Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. SY0-701

CompTIA SY0-701 Exam Questions
CompTIA Security+ (Page 11 )

Updated On: 31-Mar-2026
Page 11 of 91
PDF with 757 Questions

A company wants to implement MFA. Which of the following enables the additional factor while using a smart card?

  1. PIN
  2. Hardware token
  3. User ID
  4. SMS

Answer(s): A

Explanation:

A) PIN is the correct factor: when using a smart card as a second factor, a Personal Identification Number provides the something-you-have (smart card) plus something-you-know (PIN) combination for multi-factor authentication. It ensures the user possesses the card and can authenticate with a secret, protecting against card loss theft if the PIN is required. B) Hardware token is a separate second factor device, not the card-based factor described. C) User ID is a credential, not a factor. D) SMS is a one-factor channel for OTP, not tied to smart card usage.


Reference:



A company hired an external consultant to assist with required system upgrades to a critical business application. A systems administrator needs to secure the consultant's access without sharing passwords to critical systems.
Which of the following solutions should most likely be utilized?

  1. TACACS+
  2. SAML
  3. An SSO platform
  4. Role-based access control
  5. PAM software

Answer(s): E

Explanation:

An answer: E) PAM software. Privileged Access Management provides time-bound, just-in-time access and credential vaulting for external consultants, minimizing password sharing and limiting privileges, aligning with need-to-know and audit requirements. A) TACACS+ is a protocol for device administration, not primarily for ephemeral consultant credentials. B) SAML enables federated authentication but doesn’t manage high-risk privileged access workflows or credential vaulting. C) An SSO platform centralizes login but doesn’t enforce granular PAM controls or secret vaulting. D) RBAC defines permissions but not secure credential management or session isolation for external contractors.



A newly implemented wireless network is designed so that visitors can connect to the wireless network for business activities. The legal department is concerned that visitors might connect to the network and perform illicit activities.
Which of me following should the security team implement to address this concern?

  1. Configure a RADIUS server to manage device authentication.
  2. Use 802.1X on all devices connecting to wireless.
  3. Add a guest captive portal requiring visitors to accept terms and conditions.
  4. Allow for new devices to be connected via WPS.

Answer(s): C

Explanation:

A guest captive portal requiring visitors to accept terms and conditions enforces acceptable use policy and provides a legal framework to restrict illicit activity, with network access controls at the edge for guests.
A) RADIUS manages user or device authentication but does not enforce terms of use or capture visitor consent; it focuses on authentication, not policy enforcement.
B) 802.1X on all devices improves authentication but still lacks a visitor-specific policy acceptance and may be impractical for diverse guest devices.
D) WPS is insecure and enables easy access, not suitable for enforcing acceptable use or auditing guest activity.



Which of the following data roles is responsible for identifying risks and appropriate access to data?

  1. Owner
  2. Custodian
  3. Steward
  4. Controller

Answer(s): A

Explanation:

A) The data owner is responsible for identifying data risks and determining who should have access, aligning ownership with risk management and access control decisions.
B) Custodian handles day-to-day data management and security controls but not ownership of risk decisions.
C) Steward uses data assets and enforces data handling practices, yet ownership and risk authorization lie with the owner.
D) Controller is not a standard data role in data governance; governance roles typically include owner, custodian, and steward.


Reference:



Which of the following physical controls can be used to both detect and deter? (Choose two.)

  1. Lighting
  2. Fencing
  3. Signage
  4. Sensor
  5. Bollard
  6. Lock

Answer(s): A,D

Explanation:

A) Lighting is a deterrent and, when integrated with sensors or cameras, can aid in detection of unauthorized activity.
D) Sensor directly detects activity or tampering, providing a detection mechanism and can be part of deterrence when visible.
B) Fencing alone primarily deters; it does not inherently detect.
C) Signage deters by warning but does not detect activity.
E) Bollard deters vehicle access but does not detect.
F) Lock provides deterrence and access control but is not a detection mechanism by itself.


Reference:



A multinational bank hosts several servers in its data center. These servers run a business-critical application used by customers to access their account information.
Which of the following should the bank use to ensure accessibility during peak usage times?

  1. Load balancer
  2. Cloud backups
  3. Geographic dispersal
  4. Disk multipathing

Answer(s): A

Explanation:

A) Load balancer – Distributes client requests across multiple servers to maintain availability during peak usage, preventing any single server from becoming a bottleneck. B) Cloud backups are for data integrity and recovery, not active load distribution. C) Geographic dispersal helps resilience and latency reduction but is not an active mechanism to handle peak traffic unless combined with other services. D) Disk multipathing improves storage I/O performance but does not scale application availability across multiple servers.


Reference:



The author of a software package is concerned about bad actors repackaging and inserting malware into the software. The software download is hosted on a website, and the author exclusively controls the website's contents.
Which of the following techniques would best ensure the software's integrity?

  1. Input validation
  2. Code signing
  3. Secure cookies
  4. Fuzzing

Answer(s): B

Explanation:

A code signing ensures software integrity by enabling users to validate that the code originates from the publisher and has not been tampered with after publication.
A) Input validation is about data validation in applications, not protecting downloaded binaries from tampering.
B) Code signing provides a verifiable signature tied to the author, safeguarding integrity during distribution.
C) Secure cookies protect session data in web browsers, not code integrity for downloads.
D) Fuzzing tests software for vulnerabilities, not ensuring the authenticity or integrity of distributed packages.


Reference:



A third-party vendor is moving a particular application to the end-of-life stage at the end of the current year.
Which of the following is the most critical risk if the company chooses to continue running the application?

  1. Lack of security updates
  2. Lack of new features
  3. Lack of support
  4. Lack of source code access

Answer(s): A

Explanation:

The lack of security updates is the most critical risk when running an end-of-life application, as unpatched vulnerabilities remain exploitable and can lead to breaches, compliance failures, and incident response burdens.
A) Lack of security updates
B) Lack of new features
C) Lack of support
D) Lack of source code access


Reference:



Viewing page 11 of 91
Viewing questions 81 - 88 out of 757 questions



Post your Comments and Discuss CompTIA SY0-701 exam dumps with other Community members:

SY0-701 Exam Discussions & Posts

AI Tutor 👋 I’m here to help!