Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: clap70

SY0-701 CompTIA Security+ Exam 2025 Questions and Answers

Questions 4

A business needs a recovery site but does not require immediate failover. The business also wants to reduce the workload required to recover from an outage. Which of the following recovery sites is the best option?

Options:

A.

Hot

B.

Cold

C.

Warm

D.

Geographically dispersed

Buy Now
Questions 5

Which of the following should be used to ensure a device is inaccessible to a network-connected resource?

Options:

A.

Disablement of unused services

B.

Web application firewall

C.

Host isolation

D.

Network-based IDS

Buy Now
Questions 6

A security team is setting up a new environment for hosting the organization's on-premises software application as a cloud-based service. Which of the following should the team ensure is in place in order for the organization to follow security best practices?

Options:

A.

Visualization and isolation of resources

B.

Network segmentation

C.

Data encryption

D.

Strong authentication policies

Buy Now
Questions 7

Which of the following explains why an attacker cannot easily decrypt passwords using a rainbow table attack?

Options:

A.

Digital signatures

B.

Salting

C.

Hashing

D.

Perfect forward secrecy

Buy Now
Questions 8

Which of the following explains how to determine the global regulations that data is subject to regardless of the country where the data is stored?

Options:

A.

Geographic dispersion

B.

Data sovereignty

C.

Geographic restrictions

D.

Data segmentation

Buy Now
Questions 9

A systems administrator is working on a solution with the following requirements:

• Provide a secure zone.

• Enforce a company-wide access control policy.

• Reduce the scope of threats.

Which of the following is the systems administrator setting up?

Options:

A.

Zero Trust

B.

AAA

C.

Non-repudiation

D.

CIA

Buy Now
Questions 10

An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following social engineering techniques are being attempted? (Choose two.)

Options:

A.

Typosquatting

B.

Phishing

C.

Impersonation

D.

Vishing

E.

Smishing

F.

Misinformation

Buy Now
Questions 11

A company’s legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?

Options:

A.

Data masking

B.

Encryption

C.

Geolocation policy

D.

Data sovereignty regulation

Buy Now
Questions 12

Which of the following provides the details about the terms of a test with a third-party penetration tester?

Options:

A.

Rules of engagement

B.

Supply chain analysis

C.

Right to audit clause

D.

Due diligence

Buy Now
Questions 13

Which of the following is a reason environmental variables are a concern when reviewing potential system vulnerabilities?

Options:

A.

The contents of environmental variables could affect the scope and impact of an exploited vulnerability.

B.

In-memory environmental variable values can be overwritten and used by attackers to insert malicious code.

C.

Environmental variables define cryptographic standards for the system and could create vulnerabilities if deprecated algorithms are used.

D.

Environmental variables will determine when updates are run and could mitigate the likelihood of vulnerability exploitation.

Buy Now
Questions 14

Which of the following would be the best ways to ensure only authorized personnel can access a secure facility? (Select two).

Options:

A.

Fencing

B.

Video surveillance

C.

Badge access

D.

Access control vestibule

E.

Sign-in sheet

F.

Sensor

Buy Now
Questions 15

Which of the following vulnerabilities is exploited when an attacker overwrites a register with a malicious address?

Options:

A.

VM escape

B.

SQL injection

C.

Buffer overflow

D.

Race condition

Buy Now
Questions 16

In a rush to meet an end-of-year business goal, the IT department was told to implement a new business application. The security engineer reviews the attributes of the application and decides the time needed to perform due diligence is insufficient from a cybersecurity perspective. Which of the following best describes the security engineer's response?

Options:

A.

Risk tolerance

B.

Risk acceptance

C.

Risk importance

D.

Risk appetite

Buy Now
Questions 17

An administrator at a small business notices an increase in support calls from employees who receive a blocked page message after trying to navigate to a spoofed website. Which of the following should the administrator do?

Options:

A.

Deploy multifactor authentication.

B.

Decrease the level of the web filter settings

C.

Implement security awareness training.

D.

Update the acceptable use policy

Buy Now
Questions 18

A company’s web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?

Options:

A.

encryption=off\

B.

http://

C.

www.*.com

D.

:443

Buy Now
Questions 19

An administrator must replace an expired SSL certificate. Which of the following does the administrator need to create the new SSL certificate?

Options:

A.

CSR

B.

OCSP

C.

Key

D.

CRL

Buy Now
Questions 20

A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?

Options:

A.

Private

B.

Critical

C.

Sensitive

D.

Public

Buy Now
Questions 21

An organization wants to improve the company's security authentication method for remote employees. Given the following requirements:

• Must work across SaaS and internal network applications

• Must be device manufacturer agnostic

• Must have offline capabilities

Which of the following would be the most appropriate authentication method?

Options:

A.

Username and password

B.

Biometrics

C.

SMS verification

D.

Time-based tokens

Buy Now
Questions 22

During an investigation, an incident response team attempts to understand the source of an incident. Which of the following incident response activities describes this process?

Options:

A.

Analysis

B.

Lessons learned

C.

Detection

D.

Containment

Buy Now
Questions 23

When trying to access an internal website, an employee reports that a prompt displays, stating that the site is insecure. Which of the following certificate types is the site most likely using?

Options:

A.

Wildcard

B.

Root of trust

C.

Third-party

D.

Self-signed

Buy Now
Questions 24

Which of the following allows a systems administrator to tune permissions for a file?

Options:

A.

Patching

B.

Access control list

C.

Configuration enforcement

D.

Least privilege

Buy Now
Questions 25

A company is considering an expansion of access controls for an application that contractors and internal employees use to reduce costs. Which of the following risk elements should the implementation team understand before granting access to the application?

Options:

A.

Threshold

B.

Appetite

C.

Tolerance

D.

Register

Buy Now
Questions 26

Which of the following must be considered when designing a high-availability network? (Choose two).

Options:

A.

Ease of recovery

B.

Ability to patch

C.

Physical isolation

D.

Responsiveness

E.

Attack surface

F.

Extensible authentication

Buy Now
Questions 27

A vendor needs to remotely and securely transfer files from one server to another using the command line. Which of the following protocols should be Implemented to allow for this type of access? (Select two).

Options:

A.

SSH

B.

SNMP

C.

RDP

D.

S/MIME

E.

SMTP

F.

SFTP

Buy Now
Questions 28

Client files can only be accessed by employees who need to know the information and have specified roles in the company. Which of the following best describes this security concept?

Options:

A.

Availability

B.

Confidentiality

C.

Integrity

D.

Non-repudiation

Buy Now
Questions 29

A company is aware of a given security risk related to a specific market segment. The business chooses not to accept responsibility and target their services to a different market segment. Which of the following describes this risk management strategy?

Options:

A.

Exemption

B.

Exception

C.

Avoid

D.

Transfer

Buy Now
Questions 30

Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?

Options:

A.

To track the status of patch installations

B.

To find shadow IT cloud deployments

C.

To continuously monitor hardware inventory

D.

To hunt for active attackers in the network

Buy Now
Questions 31

Which of the following considerations is the most important for an organization to evaluate as it establishes and maintains a data privacy program?

Options:

A.

Reporting structure for the data privacy officer

B.

Request process for data subject access

C.

Role as controller or processor

D.

Physical location of the company

Buy Now
Questions 32

A Chief Information Security Officer wants to monitor the company's servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?

Options:

A.

Logging all NetFlow traffic into a SIEM

B.

Deploying network traffic sensors on the same subnet as the servers

C.

Logging endpoint and OS-specific security logs

D.

Enabling full packet capture for traffic entering and exiting the servers

Buy Now
Questions 33

Which of the following types of identification methods can be performed on a deployed application during runtime?

Options:

A.

Dynamic analysis

B.

Code review

C.

Package monitoring

D.

Bug bounty

Buy Now
Questions 34

Which of the following security concepts is accomplished with the installation of a RADIUS server?

Options:

A.

CIA

B.

AA

C.

ACL

D.

PEM

Buy Now
Questions 35

While investigating a possible incident, a security analyst discovers the following log entries:

67.118.34.157 ----- [28/Jul/2022:10:26:59 -0300] "GET /query.php?q-wireless%20headphones / HTTP/1.0" 200 12737

132.18.222.103 ----[28/Jul/2022:10:27:10 -0300] "GET /query.php?q=123 INSERT INTO users VALUES('temp', 'pass123')# / HTTP/1.0" 200 935

12.45.101.121 ----- [28/Jul/2022:10:27:22 -0300] "GET /query.php?q=mp3%20players I HTTP/1.0" 200 14650

Which of the following should the analyst do first?

Options:

A.

Implement a WAF

B.

Disable the query .php script

C.

Block brute-force attempts on temporary users

D.

Check the users table for new accounts

Buy Now
Questions 36

A company is developing a critical system for the government and storing project information on a fileshare. Which of the following describes how this data will most likely be classified? (Select two).

Options:

A.

Private

B.

Confidential

C.

Public

D.

Operational

E.

Urgent

F.

Restricted

Buy Now
Questions 37

An organization is implementing a COPE mobile device management policy. Which of the following should the organization include in the COPE policy? (Select two).

Options:

A.

Remote wiping of the device

B.

Data encryption

C.

Requiring passwords with eight characters

D.

Data usage caps

E.

Employee data ownership

F.

Personal application store access

Buy Now
Questions 38

The Cruel Information Security Officer (CISO) asks a security analyst to install an OS update to a production VM that has a 99% uptime SLA. The CISO tells me analyst the installation must be done as quickly as possible. Which of the following courses of action should the security analyst take first?

Options:

A.

Log in to the server and perform a health check on the VM.

B.

Install the patch Immediately.

C.

Confirm that the backup service is running.

D.

Take a snapshot of the VM.

Buy Now
Questions 39

The Chief Information Security Officer wants to put security measures in place to protect PlI. The organization needs to use its existing labeling and classification system to accomplish this goal. Which of the following would most likely be configured to meet the requirements?

Options:

A.

Tokenization

B.

S/MIME

C.

DLP

D.

MFA

Buy Now
Questions 40

Which of the following allows an exploit to go undetected by the operating system?

Options:

A.

Firmware vulnerabilities

B.

Side loading

C.

Memory injection

D.

Encrypted payloads

Buy Now
Questions 41

Which of the following is a common data removal option for companies that want to wipe sensitive data from hard drives in a repeatable manner but allow the hard drives to be reused?

Options:

A.

Sanitization

B.

Formatting

C.

Degaussing

D.

Defragmentation

Buy Now
Questions 42

Which of the following agreement types defines the time frame in which a vendor needs to respond?

Options:

A.

SOW

B.

SLA

C.

MOA

D.

MOU

Buy Now
Questions 43

Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.

INSTRUCTIONS

Not all attacks and remediation actions will be used.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Buy Now
Questions 44

A security analyst is evaluating a SaaS application that the human resources department would like to implement. The analyst requests a SOC 2 report from the SaaS vendor. Which of the following processes is the analyst most likely conducting?

Options:

A.

Internal audit

B.

Penetration testing

C.

Attestation

D.

Due diligence

Buy Now
Questions 45

Which of the following is the stage in an investigation when forensic images are obtained?

Options:

A.

Acquisition

B.

Preservation

C.

Reporting

D.

E-discovery

Buy Now
Questions 46

Which of the following should a security administrator adhere to when setting up a new set of firewall rules?

Options:

A.

Disaster recovery plan

B.

Incident response procedure

C.

Business continuity plan

D.

Change management procedure

Buy Now
Questions 47

Which of the following would a security administrator use to comply with a secure baseline during a patch update?

Options:

A.

Information security policy

B.

Service-level expectations

C.

Standard operating procedure

D.

Test result report

Buy Now
Questions 48

Various company stakeholders meet to discuss roles and responsibilities in the event of a security breach affecting offshore offices. Which of the following is this an example of?

Options:

A.

Tabletop exercise

B.

Penetration test

C.

Geographic dispersion

D.

Incident response

Buy Now
Questions 49

A company implemented an MDM policy 10 mitigate risks after repealed instances of employees losing company-provided mobile phones. In several cases. The lost phones were used maliciously to perform social engineering attacks against other employees. Which of the following MDM features should be configured to best address this issue? (Select two).

Options:

A.

Screen locks

B.

Remote wipe

C.

Full device encryption

D.

Push notifications

E.

Application management

F.

Geolocation

Buy Now
Questions 50

A systems administrator receives an alert that a company's internal file server is very slow and is only working intermittently. The systems administrator reviews the server management software and finds the following information about the server:

Which of the following indicators most likely triggered this alert?

Options:

A.

Concurrent session usage

B.

Network saturation

C.

Account lockout

D.

Resource consumption

Buy Now
Questions 51

A security analyst is creating base for the server team to follow when hardening new devices for deployment. Which of the following beet describes what the analyst is creating?

Options:

A.

Change management procedure

B.

Information security policy

C.

Cybersecurity framework

D.

Secure configuration guide

Buy Now
Questions 52

Which of the following is best used to detect fraud by assigning employees to different roles?

Options:

A.

Least privilege

B.

Mandatory vacation

C.

Separation of duties

D.

Job rotation

Buy Now
Questions 53

A user would like to install software and features that are not available with a smartphone's default software. Which of the following would allow the user to install unauthorized software and enable new features?

Options:

A.

SOU

B.

Cross-site scripting

C.

Jailbreaking

D.

Side loading

Buy Now
Questions 54

Which of the following strategies should an organization use to efficiently manage and analyze multiple types of logs?

Options:

A.

Deploy a SIEM solution

B.

Create custom scripts to aggregate and analyze logs

C.

Implement EDR technology

D.

Install a unified threat management appliance

Buy Now
Questions 55

A database administrator is updating the company's SQL database, which stores credit card information for pending purchases. Which of the following is the best method to secure the data against a potential breach?

Options:

A.

Hashing

B.

Obfuscation

C.

Tokenization

D.

Masking

Buy Now
Questions 56

A systems administrator notices that the research and development department is not using the company VPN when accessing various company-related services and systems. Which of the following scenarios describes this activity?

Options:

A.

Espionage

B.

Data exfiltration

C.

Nation-state attack

D.

Shadow IT

Buy Now
Questions 57

An organization is evaluating new regulatory requirements associated with the implementation of corrective controls on a group of interconnected financial systems. Which of the following is the most likely reason for the new requirement?

Options:

A.

To defend against insider threats altering banking details

B.

To ensure that errors are not passed to other systems

C.

To allow for business insurance to be purchased

D.

To prevent unauthorized changes to financial data

Buy Now
Questions 58

Which of the following is the most effective way to protect an application server running software that is no longer supported from network threats?

Options:

A.

Air gap

B.

Barricade

C.

Port security

D.

Screen subnet

Buy Now
Questions 59

An IT manager is putting together a documented plan describing how the organization will keep operating in the event of a global incident. Which of the following plans is the IT manager creating?

Options:

A.

Business continuity

B.

Physical security

C.

Change management

D.

Disaster recovery

Buy Now
Questions 60

While conducting a business continuity tabletop exercise, the security team becomes concerned by potential impacts if a generator fails during failover. Which of the following is the team most likely to consider in regard to risk management activities?

Options:

A.

RPO

B.

ARO

C.

BIA

D.

MTTR

Buy Now
Questions 61

Which of the following is most likely associated with introducing vulnerabilities on a corporate network by the deployment of unapproved software?

Options:

A.

Hacktivists

B.

Script kiddies

C.

Competitors

D.

Shadow IT

Buy Now
Questions 62

A systems administrator is redesigning now devices will perform network authentication. The following requirements need to be met:

• An existing Internal certificate must be used.

• Wired and wireless networks must be supported

• Any unapproved device should be Isolated in a quarantine subnet

• Approved devices should be updated before accessing resources

Which of the following would best meet the requirements?

Options:

A.

802.IX

B.

EAP

C.

RADIUS

D.

WPA2

Buy Now
Questions 63

A security analyst developed a script to automate a trivial and repeatable task. Which of the following best describes the benefits of ensuring other team members understand how the script works?

Options:

A.

To reduce implementation cost

B.

To identify complexity

C.

To remediate technical debt

D.

To prevent a single point of failure

Buy Now
Questions 64

A security operations center determines that the malicious activity detected on a server is normal. Which of the following activities describes the act of ignoring detected activity in the future?

Options:

A.

Tuning

B.

Aggregating

C.

Quarantining

D.

Archiving

Buy Now
Questions 65

Which of the following most accurately describes the order in which a security engineer should implement secure baselines?

Options:

A.

Deploy, maintain, establish

B.

Establish, maintain, deploy

C.

Establish, deploy, maintain

D.

Deploy, establish, maintain

Buy Now
Questions 66

Which of the following is a type of vulnerability that refers to the unauthorized installation of applications on a device through means other than the official application store?

Options:

A.

Cross-site scripting

B.

Buffer overflow

C.

Jailbreaking

D.

Side loading

Buy Now
Questions 67

A company has begun labeling all laptops with asset inventory stickers and associating them with employee IDs. Which of the following security benefits do these actions provide? (Choose two.)

Options:

A.

If a security incident occurs on the device, the correct employee can be notified.

B.

The security team will be able to send user awareness training to the appropriate device.

C.

Users can be mapped to their devices when configuring software MFA tokens.

D.

User-based firewall policies can be correctly targeted to the appropriate laptops.

E.

When conducting penetration testing, the security team will be able to target the desired laptops.

F.

Company data can be accounted for when the employee leaves the organization.

Buy Now
Questions 68

While reviewing logs, a security administrator identifies the following code:

Which of the following best describes the vulnerability being exploited?

Options:

A.

XSS

B.

SQLi

C.

DDoS

D.

CSRF

Buy Now
Questions 69

Which of the following steps in the risk management process involves establishing the scope and potential risks involved with a project?

Options:

A.

Risk mitigation

B.

Risk identification

C.

Risk treatment

D.

Risk monitoring and review

Buy Now
Questions 70

Which of the following is an example of memory injection?

Options:

A.

Two processes access the same variable, allowing one to cause a privilege escalation.

B.

A process receives an unexpected amount of data, which causes malicious code to be executed.

C.

Malicious code is copied to the allocated space of an already running process.

D.

An executable is overwritten on the disk, and malicious code runs the next time it is executed.

Buy Now
Questions 71

A malicious update was distributed to a common software platform and disabled services at many organizations. Which of the following best describes this type of vulnerability?

Options:

A.

DDoS attack

B.

Rogue employee

C.

Insider threat

D.

Supply chain

Buy Now
Questions 72

A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy?

Options:

A.

Enumeration

B.

Sanitization

C.

Destruction

D.

Inventory

Buy Now
Questions 73

Which of the following is a common source of unintentional corporate credential leakage in cloud environments?

Options:

A.

Code repositories

B.

Dark web

C.

Threat feeds

D.

State actors

E.

Vulnerability databases

Buy Now
Questions 74

A company is concerned about the theft of client data from decommissioned laptops. Which of the following is the most cost-effective method to decrease this risk?

Options:

A.

Wiping

B.

Recycling

C.

Shredding

D.

Deletion

Buy Now
Questions 75

Which of the following teams combines both offensive and defensive testing techniques to protect an organization's critical systems?

Options:

A.

Red

B.

Blue

C.

Purple

D.

Yellow

Buy Now
Questions 76

Which of the following is a reason why a forensic specialist would create a plan to preserve data after an modem and prioritize the sequence for performing forensic analysis?

Options:

A.

Order of volatility

B.

Preservation of event logs

C.

Chain of custody

D.

Compliance with legal hold

Buy Now
Questions 77

Which of the following incident response activities ensures evidence is properly handied?

Options:

A.

E-discovery

B.

Chain of custody

C.

Legal hold

D.

Preservation

Buy Now
Questions 78

An administrator needs to perform server hardening before deployment. Which of the following steps should the administrator take? (Select two).

Options:

A.

Disable default accounts.

B.

Add the server to the asset inventory.

C.

Remove unnecessary services.

D.

Document default passwords.

E.

Send server logs to the SIEM.

F.

Join the server to the corporate domain.

Buy Now
Questions 79

A company installed cameras and added signs to alert visitors that they are being recorded. Which of the following controls did the company implement? (Select two).

Options:

A.

Directive

B.

Deterrent

C.

Preventive

D.

Detective

E.

Corrective

F.

Technical

Buy Now
Questions 80

An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is the best for this scenario?

Options:

A.

Real-time recovery

B.

Hot

C.

Cold

D.

Warm

Buy Now
Questions 81

A financial institution would like to store its customer data m the cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution Is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would best meet the requirement?

Options:

A.

Asymmetric

B.

Symmetric

C.

Homomorphic

D.

Ephemeral

Buy Now
Questions 82

A user needs to complete training at https://comptiatraining.com. After manually entering the URL, the user sees that the accessed website is noticeably different from the standard company website. Which of the following is the most likely explanation for the difference?

Options:

A.

Cross-site scripting

B.

Pretexting

C.

Typosquatting

D.

Vishing

Buy Now
Questions 83

A systems administrate wants to implement a backup solution. the solution needs to allow recovery of the entire system, including the operating system, in case of a disaster. Which of the following backup types should the administrator consider?

Options:

A.

Incremental

B.

Storage area network

C.

Differential

D.

Image

Buy Now
Questions 84

A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO's report?

Options:

A.

Insider threat

B.

Hacktivist

C.

Nation-state

D.

Organized crime

Buy Now
Questions 85

A client asked a security company to provide a document outlining the project, the cost, and the completion time frame. Which of the following documents should the company provide to the client?

Options:

A.

MSA

B.

SLA

C.

BPA

D.

SOW

Buy Now
Questions 86

Which of the following activities is included in the post-incident review phase?

Options:

A.

Determining the root cause of the incident

B.

Developing steps to mitigate the risks of the incident

C.

Validating the accuracy of the evidence collected during the investigation

D.

Reestablishing the compromised system's configuration and settings

Buy Now
Questions 87

A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?

Options:

A.

Cross-site scripting

B.

Buffer overflow

C.

Jailbreaking

D.

Side loading

Buy Now
Questions 88

A systems administrator set up a perimeter firewall but continues to notice suspicious connections between internal endpoints. Which of the following should be set up in order to mitigate the threat posed by the suspicious activity?

Options:

A.

Host-based firewall

B.

Web application firewall

C.

Access control list

D.

Application allow list

Buy Now
Questions 89

A security manager created new documentation to use in response to various types of security incidents. Which of the following is the next step the manager should take?

Options:

A.

Set the maximum data retention policy.

B.

Securely store the documents on an air-gapped network.

C.

Review the documents' data classification policy.

D.

Conduct a tabletop exercise with the team.

Buy Now
Questions 90

An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software. Which of the following security techniques is the IT manager setting up?

Options:

A.

Hardening

B.

Employee monitoring

C.

Configuration enforcement

D.

Least privilege

Buy Now
Questions 91

A company is required to use certified hardware when building networks. Which of the following best addresses the risks associated with procuring counterfeit hardware?

Options:

A.

A thorough analysis of the supply chain

B.

A legally enforceable corporate acquisition policy

C.

A right to audit clause in vendor contracts and SOWs

D.

An in-depth penetration test of all suppliers and vendors

Buy Now
Questions 92

A bank set up a new server that contains customers' Pll. Which of the following should the bank use to make sure the sensitive data is not modified?

Options:

A.

Full disk encryption

B.

Network access control

C.

File integrity monitoring

D.

User behavior analytics

Buy Now
Questions 93

A company is currently utilizing usernames and passwords, and it wants to integrate an MFA method that is seamless, can Integrate easily into a user's workflow, and can utilize employee-owned devices. Which of the following will meet these requirements?

Options:

A.

Push notifications

B.

Phone call

C.

Smart card

D.

Offline backup codes

Buy Now
Questions 94

Which of the following is a type of vulnerability that involves inserting scripts into web-based applications in order to take control of the client's web browser?

Options:

A.

SQL injection

B.

Cross-site scripting

C.

Zero-day exploit

D.

On-path attack

Buy Now
Questions 95

An administrator has identified and fingerprinted specific files that will generate an alert if an attempt is made to email these files outside of the organization. Which of the following best describes the tool the administrator is using?

Options:

A.

DLP

B.

SNMP traps

C.

SCAP

D.

IPS

Buy Now
Questions 96

Several customers want an organization to verify its security controls are operating effectively and have requested an independent opinion. Which of the following is the most efficient way to address these requests?

Options:

A.

Hire a vendor to perform a penetration test.

B.

Perform an annual self-assessment.

C.

Allow each client the right to audit.

D.

Provide a third-party attestation report.

Buy Now
Questions 97

A company has a website in a server cluster. One server is experiencing very high usage, while others are nearly unused. Which of the following should the company configure to help distribute traffic quickly?

Options:

A.

Server multiprocessing

B.

Warm site

C.

Load balancer

D.

Proxy server

Buy Now
Questions 98

Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?

Options:

A.

To track the status of patching installations

B.

To find shadow IT cloud deployments

C.

To continuously the monitor hardware inventory

D.

To hunt for active attackers in the network

Buy Now
Questions 99

A software developer would like to ensure. The source code cannot be reverse engineered or debugged. Which of the following should the developer consider?

Options:

A.

Version control

B.

Obfuscation toolkit

C.

Code reuse

D.

Continuous integration

E.

Stored procedures

Buy Now
Questions 100

A legal department must maintain a backup from all devices that have been shredded and recycled by a third party. Which of the following best describes this requirement?

Options:

A.

Data retention

B.

Certification

C.

Sanitation

D.

Destruction

Buy Now
Questions 101

A cybersecurity incident response team at a large company receives notification that malware is present on several corporate desktops No known Indicators of compromise have been found on the network. Which of the following should the team do first to secure the environment?

Options:

A.

Contain the Impacted hosts

B.

Add the malware to the application blocklist.

C.

Segment the core database server.

D.

Implement firewall rules to block outbound beaconing

Buy Now
Questions 102

Which of the following tasks is typically included in the BIA process?

Options:

A.

Estimating the recovery time of systems

B.

Identifying the communication strategy

C.

Evaluating the risk management plan

D.

Establishing the backup and recovery procedures

E.

Developing the incident response plan

Buy Now
Questions 103

A company wants to reduce the time and expense associated with code deployment. Which of the following technologies should the company utilize?

Options:

A.

Serverless architecture

B.

Thin clients

C.

Private cloud

D.

Virtual machines

Buy Now
Questions 104

Which of the following Is a common, passive reconnaissance technique employed by penetration testers in the early phases of an engagement?

Options:

A.

Open-source intelligence

B.

Port scanning

C.

Pivoting

D.

Exploit validation

Buy Now
Questions 105

Several employees received a fraudulent text message from someone claiming to be the Chief Executive Officer (CEO). The message stated:

“I’m in an airport right now with no access to email. I need you to buy gift cards for employee recognition awards. Please send the gift cards to following email address.”

Which of the following are the best responses to this situation? (Choose two).

Options:

A.

Cancel current employee recognition gift cards.

B.

Add a smishing exercise to the annual company training.

C.

Issue a general email warning to the company.

D.

Have the CEO change phone numbers.

E.

Conduct a forensic investigation on the CEO's phone.

F.

Implement mobile device management.

Buy Now
Questions 106

A cyber operations team informs a security analyst about a new tactic malicious actors are using to compromise networks.

SIEM alerts have not yet been configured. Which of the following best describes what the security analyst should do to identify this behavior?

Options:

A.

[Digital forensics

B.

E-discovery

C.

Incident response

D.

Threat hunting

Buy Now
Questions 107

Which of the following are cases in which an engineer should recommend the decommissioning of a network device? (Select two).

Options:

A.

The device has been moved from a production environment to a test environment.

B.

The device is configured to use cleartext passwords.

C.

The device is moved to an isolated segment on the enterprise network.

D.

The device is moved to a different location in the enterprise.

E.

The device's encryption level cannot meet organizational standards.

F.

The device is unable to receive authorized updates.

Buy Now
Questions 108

A systems administrator is looking for a low-cost application-hosting solution that is cloud-based. Which of the following meets these requirements?

Options:

A.

Serverless framework

B.

Type 1 hvpervisor

C.

SD-WAN

D.

SDN

Buy Now
Questions 109

An analyst is reviewing an incident in which a user clicked on a link in a phishing email. Which of the following log sources would the analyst utilize to determine whether the connection was successful?

Options:

A.

Network

B.

System

C.

Application

D.

Authentication

Buy Now
Questions 110

An organization recently updated its security policy to include the following statement:

Regular expressions are included in source code to remove special characters such as $, |, ;. &, `, and ? from variables set by forms in a web application.

Which of the following best explains the security technique the organization adopted by making this addition to the policy?

Options:

A.

Identify embedded keys

B.

Code debugging

C.

Input validation

D.

Static code analysis

Buy Now
Questions 111

An administrator discovers that some files on a database server were recently encrypted. The administrator sees from the security logs that the data was last accessed by a domain user. Which of the following best describes the type of attack that occurred?

Options:

A.

Insider threat

B.

Social engineering

C.

Watering-hole

D.

Unauthorized attacker

Buy Now
Questions 112

A visitor plugs a laptop into a network jack in the lobby and is able to connect to the company's network. Which of the following should be configured on the existing network infrastructure to best prevent this activity?

Options:

A.

Port security

B.

Web application firewall

C.

Transport layer security

D.

Virtual private network

Buy Now
Questions 113

An organization has recently decided to implement SSO. The requirements are to leverage access tokens and focus on application authorization rather than user authentication. Which of the following solutions would the engineering team most likely configure?

Options:

A.

LDAP

B.

Federation

C.

SAML

D.

OAuth

Buy Now
Questions 114

Which of the following environments utilizes a subset of customer data and is most likely to be used to assess the impacts of major system upgrades and demonstrate system features?

Options:

A.

Development

B.

Test

C.

Production

D.

Staging

Buy Now
Questions 115

A company is working with a vendor to perform a penetration test Which of the following includes an estimate about the number of hours required to complete the engagement?

Options:

A.

SOW

B.

BPA

C.

SLA

D.

NDA

Buy Now
Questions 116

Which of the following is the main consideration when a legacy system that is a critical part of a company's infrastructure cannot be replaced?

Options:

A.

Resource provisioning

B.

Cost

C.

Single point of failure

D.

Complexity

Buy Now
Questions 117

A company with a high-availability website is looking to harden its controls at any cost. The company wants to ensure that the site is secure by finding any possible issues. Which of the following would most likely achieve this goal?

Options:

A.

Permission restrictions

B.

Bug bounty program

C.

Vulnerability scan

D.

Reconnaissance

Buy Now
Questions 118

Which of the following best describe why a process would require a two-person integrity security control?

Options:

A.

To Increase the chance that the activity will be completed in half of the time the process would take only one user to complete

B.

To permit two users from another department to observe the activity that is being performed by an authorized user

C.

To reduce the risk that the procedures are performed incorrectly or by an unauthorized user

D.

To allow one person to perform the activity while being recorded on the CCTV camera

Buy Now
Questions 119

A company processes and stores sensitive data on its own systems. Which of the following steps should the company take first to ensure compliance with privacy regulations?

Options:

A.

Implement access controls and encryption.

B.

Develop and provide training on data protection policies.

C.

Create incident response and disaster recovery plans.

D.

Purchase and install security software.

Buy Now
Questions 120

After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network. Which of the following is the most appropriate to disable?

Options:

A.

Console access

B.

Routing protocols

C.

VLANs

D.

Web-based administration

Buy Now
Questions 121

Which of the following best explains a concern with OS-based vulnerabilities?

Options:

A.

An exploit would give an attacker access to system functions that span multiple applications.

B.

The OS vendor's patch cycle is not frequent enough to mitigate the large number of threats.

C.

Most users trust the core operating system features and may not notice if the system has been compromised.

D.

Exploitation of an operating system vulnerability is typically easier than any other vulnerability.

Buy Now
Questions 122

Which of the following describes the understanding between a company and a client about what will be provided and the accepted time needed to provide the company with the resources?

Options:

A.

SLA

B.

MOU

C.

MOA

D.

BPA

Buy Now
Questions 123

Which of the following phases of the incident response process attempts to minimize disruption?

Options:

A.

Recovery

B.

Containment

C.

Preparation

D.

Analysis

Buy Now
Questions 124

The management team notices that new accounts that are set up manually do not always have correct access or permissions.

Which of the following automation techniques should a systems administrator use to streamline account creation?

Options:

A.

Guard rail script

B.

Ticketing workflow

C.

Escalation script

D.

User provisioning script

Buy Now
Questions 125

An administrator notices that several users are logging in from suspicious IP addresses. After speaking with the users, the administrator determines that the employees were not logging in from those IP addresses and resets the affected users’ passwords. Which of the following should the administrator implement to prevent this type of attack from succeeding in the future?

Options:

A.

Multifactor authentication

B.

Permissions assignment

C.

Access management

D.

Password complexity

Buy Now
Questions 126

Which of the following is a feature of a next-generation SIEM system?

Options:

A.

Virus signatures

B.

Automated response actions

C.

Security agent deployment

D.

Vulnerability scanning

Buy Now
Questions 127

During a penetration test, a vendor attempts to enter an unauthorized area using an access badge Which of the following types of tests does this represent?

Options:

A.

Defensive

B.

Passive

C.

Offensive

D.

Physical

Buy Now
Questions 128

A security engineer configured a remote access VPN. The remote access VPN allows end users to connect to the network by using an agent that is installed on the endpoint, which establishes an encrypted tunnel. Which of the following protocols did the engineer most likely implement?

Options:

A.

GRE

B.

IPSec

C.

SD-WAN

D.

EAP

Buy Now
Questions 129

An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?

Options:

A.

Smishing

B.

Disinformation

C.

Impersonating

D.

Whaling

Buy Now
Questions 130

Executives at a company are concerned about employees accessing systems and information about sensitive company projects unrelated to the employees' normal job duties. Which of the following enterprise security capabilities will the security team most likely deploy to detect that activity?

Options:

A.

UBA

B.

EDR

C.

NAC

D.

DLP

Buy Now
Questions 131

Which of the following would enable a data center to remain operational through a multiday power outage?

Options:

A.

Generator

B.

Uninterruptible power supply

C.

Replication

D.

Parallel processing

Buy Now
Questions 132

A systems administrator receives a text message from an unknown number claiming to be the Chief Executive Officer of the company. The message states an emergency situation requires a password reset. Which of the following threat vectors is being used?

Options:

A.

Typosquatting

B.

Smishing

C.

Pretexting

D.

Impersonation

Buy Now
Questions 133

Which of the following vulnerabilities is associated with installing software outside of a manufacturer’s approved software repository?

Options:

A.

Jailbreaking

B.

Memory injection

C.

Resource reuse

D.

Side loading

Buy Now
Questions 134

Which of the following techniques can be used to sanitize the data contained on a hard drive while allowing for the hard drive to be repurposed?

Options:

A.

Degaussing

B.

Drive shredder

C.

Retention platform

D.

Wipe tool

Buy Now
Questions 135

Which of the following should an organization use to protect its environment from external attacks conducted by an unauthorized hacker?

Options:

A.

ACL

B.

IDS

C.

HIDS

D.

NIPS

Buy Now
Questions 136

A security analyst is assessing several company firewalls. Which of the following cools would The analyst most likely use to generate custom packets to use during the assessment?

Options:

A.

hping

B.

Wireshark

C.

PowerShell

D.

netstat

Buy Now
Questions 137

Which of the following would a systems administrator follow when upgrading the firmware of an organization's router?

Options:

A.

Software development life cycle

B.

Risk tolerance

C.

Certificate signing request

D.

Maintenance window

Buy Now
Questions 138

Which of the following describes the procedures a penetration tester must follow while conducting a test?

Options:

A.

Rules of engagement

B.

Rules of acceptance

C.

Rules of understanding

D.

Rules of execution

Buy Now
Questions 139

A customer has a contract with a CSP and wants to identify which controls should be implemented in the IaaS enclave. Which of the following is most likely to contain this information?

Options:

A.

Statement of work

B.

Responsibility matrix

C.

Service-level agreement

D.

Master service agreement

Buy Now
Questions 140

An attacker submits a request containing unexpected characters in an attempt to gain unauthorized access to information within the underlying systems. Which of the following best describes this attack?

Options:

A.

Side loading

B.

Target of evaluation

C.

Resource reuse

D.

SQL injection

Buy Now
Questions 141

A company is planning a disaster recovery site and needs to ensure that a single natural disaster would not result in the complete loss of regulated backup data. Which of the following should the company consider?

Options:

A.

Geographic dispersion

B.

Platform diversity

C.

Hot site

D.

Load balancing

Buy Now
Questions 142

A new security regulation was announced that will take effect in the coming year. A company must comply with it to remain in business. Which of the following activities should the company perform next?

Options:

A.

Gap analysis

B.

Policy review

C.

Security procedure evaluation

D.

Threat scope reduction

Buy Now
Questions 143

Which of the following threat actors would most likely deface the website of a high-profile music group?

Options:

A.

Unskilled attacker

B.

Organized crime

C.

Nation-state

D.

Insider threat

Buy Now
Questions 144

A company is utilizing an offshore team to help support the finance department. The company wants to keep the data secure by keeping it on a company device but does not want to provide equipment to the offshore team. Which of the following should the company implement to meet this requirement?

Options:

A.

VDI

B.

MDM

C.

VPN

D.

VPC

Buy Now
Exam Code: SY0-701
Exam Name: CompTIA Security+ Exam 2025
Last Update: Apr 1, 2025
Questions: 502
SY0-701 pdf

SY0-701 PDF

$25.5  $84.99
SY0-701 Engine

SY0-701 Testing Engine

$30  $99.99
SY0-701 PDF + Engine

SY0-701 PDF + Testing Engine

$40.5  $134.99