Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

CompTIA SY0-701 - CompTIA Security+ Exam 2026

Page: 4 / 14
Total 887 questions

Which of the following should be used to ensure an attacker is unable to read the contents of a mobile device ' s drive if the device is lost?

A.

TPM

B.

ECC

C.

FDE

D.

HSM

Which of the following enables the use of an input field to run commands that can view or manipulate data?

A.

Cross-site scripting

B.

Side loading

C.

Buffer overflow

D.

SQL injection

A cybersecurity incident response team at a large company receives notification that malware is present on several corporate desktops No known Indicators of compromise have been found on the network. Which of the following should the team do first to secure the environment?

A.

Contain the Impacted hosts

B.

Add the malware to the application blocklist.

C.

Segment the core database server.

D.

Implement firewall rules to block outbound beaconing

A security analyst finds a rogue device during a monthly audit of current endpoint assets that are connected to the network. The corporate network utilizes 002.1X for access control. To be allowed on the network, a device must have a Known hardware address, and a valid user name and password must be entered in a captive portal. The following is the audit report:

Which of the following is the most likely way a rogue device was allowed to connect?

A.

A user performed a MAC cloning attack with a personal device.

B.

A DMCP failure caused an incorrect IP address to be distributed

C.

An administrator bypassed the security controls for testing.

D.

DNS hijacking let an attacker intercept the captive portal traffic.

Which of the following is the most likely to be included as an element of communication in a security awareness program?

A.

Reporting phishing attempts or other suspicious activities

B.

Detecting insider threats using anomalous behavior recognition

C.

Verifying information when modifying wire transfer data

D.

Performing social engineering as part of third-party penetration testing

Which of the following can automate vulnerability management?

A.

CVE

B.

SCAP

C.

OSINT

D.

CVSS

A remote employee navigates to a shopping website on their company-owned computer. The employee clicks a link that contains a malicious file. Which of the following would prevent this file from downloading?

A.

DLP

B.

FIM

C.

NAC

D.

EDR

Which of the following should a technician perform to verify the integrity of a file transferred from one device to another?

A.

Authentication

B.

Obfuscation

C.

Hashing

D.

Encryption

Which of the following security threats aims to compromise a website that multiple employees frequently visit?

A.

Supply chain

B.

Typosquatting

C.

Watering hole

D.

Impersonation

A group of developers has a shared backup account to access the source code repository. Which of the following is the best way to secure the backup account if there is an SSO failure?

A.

RAS

B.

EAP

C.

SAML

D.

PAM

Attackers created a new domain name that looks similar to a popular file-sharing website. Which of the following threat vectors is being used?

A.

Watering-hole attack

B.

Brand impersonation

C.

Phishing

D.

Typosquatting

An analyst wants to move data from production to the UAT server to test the latest release. Which of the following strategies should the analyst use to protect sensitive data from being viewed by the testing team?

A.

Data masking

B.

Data tokenization

C.

Data obfuscation

D.

Data encryption

Which of the following topics would most likely be included within an organization ' s SDLC?

A.

Service-level agreements

B.

Information security policy

C.

Penetration testing methodology

D.

Branch protection requirements

A growing organization, which hosts an externally accessible application, adds multiple virtual servers to improve application performance and decrease the resource usage on individual servers Which of the following solutions is the organization most likely to employ to further increase performance and availability?

A.

Load balancer

B.

Jump server

C.

Proxy server

D.

SD-WAN

Which of the following allows a systems administrator to tune permissions for a file?

A.

Patching

B.

Access control list

C.

Configuration enforcement

D.

Least privilege

Which of the following is an algorithm performed to verify that data has not been modified?

A.

Hash

B.

Code check

C.

Encryption

D.

Checksum

A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering.

Which of the following teams will conduct this assessment activity?

A.

White

B.

Purple

C.

Blue

D.

Red

A company ' s Chief Information Security Officer (CISO) wants to enhance the capabilities of the incident response team. The CISO directs the incident response team to deploy a tool that rapidlyanalyzes host and network data from potentially compromised systems and forwards the data for further review. Which of the following tools should the incident response team deploy?

A.

NAC

B.

IPS

C.

SIEM

D.

EDR

While reviewing logs, a security administrator identifies the following code:

< script > function(send_info) < /script >

Which of the following best describes the vulnerability being exploited?

A.

XSS

B.

SQLi

C.

DDoS

D.

CSRF

An organization is implementing a COPE mobile device management policy. Which of the following should the organization include in the COPE policy? (Select two).

A.

Remote wiping of the device

B.

Data encryption

C.

Requiring passwords with eight characters

D.

Data usage caps

E.

Employee data ownership

F.

Personal application store access