Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium CompTIA SY0-701 Dumps Questions Answers

Page: 1 / 67
Total 887 questions

CompTIA Security+ Exam 2026 Questions and Answers

Question 1

Which of the following are the best methods for hardening end user devices? (Select two)

Options:

A.

Full disk encryption

B.

Group-level permissions

C.

Account lockout

D.

Endpoint protection

E.

Proxy server

F.

Segmentation

Buy Now
Question 2

During an investigation, an incident response team attempts to understand the source of an incident. Which of the following incident response activities describes this process?

Options:

A.

Analysis

B.

Lessons learned

C.

Detection

D.

Containment

Question 3

An organization’s internet-facing website was compromised when an attacker exploited a buffer overflow. Which of the following should the organization deploy to best protect against similar attacks in the future?

Options:

A.

NGFW

B.

WAF

C.

TLS

D.

SD-WAN

Question 4

Which of the following is the best way to improve the confidentiality of remote connections to an enterprise ' s infrastructure?

Options:

A.

Firewalls

B.

Virtual private networks

C.

Extensive logging

D.

Intrusion detection systems

Question 5

A company asks a vendor to help its internal red team with a penetration test without providing too much detail about the infrastructure. Which of the following penetration testing methods does this scenario describe?

Options:

A.

Passive reconnaissance

B.

Partially-known environment

C.

Integrated testing

D.

Defensive testing

Question 6

A security company informs its customers of a new vulnerability that affects web applications. The vulnerability does not have an available patch at the moment. Which of the following best describes this vulnerability?

Options:

A.

Zero-day

B.

XSS

C.

SQLi

D.

Buffer overflow

Question 7

An administrator investigating an incident is concerned about the downtime of a critical server due to a failed drive. Which of the following would the administrator use to estimate the time needed to fix the issue?

Options:

A.

MTTR

B.

MTBF

C.

RTO

D.

RPO

Question 8

A government official receives a blank envelope containing photos and a note instructing the official to wire a large sum of money by midnight to prevent the photos from being leaked on the Internet. Which of the following best describes the threat actor ' s intent?

Options:

A.

Organized crime

B.

Philosophical beliefs

C.

Espionage

D.

Blackmail

Question 9

A penetration testing report indicated that an organization should implement controls related to database input validation. Which of the following best identifies the type of vulnerability that was likely discovered during the test?

Options:

A.

XSS

B.

Command injection

C.

Buffer overflow

D.

SQLi

Question 10

A company processes a large volume of business-to-business transactions and prioritizes data confidentiality over transaction availability. The company’s firewall administrator must configure a new hardware-based firewall to replace the current one. Which of the following should the administrator do to best align with the company requirements in case a security event occurs?

Options:

A.

Ensure the firewall data plane moves to fail-closed mode.

B.

Implement a deny-all rule as the last firewall ACL rule.

C.

Prioritize business-critical application traffic through the firewall.

D.

Configure rate limiting between the firewall interfaces.

Question 11

A Chief Information Officer wants to ensure that network devices cannot connect to the public internet or the local network to directly perform firmware updates. The IT team must manually perform the update process by using a portable device. Which of the following architecture types best fits this description?

Options:

A.

Microservices

B.

Air-gapped

C.

Software-defined networking

D.

Serverless

Question 12

During a risk treatment exercise, an administrator discovers a risk that cannot be mitigated. Which of the following best describes this situation?

Options:

A.

Residual risk

B.

Risk appetite

C.

Reviewed risk

D.

Risk register

Question 13

A security analyst receives an alert that an employee has clicked on a phishing email and exposed their credentials. Which of the following should the analyst do?

Options:

A.

Notify all employees about the phishing attack and instruct them to avoid suspicious emails.

B.

Wait for confirmation from the employee before making any changes to the account.

C.

Reimage the employee ' s workstation to ensure no malware is present.

D.

Lock the employee ' s account to prevent further unauthorized access.

Question 14

While troubleshooting an internal resource ' s poor performance for an end user, a network engineer performs a traceroute on the end device and receives the following output:

C:\User > tracert 10.100.15.20

Tracing route to [internal.resource.org] 10.100.15.20

over a maximum of 30 hops:

1 200 ms 200 ms 200 ms 10.20.10.10

2 5 ms 3 ms 3 ms 10.20.10.1

3 20 ms 20 ms 10 ms 10.25.10.10

4 10 ms 8 ms 10 ms 10.30.110.1

5 5 ms 6 ms 3 ms 10.100.15.20

The engineer performs a traceroute from a device that is not experiencing poor performance but is connected to the same port. The engineer receives the following output:

C:\Engineer > tracert 10.100.15.20

Tracing route to [internal.resource.org] 10.100.15.20

over a maximum of 30 hops:

1 5 ms 3 ms 3 ms 10.20.10.1

2 20 ms 20 ms 10 ms 10.25.10.10

3 10 ms 8 ms 10 ms 10.30.110.1

4 5 ms 6 ms 3 ms 10.100.15.20

Which of the following is most likely occurring?

Options:

A.

ARP cache poisoning

B.

On-path attack

C.

Resource exhaustion

D.

DNS spoofing

Question 15

An employee used a company ' s billing system to issue fraudulent checks. The administrator is looking for evidence of other occurrences of this activity. Which of the following should the administrator examine?

Options:

A.

Application logs

B.

Vulnerability scanner logs

C.

IDS/IPS logs

D.

Firewall logs

Question 16

A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO ' s report?

Options:

A.

Insider threat

B.

Hacktivist

C.

Nation-state

D.

Organized crime

Question 17

A security administrator wants to implement a security information and event management system. The administrator must first collect network traffic on the switch to gain visibility of the network. Which of the following is the most appropriate method?

Options:

A.

Syslog

B.

Port mirroring

C.

Port forwarding

D.

Load balancer logs

Question 18

A security analyst is reviewing the following logs about a suspicious activity alert for a user ' s VPN log-ins. Which of the following malicious activity indicators triggered the alert?

✅Log Summary:

User logs in fromChicago, ILmultiple times, then suddenly a successful login appears fromRome, Italy, followed again by Chicago logins — all within ashort time span.

Options:

A.

Impossible travel

B.

Account lockout

C.

Blocked content

D.

Concurrent session usage

Question 19

A penetration tester visits a client’s website and downloads the site ' s content. Which of the following actions is the penetration tester performing?

Options:

A.

Unknown environment testing

B.

Vulnerability scan

C.

Due diligence

D.

Passive reconnaissance

Question 20

Which of the following would a security administrator use to comply with a secure baseline during a patch update?

Options:

A.

Information security policy

B.

Service-level expectations

C.

Standard operating procedure

D.

Test result report

Question 21

Which of the following exercises should an organization use to improve its incident response process?

Options:

A.

Tabletop

B.

Replication

C.

Failover

D.

Recovery

Question 22

An organization needs to monitor its users ' activities to prevent insider threats. Which of the following solutions would help the organization achieve this goal?

Options:

A.

Behavioral analytics

B.

Access control lists

C.

Identity and access management

D.

Network intrusion detection system

Question 23

Which of the following is the most important element when defining effective security governance?

Options:

A.

Discovering and documenting external considerations

B.

Developing procedures for employee onboarding and offboarding

C.

Assigning roles and responsibilities for owners, controllers, and custodians

D.

Defining and monitoring change management procedures

Question 24

An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period. Which of the following data policies is the administrator carrying out?

Options:

A.

Compromise

B.

Retention

C.

Analysis

D.

Transfer

E.

Inventory

Question 25

Which of the following would be the best ways to ensure only authorized personnel can access a secure facility? (Select two).

Options:

A.

Fencing

B.

Video surveillance

C.

Badge access

D.

Access control vestibule

E.

Sign-in sheet

F.

Sensor

Question 26

Which of the following cryptographic methods is preferred for securing communications with limited computing resources?

Options:

A.

Hashing algorithm

B.

Public key infrastructure

C.

Symmetric encryption

D.

Elliptic curve cryptography

Question 27

The local administrator account for a company ' s VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have most likely prevented this from happening ' ?

Options:

A.

Using least privilege

B.

Changing the default password

C.

Assigning individual user IDs

D.

Reviewing logs more frequently

Question 28

During a recent log review, an analyst discovers evidence of successful injection attacks. Which of the following will best address this issue?

Options:

A.

Authentication

B.

Secure cookies

C.

Static code analysis

D.

Input validation

Question 29

A software developer released a new application and is distributing the application files through the developer’s website. Which of the following should the developer post on the website to allow users to verify the integrity of the downloaded files?

Options:

A.

Hashes

B.

Certificates

C.

Algorithms

D.

Salting

Question 30

Which of the following factors are the most important to address when formulating a training curriculum plan for a security awareness program? (Select two).

Options:

A.

Channels by which the organization communicates with customers

B.

The reporting mechanisms for ethics violations

C.

Threat vectors based on the industry in which the organization operates

D.

Secure software development training for all personnel

E.

Cadence and duration of training events

F.

Retraining requirements for individuals who fail phishing simulations

Question 31

Which of the following topics would most likely be included within an organization ' s SDLC?

Options:

A.

Service-level agreements

B.

Information security policy

C.

Penetration testing methodology

D.

Branch protection requirements

Question 32

An organization discovers that its cold site does not have enough storage and computers available. Which of the following was most likely the cause of this failure?

Options:

A.

Capacity planning

B.

Load balancing

C.

Backups

D.

Platform diversity

Question 33

The Chief Information Security Officer (CISO) of a medium-sized business plans to modernize the existing security infrastructure and address issues with legacy software and assets. Which of the following should the CISO use to determine the scope of the legacy infrastructure and develop a risk-based approach to modernization?

Options:

A.

Angry IP Scanner

B.

OWASP Web Security Testing Guide

C.

CIS benchmarks

D.

Metasploit Framework

Question 34

A company is using a legacy FTP server to transfer financial data to a third party. The legacy system does not support SFTP, so a compensating control is needed to protect the sensitive, financial data in transit. Which of the following would be the most appropriate for the company to use?

Options:

A.

Telnet connection

B.

SSH tunneling

C.

Patch installation

D.

Full disk encryption

Question 35

Which of the following describes an executive team that is meeting in a board room and testing the company ' s incident response plan?

Options:

A.

Continuity of operations

B.

Capacity planning

C.

Tabletop exercise

D.

Parallel processing

Question 36

A security analyst reviews domain activity logs and notices the following:

Which of the following is the best explanation for what the security analyst has discovered?

Options:

A.

The user jsmith ' s account has been locked out.

B.

A keylogger is installed on [smith ' s workstation

C.

An attacker is attempting to brute force ismith ' s account.

D.

Ransomware has been deployed in the domain.

Question 37

Which of the following best practices gives administrators a set period to perform changes to an operational system to ensure availability and minimize business impacts?

Options:

A.

Impact analysis

B.

Scheduled downtime

C.

Backout plan

D.

Change management boards

Question 38

While updating the security awareness training, a security analyst wants to address issues created if vendors ' email accounts are compromised. Which of the following recommendations should the security analyst include in the training?

Options:

A.

Refrain from clicking on images included in emails from new vendors.

B.

Delete emails from unknown service provider partners.

C.

Require that invoices be sent as attachments.

D.

Be alert to unexpected requests from familiar email addresses.

Question 39

Which of the following is a common source of unintentional corporate credential leakage in cloud environments?

Options:

A.

Code repositories

B.

Dark web

C.

Threat feeds

D.

State actors

E.

Vulnerability databases

Question 40

Which of the following is the most relevant reason a DPO would develop a data inventory?

Options:

A.

To manage data storage requirements better

B.

To determine the impact in the event of a breach

C.

To extend the length of time data can be retained

D.

To automate the reduction of duplicated data

Question 41

Which of the following methods would most likely be used to identify legacy systems?

Options:

A.

Bug bounty program

B.

Vulnerability scan

C.

Package monitoring

D.

Dynamic analysis

Question 42

Which of the following vulnerabilities would likely be mitigated by setting up an MDM platform?

Options:

A.

TPM

B.

Buffer overflow

C.

Jailbreaking

D.

SQL injection

Question 43

A security team receives reports about high latency and complete network unavailability throughout most of the office building. Flow logs from the campus switches show high traffic on TCP 445. Which of the following is most likely the root cause of this incident?

Options:

A.

Buffer overflow

B.

NTP amplification attack

C.

Worm

D.

Kerberoasting attack

Question 44

An organization has learned that its data is being exchanged on the dark web. The CIO

has requested that you investigate and implement the most secure solution to protect employee accounts.

INSTRUCTIONS

Review the data to identify weak security practices and provide the most appropriate

security solution to meet the CIO ' s requirements.

Options:

Question 45

A small business initially plans to open common communications ports (21, 22, 25, 80, 443) on its firewall to allow broad access to its screened subnet. However, their security consultant advises against this action. Which of the following security principles is the consultant addressing?

Options:

A.

Secure access service edge

B.

Attack surface

C.

Least privilege

D.

Separation of duties

Question 46

Which of the following should be used to prevent changes to system-level data?

Options:

A.

NIDS

B.

DLP

C.

NAC

Question 47

Which of the following is used to quantitatively measure the criticality of a vulnerability?

Options:

A.

CVE

B.

CVSS

C.

CIA

D.

CERT

Question 48

Which of the following is the best reason to complete an audit in a banking environment?

Options:

A.

Regulatory requirement

B.

Organizational change

C.

Self-assessment requirement

D.

Service-level requirement

Question 49

Which of the following technologies assists in passively verifying the expired status of a digital certificate?

Options:

A.

OCSP

B.

CRL

C.

TPM

D.

CSR

Question 50

Which of the following can automate vulnerability management?

Options:

A.

CVE

B.

SCAP

C.

OSINT

D.

CVSS

Question 51

Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.

INSTRUCTIONS

Not all attacks and remediation actions will be used.

If at any time you would like to bring back the initial state of the simu-lation, please click the Reset All button.

Options:

Question 52

A nation-state attacker gains access to the email accounts of several journalists by compromising a website that the journalists frequently use. Which of the following types of attacks describes this example?

Options:

A.

On-path

B.

Watering-hole

C.

Typosquatting

D.

Brand impersonation

Question 53

A client demands at least 99.99% uptime from a service provider ' s hosted security services. Which of the following documents includes the information the service provider should return to the client?

Options:

A.

MOA

B.

SOW

C.

MOU

D.

SLA

Question 54

Various company stakeholders meet to discuss roles and responsibilities in the event of a security breach that would affect offshore offices. Which of the following is this an example of?

Options:

A.

Tabletop exercise

B.

Penetration test

C.

Geographic dispersion

D.

Incident response

Question 55

A user needs to complete training at After manually entering the URL, the user sees that the accessed website is noticeably different from the standard company website. Which of the following is the most likely explanation for the difference?

Options:

A.

Cross-site scripting

B.

Pretexting

C.

Typosquatting

D.

Vishing

Question 56

Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked.

Which of the following changes would allow users to access the site?

Options:

A.

Creating a firewall rule to allow HTTPS traffic

B.

Configuring the IPS to allow shopping

C.

Tuning the DLP rule that detects credit card data

D.

Updating the categorization in the content filter

Question 57

A new security regulation was announced that will take effect in the coming year. A company must comply with it to remain in business. Which of the following activities should the company perform next?

Options:

A.

Gap analysis

B.

Policy review

C.

Security procedure evaluation

D.

Threat scope reduction

Question 58

An end-of-service server cannot be patched, but it still performs as expected for business operations. The team moves the system to a segmented network. Which of the following control types has the team applied?

Options:

A.

Preventive

B.

Deterrent

C.

Corrective

D.

Compensating

Question 59

Which of the following best explains how open service ports increase an organization ' s attack surface?

Options:

A.

They are commonly overlooked by endpoint antivirus tools during scans.

B.

They can make the company’s remote entry point available to the internet.

C.

They enable automatic application updates to reduce vulnerability windows.

D.

They can expose unnecessary services to unauthorized access if not properly restricted.

Question 60

An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software. Which of the following security techniques is the IT manager setting up?

Options:

A.

Hardening

B.

Employee monitoring

C.

Configuration enforcement

D.

Least privilege

Question 61

A security engineer is installing an IPS to block signature-based attacks in the environment. Which of the following modes will best accomplish this task?

Options:

A.

Monitor

B.

Sensor

C.

Audit

D.

Active

Question 62

A remote employee navigates to a shopping website on their company-owned computer. The employee clicks a link that contains a malicious file. Which of the following would prevent this file from downloading?

Options:

A.

DLP

B.

FIM

C.

NAC

D.

EDR

Question 63

A security analyst sees the following entries in web server logs:

200.17.88.121 [05/May/2025:01:05:18 -0200] " GET /aboutus.htm " 200 3344

200.17.88.121 [05/May/2025:01:08:22 -0200] " GET /corporateOrg.htm " 200 4200

132.18.62.144 [05/May/2025:01:08:23 -0200] " GET /../../vhosts " 403 502

200.17.88.121 [05/May/2025:01:10:33 -0200] " POST /ContactUs.asp " 403 512

118.19.200.55 [05/May/2025:01:10:45 -0200] " POST/search " 200 1212 " SELECT * FROM company WHERE keyword = ' VP

105.86.13.11 [05/May/2025:01:15:45 -0200] " GET /latestContracts.htm " 404 512

Which of the following IP addresses is most likely involved in a malicious attempt?

Options:

A.

105.86.13.11

B.

118.19.200.55

C.

132.18.62.144

D.

200.17.88.121

Question 64

A company wants to ensure that only authorized devices can enter an environment. Which of the following will the company most likely use to implement the control?

Options:

A.

Access lists

B.

Remote connection

C.

Screened subnets

D.

Centralized proxy

Question 65

Which of the following can be used to compromise a system that is running an RTOS?

Options:

A.

Cross-site scripting

B.

Memory injection

C.

Replay attack

D.

Ransomware

Question 66

A penetration tester was able to gain unauthorized access to a hypervisor platform. Which of the following vulnerabilities was most likely exploited?

Options:

A.

Cross-site scripting

B.

SQL injection

C.

Race condition

D.

VM escape

Question 67

Which of the following should be used to ensure a device is inaccessible to a network-connected resource?

Options:

A.

Disablement of unused services

B.

Web application firewall

C.

Host isolation

D.

Network-based IDS

Question 68

Which of the following teams combines both offensive and defensive testing techniques to protect an organization ' s critical systems?

Options:

A.

Red

B.

Blue

C.

Purple

D.

Yellow

Question 69

A company is implementing a policy to allow employees to use their personal equipment for work. However, the company wants to ensure that only company-approved applications can be installed. Which of the following addresses this concern?

Options:

A.

MDM

B.

Containerization

C.

DLP

D.

FIM

Question 70

A security analyst scans a company ' s public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend?

Options:

A.

Changing the remote desktop port to a non-standard number

B.

Setting up a VPN and placing the jump server inside the firewall

C.

Using a proxy for web connections from the remote desktop server

D.

Connecting the remote server to the domain and increasing the password length

Question 71

A new corporate policy requires all staff to use multifactor authentication to access company resources. Which of the following can be utilized to set up this form of identity and access management? (Select two)

Options:

A.

Authentication tokens

B.

Least privilege

C.

Biometrics

D.

LDAP

E.

Password vaulting

F.

SAML

Question 72

The marketing department set up its own project management software without telling the appropriate departments. Which of the following describes this scenario?

Options:

A.

Shadow IT

B.

Insider threat

C.

Data exfiltration

D.

Service disruption

Question 73

Which of the following are the best security controls for controlling on-premises access? (Select two.)

Options:

A.

Swipe card

B.

Picture ID

C.

Phone authentication application

D.

Biometric scanner

E.

Camera

F.

Memorable

Question 74

Security controls in a data center are being reviewed to ensure data is properly protected and that human life considerations are included. Which of the following best describes how the controls should be set up?

Options:

A.

Remote access points should fail closed.

B.

Logging controls should fail open.

C.

Safety controls should fail open.

D.

Logical security controls should fail closed.

Question 75

Which of the following describes when a user installs an unauthorized application by bypassing the authorized application store and installing a binary file?

Options:

A.

Jailbreaking

B.

Sideloading

C.

Memory injection

D.

VM escaping

Question 76

Which of the following methods will most likely be used to identify legacy systems?

Options:

A.

Bug bounty program

B.

Vulnerability scan

C.

Package monitoring

D.

Dynamic analysis

Question 77

A systems administrator discovers a system that is no longer receiving support from the vendor. However, this system and its environment are critical to running the business, cannot be modified, and must stay online. Which of the following risk treatments is the most appropriate in this situation?

Options:

A.

Refect

B.

Accept

C.

Transfer

D.

Avoid

Question 78

A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system. Which of the following would detect this behavior?

Options:

A.

Implementing encryption

B.

Monitoring outbound traffic

C.

Using default settings

D.

Closing all open ports

Question 79

An incident response specialist must stop a malicious attack from expanding to other parts of an organization. Which of the following should the incident response specialist perform first?

Options:

A.

Eradication

B.

Recovery

C.

Containment

D.

Simulation

Question 80

A security administrator needs to protect the integrity of a compromised laptop. The administrator turns off the laptop for a forensic investigation. Which of the following tasks should the administrator do first before analyzing the hard drive?

Options:

A.

Metadata review

B.

Snapshot

C.

Bit-level copy

D.

Memory dump

Question 81

Which of the following vulnerabilities is associated with installing software outside of a manufacturer’s approved software repository?

Options:

A.

Jailbreaking

B.

Memory injection

C.

Resource reuse

D.

Side loading

Question 82

An administrator learns that users are receiving large quantities of unsolicited messages. The administrator checks the content filter and sees hundreds of messages sent to multiple users. Which of the following best describes this kind of attack?

Options:

A.

Watering hole

B.

Typosquatting

C.

Business email compromise

D.

Phishing

Question 83

Which of the following best explains the role of compensating controls?

Options:

A.

Reducing the attack surface by isolating vulnerable components within a segmented environment

B.

Providing an alternative security measure when standard remediation is not feasible

C.

Delaying remediation timelines by replacing affected systems in a maintenance window

D.

Remediating software flaws by modifying source code to remove insecure functions

Question 84

Which of the following consequences would a retail chain most likely face from customers in the event the retailer is non-compliant with PCI DSS?

Options:

A.

Contractual impacts

B.

Sanctions

C.

Fines

D.

Reputational damage

Question 85

An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following social engineering techniques are being attempted? (Choose two.)

Options:

A.

Typosquatting

B.

Phishing

C.

Impersonation

D.

Vishing

E.

Smishing

F.

Misinformation

Question 86

While a user reviews their email, a host gets infected by malware from an external hard drive plugged into the host. The malware steals all the user ' s credentials stored in the browser. Which of the following training topics should the user review to prevent this situation from reoccurring?

Options:

A.

Operational security

B.

Removable media and cables

C.

Password management

D.

Social engineering

Question 87

Which of the following explains the difference between data masking and data tokenization?

Options:

A.

Data masking is typically a non-reversible process, while data tokenization is reversible.

B.

Data masking uses encryption, while data tokenization replaces data with null values.

C.

Data masking uses one-to-one data mapping, while data tokenization uses one-to-many data mapping.

D.

Data masking implements a random function, while data tokenization implements a pseudo-random function.

Question 88

An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is the best for this scenario?

Options:

A.

Real-time recovery

B.

Hot

C.

Cold

D.

Warm

Question 89

Which of the following best explains why an organization would choose a warm site for disaster recovery?

Options:

A.

It reduces complexity by replicating data in real time across identical environments.

B.

It eliminates the need for backup testing by using cloud-native infrastructure.

C.

It offers fully automated fail over with no manual intervention required.

D.

It balances cost and recovery time by maintaining partially configured systems.

Question 90

Which of the following best describes the concept of information being stored outside of its country of origin while still being subject to the laws and requirements of the country of origin?

Options:

A.

Data sovereignty

B.

Geolocation

C.

Intellectual property

D.

Geographic restrictions

Question 91

Which of the following should be used to ensure that a new software release has not been modified before reaching the user?

Options:

A.

Tokenization

B.

Encryption

C.

Hashing

D.

Obfuscation

Question 92

A company uses its backups to recover from a ransomware attack. Which of the following best guarantees that the backups are not infected?

Options:

A.

Immutability

B.

Destruction

C.

Sanitization

D.

Retention

Question 93

The help desk receives multiple calls that machines with an outdated OS version are running slowly. Several users are seeing virus detection alerts. Which of the following mitigation techniques should be reviewed first?

Options:

A.

Patching

B.

Segmentation

C.

Monitoring

D.

Isolation

Question 94

A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks. Which of the following analysis elements did the company most likely use in making this decision?

Options:

A.

MTTR

B.

RTO

C.

ARO

D.

MTBF

Question 95

Which of the following examples would be best mitigated by input sanitization?

Options:

A.

< script > alert ( " Warning! " ) ,- < /script >

B.

nmap - 10.11.1.130

C.

Email message: " Click this link to get your free gift card. "

D.

Browser message: " Your connection is not private. "

Question 96

A staff member finds a USB drive in the office ' s parking lot. Which of the following should the staff member do?

Options:

A.

Notify the file owner after reviewing the contents of the drive.

B.

Use an air-gapped system to open the files without exposing the network.

C.

Wipe the drive immediately using a secure method.

D.

Submit the device to the security team without connecting it.

Question 97

A company is expanding its threat surface program and allowing individuals to security test the company’s internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?

Options:

A.

Open-source intelligence

B.

Bug bounty

C.

Red team

D.

Penetration testing

Question 98

A security analyst collects IOCs from a cybersecurity bulletin. Which of the following should the analyst do next to assess if an environment is compromised?

Options:

A.

Root cause analysis

B.

Threat hunting

C.

Tabletop exercise

D.

Penetration test

Question 99

A security analyst must prevent remote users from accessing malicious URLs. The sites need to be checked inline for reputation, content, or categorization. Which of the following technologies will help secure the enterprise?

Options:

A.

VPN

B.

SASE

C.

IDS

D.

SD-WAN

Question 100

A security analyst wants to better understand the behavior of users and devices in order to gain visibility into potential malicious activities. The analyst needs a control to detect when actions deviate from a common baseline Which of the following should the analyst use?

Options:

A.

Intrusion prevention system

B.

Sandbox

C.

Endpoint detection and response

D.

Antivirus

Question 101

Employees in the research and development business unit receive extensive training to ensure they understand how to best protect company data. Which of the following is the type of data these employees are most likely to use in day-to-day work activities?

Options:

A.

Encrypted

B.

Intellectual property

C.

Critical

D.

Data in transit

Question 102

Which of the following describes a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system?

Options:

A.

SIEM

B.

DLP

C.

IDS

D.

SNMP

Question 103

Visitors to a secured facility are required to check in with a photo ID and enter the facility through an access control vestibule Which of the following but describes this form of security control?

Options:

A.

Physical

B.

Managerial

C.

Technical

D.

Operational

Question 104

Which of the following can a security director use to prioritize vulnerability patching within a company ' s IT environment?

Options:

A.

SOAR

B.

CVSS

C.

SIEM

D.

CVE

Question 105

Which of the following is a benefit of launching a bug bounty program? (Select two)

Options:

A.

Transference of risk to a third party

B.

Reduction in the number of zero-day vulnerabilities

C.

Increased security awareness for the workforce

D.

Reduced cost of managing the program

E.

Quicker discovery of vulnerabilities

F.

Improved patch management process

Question 106

Which of the following describes the category of data that is most impacted when it is lost?

Options:

A.

Confidential

B.

Public

C.

Private

D.

Critical

Question 107

Which of the following can best contribute to prioritizing patch applications?

Options:

A.

CVSS

B.

SCAP

C.

OSINT

D.

CVE

Question 108

An organization is looking to optimize its environment and reduce the number of patches necessary for operating systems. Which of the following will best help to achieve this objective?

Options:

A.

Microservices

B.

Virtualization

C.

Real-time operating system

D.

Containers

Question 109

An employee in the accounting department receives an email containing a demand for payment tot services performed by a vendor However, the vendor is not in the vendor management database. Which of the following in this scenario an example of?

Options:

A.

Pretexting

B.

Impersonation

C.

Ransomware

D.

Invoice scam

Question 110

A company ' s end users are reporting that they are unable to reach external websites. After reviewing the performance data for the DNS severs, the analyst discovers that the CPU, disk, and memory usage are minimal, but the network interface is flooded with inbound traffic. Network logs show only a small number of DNS queries sent to this server. Which of the following best describes what the security analyst is seeing?

Options:

A.

Concurrent session usage

B.

Secure DNS cryptographic downgrade

C.

On-path resource consumption

D.

Reflected denial of service

Question 111

An engineer has ensured that the switches are using the latest OS, the servers have the latest patches, and the endpoints ' definitions are up to date. Which of the following will these actions most effectively prevent?

Options:

A.

Zero-day attacks

B.

Insider threats

C.

End-of-life support

D.

Known exploits

Question 112

The security operations center is researching an event concerning a suspicious IP address A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced faded log-In attempts when authenticating from the same IP address:

Which of the following most likely describes attack that took place?

Options:

A.

Spraying

B.

Brute-force

C.

Dictionary

D.

Rainbow table

Question 113

A new employee accessed an unauthorized website. An investigation found that the employee violated the company ' s rules. Which of the following did the employee violate?

Options:

A.

MOU

B.

AUP

C.

NDA

D.

MOA

Question 114

Attackers created a new domain name that looks similar to a popular file-sharing website. Which of the following threat vectors is being used?

Options:

A.

Watering-hole attack

B.

Brand impersonation

C.

Phishing

D.

Typosquatting

Question 115

A user sends an email that includes a digital signature for validation. Which of the following security concepts would ensure that a user cannot deny that they sent the email?

Options:

A.

Non-repudiation

B.

Confidentiality

C.

Integrity

D.

Authentication

Question 116

A business provides long-term cold storage services to banks that are required to follow regulator-imposed data retention guidelines. Banks that use these services require that data is disposed of in a specific manner at the conclusion of the regulatory threshold for data retention. Which of the following aspects of data management is the most important to the bank in the destruction of this data?

Options:

A.

Encryption

B.

Classification

C.

Certification

D.

Procurement

Question 117

Which of the following is a hardware-specific vulnerability?

Options:

A.

Firmware version

B.

Buffer overflow

C.

SQL injection

D.

Cross-site scripting

Question 118

A security analyst is reviewing the security of a SaaS application that the company intends to purchase. Which of the following documentations should the security analyst request from the SaaS application vendor?

Options:

A.

Service-level agreement

B.

Third-party audit

C.

Statement of work

D.

Data privacy agreement

Question 119

The management team notices that new accounts that are set up manually do not always have correct access or permissions.

Which of the following automation techniques should a systems administrator use to streamline account creation?

Options:

A.

Guard rail script

B.

Ticketing workflow

C.

Escalation script

D.

User provisioning script

Question 120

A spoofed identity was detected for a digital certificate. Which of the following are the type of unidentified key and the certificate mat could be in use on the company domain?

Options:

A.

Private key and root certificate

B.

Public key and expired certificate

C.

Private key and self-signed certificate

D.

Public key and wildcard certificate

Question 121

Which of the following receives logs from various devices and services, and then presents alerts?

Options:

A.

SIEM

B.

SCADA

C.

SNMP

D.

SCAP

Question 122

A manufacturing organization receives the results from a penetration test. According to the results, legacy devices that are critical to continued business function display vulnerabilities. The devices have minimal vendor support and should be segmented and monitored closely. Which of the following devices were most likely identified?

Options:

A.

Workstations

B.

Embedded systems

C.

Core router

D.

DNS server

Question 123

A company wants to reduce the time and expense associated with code deployment. Which of the following technologies should the company utilize?

Options:

A.

Serverless architecture

B.

Thin clients

C.

Private cloud

D.

Virtual machines

Question 124

An IT team rolls out a new management application that uses a randomly generated MFA token sent to the administrator’s phone. Despite this new MFA precaution, there is a security breach of the same software. Which of the following describes this kind of attack?

Options:

A.

Smishing

B.

Typosquatting

C.

Espionage

D.

Pretexting

Question 125

A customer of a large company receives a phone call from someone claiming to work for the company and asking for the customer ' s credit card information. The customer sees the caller ID is the same as the company ' s main phone number. Which of the following attacks is the customer most likely a target of?

Options:

A.

Phishing

B.

Whaling

C.

Smishing

D.

Vishing

Question 126

Which of the following is the best reason to perform a tabletop exercise?

Options:

A.

To address audit findings

B.

To collect remediation response times

C.

To update the IRP

D.

To calculate the ROI

Question 127

A security analyst has determined that a security breach would have a financial impact of $15,000 and is expected to occur twice within a three-year period. Which of the following is the ALE for this risk?

Options:

A.

$7,500

B.

$10,000

C.

$15,000

D.

$30,000

Question 128

During a penetration test in a hypervisor, the security engineer is able to inject a malicious payload and access the host filesystem. Which of the following best describes this vulnerability?

Options:

A.

VM escape

B.

Cross-site scripting

C.

Malicious update

D.

SQL injection

Question 129

Which of the following automation use cases would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company?

Options:

A.

Provisioning resources

B.

Disabling access

C.

Reviewing change approvals

D.

Escalating permission requests

Question 130

A security analyst created a fake account and saved the password in a non-readily accessible directory in a spreadsheet. An alert was also configured to notify the security team if the spreadsheet is opened. Which of the following best describes the deception method being deployed?

Options:

A.

Honeypot

B.

Honey account

C.

Honeytoken

D.

Honeynet

Question 131

Which of the following is a common data removal option for companies that want to wipe sensitive data from hard drives in a repeatable manner but allow the hard drives to be reused?

Options:

A.

Sanitization

B.

Formatting

C.

Degaussing

D.

Defragmentation

Question 132

Which of the following are the most important considerations when encrypting data? (Select two).

Options:

A.

Obfuscation

B.

Algorithms

C.

Data masking

D.

Key length

E.

Tokenization

F.

Salting

Question 133

Employees located off-site must have access to company resources in order to complete their assigned tasks These employees utilize a solution that allows remote access without interception concerns. Which of the following best describes this solution?

Options:

A.

Proxy server

B.

NGFW

C.

VPN

D.

Security zone

Question 134

Which of the following is most likely to be used as a just-in-time reference document within a security operations center?

Options:

A.

Change management policy

B.

Risk profile

C.

Playbook

D.

SIEM profile

Question 135

Which of the following data recovery strategies will result in a quick recovery at low cost?

Options:

A.

Hot

B.

Cold

C.

Manual

D.

Warm

Question 136

Which of the following would be the most appropriate way to protect data in transit?

Options:

A.

SHA-256

B.

SSL 3.0

C.

TLS 1.3

D.

AES-256

Question 137

A new employee logs in to the email system for the first time and notices a message from human resources about onboarding. The employee hovers over a few of the links within the email and discovers that the links do not correspond to links associated with the company. Which of the following attack vectors is most likely being used?

Options:

A.

Business email

B.

Social engineering

C.

Unsecured network

D.

Default credentials

Question 138

Which of the following principles ensures data is only accessible to authorized users?

Options:

A.

Integrity

B.

Confidentiality

C.

Non-repudiation

D.

Availability

Question 139

An administrator at a small business notices an increase in support calls from employees who receive a blocked page message after trying to navigate to a spoofed website. Which of the following should the administrator do?

Options:

A.

Deploy multifactor authentication.

B.

Decrease the level of the web filter settings

C.

Implement security awareness training.

D.

Update the acceptable use policy

Question 140

An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization?

Options:

A.

Exception

B.

Segmentation

C.

Risk transfer

D.

Compensating controls

Question 141

Which of the following can best protect against an employee inadvertently installing malware on a company system?

Options:

A.

Host-based firewall

B.

System isolation

C.

Least privilege

D.

Application allow list

Question 142

Which of the following describes the difference between encryption and hashing?

Options:

A.

Encryption protects data in transit, while hashing protects data at rest.

B.

Encryption replaces cleartext with ciphertext, while hashing calculates a checksum.

C.

Encryption ensures data integrity, while hashing ensures data confidentiality.

D.

Encryption uses a public-key exchange, while hashing uses a private key.

Question 143

A security analyst developed a script to automate a trivial and repeatable task. Which of the following best describes the benefits of ensuring other team members understand how the script works?

Options:

A.

To reduce implementation cost

B.

To identify complexity

C.

To remediate technical debt

D.

To prevent a single point of failure

Question 144

Which of the following best explains a core principle of a Zero Trust security model?

Options:

A.

Devices connected to the internal network are automatically trusted after initial authentication.

B.

Access to resources is granted only after strict identity verification and continuous monitoring.

C.

Security policies require multifactor authentication for remote access to sensitive data.

D.

Network access is limited by role, and access controls are reviewed on a regular schedule.

Question 145

The management team wants to assess the cybersecurity team ' s readiness to respond to a threat scenario. Which of the following will adequately assess and formalize a response within a short time?

Options:

A.

Send a message to all IT managers and request formal action plans.

B.

Create a bug bounty program and assess the findings.

C.

Execute a tabletop exercise and document the performance results.

D.

Hire an external consultant to independently assess the cybersecurity processes.

Question 146

An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device.

Which of the following best describes the user’s activity?

Options:

A.

Penetration testing

B.

Phishing campaign

C.

External audit

D.

Insider threat

Question 147

Various stakeholders are meeting to discuss their hypothetical roles and responsibilities in a specific situation, such as a security incident or major disaster. Which of the following best describes this meeting?

Options:

A.

Penetration test

B.

Continuity of operations planning

C.

Tabletop exercise

D.

Simulation

Question 148

An organization wants a third-party vendor to do a penetration test that targets a specific device. The organization has provided basic information about the device. Which of the following best describes this kind of penetration test?

Options:

A.

Partially known environment

B.

Unknown environment

C.

Integrated

D.

Known environment

Question 149

A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?

Options:

A.

Accept

B.

Transfer

C.

Mitigate

D.

Avoid

Question 150

Which of the following is the best way to validate the integrity and availability of a disaster recovery site?

Options:

A.

Lead a simulated failover.

B.

Conduct a tabletop exercise.

C.

Periodically test the generators.

D.

Develop requirements for database encryption.

Question 151

A service provider wants a cost-effective way to rapidly expand from providing internet links to managing them. Which of the following methods will allow the service provider to best scale its services while maintaining performance consistency?

Options:

A.

Escalation support

B.

Increased workforce

C.

Baseline enforcement

D.

Technical debt

Question 152

A systems administrator receives an alert that a company ' s internal file server is very slow and is only working intermittently. The systems administrator reviews the server management software and finds the following information about the server:

Which of the following indicators most likely triggered this alert?

Options:

A.

Concurrent session usage

B.

Network saturation

C.

Account lockout

D.

Resource consumption

Question 153

Which of the following enables the use of an input field to run commands that can view or manipulate data?

Options:

A.

Cross-site scripting

B.

Side loading

C.

Buffer overflow

D.

SQL injection

Question 154

A healthcare organization wants to provide a web application that allows individuals to digitally report health emergencies.

Which of the following is the most important consideration during development?

Options:

A.

Scalability

B.

Availability

C.

Cost

D.

Ease of deployment

Question 155

A company decides to purchase an insurance policy. Which of the following risk management strategies is this company implementing?

Options:

A.

Mitigate

B.

Accept

C.

Avoid

D.

Transfer

Question 156

Various company stakeholders meet to discuss roles and responsibilities in the event of a security breach affecting offshore offices. Which of the following is this an example of?

Options:

A.

Tabletop exercise

B.

Penetration test

C.

Geographic dispersion

D.

Incident response

Question 157

A technician needs to apply a high-priority patch to a production system. Which of the following steps should be taken first?

Options:

A.

Air gap the system.

B.

Move the system to a different network segment.

C.

Create a change control request.

D.

Apply the patch to the system.

Question 158

Which of the following should a security administrator adhere to when setting up a new set of firewall rules?

Options:

A.

Disaster recovery plan

B.

Incident response procedure

C.

Business continuity plan

D.

Change management procedure

Question 159

A systems administrator is looking for a low-cost application-hosting solution that is cloud-based. Which of the following meets these requirements?

Options:

A.

Serverless framework

B.

Type 1 hvpervisor

C.

SD-WAN

D.

SDN

Question 160

An organization plans to increase security controls for devices that connect to its internal network. The additional security control must perform port-based authentication as part of the connection process. Which of the following should the organization implement?

Options:

A.

EDR

B.

SASE

C.

802.1X

D.

WPA3

Question 161

An administrator is Investigating an incident and discovers several users’ computers were Infected with malware after viewing files mat were shared with them. The administrator discovers no degraded performance in the infected machines and an examination of the log files does not show excessive failed logins. Which of the following attacks Is most likely the cause of the malware?

Options:

A.

Malicious flash drive

B.

Remote access Trojan

C.

Brute-forced password

D.

Cryptojacking

Question 162

A network administrator must turn off insecure protocols after a recent inspection. Which of the following best describes the vulnerability the network administrator is remediating?

Options:

A.

Device misconfigurations

B.

Sideloading

C.

Memory injection

D.

Malicious update

Question 163

Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?

Options:

A.

Automation

B.

Compliance checklist

C.

Attestation

D.

Manual audit

Question 164

A security analyst finds a rogue device during a monthly audit of current endpoint assets that are connected to the network. The corporate network utilizes 002.1X for access control. To be allowed on the network, a device must have a Known hardware address, and a valid user name and password must be entered in a captive portal. The following is the audit report:

Which of the following is the most likely way a rogue device was allowed to connect?

Options:

A.

A user performed a MAC cloning attack with a personal device.

B.

A DMCP failure caused an incorrect IP address to be distributed

C.

An administrator bypassed the security controls for testing.

D.

DNS hijacking let an attacker intercept the captive portal traffic.

Question 165

A company ' s marketing department collects, modifies, and stores sensitive customer data. The infrastructure team is responsible for securing the data while in transit and at rest. Which of the following data roles describes the customer?

Options:

A.

Processor

B.

Custodian

C.

Subject

D.

Owner

Question 166

Which of the following is a directive managerial control?

Options:

A.

Acceptable use policy

B.

Login warning banner

C.

Master service agreement

D.

No trespassing sign

Question 167

Which of the following would best allow a company to prevent access to systems from the Internet?

Options:

A.

Containerization

B.

Virtualization

C.

SD-WAN

D.

Air-gapped

Question 168

A security audit of an organization revealed that most of the IT staff members have domain administrator credentials and do not change the passwords regularly. Which of the following solutions should the security learn propose to resolve the findings in the most complete way?

Options:

A.

Creating group policies to enforce password rotation on domain administrator credentials

B.

Reviewing the domain administrator group, removing all unnecessary administrators, and rotating all passwords

C.

Integrating the domain administrator ' s group with an IdP and requiring SSO with MFA for all access

D.

Securing domain administrator credentials in a PAM vault and controlling access with role-based access control

Question 169

Which of the following best describes a method for ongoing vendor monitoring in third-party risk management?

Options:

A.

Requiring a new MSA for each project

B.

Accepting vendor self-attestation without further verification

C.

Conducting assessments to verify compliance with security requirements

D.

Reviewing SLAs at the start of the contract

Question 170

An administrator has configured a quarantine subnet for all guest devices that connect to the network. Which of the following would be best for the security team to configure on the MDM before allowing access to corporate resources?

Options:

A.

Device fingerprinting

B.

Compliance attestation

C.

NAC

D.

802.1X

Question 171

An analyst is reviewing an incident in which a user clicked on a link in a phishing email. Which of the following log sources would the analyst utilize to determine whether the connection was successful?

Options:

A.

Network

B.

System

C.

Application

D.

Authentication

Question 172

Which of the following describes the reason for using an MDM solution to prevent jailbreaking?

Options:

A.

To secure end-of-life devices from incompatible firmware updates

B.

To avoid hypervisor attacks through VM escape

C.

To eliminate buffer overflows at the application layer

D.

To prevent users from changing the OS of mobile devices

Question 173

A technician wants to improve the situational and environmental awareness of existing users as they transition from remote to in-office work. Which of the following is the best option?

Options:

A.

Send out periodic security reminders.

B.

Update the content of new hire documentation.

C.

Modify the content of recurring training.D Implement a phishing campaign

Question 174

Which of the following is the first step to take when creating an anomaly detection process?

Options:

A.

Selecting events

B.

Building a baseline

C.

Selecting logging options

D.

Creating an event log

Question 175

A security technician determines that no additional patches can be applied to an application and the risks of operating as such must be accepted. Additionally, only a limited number of network services should utilize the application. Which of the following best describes this type of mitigation?

Options:

A.

Patching

B.

Segmentation

C.

Isolation

D.

Monitoring

Question 176

Which of the following data types best describes an AI tool developed by a company to automate the ticketing system under a specific contract?

Options:

A.

Classified

B.

Regulated information

C.

Open source

D.

Intellectual property

Question 177

The Chief Information Security Officer (CISO) requires that new servers include hardware-level memory encryption. Which of the following data states does the CISO want to protect?

Options:

A.

Data in use

B.

Data at rest

C.

Data in transit

D.

Data sovereignty

Question 178

Which of the following are the best for hardening end-user devices? (Selecttwo)

Options:

A.

Full disk encryption

B.

Group-level permissions

C.

Account lockout

D.

Endpoint protection

E.

Proxy server

F.

Segmentation

Question 179

Which of the following is a type of vulnerability that may result from outdated algorithms or keys?

Options:

A.

Hash collision

B.

Cryptographic

C.

Buffer overflow

D.

Input validation

Question 180

A security administrator receives multiple reports about the same suspicious email. Which of the following is the most likely reason for the malicious email ' s continued delivery?

Options:

A.

Employees are flagging legitimate emails as spam.

B.

Information from reported emails is not being used to tune email filtering tools.

C.

Employees are using shadow IT solutions for email.

D.

Employees are forwarding personal emails to company email addresses.

Question 181

An organization has a new regulatory requirement to implement corrective controls on a financial system. Which of the following is the most likely reason for the new requirement?

Options:

A.

To defend against insider threats altering banking details

B.

To ensure that errors are not passed to other systems

C.

To allow for business insurance to be purchased

D.

To prevent unauthorized changes to financial data

Question 182

An organization is required to provide assurance that its controls are properly designed and operating effectively. Which of the following reports will best achieve the objective?

Options:

A.

Red teaming

B.

Penetration testing

C.

Independent audit

D.

Vulnerability assessment

Question 183

A software developer would like to ensure. The source code cannot be reverse engineered or debugged. Which of the following should the developer consider?

Options:

A.

Version control

B.

Obfuscation toolkit

C.

Code reuse

D.

Continuous integration

E.

Stored procedures

Question 184

Which of the following makes Infrastructure as Code (IaC) a preferred security architecture over traditional infrastructure models?

Options:

A.

Common attacks are less likely to be effective.

B.

Configuration can be better managed and replicated.

C.

Outsourcing to a third party with more expertise in network defense is possible.

D.

Optimization can occur across a number of computing instances.

Question 185

A security consultant is working with a client that wants to physically isolate its secure systems. Which of the following best describes this architecture?

Options:

A.

SDN

B.

Air gapped

C.

Containerized

D.

Highly available

Question 186

Which of the following attacks primarily targets insecure networks?

Options:

A.

Evil twin

B.

Impersonation

C.

Watering hole

D.

Pretexting

Question 187

Which of the following considerations is the most important for an organization to evaluate as it establishes and maintains a data privacy program?

Options:

A.

Reporting structure for the data privacy officer

B.

Request process for data subject access

C.

Role as controller or processor

D.

Physical location of the company

Question 188

An employee decides to collect PII data from the company ' s system for personal use. The employee compresses the data into a single encrypted file before sending the file to their personal email. The security department becomes aware of the attempted misuse and blocks the attachment from leaving the corporate environment. Which of the following types of employee training would most likely reduce the occurrence of this type of issue?

(Select two).

Options:

A.

Privacy legislation

B.

Social engineering

C.

Risk management

D.

Company compliance

E.

Phishing

F.

Remote work

Question 189

A bank set up a new server that contains customers ' Pll. Which of the following should the bank use to make sure the sensitive data is not modified?

Options:

A.

Full disk encryption

B.

Network access control

C.

File integrity monitoring

D.

User behavior analytics

Question 190

An organization plans to expand its operations internationally and needs to keep data at the new location secure. The organization wants to use the most secure architecture model possible. Which of the following models offers the highest level of security?

Options:

A.

Cloud-based

B.

Peer-to-peer

C.

On-premises

D.

Hybrid

Question 191

A security administrator is addressing an issue with a legacy system that communicates data using an unencrypted protocol to transfer sensitive data to a third party. No software updates that use an encrypted protocol are available, so a compensating control is needed. Which of the following are the most appropriate for the administrator to suggest? (Select two.)

Options:

A.

Tokenization

B.

Cryptographic downgrade

C.

SSH tunneling

D.

Segmentation

E.

Patch installation

F.

Data masking

Question 192

A database administrator is updating the company ' s SQL database, which stores credit card information for pending purchases. Which of the following is the best method to secure the data against a potential breach?

Options:

A.

Hashing

B.

Obfuscation

C.

Tokenization

D.

Masking

Question 193

An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate?

Options:

A.

Secured zones

B.

Subject role

C.

Adaptive identity

D.

Threat scope reduction

Question 194

After an audit, an administrator discovers all users have access to confidential data on a file server. Which of the following should the administrator use to restrict access to the data quickly?

Options:

A.

Group Policy

B.

Content filtering

C.

Data loss prevention

D.

Access control lists

Question 195

A company plans to secure its systems by:

Preventing users from sending sensitive data over corporate email

Restricting access to potentially harmful websites

Which of the following features should the company set up? (Select two).

Options:

A.

DLP software

B.

DNS filtering

C.

File integrity monitoring

D.

Stateful firewall

Question 196

Which of the following is the best way to prevent data from being leaked from a secure network that does not need to communicate externally?

Options:

A.

Air gap

B.

Containerization

C.

Virtualization

D.

Decentralization

Question 197

Which of the following resources is the most useful for a researcher to find more details about threat activities?

Options:

A.

Risk register

B.

Audit report

C.

Dark web

D.

Bug bounty submissions

Question 198

A newly identified network access vulnerability has been found in the OS of legacy loT devices. Which of the following would best mitigate this vulnerability quickly?

Options:

A.

Insurance

B.

Patching

C.

Segmentation

D.

Replacement

Question 199

A company ' s accounts payable clerk receives a message from a vendor asking to change their bank account before paying an invoice. The clerk makes the change and sends the payment to the new account. Days later, the clerk receives another message from the same vendor with a request for a missing payment to the original bank account. Which of the following has most likely occurred?

Options:

A.

Phishing campaign

B.

Data exfiltration

C.

Pretext calling

D.

Business email compromise

Question 200

Which of the following threat actors would most likely target an organization by using a logic bomb within an internally-developed application?

Options:

A.

Nation-state

B.

Trusted insider

C.

Organized crime group

D.

Hacktivist

Question 201

A security analyst reviews the following endpoint log:

powershell -exec bypass -Command " IEX (New-Object " )

Which of the following logs will help confirm an established connection to IP address 176.30.40.50?

Options:

A.

System event logs

B.

EDR logs

C.

Firewall logs

D.

Application logs

Question 202

Executives at a company are concerned about employees accessing systems and information about sensitive company projects unrelated to the employees ' normal job duties. Which of the following enterprise security capabilities will the security team most likely deploy to detect that activity?

Options:

A.

UBA

B.

EDR

C.

NAC

D.

DLP

Question 203

Which of the following is most likely to cause reputational damage to a company?

Options:

A.

Open ports

B.

Low availability

C.

Unpatched vulnerabilities

D.

Data leaks

Question 204

A security engineer needs to analyze the implications of moving proprietary company data from a local server to a public cloud storage service. Which of the following actions should the engineer take first?

Options:

A.

Create an architecture diagram of cloud storage solutions.

B.

Migrate sample data to the cloud to run security tests.

C.

Agree on data classification labels with stakeholders.

D.

Make a backup of the data on cloud-neutral storage.

Question 205

A company wants to minimize the chance of its outgoing marketing emails getting flagged as spam. The company decides to list the email servers on the proper DNS record. Which of the following protocols should the company apply next?

Options:

A.

DMARC

B.

DLP

C.

DKIM

D.

SPF

Question 206

An administrator notices that several users are logging in from suspicious IP addresses. After speaking with the users, the administrator determines that the employees were not logging in from those IP addresses and resets the affected users’ passwords. Which of the following should the administrator implement to prevent this type of attack from succeeding in the future?

Options:

A.

Multifactor authentication

B.

Permissions assignment

C.

Access management

D.

Password complexity

Question 207

After multiple phishing simulations, the Chief Security Officer announces a new program that incentivizes employees to not click phishing links in the upcoming quarter. Which of the following security awareness execution techniques does this represent?

Options:

Question 208

During a penetration test, a vendor attempts to enter an unauthorized area using an access badge Which of the following types of tests does this represent?

Options:

A.

Defensive

B.

Passive

C.

Offensive

D.

Physical

Question 209

A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy?

Options:

A.

Enumeration

B.

Sanitization

C.

Destruction

D.

Inventory

Question 210

Which of the following describes the reason root cause analysis should be conducted as part of incident response?

Options:

A.

To gather loCs for the investigation

B.

To discover which systems have been affected

C.

To eradicate any trace of malware on the network

D.

To prevent future incidents of the same nature

Question 211

An organization has issues with deleted network share data and improper permissions. Which solution helps track and remediate these?

Options:

A.

DLP

B.

EDR

C.

FIM

D.

ACL

Question 212

A few weeks after deploying additional email servers, employees complain that messages are being marked as spam. Which needs to be updated?

Options:

A.

CNAME

B.

SMTP

C.

DLP

D.

SPF

Question 213

A company wants to use new Wi-Fi-enabled environmental sensors in order to automatically collect metrics. Which of the following will the security team most likely do?

Options:

A.

Add the sensor software to the risk register.

B.

Create a VLAN for the sensors.

C.

Physically air gap the sensors.

D.

Configure TLS 1.2 on all sensors.

Question 214

Which of the following describes the process of concealing code or text inside a graphical image?

Options:

A.

Symmetric encryption

B.

Hashing

C.

Data masking

D.

Steganography

Question 215

Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?

Options:

A.

Risk tolerance

B.

Risk transfer

C.

Risk register

D.

Risk analysis

Question 216

Which of the following describes the maximum allowance of accepted risk?

Options:

A.

Risk indicator

B.

Risk level

C.

Risk score

D.

Risk threshold

Question 217

A security analyst needs to improve the company’s authentication policy following a password audit. Which of the following should be included in the policy? (Select two).

Options:

A.

Length

B.

Complexity

C.

Least privilege

D.

Something you have

E.

Security keys

F.

Biometrics

Question 218

An organization is evaluating the cost of licensing a new solution to prevent ransomware. Which of the following is the most helpful in making this decision?

Options:

A.

ALE

B.

SLE

C.

RTO

D.

ARO

Question 219

A security team wants to work with the development team to ensure WAF policies are automatically created when applications are deployed. Which concept describes this capability?

Options:

A.

IaC

B.

IoT

C.

IoC

D.

IaaS

Question 220

Which of the following security principles most likely requires validation before allowing traffic between systems?

Options:

A.

Policy enforcement

B.

Authentication

C.

Zero Trust architecture

D.

Confidentiality

Question 221

Which of the following is a benefit of an RTO when conducting a business impact analysis?

Options:

A.

It determines the likelihood of an incident and its cost.

B.

It determines the roles and responsibilities for incident responders.

C.

It determines the state that systems should be restored to following an incident.

D.

It determines how long an organization can tolerate downtime after an incident.

Question 222

Which of the following is the best way to secure an on-site data center against intrusion from an insider?

Options:

A.

Bollards

B.

Access badge

C.

Motion sensor

D.

Video surveillance

Question 223

Which of the following activities should be performed first to compile a list of vulnerabilities in an environment?

Options:

A.

Automated scanning

B.

Penetration testing

C.

Threat hunting

D.

Log aggregation

E.

Adversarial emulation

Question 224

Which of the following should be used to ensure that a device is inaccessible to a network-connected resource?

Options:

A.

Disablement of unused services

B.

Web application firewall

C.

Host isolation

D.

Network-based IDS

Question 225

An organization wants to limit potential impact to its log-in database in the event of a breach. Which of the following options is the security team most likely to recommend?

Options:

A.

Tokenization

B.

Hashing

C.

Obfuscation

D.

Segmentation

Question 226

Which of the following security controls is a company implementing by deploying HIPS? (Select two)

Options:

A.

Directive

B.

Preventive

C.

Physical

D.

Corrective

E.

Compensating

F.

Detective

Question 227

A security administrator is implementing encryption on all hard drives in an organization. Which of the following security concepts is the administrator applying?

Options:

A.

Integrity

B.

Authentication

C.

Zero Trust

D.

Confidentiality

Question 228

Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment?

Options:

A.

Fines

B.

Audit findings

C.

Sanctions

D.

Reputation damage

Question 229

A company is working with a vendor to perform a penetration test Which of the following includes an estimate about the number of hours required to complete the engagement?

Options:

A.

SOW

B.

BPA

C.

SLA

D.

NDA

Question 230

In a rush to meet an end-of-year business goal, the IT department was told to implement a new business application. The security engineer reviews the attributes of the application and decides the time needed to perform due diligence is insufficient from a cybersecurity perspective. Which of the following best describes the security engineer ' s response?

Options:

A.

Risk tolerance

B.

Risk acceptance

C.

Risk importance

D.

Risk appetite

Question 231

Which of the following is used to add extra complexity before using a one-way data transformation algorithm?

Options:

A.

Key stretching

B.

Data masking

C.

Steganography

D.

Salting

Question 232

Which of the following would enable a data center to remain operational through a multiday power outage?

Options:

A.

Generator

B.

Uninterruptible power supply

C.

Replication

D.

Parallel processing

Question 233

An organization has too many variations of a single operating system and needs to standardize the arrangement prior to pushing the system image to users. Which of the following should the organization implement first?

Options:

A.

Standard naming convention

B.

Mashing

C.

Network diagrams

D.

Baseline configuration

Question 234

Which of the following allows an exploit to go undetected by the operating system?

Options:

A.

Firmware vulnerabilities

B.

Side loading

C.

Memory injection

D.

Encrypted payloads

Question 235

Which of the following best describe a penetration test that resembles an actual external attach?

Options:

A.

Known environment

B.

Partially known environment

C.

Bug bounty

D.

Unknown environment

Question 236

An employee who was working remotely lost a mobile device containing company data. Which of the following provides the best solution to prevent future data loss?

Options:

A.

MDM

B.

DLP

C.

FDE

D.

EDR

Question 237

A security analyst is reviewing logs and discovers the following:

Which of the following should be used lo best mitigate this type of attack?

Options:

A.

Input sanitization

B.

Secure cookies

C.

Static code analysis

D.

Sandboxing

Question 238

Which of the following is a reason an organization should use different CSPs for a critical financial application?

Options:

A.

Application overhead can be better load balanced across multiple providers.

B.

Platform diversity reduces the likelihood of losing access to resources.

C.

Parallel processing allows continued operations while deploying time-critical security updates.

D.

Selection of a hot site minimizes downtime and helps the organization meet its RTO.

Question 239

A malicious insider from the marketing team alters records and transfers company funds to a personal account. Which of the following methods would be the best way to secure company records in the future?

Options:

A.

Permission restrictions

B.

Hashing

C.

Input validation

D.

Access control list

Question 240

A company wants to get alerts when others are researching and doing reconnaissance on the company One approach would be to host a part of the Infrastructure online with known vulnerabilities that would appear to be company assets. Which of the following describes this approach?

Options:

A.

Watering hole

B.

Bug bounty

C.

DNS sinkhole

D.

Honeypot

Question 241

A company performs a risk assessment on the information security program each year. Which of the following best describes this risk assessment?

Options:

A.

Recurring

B.

Ad hoc

C.

One time

D.

Continuous

Question 242

Which of the following can be used to mitigate attacks from high-risk regions?

Options:

A.

Obfuscation

B.

Data sovereignty

C.

IP geolocation

D.

Encryption

Question 243

A company wants to track modifications to the code that is used to build new virtual servers. Which of the following will the company most likely deploy?

Options:

A.

Change management ticketing system

B.

Behavioral analyzer

C.

Collaboration platform

D.

Version control tool

Question 244

A company is planning a disaster recovery site and needs to ensure that a single natural disaster would not result in the complete loss of regulated backup data. Which of the following should the company consider?

Options:

A.

Geographic dispersion

B.

Platform diversity

C.

Hot site

D.

Load balancing

Question 245

An organization experiences data loss after several employees traveled to an area that is well-known for corporate espionage. The employees always used VPNs when connected to the hotel Wi-Fi, logged off their machines when not in use, and kept their doors locked when leaving their devices unattended. Which of the following will best prevent data loss events in the future?

Options:

A.

Data sanitization

B.

WAF

C.

FDE

D.

Split tunneling

Question 246

A security analyst reviews logs and finds a large number of malicious requests that have caused performance issues on the company ' s site. Which of the following would have most likely prevented this attack?

Options:

A.

IPSec

B.

TLS

C.

SDN

D.

WAF

Question 247

A company wants to use new Wi-Fi-enabled environmental sensors to automatically collect metrics. Which of the following will the security team most likely do?

Options:

A.

Add the sensor software to the risk register.

B.

Create a VLAN for the sensors.

C.

Physically air gap the sensors.

D.

Configure TLS 1.2 on all sensors.

Question 248

A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?

Options:

A.

Testing input validation on the user input fields

B.

Performing code signing on company-developed software

C.

Performing static code analysis on the software

D.

Ensuring secure cookies are use

Question 249

During a SQL update of a database, a temporary field used as part of the update sequence was modified by an attacker before the update completed in order to allow access to the system. Which of the following best describes this type of vulnerability?

Options:

A.

Race condition

B.

Memory injection

C.

Malicious update

D.

Side loading

Question 250

A Chief Information Security Officer (CISO) implements a new policy that users can no longer access fantasy sports sites while at work. The CISO wants to implement a solution that can adapt to new sites coming online and not have to constantly determine which sites are related to fantasy sports. Which of the following is the best capability for the CISO to leverage?

Options:

A.

IPS

B.

URL scanning

C.

Content categorization

D.

Static denial list

E.

DLP

Question 251

A malicious update was distributed to a common software platform and disabled services at many organizations. Which of the following best describes this type of vulnerability?

Options:

A.

DDoS attack

B.

Rogue employee

C.

Insider threat

D.

Supply chain

Question 252

Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?

Options:

A.

Preparation

B.

Recovery

C.

Lessons learned

D.

Analysis

Question 253

Which of the following provides resilience by hosting critical VMs within different IaaS providers while being maintained by internal application owners?

Options:

A.

Multicloud architectures

B.

SaaS provider diversity

C.

On-premises server load balancing

D.

Corporate-owned, off-site locations

Question 254

Which of the following explains how regular patching helps mitigate risks when securing an enterprise environment?

Options:

A.

It improves server performance by reducing software bugs.

B.

It addresses known software vulnerabilities before they are exploited.

C.

It eliminates the need for firewalls and intrusion detection.

D.

It removes the need for antivirus tools.

Question 255

A store is setting up wireless access for their employees. Management wants to limit the number of access points while ensuring all areas of the store are covered. Which of the following tools will help management determine the number of access points needed?

Options:

A.

Signal locator

B.

WPA3

C.

Heat map

D.

Site survey

Question 256

A company wants to improve the availability of its application with a solution that requires minimal effort in the event a server needs to be replaced or added. Which of the following would be the best solution to meet these objectives?

Options:

A.

Load balancing

B.

Fault tolerance

C.

Proxy servers

D.

Replication

Question 257

A company processes and stores sensitive data on its own systems. Which of the following steps should the company take first to ensure compliance with privacy regulations?

Options:

A.

Implement access controls and encryption.

B.

Develop and provide training on data protection policies.

C.

Create incident response and disaster recovery plans.

D.

Purchase and install security software.

Question 258

A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee’s corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?

Options:

A.

Application

B.

IPS/IDS

C.

Network

D.

Endpoint

Question 259

Which of the following phases of an incident response involves generating reports?

Options:

A.

Recovery

B.

Preparation

C.

Lessons learned

D.

Containment

Question 260

Which of the following best explains a concern with OS-based vulnerabilities?

Options:

A.

An exploit would give an attacker access to system functions that span multiple applications.

B.

The OS vendor ' s patch cycle is not frequent enough to mitigate the large number of threats.

C.

Most users trust the core operating system features and may not notice if the system has been compromised.

D.

Exploitation of an operating system vulnerability is typically easier than any other vulnerability.

Question 261

A company needs to determine whether authentication weaknesses in a customer-facing web application exist. Which of the following is the best technique to use?

Options:

A.

Static analysis

B.

Packet capture

C.

Agent-based scanning

D.

Dynamic analysis

E.

Network-based scanning

Question 262

An administrator wants to perform a risk assessment without using proprietary company information. Which of the following methods should the administrator use to gather information?

Options:

A.

Network scanning

B.

Penetration testing

C.

Open-source intelligence

D.

Configuration auditing

Question 263

Which of the following uses proprietary controls and is designed to function in harsh environments over many years with limited remote access management?

Options:

A.

ICS

B.

Microservers

C.

Containers

D.

IoT

Question 264

During a routine audit, an analyst discovers that a department uses software that was not vetted. Which threat is this?

Options:

A.

Espionage

B.

Data exfiltration

C.

Shadow IT

D.

Zero-day

Question 265

After a security incident, a systems administrator asks the company to buy a NAC platform. Which of the following attack surfaces is the systems administrator trying to protect?

Options:

A.

Bluetooth

B.

Wired

C.

NFC

D.

SCADA

Question 266

A company must ensure sensitive data at rest is rendered unreadable. Which of the following will the company most likely use?

Options:

A.

Hashing

B.

Tokenization

C.

Encryption

D.

Segmentation

Exam Detail
Vendor: CompTIA
Certification: CompTIA Security+
Exam Code: SY0-701
Last Update: Jul 4, 2026
SY0-701 Question Answers
Page: 1 / 67
Total 887 questions