Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. SY0-701

CompTIA SY0-701 Exam Questions
CompTIA Security+ (Page 3 )

Updated On: 31-Mar-2026
Page 3 of 91
PDF with 757 Questions

Which of the following examples would be best mitigated by input sanitization?

  1. <script>alert("Warning!");</script>
  2. nmap - 10.11.1.130
  3. Email message: "Click this link to get your free gift card."
  4. Browser message: "Your connection is not private."

Answer(s): A

Explanation:

Input sanitization mitigates injection and script-based attacks, making A the correct choice.
A) A script tag input would be executed if not sanitized, enabling cross-site scripting (XSS) and client-side code execution. Sanitization strips or neutralizes HTML/JS to prevent these payloads.
B) nmap command is a network scanner; sanitization does not affect command-line tools or network reconnaissance outputs.
C) Phishing-like email link relies on user interaction; sanitization on input fields prevents script execution but not user deception via links in messages.
D) Browser warning about privacy is informational; sanitization does not address certificate or privacy warnings.


Reference:



An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards.
Which of the following techniques is the attacker using?

  1. Smishing
  2. Disinformation
  3. Impersonating
  4. Whaling

Answer(s): C

Explanation:

The attacker is using impersonation to assume a high-ranking executive identity to manipulate an employee into purchasing gift cards.
A) Smishing is SMS phishing, not relevant here since the medium is a phone call.
B) Disinformation involves false information to mislead, not specifically impersonating a person.
C) Impersonating is correct because the attacker feigns executive authority to coerce action.
D) Whaling is a variant of phishing targeting executives, which is broader; but the technique described is specifically impersonation during the call rather than a broader targeted phishing scenario.


Reference:



After conducting a vulnerability scan, a systems administrator notices that one of the identified vulnerabilities is not present on the systems that were scanned.
Which of the following describes this example?

  1. False positive
  2. False negative
  3. True positive
  4. True negative

Answer(s): A

Explanation:

A) False positive indicates a vulnerability reported but not actually present on the system, matching the scenario where the scan identified an issue that isn’t real. B) False negative would be a vulnerability present but not detected by the scan. C) True positive would mean the vulnerability is correctly detected as present. D) True negative would mean no vulnerability is correctly identified as absent; in this case, the issue is misreported as present when it isn’t.


Reference:



A recent penetration test identified that an attacker could flood the MAC address table of network switches.
Which of the following would best mitigate this type of attack?

  1. Load balancer
  2. Port security
  3. IPS
  4. NGFW

Answer(s): B

Explanation:

A) Port security prevents MAC flooding by restricting the number of dynamically learned MAC addresses on a switch port, potentially restricting or discarding excess frames from unknown devices and forcing a secure port state.
B) Port security reason
C) IPS is an intrusion prevention system that monitors traffic for exploits, not specifically intended to cap MAC address table growth on switches.
D) NGFW (Next-Generation Firewall) focuses on application-aware filtering and threat prevention at the network edge, not on MAC address table protection.


Reference:



A user would like to install software and features that are not available with a smartphone's default software.
Which of the following would allow the user to install unauthorized software and enable new features?

  1. SQLi
  2. Cross-site scripting
  3. Jailbreaking
  4. Side loading

Answer(s): C

Explanation:

Jailbreaking allows bypassing the device’s built-in restrictions to install unauthorized software and enable new features.
A) SQLi is an input-based web application vulnerability, not a device modification method.
B) Cross-site scripting exploits web pages to execute scripts in a user’s browser, not a device feature upgrade.
C) Jailbreaking removes OS restrictions and grants administrative control to install non-approved apps.
D) Sideloading refers to installing apps from outside the official store, but on many devices requires enabling a setting; jailbreaking is the broader, more definitive method to unlock system-level capabilities.


Reference:



Which of the following phases of an incident response involves generating reports?

  1. Recovery
  2. Preparation
  3. Lessons learned
  4. Containment

Answer(s): C

Explanation:

The Lessons learned phase involves documenting the incident response, including findings, impact, and recommendations, which generates formal reports for stakeholders and future improvements.
A) Recovery focuses on restoring systems and data, not reporting.
B) Preparation is proactive planning and controls, not reporting after action.
D) Containment aims to limit spread, not produce final incident reports.


Reference:



Which of the following methods would most likely be used to identify legacy systems?

  1. Bug bounty program
  2. Vulnerability scan
  3. Package monitoring
  4. Dynamic analysis

Answer(s): B

Explanation:

A vulnerability scan is used to identify weaknesses and outdated components in systems, including legacy systems, by scanning for known CVEs and inventorying asset versions.
A) Bug bounty program focuses on discovering security flaws in live systems by external researchers, not specifically identifying legacy assets.
B) Vulnerability scan correctly targets asset inventories and vulnerability fingerprints, aiding detection of outdated platforms.
C) Package monitoring tracks software packages for updates, not primarily identification of legacy systems.
D) Dynamic analysis analyzes behavior during execution, not for initial identification of legacy hardware/software.


Reference:



Employees located off-site must have access to company resources in order to complete their assigned tasks. These employees utilize a solution that allows remote access without interception concerns.
Which of the following best describes this solution?

  1. Proxy server
  2. NGFW
  3. VPN
  4. Security zone

Answer(s): C

Explanation:

A VPN provides secure, encrypted remote access to the corporate network, eliminating interception concerns for off-site employees. It creates a trusted tunnel between the user and network, preserving confidentiality and integrity.
A) Proxy server does not inherently encrypt end-to-end traffic between the user and target resources; it forwards requests and may cache content, offering little protection against interception.
B) NGFW (next‑generation firewall) enhances inspection and control at the network edge but does not by itself establish remote access for off-site users.
D) Security zone is a network segmentation concept, not a remote access solution.


Reference:



Viewing page 3 of 91
Viewing questions 17 - 24 out of 757 questions



Post your Comments and Discuss CompTIA SY0-701 exam dumps with other Community members:

SY0-701 Exam Discussions & Posts

AI Tutor 👋 I’m here to help!