Summer Certification Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

SY0-701 CompTIA Security+ Exam 2026 Questions and Answers

Questions 4

Sine© a recent upgrade (o a WLAN infrastructure, several mobile users have been unable to access the internet from the lobby. The networking team performs a heat map survey of the building and finds several WAPs in the area. The WAPs are using similar frequencies with high power settings. Which of the following installation considerations should the security team evaluate next?

Options:

A.

Channel overlap

B.

Encryption type

C.

New WLAN deployment

D.

WAP placement

Buy Now
Questions 5

A security analyst wants to automate a task that shares data between systems. Which of the following is the best option for the analyst to use?

Options:

A.

SOAR

B.

API

C.

SFTP

D.

RDP

Buy Now
Questions 6

Which of the following cryptographic solutions protects data at rest?

Options:

A.

Digital signatures

B.

Full disk encryption

C.

Private key

D.

Steganography

Buy Now
Questions 7

To which of the following security categories does an EDR solution belong?

Options:

A.

Physical

B.

Operational

C.

Managerial

D.

Technical

Buy Now
Questions 8

A Chief Information Security Officer (CISO) implements a new policy that users can no longer access fantasy sports sites while at work. The CISO wants to implement a solution that can adapt to new sites coming online and not have to constantly determine which sites are related to fantasy sports. Which of the following is the best capability for the CISO to leverage?

Options:

A.

IPS

B.

URL scanning

C.

Content categorization

D.

Static denial list

E.

DLP

Buy Now
Questions 9

Which of the following is most likely to be used as a just-in-time reference document within a security operations center?

Options:

A.

Change management policy

B.

Risk profile

C.

Playbook

D.

SIEM profile

Buy Now
Questions 10

Which of the following factors are the most important to address when formulating a training curriculum plan for a security awareness program? (Select two).

Options:

A.

Channels by which the organization communicates with customers

B.

The reporting mechanisms for ethics violations

C.

Threat vectors based on the industry in which the organization operates

D.

Secure software development training for all personnel

E.

Cadence and duration of training events

F.

Retraining requirements for individuals who fail phishing simulations

Buy Now
Questions 11

A company needs to determine whether authentication weaknesses in a customer-facing web application exist. Which of the following is the best technique to use?

Options:

A.

Static analysis

B.

Packet capture

C.

Agent-based scanning

D.

Dynamic analysis

E.

Network-based scanning

Buy Now
Questions 12

As part of new compliance audit requirements, multiple servers need to be segmented on different networks and should be reachable only from authorized internal systems. Which of the following would meet the requirements?

Options:

A.

Configure firewall rules to block external access to Internal resources.

B.

Set up a WAP to allow internal access from public networks.

C.

Implement a new IPSec tunnel from internal resources.

D.

Deploy an Internal Jump server to access resources.

Buy Now
Questions 13

A company uses its backups to recover from a ransomware attack. Which of the following best guarantees that the backups are not infected?

Options:

A.

Immutability

B.

Destruction

C.

Sanitization

D.

Retention

Buy Now
Questions 14

A security analyst is creating the first draft of a network diagram for the company ' s new customer-facing payment application that will be hosted by a third-party cloud service

provider.

Options:

Buy Now
Questions 15

An attorney prints confidential documents to a copier in an office space near multiple workstations and a reception desk. When the attorney goes to the copier to retrieve the documents, the documents are missing. Which of the following would best prevent this from reoccurring?

Options:

A.

Place the copier in the legal department.

B.

Configure DLP on the attorney ' s workstation.

C.

Set up LDAP authentication on the printer.

D.

Conduct a physical penetration test.

Buy Now
Questions 16

A systems administrator receives a text message from an unknown number claiming to be the Chief Executive Officer of the company. The message states an emergency situation requires a password reset. Which of the following threat vectors is being used?

Options:

A.

Typosquatting

B.

Smishing

C.

Pretexting

D.

Impersonation

Buy Now
Questions 17

A penetration tester is testing the security of a building’s alarm system. Which type of penetration test is being conducted?

Options:

A.

Physical

B.

Defensive

C.

Integrated

D.

Continuous

Buy Now
Questions 18

Alerts from email protection systems and MSSPs must be entered into an IT service management system and assigned to the security team. Which of the following should an organization implement to enable this functionality?

Options:

A.

Automated compliance monitoring

B.

Automated ticket creation

C.

Automated vulnerability scans

D.

Automated indicator sharing

Buy Now
Questions 19

Which of the following describes a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system?

Options:

A.

SIEM

B.

DLP

C.

IDS

D.

SNMP

Buy Now
Questions 20

While investigating a recent security breach an analyst finds that an attacker gained access by SOL infection through a company website. Which of the following should the analyst recommend to the website developers to prevent this from reoccurring?

Options:

A.

Secure cookies

B.

Input sanitization

C.

Code signing

D.

Blocklist

Buy Now
Questions 21

An organization issued new laptops to all employees and wants to provide web filtering both in and out of the office without configuring additional access to the network. Which of the following types of web filtering should a systems administrator configure?

Options:

A.

Agent-based

B.

Centralized proxy

C.

URL scanning

D.

Content categorization

Buy Now
Questions 22

Which of the following types of vulnerabilities is primarily caused by improper use and management of cryptographic certificates?

Options:

A.

Misconfiguration

B.

Resource reuse

C.

Insecure key storage

D.

Weak cipher suites

Buy Now
Questions 23

Which of the following should be used to prevent changes to system-level data?

Options:

A.

NIDS

B.

DLP

C.

NAC

Buy Now
Questions 24

Which of the following is the most likely to be included as an element of communication in a security awareness program?

Options:

A.

Reporting phishing attempts or other suspicious activities

B.

Detecting insider threats using anomalous behavior recognition

C.

Verifying information when modifying wire transfer data

D.

Performing social engineering as part of third-party penetration testing

Buy Now
Questions 25

A Chief Security Officer signs off on a request to allow inbound SMB and RDP from the internet to a single VLAN. Which of the following is the most likely explanation for this activity?

Options:

A.

The company built a new file-sharing site.

B.

The organization is preparing for a penetration test.

C.

The security team is integrating with an SASE platform.

D.

The security team created a honeynet.

Buy Now
Questions 26

Which of the following would best ensure a controlled version release of a new software application?

Options:

A.

Business continuity planning

B.

Quantified risk analysis

C.

Static code analysis

D.

Change management procedures

Buy Now
Questions 27

In order to strengthen a password and prevent a hacker from cracking it, a random string of 36 characters was added to the password. Which of the following best describes this technique?

Options:

A.

Key stretching

B.

Tokenization

C.

Data masking

D.

Salting

Buy Now
Questions 28

Which of the following best explains a core principle of a Zero Trust security model?

Options:

A.

Devices connected to the internal network are automatically trusted after initial authentication.

B.

Access to resources is granted only after strict identity verification and continuous monitoring.

C.

Security policies require multifactor authentication for remote access to sensitive data.

D.

Network access is limited by role, and access controls are reviewed on a regular schedule.

Buy Now
Questions 29

During a routine audit, an analyst discovers that a department at a high school uses a simulation program that was not properly vetted before deployment. Which of the following threats is this an example of?

Options:

Buy Now
Questions 30

A security analyst finds a rogue device during a monthly audit of current endpoint assets that are connected to the network. The corporate network utilizes 002.1X for access control. To be allowed on the network, a device must have a Known hardware address, and a valid user name and password must be entered in a captive portal. The following is the audit report:

Which of the following is the most likely way a rogue device was allowed to connect?

Options:

A.

A user performed a MAC cloning attack with a personal device.

B.

A DMCP failure caused an incorrect IP address to be distributed

C.

An administrator bypassed the security controls for testing.

D.

DNS hijacking let an attacker intercept the captive portal traffic.

Buy Now
Questions 31

The Chief Information Security Officer wants to discuss options for a disaster recovery site that allows the business to resume operations as quickly as possible. Which of the following solutions meets this requirement?

Options:

A.

Hot site

B.

Cold site

C.

Geographic dispersion

D.

Warm site

Buy Now
Questions 32

A systems administrator discovers a system that is no longer receiving support from the vendor. However, this system and its environment are critical to running the business, cannot be modified, and must stay online. Which of the following risk treatments is the most appropriate in this situation?

Options:

A.

Refect

B.

Accept

C.

Transfer

D.

Avoid

Buy Now
Questions 33

Which of the following is an example of a certificate that is generated by an internal source?

Options:

A.

Digital signature

B.

Asymmetric key

C.

Self-signed

D.

Symmetric key

Buy Now
Questions 34

An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of .ryk. Which of the following types of infections is present on the systems?

Options:

A.

Virus

B.

Trojan

C.

Spyware

D.

Ransomware

Buy Now
Questions 35

A security analyst developed a script to automate a trivial and repeatable task. Which of the following best describes the benefits of ensuring other team members understand how the script works?

Options:

A.

To reduce implementation cost

B.

To identify complexity

C.

To remediate technical debt

D.

To prevent a single point of failure

Buy Now
Questions 36

Which of the following risk management strategies should an enterprise adopt first if a legacy application is critical to business operations and there are preventative controls that are not yet implemented?

Options:

A.

Mitigate

B.

Accept

C.

Transfer

D.

Avoid

Buy Now
Questions 37

A business is expanding to a new country and must protect customers from accidental disclosure of specific national identity information. Which of the following should the security engineer update to best meet business requirements?

Options:

A.

SIEM

B.

SCAP

C.

DLP

D.

WAF

Buy Now
Questions 38

Which of the following vulnerabilities will lead to a successful attack that injects < IMG src= ' http://attackersite.net/mycode.sh ' > into a web application?

Options:

A.

Directory traversal

B.

Buffer overflow

C.

SQLi

D.

XSS

Buy Now
Questions 39

Prior to implementing a design change, the change must go through multiple steps to ensure that it does not cause any security issues. Which of the following is most likely to be one of those steps?

Options:

A.

Management review

B.

Load testing

C.

Maintenance notifications

D.

Procedure updates

Buy Now
Questions 40

Which of the following is an algorithm performed to verify that data has not been modified?

Options:

A.

Hash

B.

Code check

C.

Encryption

D.

Checksum

Buy Now
Questions 41

A security engineer needs to analyze the implications of moving proprietary company data from a local server to a public cloud storage service. Which of the following actions should the engineer take first?

Options:

A.

Create an architecture diagram of cloud storage solutions.

B.

Migrate sample data to the cloud to run security tests.

C.

Agree on data classification labels with stakeholders.

D.

Make a backup of the data on cloud-neutral storage.

Buy Now
Questions 42

A software company currently secures access using a combination of traditional username/password configurations and one-time passwords for MFA. However, employees still struggle to maintain both a password manager and the authenticator application. The company wants to migrate to a single, integrated authentication solution that is more secure and provides a smoother login experience for its employees. Which of the following solutions will best satisfy the company ' s needs?

Options:

A.

Migrating to FIDO2 passkeys, utilizing built-in device biometrics for user authentication

B.

Implementing SMS-based one-time passwords as the primary second factor for all logins

C.

Implementing SAML federation across authentication servers so employees can use SSO to access applications

D.

Deploying a PKI system that requires all employees to use smart cards for login access

Buy Now
Questions 43

Which of the following is the most likely reason a security analyst would review SIEM logs?

Options:

A.

To check for recent password reset attempts

B.

To monitor for potential DDoS attacks

C.

To assess the scope of a privacy breach

D.

To see correlations across multiple hosts

Buy Now
Questions 44

A security consultant is working with a client that wants to physically isolate its secure systems. Which of the following best describes this architecture?

Options:

A.

SDN

B.

Air gapped

C.

Containerized

D.

Highly available

Buy Now
Questions 45

Which of the following should a systems administrator use to decrease the company ' s hardware attack surface?

Options:

A.

Replication

B.

Isolation

C.

Centralization

D.

Virtualization

Buy Now
Questions 46

An administrator has configured a quarantine subnet for all guest devices that connect to the network. Which of the following would be best for the security team to configure on the MDM before allowing access to corporate resources?

Options:

A.

Device fingerprinting

B.

Compliance attestation

C.

NAC

D.

802.1X

Buy Now
Questions 47

After completing an annual external penetration test, a company receives the following guidance:

Decommission two unused web servers currently exposed to the internet.

Close 18 open and unused ports found on their existing production web servers.

Remove company email addresses and contact info from public domain registration records.

Which of the following does this represent?

Options:

A.

Attack surface reduction

B.

Vulnerability assessment

C.

Tabletop exercise

D.

Business impact analysis

Buy Now
Questions 48

While considering the organization ' s cloud-adoption strategy, the Chief Information Security Officer sets a goal to outsource patching of firmware, operating systems, and applications to the chosen cloud vendor. Which of the following best meets this goal?

Options:

A.

Community cloud

B.

PaaS

C.

Containerization

D.

Private cloud

E.

SaaS

F.

laaS

Buy Now
Questions 49

Which of the following activities is included in the post-incident review phase?

Options:

A.

Determining the root cause of the incident

B.

Developing steps to mitigate the risks of the incident

C.

Validating the accuracy of the evidence collected during the investigation

D.

Reestablishing the compromised system ' s configuration and settings

Buy Now
Questions 50

A company ' s antivirus solution is effective in blocking malware but often has false positives. The security team has spent a significant amount of time on investigations but cannot determine a root cause. The company is looking for a heuristic solution. Which of the following should replace the antivirus solution?

Options:

A.

SIEM

B.

EDR

C.

DLP

D.

IDS

Buy Now
Questions 51

A security engineer configured a remote access VPN. The remote access VPN allows end users to connect to the network by using an agent that is installed on the endpoint, which establishes an encrypted tunnel. Which of the following protocols did the engineer most likely implement?

Options:

A.

GRE

B.

IPSec

C.

SD-WAN

D.

EAP

Buy Now
Questions 52

The Chief Information Security Officer (CISO) has determined the company is non-compliant with local data privacy regulations. The CISO needs to justify the budget request for more resources. Which of the following should the CISO present to the board as the direct consequence of non-compliance?

Options:

A.

Fines

B.

Reputational damage

C.

Sanctions

D.

Contractual implications

Buy Now
Questions 53

A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?

Options:

A.

Testing input validation on the user input fields

B.

Performing code signing on company-developed software

C.

Performing static code analysis on the software

D.

Ensuring secure cookies are use

Buy Now
Questions 54

A company prepares for an upcoming regulatory audit. The company wants to perform a gap analysis in the most cost-effective way. Which of the following will help the company achieve this goal?

Options:

A.

Internal self-assessment

B.

Active reconnaissance

C.

Red team penetration test

D.

Tabletop exercise

Buy Now
Questions 55

Which of the following security concepts is accomplished with the installation of a RADIUS server?

Options:

A.

CIA

B.

AA

C.

ACL

D.

PEM

Buy Now
Questions 56

Which of the following allows a systems administrator to tune permissions for a file?

Options:

A.

Patching

B.

Access control list

C.

Configuration enforcement

D.

Least privilege

Buy Now
Questions 57

Which of the following actions would reduce the number of false positives for an analyst to manually review?

Options:

A.

Create playbooks as part of a SOAR platform

B.

Redefine the patch management process

C.

Replace an EDR tool with an XDR solution

D.

Disable AV heuristics scanning

Buy Now
Questions 58

A security administrator is addressing an issue with a legacy system that communicates data using an unencrypted protocol to transfer sensitive data to a third party. No software updates that use an encrypted protocol are available, so a compensating control is needed. Which of the following are the most appropriate for the administrator to suggest? (Select two.)

Options:

A.

Tokenization

B.

Cryptographic downgrade

C.

SSH tunneling

D.

Segmentation

E.

Patch installation

F.

Data masking

Buy Now
Questions 59

A security engineer is implementing FDE for all laptops in an organization. Which of the following are the most important for the engineer to consider as part of the planning process? (Select two).

Options:

A.

Key escrow

B.

TPM presence

C.

Digital signatures

D.

Data tokenization

E.

Public key management

F.

Certificate authority linking

Buy Now
Questions 60

Which of the following would be most useful in determining whether the long-term cost to transfer a risk is less than the impact of the risk?

Options:

A.

ARO

B.

RTO

C.

RPO

D.

ALE

E.

SLE

Buy Now
Questions 61

Which of the following should be used to ensure that a new software release has not been modified before reaching the user?

Options:

A.

Tokenization

B.

Encryption

C.

Hashing

D.

Obfuscation

Buy Now
Questions 62

Which of the following best explains the use of a policy engine in a Zero Trust environment?

Options:

A.

It is used by a central server to apply default permissions across a range of network and computing resources.

B.

It is used to make access control decisions without inheriting permission decisions from prior events.

C.

It is used to dynamically assign user permissions based on a user ' s identity and previous activity.

D.

It is used when user roles are unknown and the organization wants to leverage ML to control access.

Buy Now
Questions 63

A security analyst is creating base for the server team to follow when hardening new devices for deployment. Which of the following beet describes what the analyst is creating?

Options:

A.

Change management procedure

B.

Information security policy

C.

Cybersecurity framework

D.

Secure configuration guide

Buy Now
Questions 64

Which of the following is a reason why a forensic specialist would create a plan to preserve data after an modem and prioritize the sequence for performing forensic analysis?

Options:

A.

Order of volatility

B.

Preservation of event logs

C.

Chain of custody

D.

Compliance with legal hold

Buy Now
Questions 65

An organization experiences a suspected data breach that affects sensitive client information. The incident response team must preserve logs, server images, and email communications related to the breach. Which of the following best describes this course of action?

Options:

A.

Maintaining the chain of custody

B.

Performing root cause analysis

C.

Enforcing a legal hold

D.

Conducting a containment activity

Buy Now
Questions 66

A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of users. Which of the following would be a good use case for this task?creating a script

Options:

A.

Off-the-shelf software

B.

Orchestration

C.

Baseline

D.

Policy enforcement

Buy Now
Questions 67

Which of the following describes when a user installs an unauthorized application by bypassing the authorized application store and installing a binary file?

Options:

A.

Jailbreaking

B.

Sideloading

C.

Memory injection

D.

VM escaping

Buy Now
Questions 68

A security officer is implementing a security awareness program and is placing security-themed posters around the building and is assigning online user training. Which of the following would the security officer most likely implement?

Options:

A.

Password policy

B.

Access badges

C.

Phishing campaign

D.

Risk assessment

Buy Now
Questions 69

Which of the following is most likely associated with introducing vulnerabilities on a corporate network by the deployment of unapproved software?

Options:

A.

Hacktivists

B.

Script kiddies

C.

Competitors

D.

Shadow IT

Buy Now
Questions 70

Which of the following best protects sensitive data in transit across a geographically dispersed Infrastructure?

Options:

A.

Encryption

B.

Masking

C.

Tokenization

D.

Obfuscation

Buy Now
Questions 71

Which of the following data states applies to data that is being actively processed by a database server?

Options:

A.

In use

B.

At rest

C.

In transit

D.

Being hashed

Buy Now
Questions 72

A security administrator recently reset local passwords and the following values were recorded in the system:

Which of the following in the security administrator most likely protecting against?

Options:

A.

Account sharing

B.

Weak password complexity

C.

Pass-the-hash attacks

D.

Password compromise

Buy Now
Questions 73

A business needs a recovery site but does not require immediate failover. The business also wants to reduce the workload required to recover from an outage. Which of the following recovery sites is the best option?

Options:

A.

Hot

B.

Cold

C.

Warm

D.

Geographically dispersed

Buy Now
Questions 74

Which of the following is the first step to take when creating an anomaly detection process?

Options:

A.

Selecting events

B.

Building a baseline

C.

Selecting logging options

D.

Creating an event log

Buy Now
Questions 75

Which of the following is used to validate a certificate when it is presented to a user?

Options:

A.

OCSP

B.

CSR

C.

CA

D.

CRC

Buy Now
Questions 76

Which of the following definitions best describes the concept of log co-relation?

Options:

A.

Combining relevant logs from multiple sources into ono location

B.

Searching end processing, data to identify patterns of malicious activity

C.

Making a record of the events that occur in the system

D.

Analyzing the log files of the system components

Buy Now
Questions 77

A security practitioner completes a vulnerability assessment on a company’s network and finds several vulnerabilities, which the operations team remediates. Which of the following should be done next?

Options:

A.

Conduct an audit.

B.

Initiate a penetration test.

C.

Rescan the network.

D.

Submit a report.

Buy Now
Questions 78

An engineer needs to ensure that a script has not been modified before it is launched. Which of the following best provides this functionality?

Options:

A.

Masking

B.

Obfuscation

C.

Hashing

D.

Encryption

Buy Now
Questions 79

A security administrator is deploying a DLP solution to prevent the exfiltration of sensitive customer data. Which of the following should the administrator do first?

Options:

A.

Block access to cloud storage websites.

B.

Create a rule to block outgoing email attachments.

C.

Apply classifications to the data.

D.

Remove all user permissions from shares on the file server.

Buy Now
Questions 80

An alert references attacks associated with a zero-day exploit. An analyst places a bastion host in the network to reduce the risk of the exploit. Which of the following types of controls is the analyst implementing?

Options:

A.

Compensating

B.

Detective

C.

Operational

D.

Physical

Buy Now
Questions 81

A company wants to track modifications to the code that is used to build new virtual servers. Which of the following will the company most likely deploy?

Options:

A.

Change management ticketing system

B.

Behavioral analyzer

C.

Collaboration platform

D.

Version control tool

Buy Now
Questions 82

Which of the following strategies most effectively protects sensitive data at rest in a database?

Options:

A.

Hashing

B.

Masking

C.

Tokenization

D.

Obfuscation

Buy Now
Questions 83

An organization implemented cloud-managed IP cameras to monitor building entry points and sensitive areas. The service provider enables direct TCP/IP connection to stream live video footage from each camera. The organization wants to ensure this stream is encrypted and authenticated. Which of the following protocols should be implemented to best meet this objective?

Options:

A.

SSH

B.

SRTP

C.

S/MIME

D.

PPTP

Buy Now
Questions 84

An organization is required to provide assurance that its controls are properly designed and operating effectively. Which of the following reports will best achieve the objective?

Options:

A.

Red teaming

B.

Penetration testing

C.

Independent audit

D.

Vulnerability assessment

Buy Now
Questions 85

Which of the following cryptographic methods is preferred for securing communications with limited computing resources?

Options:

A.

Hashing algorithm

B.

Public key infrastructure

C.

Symmetric encryption

D.

Elliptic curve cryptography

Buy Now
Questions 86

Which of the following describes the reason root cause analysis should be conducted as part of incident response?

Options:

A.

To gather loCs for the investigation

B.

To discover which systems have been affected

C.

To eradicate any trace of malware on the network

D.

To prevent future incidents of the same nature

Buy Now
Questions 87

Which of the following should an internal auditor check for first when conducting an audit of the organization’s risk management program?

Options:

A.

Policies and procedures

B.

Asset management

C.

Vulnerability assessment

D.

Business impact analysis

Buy Now
Questions 88

Which of the following is the best way to remove personal data from a social media account that is no longer being used?

Options:

A.

Exercise the right to be forgotten

B.

Uninstall the social media application

C.

Perform a factory reset

D.

Terminate the social media account

Buy Now
Questions 89

Which of the following describes how a risk event might affect operations and limit the overall risk score?

Options:

A.

Severity

B.

Likelihood

C.

Impact

D.

Probability

Buy Now
Questions 90

Which of the following would be the most appropriate way to protect data in transit?

Options:

A.

SHA-256

B.

SSL 3.0

C.

TLS 1.3

D.

AES-256

Buy Now
Questions 91

An employee in the accounting department receives an email containing a demand for payment tot services performed by a vendor However, the vendor is not in the vendor management database. Which of the following in this scenario an example of?

Options:

A.

Pretexting

B.

Impersonation

C.

Ransomware

D.

Invoice scam

Buy Now
Questions 92

During a penetration test in a hypervisor, the security engineer is able to use a script to inject a malicious payload and access the host filesystem. Which of the following best describes this vulnerability?

Options:

A.

VM escape

B.

Cross-site scripting

C.

Malicious update

D.

SQL injection

Buy Now
Questions 93

A security analyst is reviewing logs to identify the destination of command-and-control traffic originating from a compromised device within the on-premises network. Which of the following is the best log to review?

Options:

A.

IDS

B.

Antivirus

C.

Firewall

D.

Application

Buy Now
Questions 94

A security analyst needs to propose a remediation plan ' or each item in a risk register. The item with the highest priority requires employees to have separate logins for SaaS solutions and different password complexity requirements for each solution. Which of the following implementation plans will most likely resolve this security issue?

Options:

A.

Creating a unified password complexity standard

B.

Integrating each SaaS solution with the Identity provider

C.

Securing access to each SaaS by using a single wildcard certificate

D.

Configuring geofencing on each SaaS solution

Buy Now
Questions 95

Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?

Options:

A.

Software as a service

B.

Infrastructure as code

C.

Internet of Things

D.

Software-defined networking

Buy Now
Questions 96

A security analyst created a fake account and saved the password in a non-readily accessible directory in a spreadsheet. An alert was also configured to notify the security team if the spreadsheet is opened. Which of the following best describes the deception method being deployed?

Options:

A.

Honeypot

B.

Honey account

C.

Honeytoken

D.

Honeynet

Buy Now
Questions 97

An administrator wants to perform a risk assessment without using proprietary company information. Which of the following methods should the administrator use to gather information?

Options:

A.

Network scanning

B.

Penetration testing

C.

Open-source intelligence

D.

Configuration auditing

Buy Now
Questions 98

An important patch for a critical application has just been released, and a systems administrator is identifying all of the systems requiring the patch. Which of the following must be maintained in order to ensure that all systems requiring the patch are updated?

Options:

A.

Asset inventory

B.

Network enumeration

C.

Data certification

D.

Procurement process

Buy Now
Questions 99

A company is considering an expansion of access controls for an application that contractors and internal employees use to reduce costs. Which of the following risk elements should the implementation team understand before granting access to the application?

Options:

A.

Threshold

B.

Appetite

C.

Avoidance

D.

Register

Buy Now
Questions 100

A bank insists all of its vendors must prevent data loss on stolen laptops. Which of the following strategies is the bank requiring?

Options:

A.

Encryption at rest

B.

Masking

C.

Data classification

D.

Permission restrictions

Buy Now
Questions 101

Which of the following is required for an organization to properly manage its restore process in the event of system failure?

Options:

A.

IRP

B.

DRP

C.

RPO

D.

SDLC

Buy Now
Questions 102

After failing an audit twice, an organization has been ordered by a government regulatory agency to pay fines. Which of the following caused this action?

Options:

A.

Non-compliance

B.

Contract violations

C.

Government sanctions

D.

Rules of engagement

Buy Now
Questions 103

A company is concerned about weather events causing damage to the server room and downtime. Which of the following should the company consider?

Options:

A.

Clustering servers

B.

Geographic dispersion

C.

Load balancers

D.

Off-site backups

Buy Now
Questions 104

An organization is leveraging a VPN between its headquarters and a branch location. Which of the following is the VPN protecting?

Options:

A.

Data in use

B.

Data in transit

C.

Geographic restrictions

D.

Data sovereignty

Buy Now
Questions 105

Which of the following can be used to mitigate attacks from high-risk regions?

Options:

A.

Obfuscation

B.

Data sovereignty

C.

IP geolocation

D.

Encryption

Buy Now
Questions 106

A security analyst locates a potentially malicious video file on a server and needs to identify both the creation date and the file ' s creator. Which of the following actions would most likely give the security analyst the information required?

Options:

A.

Obtain the file ' s SHA-256 hash.

B.

Use hexdump on the file ' s contents.

C.

Check endpoint logs.

D.

Query the file ' s metadata.

Buy Now
Questions 107

During a SQL update of a database, a temporary field used as part of the update sequence was modified by an attacker before the update completed in order to allow access to the system. Which of the following best describes this type of vulnerability?

Options:

A.

Race condition

B.

Memory injection

C.

Malicious update

D.

Side loading

Buy Now
Questions 108

Which of the following best describes the concept of information being stored outside of its country of origin while still being subject to the laws and requirements of the country of origin?

Options:

A.

Data sovereignty

B.

Geolocation

C.

Intellectual property

D.

Geographic restrictions

Buy Now
Questions 109

A security administrator is reissuing a former employee ' s laptop. Which of the following is the best combination of data handling activities for the administrator to perform? (Select two).

Options:

A.

Data retention

B.

Certification

C.

Tokenization

D.

Classification

E.

Sanitization

F.

Enumeration

Buy Now
Questions 110

Which of the following types of vulnerabilities involves attacking a system to access adjacent hosts?

Options:

A.

VM escape

B.

Side loading

C.

Remote code execution

D.

Resource exhaustion

Buy Now
Questions 111

A technician wants to improve the situational and environmental awareness of existing users as they transition from remote to in-office work. Which of the following is the best option?

Options:

A.

Send out periodic security reminders.

B.

Update the content of new hire documentation.

C.

Modify the content of recurring training.D Implement a phishing campaign

Buy Now
Questions 112

Which of the following should be used to ensure that a device is inaccessible to a network-connected resource?

Options:

A.

Disablement of unused services

B.

Web application firewall

C.

Host isolation

D.

Network-based IDS

Buy Now
Questions 113

In order to cut costs, a company decides to implement a bring-your-own-device policy. The security team wants a solution that will reduce risk to company data, especially in cases in which devices are lost or stolen. Which of the following tools is best to address this concern?

Options:

A.

Mobile device management

B.

Endpoint detection and response

C.

Host-based intrusion detection system

D.

Data loss prevention

Buy Now
Questions 114

A program manager wants to ensure contract employees can only use the company’s computers Monday through Friday from 9 a.m. to 5 p.m. Which of the following would best enforce this access control?

Options:

A.

Creating a GPO for all contract employees and setting time-of-day log-in restrictions

B.

Creating a discretionary access policy and setting rule-based access for contract employees

C.

Implementing an OAuth server and then setting least privilege for contract employees

D.

Implementing SAML with federation to the contract employees ' authentication server

Buy Now
Questions 115

A user is attempting to patch a critical system, but the patch fails to transfer. Which of the following access controls is most likely inhibiting the transfer?

Options:

A.

Attribute-based

B.

Time of day

C.

Role-based

D.

Least privilege

Buy Now
Questions 116

Which of the following can assist in recovering data if the decryption key is lost?

Options:

A.

CSR

B.

Salting

C.

Root of trust

D.

Escrow

Buy Now
Questions 117

Which of the following activities should be included as part of passive reconnaissance in a penetration test?

Options:

A.

Domain Name System (DNS) zone transfer

B.

Vulnerability scanning

C.

Social engineering

D.

Google hacking

Buy Now
Questions 118

A Chief Information Security Officer (CISO) has developed information security policies that relate to the software development methodology. Which of the following would the CISO most likely include in the organization ' s documentation?

Options:

A.

Peer review requirements

B.

Multifactor authentication

C.

Branch protection tests

D.

Secrets management configurations

Buy Now
Questions 119

A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations. Which of the following should the hosting provider consider first?

Options:

A.

Local data protection regulations

B.

Risks from hackers residing in other countries

C.

Impacts to existing contractual obligations

D.

Time zone differences in log correlation

Buy Now
Questions 120

Which of the following provides the best protection against unwanted or insecure communications to and from a device?

Options:

A.

System hardening

B.

Host-based firewall

C.

Intrusion detection system

D.

Anti-malware software

Buy Now
Questions 121

Which of the following is the best way to validate the integrity and availability of a disaster recovery site?

Options:

A.

Lead a simulated failover.

B.

Conduct a tabletop exercise.

C.

Periodically test the generators.

D.

Develop requirements for database encryption.

Buy Now
Questions 122

A company implemented an MDM policy 10 mitigate risks after repealed instances of employees losing company-provided mobile phones. In several cases. The lost phones were used maliciously to perform social engineering attacks against other employees. Which of the following MDM features should be configured to best address this issue? (Select two).

Options:

A.

Screen locks

B.

Remote wipe

C.

Full device encryption

D.

Push notifications

E.

Application management

F.

Geolocation

Buy Now
Questions 123

Which of the following should an internal auditor check for first when conducting an audit of the organization ' s risk management program?

Options:

A.

Policies and procedures

B.

Asset management

C.

Vulnerability assessment

D.

Business impact analysts

Buy Now
Questions 124

Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?

Options:

A.

Automation

B.

Compliance checklist

C.

Attestation

D.

Manual audit

Buy Now
Questions 125

Which of the following risk analysis attributes measures the chance that a vulnerability will be exploited?

Options:

A.

Exposure factor

B.

Impact

C.

Severity

D.

Likelihood

Buy Now
Questions 126

A company’s web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?

Options:

A.

encryption=off\

B.

http://

C.

www.*.com

D.

:443

Buy Now
Questions 127

A security officer observes that a software development team is not complying with its corporate security policy on encrypting confidential data. Which of the following categories refers to this type of non-compliance?

Options:

A.

External

B.

Standard

C.

Regulation

D.

Internal

Buy Now
Questions 128

A new corporate policy requires all staff to use multifactor authentication to access company resources. Which of the following can be utilized to set up this form of identity and access management? (Select two)

Options:

A.

Authentication tokens

B.

Least privilege

C.

Biometrics

D.

LDAP

E.

Password vaulting

F.

SAML

Buy Now
Questions 129

Various stakeholders are meeting to discuss their hypothetical roles and responsibilities in a specific situation, such as a security incident or major disaster. Which of the following best describes this meeting?

Options:

A.

Penetration test

B.

Continuity of operations planning

C.

Tabletop exercise

D.

Simulation

Buy Now
Questions 130

A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the following best describes this step?

Options:

A.

Capacity planning

B.

Redundancy

C.

Geographic dispersion

D.

Tablet exercise

Buy Now
Questions 131

Which of the following best explains why an organization would choose a warm site for disaster recovery?

Options:

A.

It reduces complexity by replicating data in real time across identical environments.

B.

It eliminates the need for backup testing by using cloud-native infrastructure.

C.

It offers fully automated fail over with no manual intervention required.

D.

It balances cost and recovery time by maintaining partially configured systems.

Buy Now
Questions 132

During a penetration test in a hypervisor, the security engineer is able to inject a malicious payload and access the host filesystem. Which of the following best describes this vulnerability?

Options:

A.

VM escape

B.

Cross-site scripting

C.

Malicious update

D.

SQL injection

Buy Now
Questions 133

Employees located off-site must have access to company resources in order to complete their assigned tasks These employees utilize a solution that allows remote access without interception concerns. Which of the following best describes this solution?

Options:

A.

Proxy server

B.

NGFW

C.

VPN

D.

Security zone

Buy Now
Questions 134

A business received a small grant to migrate its infrastructure to an off-premises solution. Which of the following should be considered first?

Options:

A.

Security of cloud providers

B.

Cost of implementation

C.

Ability of engineers

D.

Security of architecture

Buy Now
Questions 135

Executives at a company are concerned about employees accessing systems and information about sensitive company projects unrelated to the employees ' normal job duties. Which of the following enterprise security capabilities will the security team most likely deploy to detect that activity?

Options:

A.

UBA

B.

EDR

C.

NAC

D.

DLP

Buy Now
Questions 136

After multiple phishing simulations, the Chief Security Officer announces a new program that incentivizes employees to not click phishing links in the upcoming quarter. Which of the following security awareness execution techniques does this represent?

Options:

Buy Now
Questions 137

A company processes personal data from customers in multiple countries. Which of the following actions is most critical for maintaining legal compliance with global privacy regulations?

Options:

A.

Storing all customer data on encrypted local servers

B.

Hiring a data privacy officer to review contracts

C.

Ensuring DPAs are in place with third-party vendors

D.

Using strong passwords and firewalls on all endpoints

Buy Now
Questions 138

Which of the following are the best methods for hardening end user devices? (Select two)

Options:

A.

Full disk encryption

B.

Group-level permissions

C.

Account lockout

D.

Endpoint protection

E.

Proxy server

F.

Segmentation

Buy Now
Questions 139

Which of the following control types is AUP an example of?

Options:

A.

Physical

B.

Managerial

C.

Technical

D.

Operational

Buy Now
Questions 140

A security professional discovers a folder containing an employee ' s personal information on the enterprise ' s shared drive. Which of the following best describes the data type the securityprofessional should use to identify organizational policies and standards concerning the storage of employees ' personal information?

Options:

A.

Legal

B.

Financial

C.

Privacy

D.

Intellectual property

Buy Now
Questions 141

A security analyst sees the following entries in web server logs:

200.17.88.121 [05/May/2025:01:05:18 -0200] " GET /aboutus.htm " 200 3344

200.17.88.121 [05/May/2025:01:08:22 -0200] " GET /corporateOrg.htm " 200 4200

132.18.62.144 [05/May/2025:01:08:23 -0200] " GET /../../vhosts " 403 502

200.17.88.121 [05/May/2025:01:10:33 -0200] " POST /ContactUs.asp " 403 512

118.19.200.55 [05/May/2025:01:10:45 -0200] " POST/search " 200 1212 " SELECT * FROM company WHERE keyword = ' VP

105.86.13.11 [05/May/2025:01:15:45 -0200] " GET /latestContracts.htm " 404 512

Which of the following IP addresses is most likely involved in a malicious attempt?

Options:

A.

105.86.13.11

B.

118.19.200.55

C.

132.18.62.144

D.

200.17.88.121

Buy Now
Questions 142

Which of the following would most likely be deployed to obtain and analyze attacker activity and techniques?

Options:

A.

Firewall

B.

IDS

C.

Honeypot

D.

Layer 3 switch

Buy Now
Questions 143

A security analyst must identify abnormal behavior on the server. Which of the following does the analyst most likely need to do?

Options:

A.

Disable unnecessary ports.

B.

Patch the system.

C.

Establish baselines.

D.

Perform alert tuning.

Buy Now
Questions 144

Which of the following is an example of a false negative vulnerability detection in a scan report?

Options:

A.

A vulnerability that does not actually exist

B.

A vulnerability that has already been remediated

C.

A result that shows no known vulnerability

D.

A zero-day vulnerability with a known remediation

Buy Now
Questions 145

Which of the following is the best way to improve the confidentiality of remote connections to an enterprise ' s infrastructure?

Options:

A.

Firewalls

B.

Virtual private networks

C.

Extensive logging

D.

Intrusion detection systems

Buy Now
Questions 146

Which of the following activities should a systems administrator perform to quarantine a potentially infected system?

Options:

A.

Move the device into an air-gapped environment.

B.

Disable remote log-in through Group Policy.

C.

Convert the device into a sandbox.

D.

Remote wipe the device using the MDM platform.

Buy Now
Questions 147

During a penetration test, a vendor attempts to enter an unauthorized area using an access badge Which of the following types of tests does this represent?

Options:

A.

Defensive

B.

Passive

C.

Offensive

D.

Physical

Buy Now
Questions 148

A company is experiencing issues with employees leaving the company for a competitor and taking customer contact information with them. Which of the following tools will help prevent this from reoccurring?

Options:

A.

FIM

B.

NAC

C.

IDS

D.

UBA

Buy Now
Questions 149

A Chief Information Security Officer wants to monitor the company ' s servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?

Options:

A.

Logging all NetFlow traffic into a SIEM

B.

Deploying network traffic sensors on the same subnet as the servers

C.

Logging endpoint and OS-specific security logs

D.

Enabling full packet capture for traffic entering and exiting the servers

Buy Now
Questions 150

Which of the following best practices gives administrators a set period to perform changes to an operational system to ensure availability and minimize business impacts?

Options:

A.

Impact analysis

B.

Scheduled downtime

C.

Backout plan

D.

Change management boards

Buy Now
Questions 151

A security analyst investigates abnormal outbound traffic from a corporate endpoint. The traffic is encrypted and uses non-standard ports. Which of the following data sources should the analyst use first to confirm whether this traffic is malicious?

Options:

A.

Application logs

B.

Vulnerability scans

C.

Endpoint logs

D.

Packet captures

Buy Now
Questions 152

A penetration tester must conduct a vulnerability assessment on a target network to identify potential security weaknesses. Which of the following tools will best achieve this goal?

Options:

A.

Metasploit

B.

Burp Suite

C.

Nessus

D.

Wireshark

Buy Now
Questions 153

Which of the following tasks is typically included in the BIA process?

Options:

A.

Estimating the recovery time of systems

B.

Identifying the communication strategy

C.

Evaluating the risk management plan

D.

Establishing the backup and recovery procedures

E.

Developing the incident response plan

Buy Now
Questions 154

A nation-state attacker gains access to the email accounts of several journalists by compromising a website that the journalists frequently use. Which of the following types of attacks describes this example?

Options:

A.

On-path

B.

Watering-hole

C.

Typosquatting

D.

Brand impersonation

Buy Now
Questions 155

Which of the following are cases in which an engineer should recommend the decommissioning of a network device? (Select two).

Options:

A.

The device has been moved from a production environment to a test environment.

B.

The device is configured to use cleartext passwords.

C.

The device is moved to an isolated segment on the enterprise network.

D.

The device is moved to a different location in the enterprise.

E.

The device ' s encryption level cannot meet organizational standards.

F.

The device is unable to receive authorized updates.

Buy Now
Questions 156

Which of the following best describe the benefits of a microservices architecture when compared to a monolithic architecture? (Select two).

Options:

A.

Easter debugging of the system

B.

Reduced cost of ownership of the system

C.

Improved scalability of the system

D.

Increased compartmentalization of the system

E.

Stronger authentication of the system

F.

Reduced complexity of the system

Buy Now
Questions 157

Which of the following methods to secure data is most often used to protect data in transit?

Options:

A.

Encryption

B.

Obfuscation

C.

Permission restrictions

D.

Hashing

Buy Now
Questions 158

An employee receives a text message from an unknown number claiming to be the company ' s Chief Executive Officer and asking the employee to purchase several gift cards. Which of the following types of attacks does this describe?

Options:

A.

Vishing

B.

Smishing

C.

Pretexting

D.

Phishing

Buy Now
Questions 159

A Chief Information Officer wants to ensure that network devices cannot connect to the public internet and the local network to directly perform firmware updates. The IT team must manually perform the update process by using a portable device. Which of the following architecture types best fits this description?

Options:

A.

Microservices

B.

Air-gapped

C.

Software-defined networking

D.

Serverless

Buy Now
Questions 160

An administrator implements web-filtering products but still sees that users are visiting malicious links. Which of the following configuration items does the security administrator need to review?

Options:

A.

Intrusion prevention system

B.

Content categorization

C.

Encryption

D.

DNS service

Buy Now
Questions 161

An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?

Options:

A.

Smishing

B.

Disinformation

C.

Impersonating

D.

Whaling

Buy Now
Questions 162

An end-of-service server cannot be patched, but it still performs as expected for business operations. The team moves the system to a segmented network. Which of the following control types has the team applied?

Options:

A.

Preventive

B.

Deterrent

C.

Corrective

D.

Compensating

Buy Now
Questions 163

A visitor plugs a laptop into a network jack in the lobby and is able to connect to the company ' s network. Which of the following should be configured on the existing network infrastructure to best prevent this activity?

Options:

A.

Port security

B.

Web application firewall

C.

Transport layer security

D.

Virtual private network

Buy Now
Questions 164

A security manager needs an automated solution that will take immediate action to protect an organization against inbound malicious traffic. Which of the following is the best solution?

Options:

A.

UEM

B.

IPS

C.

WAF

D.

VPN

Buy Now
Questions 165

Which of the following would a systems administrator follow when upgrading the firmware of an organization ' s router?

Options:

A.

Software development life cycle

B.

Risk tolerance

C.

Certificate signing request

D.

Maintenance window

Buy Now
Questions 166

A systems administrator is changing the password policy within an enterprise environment and wants this update implemented on all systems as quickly as possible. Which of the following operating system security measures will the administrator most likely use?

Options:

A.

Deploying PowerShell scripts

B.

Pushing GPO update

C.

Enabling PAP

D.

Updating EDR profiles

Buy Now
Questions 167

The private key for a website was stolen, and a new certificate has been issued. Which of the following needs to be updated next?

Options:

A.

SCEP

B.

CRL

C.

OCSP

D.

CSR

Buy Now
Questions 168

In order to maintain system stability, a company ' s software developers cannot merge updates into the code base without supervisor approval. Which of the following is the best description of this practice?

Options:

A.

Separation of duties

B.

Change management

C.

Vulnerability remediation

D.

Collusion prevention

Buy Now
Questions 169

Which of the following explains how a supply chain service provider could introduce a security vulnerability into an organization?

Options:

A.

Delaying hardware shipments needed for system upgrades

B.

Outsourcing customer service operations to a foreign call center

C.

Failing to encrypt data stored on the organization’s internal database

D.

Having privileged access to client systems and becoming a target for attackers

Buy Now
Questions 170

A company with a high-availability website is looking to harden its controls at any cost. The company wants to ensure that the site is secure by finding any possible issues. Which of the following would most likely achieve this goal?

Options:

A.

Permission restrictions

B.

Bug bounty program

C.

Vulnerability scan

D.

Reconnaissance

Buy Now
Questions 171

A company is implementing a policy to allow employees to use their personal equipment for work. However, the company wants to ensure that only company-approved applications can be installed. Which of the following addresses this concern?

Options:

A.

MDM

B.

Containerization

C.

DLP

D.

FIM

Buy Now
Questions 172

A customer has a contract with a CSP and wants to identify which controls should be implemented in the IaaS enclave. Which of the following is most likely to contain this information?

Options:

A.

Statement of work

B.

Responsibility matrix

C.

Service-level agreement

D.

Master service agreement

Buy Now
Questions 173

A security technician determines that no additional patches can be applied to an application and the risks of operating as such must be accepted. Additionally, only a limited number of network services should utilize the application. Which of the following best describes this type of mitigation?

Options:

A.

Patching

B.

Segmentation

C.

Isolation

D.

Monitoring

Buy Now
Questions 174

Which of the following is the best way to prevent data from being leaked from a secure network that does not need to communicate externally?

Options:

A.

Air gap

B.

Containerization

C.

Virtualization

D.

Decentralization

Buy Now
Questions 175

The security operations center is researching an event concerning a suspicious IP address A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced faded log-In attempts when authenticating from the same IP address:

Which of the following most likely describes attack that took place?

Options:

A.

Spraying

B.

Brute-force

C.

Dictionary

D.

Rainbow table

Buy Now
Questions 176

An organization is evaluating the cost of licensing a new solution to prevent ransomware. Which of the following is the most helpful in making this decision?

Options:

A.

ALE

B.

SLE

C.

RTO

D.

ARO

Buy Now
Questions 177

Which of the following methods will most likely be used to identify legacy systems?

Options:

A.

Bug bounty program

B.

Vulnerability scan

C.

Package monitoring

D.

Dynamic analysis

Buy Now
Questions 178

A business uses Wi-Fi with content filleting enabled. An employee noticed a coworker accessed a blocked sue from a work computer and repotted the issue. While Investigating the issue, a security administrator found another device providing internet access to certain employees. Which of the following best describes the security risk?

Options:

A.

The host-based security agent Is not running on all computers.

B.

A rogue access point Is allowing users to bypass controls.

C.

Employees who have certain credentials are using a hidden SSID.

D.

A valid access point is being jammed to limit availability.

Buy Now
Questions 179

An alert references attacks associated with a zero-day exploit. An analyst places a bastion host in the network to reduce the risk. Which type of control is being implemented?

Options:

A.

Compensating

B.

Detective

C.

Operational

D.

Physical

Buy Now
Questions 180

Which of the following best explains the role of compensating controls?

Options:

A.

Reducing the attack surface by isolating vulnerable components within a segmented environment

B.

Providing an alternative security measure when standard remediation is not feasible

C.

Delaying remediation timelines by replacing affected systems in a maintenance window

D.

Remediating software flaws by modifying source code to remove insecure functions

Buy Now
Questions 181

A security analyst is monitoring logs from the organization ' s SIEM and identifies logs related to one of their salespeople:

Time | IP address | Location | EmpID | App | Status

14:02 | 72.45.38.27 | Atlanta | 25687 | VPN | Success

14:04 | 72.45.38.27 | Atlanta | 25687 | Email | Failure

14:07 | 58.67.47.48 | Beijing | 25687 | VPN | Success

14:15 | 72.45.38.27 | Atlanta | 25687 | Teams | Success

Which of the following is being displayed in the logs?

Options:

A.

Impossible travel

B.

SMTP replay

C.

Directory traversal

D.

Cross-site request forgery

Buy Now
Questions 182

Which of the following architectures is most suitable to provide redundancy for critical business processes?

Options:

A.

Network-enabled

B.

Server-side

C.

Cloud-native

D.

Multitenant

Buy Now
Questions 183

An organization experiences a compromise in a cloud-hosted solution that contains customer information. Which of the following strategies will help determine the sensitivity level of the breach?

Options:

A.

Permission restrictions

B.

Tabletop exercise

C.

Data classification

D.

Asset inventory

Buy Now
Questions 184

An employee recently resigned from a company. The employee was responsible for managing and supporting weekly batch jobs over the past five years. A few weeks after the employee resigned. one of the batch jobs talked and caused a major disruption. Which of the following would work best to prevent this type of incident from reoccurring?

Options:

A.

Job rotation

B.

Retention

C.

Outsourcing

D.

Separation of duties

Buy Now
Questions 185

Which of the following is used to quantitatively measure the criticality of a vulnerability?

Options:

A.

CVE

B.

CVSS

C.

CIA

D.

CERT

Buy Now
Questions 186

A network administrator must turn off insecure protocols after a recent inspection. Which of the following best describes the vulnerability the network administrator is remediating?

Options:

A.

Device misconfigurations

B.

Sideloading

C.

Memory injection

D.

Malicious update

Buy Now
Questions 187

A systems administrator is auditing all company servers to ensure. They meet the minimum security baseline While auditing a Linux server, the systems administrator observes the /etc/shadow file has permissions beyond the baseline recommendation. Which of the following commands should the systems administrator use to resolve this issue?

Options:

A.

chmod

B.

grep

C.

dd

D.

passwd

Buy Now
Questions 188

A company deploys a new server that a client must be able to access it at all times. Which of the following will support this availability requirement?

Options:

A.

Proxy server

B.

Jump server

C.

Geographic restrictions

D.

Load balancer

Buy Now
Questions 189

A company asks a vendor to help its internal red team with a penetration test without providing too much detail about the infrastructure. Which of the following penetration testing methods does this scenario describe?

Options:

A.

Passive reconnaissance

B.

Partially-known environment

C.

Integrated testing

D.

Defensive testing

Buy Now
Questions 190

Which of the following data protection strategies can be used to confirm file integrity?

Options:

A.

Masking

B.

Encryption

C.

Hashing

D.

Obfuscation

Buy Now
Questions 191

Which of the following most securely protects data at rest?

Options:

A.

TLS 1.2

B.

AES-256

C.

Masking

D.

Salting

Buy Now
Questions 192

Which of the following scenarios describes a possible business email compromise attack?

Options:

A.

An employee receives a gift card request in an email that has an executive ' s name in the display field of the email.

B.

Employees who open an email attachment receive messages demanding payment in order to access files.

C.

A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account.

D.

An employee receives an email with a link to a phishing site that is designed to look like the company ' s email portal.

Buy Now
Questions 193

Which solution is most likely used in the financial industry to mask sensitive data?

Options:

A.

Tokenization

B.

Hashing

C.

Salting

D.

Steganography

Buy Now
Questions 194

Which of the following attacks primarily targets insecure networks?

Options:

A.

Evil twin

B.

Impersonation

C.

Watering hole

D.

Pretexting

Buy Now
Questions 195

A security administrator wants to implement a security information and event management system. The administrator must first collect network traffic on the switch to gain visibility of the network. Which of the following is the most appropriate method?

Options:

A.

Syslog

B.

Port mirroring

C.

Port forwarding

D.

Load balancer logs

Buy Now
Questions 196

Which of the following technologies assists in passively verifying the expired status of a digital certificate?

Options:

A.

OCSP

B.

CRL

C.

TPM

D.

CSR

Buy Now
Questions 197

A client asked a security company to provide a document outlining the project, the cost, and the completion time frame. Which of the following documents should the company provide to the client?

Options:

A.

MSA

B.

SLA

C.

BPA

D.

SOW

Buy Now
Questions 198

A recent black-box penetration test of http://example.com discovered that external

website vulnerabilities exist, such as directory traversals, cross-site scripting, cross-site forgery, and insecure protocols.

You are tasked with reducing the attack space and enabling secure protocols.

INSTRUCTIONS

Part 1

Use the drop-down menus to select the appropriate technologies for each location to implement a secure and resilient web architecture. Not all technologies will be used, and technologies may be used multiple times.

Part 2

Use the drop-down menus to select the appropriate command snippets from the drop-down menus. Each command section must be filled.

Options:

Buy Now
Questions 199

Which of the following should a security operations center use to improve its incident response procedure?

Options:

A.

Playbooks

B.

Frameworks

C.

Baselines

D.

Benchmarks

Buy Now
Questions 200

After multiple phishing simul-ations, the Chief Security Officer announces a new program that incentivizes employees to not click phishing links in the upcoming quarter. Which of the following security awareness execution techniques does this represent?

Options:

A.

Computer-based training

B.

Insider threat awareness

C.

SOAR playbook

D.

Gamification

Buy Now
Questions 201

Which of the following describes the procedures a penetration tester must follow while conducting a test?

Options:

A.

Rules of engagement

B.

Rules of acceptance

C.

Rules of understanding

D.

Rules of execution

Buy Now
Questions 202

A security administrator needs to reduce the attack surface in the company ' s data centers. Which of the following should the security administrator do to complete this task?

Options:

A.

Implement a honeynet.

B.

Define Group Policy on the servers.

C.

Configure the servers for high availability.

D.

Upgrade end-of-support operating systems.

Buy Now
Questions 203

Which of the following describes the reason for using an MDM solution to prevent jailbreaking?

Options:

A.

To secure end-of-life devices from incompatible firmware updates

B.

To avoid hypervisor attacks through VM escape

C.

To eliminate buffer overflows at the application layer

D.

To prevent users from changing the OS of mobile devices

Buy Now
Questions 204

A company has yearly engagements with a service provider. The general terms and conditions are the same for all engagements. The company wants to simplify the process and revisit the general terms every three years. Which of the following documents would provide the best way to set the general terms?

Options:

A.

MSA

B.

NDA

C.

MOU

D.

SLA

Buy Now
Questions 205

A company evaluates several options that would allow employees to have remote access to the network. The security team wants to ensure the solution includes AAA to comply with internal security policies. Which of the following should the security team recommend?

Options:

A.

IPSec with RADIUS

B.

RDP connection with LDAPS

C.

Web proxy for all remote traffic

D.

Jump server with 802.1X

Buy Now
Questions 206

An administrator must implement a solution that provides security and network connectivity between two companies. Which of the following infrastructure solutions is the best for this purpose?

Options:

A.

UTM

B.

VPN

C.

NAC

D.

NGFW

Buy Now
Questions 207

A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy?

Options:

A.

Enumeration

B.

Sanitization

C.

Destruction

D.

Inventory

Buy Now
Questions 208

A marketing team launches a new AI solution that trains on sensitive customer data to help provide recommendations on its next possible marketing campaign. This team requires granular access to the tool for different levels of sensitive data. Which of the following should a systems administrator prioritize when provisioning access?

Options:

A.

Emergency access

B.

Least-privilege accounts

C.

Just-in-time (JIT) access

D.

Group managed service accounts

Buy Now
Questions 209

Which of the following is die most important security concern when using legacy systems to provide production service?

Options:

A.

Instability

B.

Lack of vendor support

C.

Loss of availability

D.

Use of insecure protocols

Buy Now
Questions 210

An organization is adopting cloud services at a rapid pace and now has multiple SaaS applications in use. Each application has a separate log-in. so the security team wants to reduce the number of credentials each employee must maintain. Which of the following is the first step the security team should take?

Options:

A.

Enable SAML

B.

Create OAuth tokens.

C.

Use password vaulting.

D.

Select an IdP

Buy Now
Questions 211

Which of the following is a qualitative approach to risk analysis?

Options:

A.

Including the MTTR and MTBF as part of the risk assessment

B.

Tracking and documenting network risks using a risk register

C.

Assigning a level of high, medium, or low to the risk rating

D.

Using ALE and ARO to help determine whether a risk should be mitigated

Buy Now
Questions 212

An employee clicks a malicious link in an email that appears to be from the company ' s Chief Executive Officer. The employee ' s computer is infected with ransomware that encrypts the company ' s files. Which of the following is the most effective way for the company to prevent similar incidents in the future?

Options:

A.

Security awareness training

B.

Database encryption

C.

Segmentation

D.

Reporting suspicious emails

Buy Now
Questions 213

A smart lighting system is deployed in an office building. The devices connect to the corporate Wi-Fi and are managed via a cloud portal. Which of the following security techniques reduces risk for these IoT devices?

Options:

A.

Assigning static IP addresses to the devices

B.

Updating default credentials and applying network segmentation

C.

Connecting the devices to the guest Wi-Fi to prevent interactions with corporate IT

D.

Allowing the vendor to have remote access for day-to-day management

Buy Now
Questions 214

Which of the following threat actors is the most likely to be hired by a foreign government to attack critical systems located in other countries?

Options:

A.

Hacktivist

B.

Whistleblower

C.

Organized crime

D.

Unskilled attacker

Buy Now
Questions 215

Which of the following agreements defines response time, escalation, and performance metrics?

Options:

A.

BPA

B.

MOA

C.

NDA

D.

SLA

Buy Now
Questions 216

Which of the following is the most likely motivation for a company administrator to look at an employee ' s personal information in a database?

Options:

A.

Ideological differences

B.

General curiosity

C.

Gain influence

D.

Intellectual property

Buy Now
Questions 217

A company expects its provider to ensure servers and networks maintain 97% uptime. Which of the following would most likely list this expectation?

Options:

A.

BPA

B.

MOU

C.

NDA

D.

SLA

Buy Now
Questions 218

During a security incident, the security operations team identified sustained network traffic from a malicious IP address:

10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization’s network. Which of the following fulfills this request?

Options:

A.

access-list inbound deny ig source 0.0.0.0/0 destination 10.1.4.9/32

B.

access-list inbound deny ig source 10.1.4.9/32 destination 0.0.0.0/0

C.

access-list inbound permit ig source 10.1.4.9/32 destination 0.0.0.0/0

D.

access-list inbound permit ig source 0.0.0.0/0 destination 10.1.4.9/32

Buy Now
Questions 219

Which of the following can a security director use to prioritize vulnerability patching within a company ' s IT environment?

Options:

A.

SOAR

B.

CVSS

C.

SIEM

D.

CVE

Buy Now
Questions 220

Which of the following incident response activities ensures evidence is properly handied?

Options:

A.

E-discovery

B.

Chain of custody

C.

Legal hold

D.

Preservation

Buy Now
Questions 221

A company is discarding a classified storage array and hires an outside vendor to complete the disposal. Which of the following should the company request from the vendor?

Options:

A.

Certification

B.

Inventory list

C.

Classification

D.

Proof of ownership

Buy Now
Questions 222

A security analyst receives an alert that there was an attempt to download known malware. Which of the following actions would allow the best chance to analyze the malware?

Options:

A.

Review the IPS logs and determine which command-and-control IPs were blocked.

B.

Analyze application logs to see how the malware attempted to maintain persistence.

C.

Run vulnerability scans to check for systems and applications that are vulnerable to the malware.

D.

Obtain and execute the malware in a sandbox environment and perform packet captures.

Buy Now
Questions 223

A systems administrator wants to prevent users from being able to access data based on their responsibilities. The administrator also wants to apply the required access structure via a simplified format. Which of the following should the administrator apply to the site recovery resource group?

Options:

A.

RBAC

B.

ACL

C.

SAML

D.

GPO

Buy Now
Questions 224

Which of the following would best prepare a security team for a specific incident response scenario?

Options:

A.

Situational awareness

B.

Risk assessment

C.

Root cause analysis

D.

Tabletop exercise

Buy Now
Questions 225

A security analyst estimates that a small security incident will cost $10,000 and will occur twice per year. The analyst recommends a budget of $20,000 for next year. Which of the following does the $10,000 represent?

Options:

A.

ARO

B.

SLE

C.

ALE

D.

RPO

Buy Now
Questions 226

Which of the following best represents an application that does not have an on-premises requirement and is accessible from anywhere?

Options:

A.

Pass

B.

Hybrid cloud

C.

Private cloud

D.

IaaS

E.

SaaS

Buy Now
Questions 227

A systems administrator is working on a solution with the following requirements:

Provide a secure zone.

Enforce a company-wide access control policy.

Reduce the scope of threats.

Which of the following is the systems administrator setting up?

Options:

A.

Zero Trust

B.

AAA

C.

Non-repudiation

D.

CIA

Buy Now
Questions 228

An IT manager is putting together a documented plan describing how the organization will keep operating in the event of a global incident. Which of the following plans is the IT manager creating?

Options:

A.

Business continuity

B.

Physical security

C.

Change management

D.

Disaster recovery

Buy Now
Questions 229

A company is concerned about the theft of client data from decommissioned laptops. Which of the following is the most cost-effective method to decrease this risk?

Options:

A.

Wiping

B.

Recycling

C.

Shredding

D.

Deletion

Buy Now
Questions 230

In which of the following scenarios is tokenization the best privacy technique 10 use?

Options:

A.

Providing pseudo-anonymization tor social media user accounts

B.

Serving as a second factor for authentication requests

C.

Enabling established customers to safely store credit card Information

D.

Masking personal information inside databases by segmenting data

Buy Now
Questions 231

A company has begun labeling all laptops with asset inventory stickers and associating them with employee IDs. Which of the following security benefits do these actions provide? (Choose two.)

Options:

A.

If a security incident occurs on the device, the correct employee can be notified.

B.

The security team will be able to send user awareness training to the appropriate device.

C.

Users can be mapped to their devices when configuring software MFA tokens.

D.

User-based firewall policies can be correctly targeted to the appropriate laptops.

E.

When conducting penetration testing, the security team will be able to target the desired laptops.

F.

Company data can be accounted for when the employee leaves the organization.

Buy Now
Questions 232

A company ' s accounts payable clerk receives a message from a vendor asking to change their bank account before paying an invoice. The clerk makes the change and sends the payment to the new account. Days later, the clerk receives another message from the same vendor with a request for a missing payment to the original bank account. Which of the following has most likely occurred?

Options:

A.

Phishing campaign

B.

Data exfiltration

C.

Pretext calling

D.

Business email compromise

Buy Now
Questions 233

An organization has learned that its data is being exchanged on the dark web. The CIO

has requested that you investigate and implement the most secure solution to protect employee accounts.

INSTRUCTIONS

Review the data to identify weak security practices and provide the most appropriate

security solution to meet the CIO ' s requirements.

Options:

Buy Now
Questions 234

A security analyst must recover files from a USB drive associated with a ransomware attack. Which of the following tools will help the analyst securely retrieve the files?

Options:

A.

Sandboxing environment

B.

Intrusion prevention system

C.

File integrity management tool

D.

Static code analysis tool

Buy Now
Questions 235

An administrator is estimating the cost associated with an attack that could result in the replacement of a physical server. Which of the following processes is the administrator performing?

Options:

A.

Quantitative risk analysis

B.

Disaster recovery test

C.

Physical security controls review

D.

Threat modeling

Buy Now
Questions 236

Which of the following is a preventive physical security control?

Options:

A.

Video surveillance system

B.

Bollards

C.

Alarm system

D.

Motion sensors

Buy Now
Questions 237

A company wants to reduce the time and expense associated with code deployment. Which of the following technologies should the company utilize?

Options:

A.

Serverless architecture

B.

Thin clients

C.

Private cloud

D.

Virtual machines

Buy Now
Questions 238

A company processes a large volume of business-to-business transactions and prioritizes data confidentiality over transaction availability. The company ' s firewall administrator must configure a new hardware-based firewall to replace the current one. Which of the following should the administrator do to best align with the company requirements in case a security event occurs?

Options:

A.

Ensure the firewall data plane moves to fail-closed mode.

B.

Implement a deny-all rule as the last firewall ACL rule.

C.

Prioritize business-critical application traffic through the firewall.

D.

Configure rate limiting between the firewall interfaces.

Buy Now
Questions 239

Which of the following mitigation techniques would a security analyst most likely use to avoid bloatware on devices?

Options:

A.

Disabled ports/protocols

B.

Application allow list

C.

Default password changes

D.

Access control permissions

Buy Now
Questions 240

Which of the following can best protect against an employee inadvertently installing malware on a company system?

Options:

A.

Host-based firewall

B.

System isolation

C.

Least privilege

D.

Application allow list

Buy Now
Questions 241

Which of the following is a technical security control?

Options:

A.

Security guard

B.

Policy

C.

Fence

D.

Firewall

Buy Now
Questions 242

Which of the following explains how regular patching helps mitigate risks when securing an enterprise environment?

Options:

A.

It improves server performance by reducing software bugs.

B.

It addresses known software vulnerabilities before they are exploited.

C.

It eliminates the need for firewalls and intrusion detection.

D.

It removes the need for antivirus tools.

Buy Now
Questions 243

A security manager created new documentation to use in response to various types of security incidents. Which of the following is the next step the manager should take?

Options:

A.

Set the maximum data retention policy.

B.

Securely store the documents on an air-gapped network.

C.

Review the documents ' data classification policy.

D.

Conduct a tabletop exercise with the team.

Buy Now
Questions 244

Which of the following is a key reason to follow data retention policies during asset decommissioning?

Options:

A.

To ensure data is securely destroyed when no longer needed

B.

To make backup copies of all company data before disposing of hardware

C.

To allow employees to access old files even after the hardware is recycled

D.

To keep all customer data available in case it is required in the future

Buy Now
Questions 245

Which of the following vulnerabilities is associated with installing software outside of a manufacturer’s approved software repository?

Options:

A.

Jailbreaking

B.

Memory injection

C.

Resource reuse

D.

Side loading

Buy Now
Questions 246

Which of the following is the main consideration when a legacy system that is a critical part of a company ' s infrastructure cannot be replaced?

Options:

A.

Resource provisioning

B.

Cost

C.

Single point of failure

D.

Complexity

Buy Now
Questions 247

Which of the following security principles most likely requires validation before allowing traffic between systems?

Options:

A.

Policy enforcement

B.

Authentication

C.

Zero Trust architecture

D.

Confidentiality

Buy Now
Questions 248

A company is considering an expansion of access controls for an application that contractors and internal employees use to reduce costs. Which of the following risk elements should the implementation team understand before granting access to the application?

Options:

A.

Threshold

B.

Appetite

C.

Tolerance

D.

Register

Buy Now
Questions 249

An accounting employee recently used software that was not approved by the company. Which of the following risks does this most likely represent?

Options:

A.

Unskilled attacker

B.

Hacktivist

C.

Shadow IT

D.

Supply chain

Buy Now
Questions 250

A security analyst is reviewing the following logs about a suspicious activity alert for a user ' s VPN log-ins. Which of the following malicious activity indicators triggered the alert?

✅Log Summary:

User logs in fromChicago, ILmultiple times, then suddenly a successful login appears fromRome, Italy, followed again by Chicago logins — all within ashort time span.

Options:

A.

Impossible travel

B.

Account lockout

C.

Blocked content

D.

Concurrent session usage

Buy Now
Questions 251

Which of the following is the primary purpose of a service that tracks log-ins and time spent using the service?

Options:

A.

Availability

B.

Accounting

C.

Authentication

D.

Authorization

Buy Now
Questions 252

A healthcare organization wants to provide a web application that allows individuals to digitally report health emergencies.

Which of the following is the most important consideration during development?

Options:

A.

Scalability

B.

Availability

C.

Cost

D.

Ease of deployment

Buy Now
Questions 253

Which of the following security measures is required when using a cloud-based platform for loT management?

Options:

A.

Encrypted connection

B.

Federated identity

C.

Firewall

D.

Single sign-on

Buy Now
Questions 254

A security analyst must select a metric to determine the required investment in technology based on past availability incidents. Which of the following is the most relevant value to help select technology that mitigates risk and considers reliability?

Options:

A.

MTBF

B.

RTO

C.

ALE

D.

RPO

Buy Now
Questions 255

The Chief Information Security Officer (CISO) of a medium-sized business plans to modernize the existing security infrastructure and address issues with legacy software and assets. Which of the following should the CISO use to determine the scope of the legacy infrastructure and develop a risk-based approach to modernization?

Options:

A.

Angry IP Scanner

B.

OWASP Web Security Testing Guide

C.

CIS benchmarks

D.

Metasploit Framework

Buy Now
Questions 256

Which of the following is a type of vulnerability that involves inserting scripts into web-based applications in order to take control of the client ' s web browser?

Options:

A.

SQL injection

B.

Cross-site scripting

C.

Zero-day exploit

D.

On-path attack

Buy Now
Questions 257

A systems administrator needs to ensure the secure communication of sensitive data within the organization ' s private cloud. Which of the following is the best choice for the administrator to implement?

Options:

A.

IPSec

B.

SHA-1

C.

RSA

D.

TGT

Buy Now
Questions 258

A financial institution would like to store its customer data m the cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution Is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would best meet the requirement?

Options:

A.

Asymmetric

B.

Symmetric

C.

Homomorphic

D.

Ephemeral

Buy Now
Questions 259

Which of the following allows for the attribution of messages to individuals?

Options:

A.

Adaptive identity

B.

Non-repudiation

C.

Authentication

D.

Access logs

Buy Now
Questions 260

A user would like to install software and features that are not available with a smartphone ' s default software. Which of the following would allow the user to install unauthorized software and enable new features?

Options:

A.

SOU

B.

Cross-site scripting

C.

Jailbreaking

D.

Side loading

Buy Now
Questions 261

A company makes a change during the appropriate change window, but the unsuccessful change extends beyond the scheduled time and impacts customers. Which of the following would prevent this from reoccurring?

Options:

A.

User notification

B.

Change approval

C.

Risk analysis

D.

Backout plan

Buy Now
Questions 262

Which of the following should a security team do first before a new web server goes live?

Options:

A.

Harden the virtual host.

B.

Create WAF rules.

C.

Enable network intrusion detection.

D.

Apply patch management

Buy Now
Questions 263

A systems administrator wants to use a technical solution to explicitly define file permissions for the entire team. Which of the following should the administrator implement?

Options:

A.

ACL

B.

Monitoring

C.

Isolation

D.

HIPS

Buy Now
Questions 264

Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked.

Which of the following changes would allow users to access the site?

Options:

A.

Creating a firewall rule to allow HTTPS traffic

B.

Configuring the IPS to allow shopping

C.

Tuning the DLP rule that detects credit card data

D.

Updating the categorization in the content filter

Buy Now
Questions 265

A security administrator needs a method to secure data in an environment that includes some form of checks so that the administrator can track any changes. Which of the following should the administrator set up to achieve this goal?

Options:

A.

SPF

B.

GPO

C.

NAC

D.

FIM

Buy Now
Questions 266

A systems administrator is concerned users are accessing emails through a duplicate site that is not run by the company. Which of the following is used in this scenario?

Options:

A.

Impersonation

B.

Replication

C.

Phishing

D.

Smishing

Buy Now
Exam Code: SY0-701
Exam Name: CompTIA Security+ Exam 2026
Last Update: Jun 26, 2026
Questions: 821
SY0-701 pdf

SY0-701 PDF

$25.5  $84.99
SY0-701 Engine

SY0-701 Testing Engine

$30  $99.99
SY0-701 PDF + Engine

SY0-701 PDF + Testing Engine

$40.5  $134.99