Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

CompTIA SY0-701 - CompTIA Security+ Exam 2026

Page: 12 / 14
Total 887 questions

A site reliability engineer is designing a recovery strategy that requires quick failover to an identical site if the primary facility goes down. Which of the following types of sites should the engineer consider?

A.

Recovery site

B.

Hot site

C.

Cold site

D.

Warm site

Which of the following is used to add extra complexity before using a one-way data transformation algorithm?

A.

Key stretching

B.

Data masking

C.

Steganography

D.

Salting

A systems administrator wants to use a technical solution to explicitly define file permissions for the entire team. Which of the following should the administrator implement?

A.

ACL

B.

Monitoring

C.

Isolation

D.

HIPS

An organization’s internet-facing website was compromised when an attacker exploited a buffer overflow. Which of the following should the organization deploy to best protect against similar attacks in the future?

A.

NGFW

B.

WAF

C.

TLS

D.

SD-WAN

Which of the following security concepts is accomplished when granting access after an individual has logged into a computer network?

A.

Authorization

B.

Identification

C.

Non-repudiation

D.

Authentication

Which of the following best explains how tokenization helps protect sensitive data?

A.

It permanently deletes sensitive information from production systems.

B.

It replaces the original data with reference values that do not hold exploitable meaning.

C.

It stores sensitive data across multiple cloud environments to prevent data loss.

D.

It conceals data by converting it into unreadable ciphertext using symmetric encryption.

Which of the following metrics are used to calculate the risk rating in a matrix format? Select two.

A.

Likelihood

B.

Quantitative

C.

SLE

D.

Impact

E.

ALE

F.

ARO

Which of the following explains the difference between data masking and data tokenization?

A.

Data masking is typically a non-reversible process, while data tokenization is reversible.

B.

Data masking uses encryption, while data tokenization replaces data with null values.

C.

Data masking uses one-to-one data mapping, while data tokenization uses one-to-many data mapping.

D.

Data masking implements a random function, while data tokenization implements a pseudo-random function.

Which of the following is the final step of the modem response process?

A.

Lessons learned

B.

Eradication

C.

Containment

D.

Recovery

Which of the following phases of the incident response process attempts to minimize disruption?

A.

Recovery

B.

Containment

C.

Preparation

D.

Analysis

Which of the following describes the understanding between a company and a client about what will be provided and the accepted time needed to provide the company with the resources?

A.

SLA

B.

MOU

C.

MOA

D.

BPA

Which of the following risk management strategies should an enterprise adopt first if a legacy application is critical to business operations and there are preventative controls that are not yet implemented?

A.

Mitigate

B.

Accept

C.

Transfer

D.

Avoid

Which of the following allows an exploit to go undetected by the operating system?

A.

Firmware vulnerabilities

B.

Side loading

C.

Memory injection

D.

Encrypted payloads

A recent black-box penetration test of http://example.com discovered that external

website vulnerabilities exist, such as directory traversals, cross-site scripting, cross-site forgery, and insecure protocols.

You are tasked with reducing the attack space and enabling secure protocols.

INSTRUCTIONS

Part 1

Use the drop-down menus to select the appropriate technologies for each location to implement a secure and resilient web architecture. Not all technologies will be used, and technologies may be used multiple times.

Part 2

Use the drop-down menus to select the appropriate command snippets from the drop-down menus. Each command section must be filled.

A business provides long-term cold storage services to banks that are required to follow regulator-imposed data retention guidelines. Banks that use these services require that data is disposed of in a specific manner at the conclusion of the regulatory threshold for data retention. Which of the following aspects of data management is the most important to the bank in the destruction of this data?

A.

Encryption

B.

Classification

C.

Certification

D.

Procurement

An organization experiences data loss after several employees traveled to an area that is well-known for corporate espionage. The employees always used VPNs when connected to the hotel Wi-Fi, logged off their machines when not in use, and kept their doors locked when leaving their devices unattended. Which of the following will best prevent data loss events in the future?

A.

Data sanitization

B.

WAF

C.

FDE

D.

Split tunneling

A Chief Information Security Officer (CISO) has developed information security policies that relate to the software development methodology. Which of the following would the CISO most likely include in the organization ' s documentation?

A.

Peer review requirements

B.

Multifactor authentication

C.

Branch protection tests

D.

Secrets management configurations

A business uses Wi-Fi with content filleting enabled. An employee noticed a coworker accessed a blocked sue from a work computer and repotted the issue. While Investigating the issue, a security administrator found another device providing internet access to certain employees. Which of the following best describes the security risk?

A.

The host-based security agent Is not running on all computers.

B.

A rogue access point Is allowing users to bypass controls.

C.

Employees who have certain credentials are using a hidden SSID.

D.

A valid access point is being jammed to limit availability.

Which of the following is die most important security concern when using legacy systems to provide production service?

A.

Instability

B.

Lack of vendor support

C.

Loss of availability

D.

Use of insecure protocols

An organization designs an inbound firewall with a fail-open configuration while implementing a website. Which of the following does the organization consider to be the highest priority?

A.

Confidentiality

B.

Non-repudiation

C.

Availability

D.

Integrity