Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. SY0-701

CompTIA SY0-701 Exam Questions
CompTIA Security+ (Page 6 )

Updated On: 24-Mar-2026
Page 6 of 91
PDF with 757 Questions

A network team segmented a critical, end-of-life server to a VLAN that can only be reached by specific devices but cannot be reached by the perimeter network.
Which of the following best describe the controls the team implemented? (Choose two.)

  1. Managerial
  2. Physical
  3. Corrective
  4. Detective
  5. Compensating
  6. Technical
  7. Deterrent

Answer(s): E,F

Explanation:

End-to-end access control and network segmentation are implemented through compensating and technical controls.
A) Managerial – incorrect: relates to policies, procedures, and governance, not the technical segmentation described.
B) Physical – incorrect: excludes physical security, which is not the focus of VLAN access restrictions.
C) Corrective – incorrect: remedies after an incident; not about preventing access via segmentation.
D) Detective – incorrect: focuses on identifying incidents, not preventing access.
E) Compensating – correct: provides alternative control when primary controls are impracticable; VLAN segmentation serves as a compensating measure for old server exposure.
F) Technical – correct: uses technology (VLANs, ACLs) to enforce access restrictions.
G) Deterrent – incorrect: aims to discourage attacks, not enforce access control.


Reference:



A threat actor was able to use a username and password to log in to a stolen company mobile device.
Which of the following provides the best solution to increase mobile data security on all employees' company mobile devices?

  1. Application management
  2. Full disk encryption
  3. Remote wipe
  4. Containerization

Answer(s): C

Explanation:

A) Remote wipe provides the best solution to protect data after loss or theft by erasing data on all affected devices, reducing risk of unauthorized access.
B) Full disk encryption protects data at rest but does not prevent access if device is compromised or stolen and credentials are known.
C) Remote wipe is correct because it enables enterprise-wide data removal on lost/stolen devices, mitigating exposure from stolen credentials.
D) Containerization isolates corporate data but does not guarantee data removal or enforcement across all devices after loss; it’s a control but not as comprehensive as remote wipe.



Which of the following best describes the risk present after controls and mitigating factors have been applied?

  1. Residual
  2. Avoided
  3. Inherent
  4. Operational

Answer(s): A

Explanation:

A) Residual
Residual risk is the remaining risk after controls and mitigations have been applied. Inherent risk is the risk before controls. Avoided risk refers to risk eliminated by a decision (e.g., avoidance). Operational risk pertains to day-to-day risk from processes, people, or systems, not the post-control risk level.


Reference:



A software development team asked a security administrator to recommend techniques that should be used to reduce the chances of the software being reverse engineered.
Which of the following should the security administrator recommend?

  1. Digitally signing the software
  2. Performing code obfuscation
  3. Limiting the use of third-party libraries
  4. Using compile flags

Answer(s): B

Explanation:

Code obfuscation makes reverse engineering more difficult by transforming readable code into hard-to-understand constructs without altering functionality.
A) Digitally signing ensures integrity and provenance of the software, not obscurity or reverse-engineering resistance.
C) Limiting third-party libraries reduces dependencies but does not impede reverse engineering of the delivered binary.
D) Compile flags influence optimization or debug info, not a systematic method to prevent reverse engineering.
A concise defense of B: it raises the technical barrier for static analysis and decompilation, aligning with anti-reverse-engineering techniques. Obfuscation should be complemented by other controls (protective coding, tamper detection) for stronger security.


Reference:



Which of the following is a possible factor for MFA?

  1. Something you exhibit
  2. Something you have
  3. Somewhere you are
  4. Someone you know

Answer(s): B

Explanation:

A short factor for MFA is what you have, such as a hardware token or mobile authenticator.
A) Something you exhibit — incorrect; relates to behavioral biometrics, not a primary MFA factor.
B) Something you have — correct; corresponds to possession factor in MFA.
C) Somewhere you are — incorrect; location is not one of the core three factors, though it can be used as contextual data.
D) Someone you know — incorrect; relates to social engineering risk, not a factor.


Reference:



Easy-to-guess passwords led to an account compromise. The current password policy requires at least 12 alphanumeric characters, one uppercase character, one lowercase character, a password history of two passwords, a minimum password age of one day, and a maximum password age of 90 days.
Which of the following would reduce the risk of this incident from happening again? (Choose two.)

  1. Increasing the minimum password length to 14 characters.
  2. Upgrading the password hashing algorithm from MD5 to SHA-512.
  3. Increasing the maximum password age to 120 days.
  4. Reducing the minimum password length to ten characters.
  5. Reducing the minimum password age to zero days.
  6. Including a requirement for at least one special character.

Answer(s): A,F

Explanation:

Increasing the minimum length to 14 characters (A) directly strengthens password entropy, reducing guessability. Requiring a special character (F) further increases complexity, improving resistance to brute force and dictionary attacks.
B is incorrect because upgrading hash algorithms protects stored passwords but does not affect user-created password strength; the breach stemmed from weak user credentials, not hash cracking. C is incorrect since longer max age would increase exposure time; 120 days is not safer. D is incorrect as reducing length weakens entropy. E is incorrect because lowering minimum age to zero enables more frequent changes but does not improve strength and may encourage churn without improving complexity.


Reference:



A user downloaded software from an online forum. After the user installed the software, the security team observed external network traffic connecting to the user's computer on an uncommon port.
Which of the following is the most likely explanation of this unauthorized connection?

  1. The software had a hidden keylogger.
  2. The software was ransomware.
  3. The user's computer had a fileless virus.
  4. The software contained a backdoor.

Answer(s): D

Explanation:

The software likely introduced a backdoor, enabling unauthorized external connections on an uncommon port.
A) Keylogger would capture input but not necessarily establish an ongoing external connection on an uncommon port.
B) Ransomware typically encrypts data and demands payment, not primarily about outbound connections to uncommon ports.
C) Fileless malware operates in memory and may evade disk detection, but the scenario emphasizes a persistent external channel from a hidden entry point.
D) Backdoor provides unauthorized remote access, explaining unexpected outbound traffic on unusual ports after software from an untrusted source.


Reference:



A utility company is designing a new platform that will host all the virtual machines used by business applications. The requirements include:

A starting baseline of 50% memory utilization

Storage scalability

Single circuit failure resilience

Which of the following best meets all of these requirements?

  1. Connecting dual PDUs to redundant power supplies
  2. Transitioning the platform to an IaaS provider
  3. Configuring network load balancing for multiple paths
  4. Deploying multiple large NAS devices for each host

Answer(s): B

Explanation:

A) Connecting dual PDUs to redundant power supplies: Not addressing memory utilization or storage scalability; focuses on power resilience only.
B) Transitioning the platform to an IaaS provider: Provides scalable infrastructure, dynamic resource allocation for memory and storage, and resilience against single circuit failure via provider redundancy.
C) Configuring network load balancing for multiple paths: Improves network availability but does not inherently meet memory baseline, storage scalability, or single circuit failure resilience for VM hosting.
D) Deploying multiple large NAS devices for each host: Increases storage capacity but adds management complexity and may not ensure memory utilization baseline or single-circuit resilience.


Reference:



Viewing page 6 of 91
Viewing questions 41 - 48 out of 757 questions



Post your Comments and Discuss CompTIA SY0-701 exam dumps with other Community members:

SY0-701 Exam Discussions & Posts

AI Tutor 👋 I’m here to help!