Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

CompTIA SY0-701 - CompTIA Security+ Exam 2026

Page: 9 / 14
Total 887 questions

A website user is locked out of an account after clicking an email link and visiting a different website Web server logs show the user ' s password was changed, even though the user did not change the password. Which of the following is the most likely cause?

A.

Cross-sue request forgery

B.

Directory traversal

C.

ARP poisoning

D.

SQL injection

A security administrator needs to reduce the attack surface in the company ' s data centers. Which of the following should the security administrator do to complete this task?

A.

Implement a honeynet.

B.

Define Group Policy on the servers.

C.

Configure the servers for high availability.

D.

Upgrade end-of-support operating systems.

An administrator has identified and fingerprinted specific files that will generate an alert if an attempt is made to email these files outside of the organization. Which of the following best describes the tool the administrator is using?

A.

DLP

B.

SNMP traps

C.

SCAP

D.

IPS

An employee clicked a malicious link in an email and downloaded malware onto the company ' s computer network. The malicious program exfiltrated thousands of customer records. Which of the following should the company implement to prevent this in the future?

A.

User awareness training

B.

Network monitoring

C.

Endpoint protection

D.

Data loss prevention

An analyst identifies that multiple users have the same passwords, but the hashes appear to be completely different. Which of the following most likely explains this issue?

A.

Data masking

B.

Salting

C.

Key escrow

D.

Tokenization

An engineer moved to another team and is unable to access the new team ' s shared folders while still being able to access the shared folders from the former team. After opening a ticket, the engineer discovers that the account was never moved to the new group. Which of the following access controls is most likely causing the lack of access? 1  

A.

Role-based

B.

Discretionary

C.

Time of day

D.

Least privilege

A security officer is implementing a security awareness program and is placing security-themed posters around the building and is assigning online user training. Which of the following would the security officer most likely implement?

A.

Password policy

B.

Access badges

C.

Phishing campaign

D.

Risk assessment

The Cruel Information Security Officer (CISO) asks a security analyst to install an OS update to a production VM that has a 99% uptime SLA. The CISO tells me analyst the installation must be done as quickly as possible. Which of the following courses of action should the security analyst take first?

A.

Log in to the server and perform a health check on the VM.

B.

Install the patch Immediately.

C.

Confirm that the backup service is running.

D.

Take a snapshot of the VM.

A company that has a large IT operation is looking to better control, standardize, and lower the time required to build new servers. Which of the following architectures will best achieve the company’s objectives?

A.

IoT

B.

IaC

C.

PaaS

D.

ICS

A company deploys a new server that a client must be able to access it at all times. Which of the following will support this availability requirement?

A.

Proxy server

B.

Jump server

C.

Geographic restrictions

D.

Load balancer

Which of the following considerations is the most important for an organization to evaluate as it establishes and maintains a data privacy program?

A.

Reporting structure for the data privacy officer

B.

Request process for data subject access

C.

Role as controller or processor

D.

Physical location of the company

Which of the following architectures is most suitable to provide redundancy for critical business processes?

A.

Network-enabled

B.

Server-side

C.

Cloud-native

D.

Multitenant

A security administrator wants to implement a security information and event management system. The administrator must first collect network traffic on the switch to gain visibility of the network. Which of the following is the most appropriate method?

A.

Syslog

B.

Port mirroring

C.

Port forwarding

D.

Load balancer logs

Various company stakeholders meet to discuss roles and responsibilities in the event of a security breach affecting offshore offices. Which of the following is this an example of?

A.

Tabletop exercise

B.

Penetration test

C.

Geographic dispersion

D.

Incident response

A security analyst finds a rogue device during a monthly audit of current endpoint assets that are connected to the network. The corporate network utilizes 002.1X for access control. To be allowed on the network, a device must have a Known hardware address, and a valid user name and password must be entered in a captive portal. The following is the audit report:

Which of the following is the most likely way a rogue device was allowed to connect?

A.

A user performed a MAC cloning attack with a personal device.

B.

A DMCP failure caused an incorrect IP address to be distributed

C.

An administrator bypassed the security controls for testing.

D.

DNS hijacking let an attacker intercept the captive portal traffic.

A company is concerned with supply chain compromise of new servers and wants to limit this risk. Which of the following should the company review first?

A.

Sanitization procedure

B.

Acquisition process

C.

Change management

D.

Asset tracking

A security analyst receives an alert that an employee has clicked on a phishing email and exposed their credentials. Which of the following should the analyst do?

A.

Notify all employees about the phishing attack and instruct them to avoid suspicious emails.

B.

Wait for confirmation from the employee before making any changes to the account.

C.

Reimage the employee ' s workstation to ensure no malware is present.

D.

Lock the employee ' s account to prevent further unauthorized access.

While updating the security awareness training, a security analyst wants to address issues created if vendors ' email accounts are compromised. Which of the following recommendations should the security analyst include in the training?

A.

Refrain from clicking on images included in emails from new vendors.

B.

Delete emails from unknown service provider partners.

C.

Require that invoices be sent as attachments.

D.

Be alert to unexpected requests from familiar email addresses.

Which of the following is a benefit of vendor diversity?

A.

Patch availability

B.

Zero-day resiliency

C.

Secure configuration guide applicability

D.

Load balancing

Which of the following data types relates to data sovereignty?

A.

Data classified as public in other countries

B.

Personally Identifiable data while traveling

C.

Health data shared between doctors in other nations

D.

Data at rest outside of a country ' s borders