Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

CompTIA SY0-701 - CompTIA Security+ Exam 2026

Page: 1 / 14
Total 887 questions

After creating a contract for IT contractors, the human resources department changed several clauses. The contract has gone through three revisions. Which of the following processes should the human resources department follow to track revisions?

A.

Version validation

B.

Version changes

C.

Version updates

D.

Version control

A few weeks after deploying additional email servers, employees complain that messages are being marked as spam. Which needs to be updated?

A.

CNAME

B.

SMTP

C.

DLP

D.

SPF

A security analyst learns that an attack vector, used as part of a recent incident, was a well-known IoT device exploit. The analyst needs to review logs to identify the time of the initial exploit. Which of the following logs should the analyst review first?

A.

Endpoint

B.

Application

C.

Firewall

D.

NAC

A security technician determines that no additional patches can be applied to an application and the risks of operating as such must be accepted. Additionally, only a limited number of network services should utilize the application. Which of the following best describes this type of mitigation?

A.

Patching

B.

Segmentation

C.

Isolation

D.

Monitoring

A company receives an alert that a widely used network device vendor has been banned by the government. What will general counsel most likely be concerned with during hardware refresh?

A.

Sanctions

B.

Data sovereignty

C.

Cost of replacement

D.

Loss of license

While conducting a business continuity tabletop exercise, the security team becomes concerned by potential impacts if a generator fails during failover. Which of the following is the team most likely to consider in regard to risk management activities?

A.

RPO

B.

ARO

C.

BIA

D.

MTTR

A security analyst estimates that a small security incident will cost $10,000 and will occur twice per year. The analyst recommends a budget of $20,000 for next year. Which of the following does the $10,000 represent?

A.

ARO

B.

SLE

C.

ALE

D.

RPO

An incident response specialist must stop a malicious attack from expanding to other parts of an organization. Which of the following should the incident response specialist perform first?

A.

Eradication

B.

Recovery

C.

Containment

D.

Simulation

A forensic engineer determines that the root cause of a compromise is a SQL injection attack. Which of the following should the engineer review to identify the command used by the threat actor?

A.

Metadata

B.

Application log

C.

System log

D.

Netflow log

An organization implemented cloud-managed IP cameras to monitor building entry points and sensitive areas. The service provider enables direct TCP/IP connection to stream live video footage from each camera. The organization wants to ensure this stream is encrypted and authenticated. Which of the following protocols should be implemented to best meet this objective?

A.

SSH

B.

SRTP

C.

S/MIME

D.

PPTP

A security analyst receives an alert that there was an attempt to download known malware. Which of the following actions would allow the best chance to analyze the malware?

A.

Review the IPS logs and determine which command-and-control IPs were blocked.

B.

Analyze application logs to see how the malware attempted to maintain persistence.

C.

Run vulnerability scans to check for systems and applications that are vulnerable to the malware.

D.

Obtain and execute the malware in a sandbox environment and perform packet captures.

Which of the following is most likely in a responsibility matrix in a cloud computing environment?

A.

The customer is responsible for information and data regardless of the cloud model used.

B.

The cloud provider is responsible for account and identity management for connected devices.

C.

The customer and the cloud provider share responsibility for the physical network infrastructure.

D.

The cloud provider is responsible for the security of endpoints connected to the infrastructure.

Which of the following is the most likely motivation for a hacktivist?

A.

Financial gain

B.

Service disruption

C.

Philosophical beliefs

D.

Corporate espionage

A security administrator is deploying a DLP solution to prevent the exfiltration of sensitive customer data. Which of the following should the administrator do first?

A.

Block access to cloud storage websites.

B.

Create a rule to block outgoing email attachments.

C.

Apply classifications to the data.

D.

Remove all user permissions from shares on the file server.

A software developer released a new application and is distributing the application files through the developer’s website. Which of the following should the developer post on the website to allow users to verify the integrity of the downloaded files?

A.

Hashes

B.

Certificates

C.

Algorithms

D.

Salting

Which of the following best represents an application that does not have an on-premises requirement and is accessible from anywhere?

A.

Pass

B.

Hybrid cloud

C.

Private cloud

D.

IaaS

E.

SaaS

A security architect wants to prevent employees from receiving malicious attachments by email. Which of the following functions should the chosen solution do?

A.

Apply IP address reputation data.

B.

Tap and monitor the email feed.

C.

Scan email traffic inline.

D.

Check SPF records.

A penetration tester visits a client’s website and downloads the site ' s content. Which of the following actions is the penetration tester performing?

A.

Unknown environment testing

B.

Vulnerability scan

C.

Due diligence

D.

Passive reconnaissance

A company wants to get alerts when others are researching and doing reconnaissance on the company One approach would be to host a part of the Infrastructure online with known vulnerabilities that would appear to be company assets. Which of the following describes this approach?

A.

Watering hole

B.

Bug bounty

C.

DNS sinkhole

D.

Honeypot

A manager receives an email that contains a link to receive a refund. After hovering over the link, the manager notices that the domain ' s URL points to a suspicious link. Which of the following security practices helped the manager to identify the attack?

A.

End user training

B.

Policy review

C.

URL scanning

D.

Plain text email