organization operates

D.

Secure software development training for all personnel

E.

Cadence and duration of training events

F.

Retraining requirements for individuals who fail phishing simulations

Buy Now
Questions 80

Which of the following is a type of vulnerability that refers to the unauthorized installation of applications on a device through means other than the official application store?

Options:

A.

Cross-site scripting

B.

Buffer overflow

C.

Jailbreaking

D.

Side loading

Buy Now
Questions 81

An organization's web servers host an online ordering system. The organization discovers that the servers are vulnerable to a malicious JavaScript injection, which could allow attackers to access customer payment information. Which of the following mitigation strategies would be most effective for preventing an attack on the organization's web servers? (Select two).

Options:

A.

Regularly updating server software and patches

B.

Implementing strong password policies

C.

Encrypting sensitive data at rest and in transit

D.

Utilizing a web-application firewall

E.

Performing regular vulnerability scans

F.

Removing payment information from the servers

Buy Now
Questions 82

A security team created a document that details the order in which critical systems should be through back online after a major outage. Which of the following documents did the team create?

Options:

A.

Communication plan

B.

Incident response plan

C.

Data retention policy

D.

Disaster recovery plan

Buy Now
Questions 83

A healthcare organization wants to provide a web application that allows individuals to digitally report health emergencies.

Which of the following is the most important consideration during development?

Options:

A.

Scalability

B.

Availability

C.

Cost

D.

Ease of deployment

Buy Now
Questions 84

A company must ensure sensitive data at rest is rendered unreadable. Which of the following will the company most likely use?

Options:

A.

Hashing

B.

Tokenization

C.

Encryption

D.

Segmentation

Buy Now
Questions 85

During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Oncethe password is created, the company will grant the employee access to other company-owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user's intranet account? (Select two).

Options:

A.

Federation

B.

Identity proofing

C.

Password complexity

D.

Default password changes

E.

Password manager

F.

Open authentication

Buy Now
Questions 86

A company is using a legacy FTP server to transfer financial data to a third party. The legacy system does not support SFTP, so a compensating control is needed to protect the sensitive, financial data in transit. Which of the following would be the most appropriate for the company to use?

Options:

A.

Telnet connection

B.

SSH tunneling

C.

Patch installation

D.

Full disk encryption

Buy Now
Questions 87

Which of the following activities are associated with vulnerability management? (Select two).

Options:

A.

Reporting

B.

Prioritization

C.

Exploiting

D.

Correlation

E.

Containment

F.

Tabletop exercise

Buy Now
Questions 88

An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device.

Which of the following best describes the user’s activity?

Options:

A.

Penetration testing

B.

Phishing campaign

C.

External audit

D.

Insider threat

Buy Now
Questions 89

Which of the following is the most relevant reason a DPO would develop a data inventory?

Options:

A.

To manage data storage requirements better

B.

To determine the impact in the event of a breach

C.

To extend the length of time data can be retained

D.

To automate the reduction of duplicated data

Buy Now
Questions 90

A company's website is www. Company. com Attackers purchased the domain wwww. company.com Which of the following types of attacks describes this example?

Options:

A.

Typosquatting

B.

Brand Impersonation

C.

On-path

D.

Watering-hole

Buy Now
Questions 91

A network engineer is increasing the overall security of network devices and needs to harden the devices. Which of the following will best accomplish this task?

Options:

A.

Configuring centralized logging

B.

Generating local administrator accounts

C.

Replacing Telnet with SSH

D.

Enabling HTTP administration

Buy Now
Questions 92

The physical security team at a company receives reports that employees are not displaying their badges. The team also observes employees tailgating at controlled entrances. Which of the following topics will the security team most likely emphasize in upcoming security training?

Options:

A.

Social engineering

B.

Situational awareness

C.

Phishing

D.

Acceptable use policy

Buy Now
Questions 93

A security analyst receives an alert from a corporate endpoint used by employees to issue visitor badges. The alert contains the following details:

Which of the following best describes the indicator that triggered the alert?

Options:

A.

Blocked content

B.

Brute-force attack

C.

Concurrent session usage

D.

Account lockout

Buy Now
Questions 94

Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software?

Options:

A.

Configure all systems to log scheduled tasks.

B.

Collect and monitor all traffic exiting the network.

C.

Block traffic based on known malicious signatures.

D.

Install endpoint management software on all systems.

Buy Now
Questions 95

An organization plans to expand its operations internationally and needs to keep data at the new location secure. The organization wants to use the most secure architecture model possible. Which of the following models offers the highest level of security?

Options:

A.

Cloud-based

B.

Peer-to-peer

C.

On-premises

D.

Hybrid

Buy Now
Questions 96

Various company stakeholders meet to discuss roles and responsibilities in the event of a security breach that would affect offshore offices. Which of the following is this an example of?

Options:

A.

Tabletop exercise

B.

Penetration test

C.

Geographic dispersion

D.

Incident response

Buy Now
Questions 97

Which of the following should be used to ensure a device is inaccessible to a network-connected resource?

Options:

A.

Disablement of unused services

B.

Web application firewall

C.

Host isolation

D.

Network-based IDS

Buy Now
Questions 98

During a SQL update of a database, a temporary field that was created was replaced by an attacker in order to allow access to the system. Which of the following best describes this type of vulnerability?

Options:

A.

Race condition

B.

Memory injection

C.

Malicious update

D.

Side loading

Buy Now
Questions 99

Which of the following should a security operations center use to improve its incident response procedure?

Options:

A.

Playbooks

B.

Frameworks

C.

Baselines

D.

Benchmarks

Buy Now
Questions 100

A security engineer is installing an IPS to block signature-based attacks in the environment. Which of the following modes will best accomplish this task?

Options:

A.

Monitor

B.

Sensor

C.

Audit

D.

Active

Buy Now
Questions 101

A business needs a recovery site but does not require immediate failover. The business also wants to reduce the workload required to recover from an outage. Which of the following recovery sites is the best option?

Options:

A.

Hot

B.

Cold

C.

Warm

D.

Geographically dispersed

Buy Now
Questions 102

Which of the following is the main consideration when a legacy system that is a critical part of a company's infrastructure cannot be replaced?

Options:

A.

Resource provisioning

B.

Cost

C.

Single point of failure

D.

Complexity

Buy Now
Questions 103

Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?

Options:

A.

Compensating control

B.

Network segmentation

C.

Transfer of risk

D.

SNMP traps

Buy Now
Questions 104

A penetration test identifies that an SMBvl Is enabled on multiple servers across an organization. The organization wants to remediate this vulnerability in the most efficient way possible. Which of the following should the organization use for this purpose?

Options:

A.

GPO

B.

ACL

C.

SFTP

D.

DLP

Buy Now
Questions 105

A company's marketing department collects, modifies, and stores sensitive customer data. The infrastructure team is responsible for securing the data while in transit and at rest. Which of the following data roles describes the customer?

Options:

A.

Processor

B.

Custodian

C.

Subject

D.

Owner

Buy Now
Questions 106

A client demands at least 99.99% uptime from a service provider's hosted security services. Which of the following documents includes the information the service provider should return to the client?

Options:

A.

MOA

B.

SOW

C.

MOU

D.

SLA

Buy Now
Questions 107

An employee clicked a link in an email from a payment website that asked the employee to update contact information. The employee entered the log-in information but received a “page not found” error message. Which of the following types of social engineering attacks occurred?

Options:

A.

Brand impersonation

B.

Pretexting

C.

Typosquatting

D.

Phishing

Buy Now
Questions 108

A Chief Information Security Officer (CISO) has developed information security policies that relate to the software development methodology. Which of the following would the CISO most likely include in the organization's documentation?

Options:

A.

Peer review requirements

B.

Multifactor authentication

C.

Branch protection tests

D.

Secrets management configurations

Buy Now
Questions 109

Which of the following agreements defines response time, escalation, and performance metrics?

Options:

A.

BPA

B.

MOA

C.

NDA

D.

SLA

Buy Now
Questions 110

Which of the following considerations is the most important for an organization to evaluate as it establishes and maintains a data privacy program?

Options:

A.

Reporting structure for the data privacy officer

B.

Request process for data subject access

C.

Role as controller or processor

D.

Physical location of the company

Buy Now
Questions 111

An organization issued new laptops to all employees and wants to provide web filtering both in and out of the office without configuring additional access to the network. Which of the following types of web filtering should a systems administrator configure?

Options:

A.

Agent-based

B.

Centralized proxy

C.

URL scanning

D.

Content categorization

Buy Now
Questions 112

A spoofed identity was detected for a digital certificate. Which of the following are the type of unidentified key and the certificate mat could be in use on the company domain?

Options:

A.

Private key and root certificate

B.

Public key and expired certificate

C.

Private key and self-signed certificate

D.

Public key and wildcard certificate

Buy Now
Questions 113

Which of the following is the best way to remove personal data from a social media account that is no longer being used?

Options:

A.

Exercise the right to be forgotten

B.

Uninstall the social media application

C.

Perform a factory reset

D.

Terminate the social media account

Buy Now
Questions 114

Which of the following activities should a systems administrator perform to quarantine a potentially infected system?

Options:

A.

Move the device into an air-gapped environment.

B.

Disable remote log-in through Group Policy.

C.

Convert the device into a sandbox.

D.

Remote wipe the device using the MDM platform.

Buy Now
Questions 115

Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?

Options:

A.

Software as a service

B.

Infrastructure as code

C.

Internet of Things

D.

Software-defined networking

Buy Now
Questions 116

Which of the following data states applies to data that is being actively processed by a database server?

Options:

A.

In use

B.

At rest

C.

In transit

D.

Being hashed

Buy Now
Questions 117

An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software. Which of the following security techniques is the IT manager setting up?

Options:

A.

Hardening

B.

Employee monitoring

C.

Configuration enforcement

D.

Least privilege

Buy Now
Questions 118

Which of the following are the best security controls for controlling on-premises access? (Select two.)

Options:

A.

Swipe card

B.

Picture ID

C.

Phone authentication application

D.

Biometric scanner

E.

Camera

F.

Memorable

Buy Now
Questions 119

Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?

Options:

A.

To track the status of patch installations

B.

To find shadow IT cloud deployments

C.

To continuously monitor hardware inventory

D.

To hunt for active attackers in the network

Buy Now
Questions 120

A systems administrator just purchased multiple network devices. Which of the following should the systems administrator perform to prevent attackers from accessing the devices by using publicly available information?

Options:

A.

Install endpoint protection

B.

Disable ports/protocols

C.

Change default passwords

D.

Remove unnecessary software

Buy Now
Questions 121

Which of the following is a preventive physical security control?

Options:

A.

Video surveillance system

B.

Bollards

C.

Alarm system

D.

Motion sensors

Buy Now
Questions 122

Security controls in a data center are being reviewed to ensure data is properly protected and that human life considerations are included. Which of the following best describes how the controls should be set up?

Options:

A.

Remote access points should fail closed.

B.

Logging controls should fail open.

C.

Safety controls should fail open.

D.

Logical security controls should fail closed.

Buy Now
Questions 123

Which of the following is the best way to provide secure remote access for employees while minimizing the exposure of a company's internal network?

Options:

A.

VPN

B.

LDAP

C.

FTP

D.

RADIUS

Buy Now
Questions 124

A company wants to ensure employees are allowed to copy files from a virtual desktop during the workday but are restricted during non-working hours. Which of the following security measures should the company set up?

Options:

A.

Digital rights management

B.

Role-based access control

C.

Time-based access control

D.

Network access control

Buy Now
Questions 125

An organization would like to calculate the time needed to resolve a hardware issue with a server. Which of the following risk management processes describes this example?

Options:

A.

Recovery point objective

B.

Mean time between failures

C.

Recovery time objective

D.

Mean time to repair  

Buy Now
Questions 126

Which of the following is the best reason to complete an audit in a banking environment?

Options:

A.

Regulatory requirement

B.

Organizational change

C.

Self-assessment requirement

D.

Service-level requirement

Buy Now
Questions 127

Which of the following topics would most likely be included within an organization's SDLC?

Options:

A.

Service-level agreements

B.

Information security policy

C.

Penetration testing methodology

D.

Branch protection requirements

Buy Now
Questions 128

A small business uses kiosks on the sales floor to display product information for customers. A security team discovers the kiosks use end-of-life operating systems. Which of the following is the security team most likely to document as a security implication of the current architecture?

Options:

A.

Patch availability

B.

Product software compatibility

C.

Ease of recovery

D.

Cost of replacement

Buy Now
Questions 129

A security analyst is reviewing the following logs:

SY0-701 Question 129

Which of the following attacks is most likely occurring?

Options:

A.

Password spraying

B.

Account forgery

C.

Pass-t he-hash

D.

Brute-force

Buy Now
Questions 130

An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of .ryk. Which of the following types of infections is present on the systems?

Options:

A.

Virus

B.

Trojan

C.

Spyware

D.

Ransomware

Buy Now
Questions 131

An organization has learned that its data is being exchanged on the dark web. The CIO

has requested that you investigate and implement the most secure solution to protect employee accounts.

INSTRUCTIONS

Review the data to identify weak security practices and provide the most appropriate

security solution to meet the CIO's requirements.

SY0-701 Question 131

Options:

Buy Now
Questions 132

An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is the best for this scenario?

Options:

A.

Real-time recovery

B.

Hot

C.

Cold

D.

Warm

Buy Now
Questions 133

During a recent log review, an analyst discovers evidence of successful injection attacks. Which of the following will best address this issue?

Options:

A.

Authentication

B.

Secure cookies

C.

Static code analysis

D.

Input validation

Buy Now
Questions 134

An employee receives a text message from an unknown number claiming to be the company's Chief Executive Officer and asking the employee to purchase several gift cards. Which of the following types of attacks does this describe?

Options:

A.

Vishing

B.

Smishing

C.

Pretexting

D.

Phishing

Buy Now
Questions 135

Which of the following should a security team do first before a new web server goes live?

Options:

A.

Harden the virtual host.

B.

Create WAF rules.

C.

Enable network intrusion detection.

D.

Apply patch management

Buy Now
Questions 136

A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?

Options:

A.

Private

B.

Critical

C.

Sensitive

D.

Public

Buy Now
Questions 137

A bank insists all of its vendors must prevent data loss on stolen laptops. Which of the following strategies is the bank requiring?

Options:

A.

Encryption at rest

B.

Masking

C.

Data classification

D.

Permission restrictions

Buy Now
Questions 138

A security analyst created a fake account and saved the password in a non-readily accessible directory in a spreadsheet. An alert was also configured to notify the security team if the spreadsheet is opened. Which of the following best describes the deception method being deployed?

Options:

A.

Honeypot

B.

Honey account

C.

Honeytoken

D.

Honeynet

Buy Now
Questions 139

Which of the following are cases in which an engineer should recommend the decommissioning of a network device? (Select two).

Options:

A.

The device has been moved from a production environment to a test environment.

B.

The device is configured to use cleartext passwords.

C.

The device is moved to an isolated segment on the enterprise network.

D.

The device is moved to a different location in the enterprise.

E.

The device's encryption level cannot meet organizational standards.

F.

The device is unable to receive authorized updates.

Buy Now
Questions 140

A university employee logged on to the academic server and attempted to guess the system administrators' log-in credentials. Which of the following security measures should the university have implemented to detect the employee's attempts to gain access to the administrators' accounts?

Options:

A.

Two-factor authentication

B.

Firewall

C.

Intrusion prevention system

D.

User activity logs

Buy Now
Questions 141

Which of the following enables the use of an input field to run commands that can view or manipulate data?

Options:

A.

Cross-site scripting

B.

Side loading

C.

Buffer overflow

D.

SQL injection

Buy Now
Questions 142

A security analyst learns that an attack vector, which was used as a part of a recent incident, was a well-known IoT device exploit. The analyst needs to review logs to identify the time of initial exploit. Which of the following logs should the analyst review first?

Options:

A.

Wireless access point

B.

Switch

C.

Firewall

D.

NAC

Buy Now
Questions 143

Which of the following can be used to compromise a system that is running an RTOS?

Options:

A.

Cross-site scripting

B.

Memory injection

C.

Replay attack

D.

Ransomware

Buy Now
Questions 144

Which of the following security concepts is accomplished with the installation of a RADIUS server?

Options:

A.

CIA

B.

AA

C.

ACL

D.

PEM

Buy Now
Questions 145

A systems administrate wants to implement a backup solution. the solution needs to allow recovery of the entire system, including the operating system, in case of a disaster. Which of the following backup types should the administrator consider?

Options:

A.

Incremental

B.

Storage area network

C.

Differential

D.

Image

Buy Now
Questions 146

A security analyst receives an alert that there was an attempt to download known malware. Which of the following actions would allow the best chance to analyze the malware?

Options:

A.

Review the IPS logs and determine which command-and-control IPs were blocked.

B.

Analyze application logs to see how the malware attempted to maintain persistence.

C.

Run vulnerability scans to check for systems and applications that are vulnerable to the malware.

D.

Obtain and execute the malware in a sandbox environment and perform packet captures.

Buy Now
Questions 147

While troubleshooting a firewall configuration, a technician determines that a “deny any” policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable.

Which of the following actions would prevent this issue?

Options:

A.

Documenting the new policy in a change request and submitting the request to change management

B.

Testing the policy in a non-production environment before enabling the policy in the production network

C.

Disabling any intrusion prevention signatures on the 'deny any* policy prior to enabling the new policy

D.

Including an 'allow any1 policy above the 'deny any* policy

Buy Now
Questions 148

A systems administrator is changing the password policy within an enterprise environment and wants this update implemented on all systems as quickly as possible. Which of the following operating system security measures will the administrator most likely use?

Options:

A.

Deploying PowerShell scripts

B.

Pushing GPO update

C.

Enabling PAP

D.

Updating EDR profiles

Buy Now
Questions 149

Which of the following would be most useful in determining whether the long-term cost to transfer a risk is less than the impact of the risk?

Options:

A.

ARO

B.

RTO

C.

RPO

D.

ALE

E.

SLE

Buy Now
Questions 150

A company has yearly engagements with a service provider. The general terms and conditions are the same for all engagements. The company wants to simplify the process and revisit the general terms every three years. Which of the following documents would provide the best way to set the general terms?

Options:

A.

MSA

B.

NDA

C.

MOU

D.

SLA

Buy Now
Questions 151

Which of the following is a common source of unintentional corporate credential leakage in cloud environments?

Options:

A.

Code repositories

B.

Dark web

C.

Threat feeds

D.

State actors

E.

Vulnerability databases

Buy Now
Questions 152

An organization is adopting cloud services at a rapid pace and now has multiple SaaS applications in use. Each application has a separate log-in. so the security team wants to reduce the number of credentials each employee must maintain. Which of the following is the first step the security team should take?

Options:

A.

Enable SAML

B.

Create OAuth tokens.

C.

Use password vaulting.

D.

Select an IdP

Buy Now
Questions 153

A company evaluates several options that would allow employees to have remote access to the network. The security team wants to ensure the solution includes AAA to comply with internal security policies. Which of the following should the security team recommend?

Options:

A.

IPSec with RADIUS

B.

RDP connection with LDAPS

C.

Web proxy for all remote traffic

D.

Jump server with 802.1X

Buy Now
Questions 154

Which of the following activities is included in the post-incident review phase?

Options:

A.

Determining the root cause of the incident

B.

Developing steps to mitigate the risks of the incident

C.

Validating the accuracy of the evidence collected during the investigation

D.

Reestablishing the compromised system's configuration and settings

Buy Now
Questions 155

A security analyst scans a company's public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend?

Options:

A.

Changing the remote desktop port to a non-standard number

B.

Setting up a VPN and placing the jump server inside the firewall

C.

Using a proxy for web connections from the remote desktop server

D.

Connecting the remote server to the domain and increasing the password length

Buy Now
Questions 156

Which of the following could potentially be introduced at the time of side loading?

Options:

A.

User impersonation

B.

Rootkit

C.

On-path attack

D.

Buffer overflow

Buy Now
Questions 157

A company implemented an MDM policy 10 mitigate risks after repealed instances of employees losing company-provided mobile phones. In several cases. The lost phones were used maliciously to perform social engineering attacks against other employees. Which of the following MDM features should be configured to best address this issue? (Select two).

Options:

A.

Screen locks

B.

Remote wipe

C.

Full device encryption

D.

Push notifications

E.

Application management

F.

Geolocation

Buy Now
Questions 158

An accounting clerk sent money to an attacker's bank account after receiving fraudulent instructions over the phone to use a new account. Which of the following would most likely prevent this activity in the future?

Options:

A.

Standardizing security incident reporting

B.

Executing regular phishing campaigns

C.

Implementing insider threat detection measures

D.

Updating processes for sending wire transfers

Buy Now
Questions 159

In which of the following will unencrypted PLC management traffic most likely be found?

Options:

A.

SDN

B.

IoT

C.

VPN

D.

SCADA

Buy Now
Questions 160

The management team notices that new accounts that are set up manually do not always have correct access or permissions.

Which of the following automation techniques should a systems administrator use to streamline account creation?

Options:

A.

Guard rail script

B.

Ticketing workflow

C.

Escalation script

D.

User provisioning script

Buy Now
Questions 161

Which of the following architectures is most suitable to provide redundancy for critical business processes?

Options:

A.

Network-enabled

B.

Server-side

C.

Cloud-native

D.

Multitenant

Buy Now
Questions 162

Which of the following explains how to determine the global regulations that data is subject to regardless of the country where the data is stored?

Options:

A.

Geographic dispersion

B.

Data sovereignty

C.

Geographic restrictions

D.

Data segmentation

Buy Now
Questions 163

Which of the following would a systems administrator follow when upgrading the firmware of an organization's router?

Options:

A.

Software development life cycle

B.

Risk tolerance

C.

Certificate signing request

D.

Maintenance window

Buy Now
Questions 164

Two companies are in the process of merging. The companies need to decide how to standardize their information security programs. Which of the following would best align the security programs?

Options:

A.

Shared deployment of CIS baselines

B.

Joint cybersecurity best practices

C.

Both companies following the same CSF

D.

Assessment of controls in a vulnerability report

Buy Now
Questions 165

A systems administrator receives an alert that a company's internal file server is very slow and is only working intermittently. The systems administrator reviews the server management software and finds the following information about the server:

SY0-701 Question 165

Which of the following indicators most likely triggered this alert?

Options:

A.

Concurrent session usage

B.

Network saturation

C.

Account lockout

D.

Resource consumption

Buy Now
Questions 166

Which of the following describes the reason root cause analysis should be conducted as part of incident response?

Options:

A.

To gather loCs for the investigation

B.

To discover which systems have been affected

C.

To eradicate any trace of malware on the network

D.

To prevent future incidents of the same nature

Buy Now
Questions 167

An engineer moved to another team and is unable to access the new team's shared folders while still being able to access the shared folders from the former team. After opening a ticket, the engineer discovers that the account was never moved to the new group. Which of the following access controls is most likely causing the lack of access? 1  

Options:

A.

Role-based

B.

Discretionary

C.

Time of day

D.

Least privilege

Buy Now
Questions 168

Which of the following strategies should an organization use to efficiently manage and analyze multiple types of logs?

Options:

A.

Deploy a SIEM solution

B.

Create custom scripts to aggregate and analyze logs

C.

Implement EDR technology

D.

Install a unified threat management appliance

Buy Now
Questions 169

A cyber operations team informs a security analyst about a new tactic malicious actors are using to compromise networks.

SIEM alerts have not yet been configured. Which of the following best describes what the security analyst should do to identify this behavior?

Options:

A.

[Digital forensics

B.

E-discovery

C.

Incident response

D.

Threat hunting

Buy Now
Questions 170

A systems administrator notices that one of the systems critical for processing customer transactions is running an end-of-life operating system. Which of the following techniques would increase enterprise security?

Options:

A.

Installing HIDS on the system

B.

Placing the system in an isolated VLAN

C.

Decommissioning the system

D.

Encrypting the system's hard drive

Buy Now
Questions 171

Which of the following is the best mitigation for a zero-day vulnerability found in mission-critical production servers that must be highly available?

Options:

A.

Virtualizing and migrating to a containerized instance

B.

Removing and sandboxing to an isolated network

C.

Monitoring and implementing compensating controls

D.

Patching and redeploying to production as quickly as possible

Buy Now
Exam Code: SY0-701
Exam Name: CompTIA Security+ Exam 2025
Last Update: Jul 7, 2025
Questions: 569

PDF + Testing Engine

$72.6  $181.49

Testing Engine

$57.8  $144.49
buy now SY0-701 testing engine

PDF (Q&A)

$49.8  $124.49
buy now SY0-701 pdf