Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. SY0-701

CompTIA SY0-701 Exam Questions
CompTIA Security+ (Page 13 )

Updated On: 31-Mar-2026
Page 13 of 91
PDF with 757 Questions

A security team is addressing a risk associated with the attack surface of the organization's web application over port 443. Currently, no advanced network security capabilities are in place.
Which of the following would be best to set up? (Choose two.)

  1. NIDS
  2. Honeypot
  3. Certificate revocation list
  4. HIPS
  5. WAF
  6. SIEM

Answer(s): A,E

Explanation:

The best pair is A) NIDS and E) WAF because a Web application on port 443 requires protection at the network and application layers: a Network Intrusion Detection System monitors traffic for malicious activity across the network border, while a Web Application Firewall filters and monitors HTTP traffic to protect the web app from exploits (SQLi, XSS, etc.) and enforces security policies. B) Honeypot is not practical for standard risk reduction and adds deceptive traffic rather than real protection. C) Certificate revocation list is for PKI invalidation, not active threat mitigation. D) HIPS focuses on host-level policy but lacks comprehensive web-application visibility. F) SIEM is valuable but does not by itself provide direct threat prevention at the web edge.



A systems administrator would like to create a point-in-time backup of a virtual machine.
Which of the following should the administrator use?

  1. Replication
  2. Simulation
  3. Snapshot
  4. Containerization

Answer(s): C

Explanation:

A) Snapshot is the correct choice because it captures the VM’s state at a specific point in time, including memory, disk, and configuration, enabling a consistent restore point for backups.
B) Replication would continuously copy data to a separate site or system, not a point-in-time backup, and is used for high availability rather than a one-time snapshot.
C) Simulation would model or emulate functionality, not create a real backup point of the VM.
D) Containerization packages applications into containers, not individual VM backups, and does not create a VM point-in-time backup.


Reference:



A security administrator notices numerous unused, non-compliant desktops are connected to the network.
Which of the following actions would the administrator most likely recommend to the management team?

  1. Monitoring
  2. Decommissioning
  3. Patching
  4. Isolating

Answer(s): B

Explanation:

A) Decommissioning is correct because unused, non-compliant desktops pose risk without value; removing them from the network reduces attack surface and regulatory exposure.
B) Monitoring is less effective here since the issue is disposition of assets, not ongoing visibility or detection of activity.
C) Patching targets non-compliant systems that are in use; it does not address the problem of unnecessary devices already present.
D) Isolating could be appropriate in some cases but may be excessive for clearly unused assets and does not remove the risk by asset disposal.


Reference:



Which of the following is a common data removal option for companies that want to wipe sensitive data from hard drives in a repeatable manner but allow the hard drives to be reused?

  1. Sanitization
  2. Formatting
  3. Degaussing
  4. Defragmentation

Answer(s): A

Explanation:

A) Sanitization is the correct choice because it describes a data-removal method that securely erases data to meet specific standards (e.g., NIST SP 800-88) while preserving the drive for reuse. B) Formatting simply marks data areas as available but often leaves residual data that can be recovered; it does not guarantee data destruction. C) Degaussing destroys data by altering magnetic domains, rendering drives unusable for reuse. D) Defragmentation reorganizes data to improve performance and does not remove data.


Reference:



An organization wants to improve the company's security authentication method for remote employees. Given the following requirements:

Must work across SaaS and internal network applications

Must be device manufacturer agnostic

Must have offline capabilities

Which of the following would be the most appropriate authentication method?

  1. Username and password
  2. Biometrics
  3. SMS verification
  4. Time-based tokens

Answer(s): D

Explanation:

A) Time-based tokens provide one-time codes that work across SaaS and internal apps, are device-agnostic, and can operate with offline capabilities via precomputed or cached tokens, meeting the requirements.
B) Biometrics is device-specific and may not work offline reliably; not inherently cross-platform or offline-friendly for authentication without a trusted platform.
C) SMS verification relies on mobile network reach and fetching codes online, making it neither offline-capable nor guaranteed across all devices or SaaS/internal apps.
D) Username and password is basic knowledge-based and not offline-capable or device-agnostic, failing the offline and cross-application criteria.


Reference:



A security officer is implementing a security awareness program and has placed security-themed posters around the building and assigned online user training.
Which of the following will the security officer most likely implement?

  1. Password policy
  2. Access badges
  3. Phishing campaign
  4. Risk assessment

Answer(s): C

Explanation:

Implementing a phishing campaign aligns with security awareness as a practical training exercise to recognize social engineering and phishing attempts.
A) Password policy is a preventive control for credential management, not directly a awareness campaign activity.
B) Access badges are a physical security measure, not a training exercise.
D) Risk assessment is a governance activity to identify threats, not a training method.


Reference:



A malicious update was distributed to a common software platform and disabled services at many organizations.
Which of the following best describes this type of vulnerability?

  1. DDoS attack
  2. Rogue employee
  3. Insider threat
  4. Supply chain

Answer(s): D

Explanation:

A supply chain vulnerability describes a malicious update injected into a widely used software platform, leading to widespread compromise and service disruption, such as disabled services across many organizations.
A) DDoS attack fails to describe credentialed software update manipulation; it targets availability by overwhelming resources, not a compromised update.
B) Rogue employee involves insider wrongdoing, not an external malicious update altering software distribution.
C) Insider threat covers authorized individuals causing harm, but the scenario centers on a compromised update from the supply chain, not an internal actor.
D) Supply chain is correct, as it involves tampering with a software update distributed through trusted vendors, affecting multiple organizations.


Reference:



A company web server is initiating outbound traffic to a low-reputation, public IP on non-standard pat. The web server is used to present an unauthenticated page to clients who upload images the company. An analyst notices a suspicious process running on the server hat was not created by the company development team.
Which of the following is the most likely explanation for his security incident?

  1. A web shell has been deployed to the server through the page.
  2. A vulnerability has been exploited to deploy a worm to the server.
  3. Malicious insiders are using the server to mine cryptocurrency.
  4. Attackers have deployed a rootkit Trojan to the server over an exposed RDP port.

Answer(s): A

Explanation:

A) A web shell has been deployed to the server through the page.
- A web shell provides remote command execution and control, commonly uploaded via an unauthenticated or poorly validated upload page, enabling outbound connections to low-reputation hosts and untrusted paths.
B) A vulnerability has been exploited to deploy a worm to the server.
- A worm self-replicates across systems; the scenario describes a single server with a suspicious process, not propagation behavior typical of worms.
C) Malicious insiders are using the server to mine cryptocurrency.
- Mining requires sustained, high CPU/GPU usage and a business case; evidence points to remote control via web shell rather than legitimate or insider-driven activity.
D) Attackers have deployed a rootkit Trojan to the server over an exposed RDP port.
- Rootkits/Trojans via RDP would not specifically explain outbound traffic to a low-reputation IP from a web server hosting an upload page; web shell is a more direct explanation here.


Reference:



Viewing page 13 of 91
Viewing questions 97 - 104 out of 757 questions



Post your Comments and Discuss CompTIA SY0-701 exam dumps with other Community members:

SY0-701 Exam Discussions & Posts

AI Tutor 👋 I’m here to help!