Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

CompTIA SY0-701 - CompTIA Security+ Exam 2026

Page: 10 / 14
Total 887 questions

During a penetration test in a hypervisor, the security engineer is able to inject a malicious payload and access the host filesystem. Which of the following best describes this vulnerability?

A.

VM escape

B.

Cross-site scripting

C.

Malicious update

D.

SQL injection

Which of the following is the best safeguard to protect against an extended power failure?

A.

Off-site backups

B.

Batteries

C.

Uninterruptible power supplies

D.

Generators

An organization has learned that its data is being exchanged on the dark web. The CIO

has requested that you investigate and implement the most secure solution to protect employee accounts.

INSTRUCTIONS

Review the data to identify weak security practices and provide the most appropriate

security solution to meet the CIO ' s requirements.

Which of the following most accurately describes the order in which a security engineer should implement secure baselines?

A.

Deploy, maintain, establish

B.

Establish, maintain, deploy

C.

Establish, deploy, maintain

D.

Deploy, establish, maintain

Which of the following best describes the purpose of using deception technologies in a security strategy?

A.

To prevent malware installation through endpoint protection tools

B.

To block all external traffic before it reaches critical information systems

C.

To lure attackers to controlled environments to collect threat intelligence

D.

To detect insider threats by monitoring privileged user accounts

Which of the following vulnerabilities will lead to a successful attack that injects < IMG src= ' http://attackersite.net/mycode.sh ' > into a web application?

A.

Directory traversal

B.

Buffer overflow

C.

SQLi

D.

XSS

A financial institution would like to store its customer data m the cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution Is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would best meet the requirement?

A.

Asymmetric

B.

Symmetric

C.

Homomorphic

D.

Ephemeral

Which of the following should be used to ensure that a device is inaccessible to a network-connected resource?

A.

Disablement of unused services

B.

Web application firewall

C.

Host isolation

D.

Network-based IDS

Which of the following best explains the use of a policy engine in a Zero Trust environment?

A.

It is used by a central server to apply default permissions across a range of network and computing resources.

B.

It is used to make access control decisions without inheriting permission decisions from prior events.

C.

It is used to dynamically assign user permissions based on a user ' s identity and previous activity.

D.

It is used when user roles are unknown and the organization wants to leverage ML to control access.

A penetration tester must conduct a vulnerability assessment on a target network to identify potential security weaknesses. Which of the following tools will best achieve this goal?

A.

Metasploit

B.

Burp Suite

C.

Nessus

D.

Wireshark

A security team wants to work with the development team to ensure WAF policies are automatically created when applications are deployed. Which concept describes this capability?

A.

IaC

B.

IoT

C.

IoC

D.

IaaS

Which of the following should be used to ensure that a new software release has not been modified before reaching the user?

A.

Tokenization

B.

Encryption

C.

Hashing

D.

Obfuscation

An employee asks a security analyst to scan a suspicious email that contains a link to a file on a file-sharing site. The analyst determines that the file is safe after downloading and scanning the file with antivirus software. When the employee opens the file, their device is infected with ransomware. Which of the following steps should the analyst have taken?

A.

Review the file in a code editor.

B.

Monitor the file connections with netstat.

C.

Execute the file in a sandbox.

D.

Retrieve the file hash and check with OSINT.

A manufacturing organization receives the results from a penetration test. According to the results, legacy devices that are critical to continued business function display vulnerabilities. The devices have minimal vendor support and should be segmented and monitored closely. Which of the following devices were most likely identified?

A.

Workstations

B.

Embedded systems

C.

Core router

D.

DNS server

An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal?

A.

Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53Access list outbound deny 10.50.10.25/32 0.0.0.0/0 port 53

B.

Access list outbound permit 0.0.0.0/0 10.50.10.25/32 port 53Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

C.

Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53Access list outbound deny 0.0.0.0/0 10.50.10.25/32 port 53

D.

Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

Which of the following is a reason why a forensic specialist would create a plan to preserve data after an modem and prioritize the sequence for performing forensic analysis?

A.

Order of volatility

B.

Preservation of event logs

C.

Chain of custody

D.

Compliance with legal hold

Which of the following best describe why a process would require a two-person integrity security control?

A.

To Increase the chance that the activity will be completed in half of the time the process would take only one user to complete

B.

To permit two users from another department to observe the activity that is being performed by an authorized user

C.

To reduce the risk that the procedures are performed incorrectly or by an unauthorized user

D.

To allow one person to perform the activity while being recorded on the CCTV camera

A company wants to use new Wi-Fi-enabled environmental sensors in order to automatically collect metrics. Which of the following will the security team most likely do?

A.

Add the sensor software to the risk register.

B.

Create a VLAN for the sensors.

C.

Physically air gap the sensors.

D.

Configure TLS 1.2 on all sensors.

During a security incident, the security operations team identified sustained network traffic from a malicious IP address:

10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization’s network. Which of the following fulfills this request?

A.

access-list inbound deny ig source 0.0.0.0/0 destination 10.1.4.9/32

B.

access-list inbound deny ig source 10.1.4.9/32 destination 0.0.0.0/0

C.

access-list inbound permit ig source 10.1.4.9/32 destination 0.0.0.0/0

D.

access-list inbound permit ig source 0.0.0.0/0 destination 10.1.4.9/32

A company ' s online shopping website became unusable shortly after midnight on January 30, 2023. When a security analyst reviewed the database server, the analyst noticed the following code used for backing up data:

Which of the following should the analyst do next?

A.

Check for recently terminated DBAs.

B.

Review WAF logs for evidence of command injection.

C.

Scan the database server for malware.

D.

Search the web server for ransomware notes.