CompTIA SY0-701 - CompTIA Security+ Exam 2026
An employee emailed a new systems administrator a malicious web link and convinced the administrator to change the email server ' s password. The employee used this access to remove the mailboxes of key personnel. Which of the following security awareness concepts would help prevent this threat in the future?
An IT manager is putting together a documented plan describing how the organization will keep operating in the event of a global incident. Which of the following plans is the IT manager creating?
A company receives an alert that a network device vendor, which is widely used in the enterprise, has been banned by the government.
Which of the following will the company ' s general counsel most likely be concerned with during a hardware refresh of these devices?
A small business initially plans to open common communications ports (21, 22, 25, 80, 443) on its firewall to allow broad access to its screened subnet. However, their security consultant advises against this action. Which of the following security principles is the consultant addressing?
Which of the following is an example of a false negative vulnerability detection in a scan report?
A company is expanding its threat surface program and allowing individuals to security test the company’s internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?
A company processes a large volume of business-to-business transactions and prioritizes data confidentiality over transaction availability. The company’s firewall administrator must configure a new hardware-based firewall to replace the current one. Which of the following should the administrator do to best align with the company requirements in case a security event occurs?
Which of the following best explains the benefit of using asymmetric encryption?
Which of the following would be most useful in determining whether the long-term cost to transfer a risk is less than the impact of the risk?
Which of the following is a technical security control?
A company recently decided to allow employees to work remotely. The company wants to protect us data without using a VPN. Which of the following technologies should the company Implement?
A company is considering an expansion of access controls for an application that contractors and internal employees use to reduce costs. Which of the following risk elements should the implementation team understand before granting access to the application?
Which of the following best describes a common use of OSINT?
A recent penetration test identified that an attacker could flood the MAC address table of network switches. Which of the following would best mitigate this type of attack?
Which of the following must be considered when designing a high-availability network? (Choose two).
An organization wants to ensure the integrity of compiled binaries in the production environment. Which of the following security measures would best support this objective?
Which of the following is a qualitative approach to risk analysis?
Which of the following is a vulnerability concern for end-of-life hardware?
Which of the following would be the best way to block unknown programs from executing?
A company plans to secure its systems by:
Preventing users from sending sensitive data over corporate email
Restricting access to potentially harmful websites
Which of the following features should the company set up? (Select two).
