Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

CompTIA SY0-701 - CompTIA Security+ Exam 2026

Page: 5 / 14
Total 887 questions

A software developer would like to ensure. The source code cannot be reverse engineered or debugged. Which of the following should the developer consider?

A.

Version control

B.

Obfuscation toolkit

C.

Code reuse

D.

Continuous integration

E.

Stored procedures

A security analyst receives an alert from a corporate endpoint used by employees to issue visitor badges. The alert contains the following details:

Which of the following best describes the indicator that triggered the alert?

A.

Blocked content

B.

Brute-force attack

C.

Concurrent session usage

D.

Account lockout

An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following social engineering techniques are being attempted? (Choose two.)

A.

Typosquatting

B.

Phishing

C.

Impersonation

D.

Vishing

E.

Smishing

F.

Misinformation

Company A jointly develops a product with Company B, which is located in a different country. Company A finds out that their intellectual property is being shared with unauthorized companies. Which of the following has been breached?

A.

SLA

B.

AUP

C.

SOW

D.

MOA

Which of the following is prevented by proper data sanitization?

A.

Hackers ' ability to obtain data from used hard drives

B.

Devices reaching end-of-life and losing support

C.

Disclosure of sensitive data through incorrect classification

D.

Incorrect inventory data leading to a laptop shortage

A healthcare organization wants to provide a web application that allows individuals to digitally report health emergencies.

Which of the following is the most important consideration during development?

A.

Scalability

B.

Availability

C.

Cost

D.

Ease of deployment

Which of the following log sources best detects port scan activity?

A.

Firewall

B.

Proxy

C.

Endpoint

D.

NetFlow

Two companies are in the process of merging. The companies need to decide how to standardize their information security programs. Which of the following would best align the security programs?

A.

Shared deployment of CIS baselines

B.

Joint cybersecurity best practices

C.

Both companies following the same CSF

D.

Assessment of controls in a vulnerability report

Which of the following should be used to prevent changes to system-level data?

A.

NIDS

B.

DLP

C.

NAC

A security analyst is reviewing the source code of an application to identify misconfigurations and vulnerabilities. Which of the following kinds of analysis best describes this review?

A.

Dynamic

B.

Static

C.

Gap

D.

Impact

Which of the following is an example of a data protection strategy that uses tokenization?

A.

Encrypting databases containing sensitive data

B.

Replacing sensitive data with surrogate values

C.

Removing sensitive data from production systems

D.

Hashing sensitive data in critical systems

A company is concerned about the theft of client data from decommissioned laptops. Which of the following is the most cost-effective method to decrease this risk?

A.

Wiping

B.

Recycling

C.

Shredding

D.

Deletion

Which of the following vulnerabilities is associated with installing software outside of a manufacturer’s approved software repository?

A.

Jailbreaking

B.

Memory injection

C.

Resource reuse

D.

Side loading

Which of the following is the most important element when defining effective security governance?

A.

Discovering and documenting external considerations

B.

Developing procedures for employee onboarding and offboarding

C.

Assigning roles and responsibilities for owners, controllers, and custodians

D.

Defining and monitoring change management procedures

Which of the following should be used to prevent changes to system-level data?

A.

NIDS

B.

DLP

C.

NAC

D.

FIM

A company decides to purchase an insurance policy. Which of the following risk management strategies is this company implementing?

A.

Mitigate

B.

Accept

C.

Avoid

D.

Transfer

Which of the following must be considered when designing a high-availability network? (Select two).

A.

Ease of recovery

B.

Ability to patch

C.

Physical isolation

D.

Responsiveness

E.

Attack surface

F.

Extensible authentication

A systems administrator needs to encrypt all data on employee laptops. Which of the following encryption levels should be implemented?

A.

Volume

B.

Partition

C.

Full disk

D.

File

A company is planning a disaster recovery site and needs to ensure that a single natural disaster would not result in the complete loss of regulated backup data. Which of the following should the company consider?

A.

Geographic dispersion

B.

Platform diversity

C.

Hot site

D.

Load balancing

Which of the following steps in the risk management process involves establishing the scope and potential risks involved with a project?

A.

Risk mitigation

B.

Risk identification

C.

Risk treatment

D.

Risk monitoring and review