Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. SY0-701

CompTIA SY0-701 Exam Questions
CompTIA Security+ (Page 8 )

Updated On: 31-Mar-2026
Page 8 of 91
PDF with 757 Questions

A city municipality lost its primary data center when a tornado hit the facility.
Which of the following should the city staff use immediately after the disaster to handle essential public services?

  1. BCP
  2. Communication plan
  3. DRP
  4. IRP

Answer(s): C

Explanation:

A) A disaster recovery plan (DRP) is used immediately after a disaster to restore essential public services and IT functionality from backups and alternate sites.
B) A communication plan guides stakeholder communications, not the immediate restoration of services.
C) DRP is correct because it prioritizes recovery of critical operations, data restoration, and business continuity after a disruptive event.
D) IRP (incident response plan) focuses on detecting, analyzing, and containing security incidents, not restoring essential services post-disaster.


Reference:



Which of the following is considered a preventive control?

  1. Configuration auditing
  2. Log correlation
  3. Incident alerts
  4. Segregation of duties

Answer(s): D

Explanation:

A preventive control prevents security events from occurring by reducing risk before impact.
A) Configuration auditing is a detective control that identifies misconfigurations after they occur or during review.
B) Log correlation is a detective/monitoring control that analyzes logs to detect threats.
C) Incident alerts are a detective/monitoring control signaling that an event has occurred requiring response.
D) Segregation of duties is a preventive control that reduces risk by preventing a single party from both performing and abusing critical steps.
Note: Duty separation limits opportunity for fraud or error by assigning complementary responsibilities.


Reference:



A systems administrator notices that a testing system is down.
While investigating, the systems administrator finds that the servers are online and accessible from any device on the server network. The administrator reviews the following information from the monitoring system:



Which of the following is the most likely cause of the outage?

  1. Denial of service
  2. ARP poisoning
  3. Jamming
  4. Kerberoasting

Answer(s): A

Explanation:

A) Denial of service. The outage is evidenced by the system being accessible only to the server network but unreachable externally, indicating resource exhaustion or service unavailability consistent with a DoS condition. The monitoring data suggests legitimate access within the network while external access is blocked or degraded, matching DoS characteristics. B) ARP poisoning would enable man-in-the-middle traffic or MITM attacks, not universal inaccessibility. C) Jamming refers to RF interference, not a wired server network outage. D) Kerberoasting targets Kerberos service accounts for credential theft, not service unavailability.



A security team has been alerted to a flood of incoming emails that have various subject lines and are addressed to multiple email inboxes. Each email contains a URL shortener link that is redirecting to a dead domain.
Which of the following is the best step for the security team to take?

  1. Create a blocklist for all subject lines.
  2. Send the dead domain to a DNS sinkhole.
  3. Quarantine all emails received and notify all employees.
  4. Block the URL shortener domain in the web proxy.

Answer(s): D

Explanation:

Shortening domain blocks prevent follow-on content by stopping access to the malicious URL at the network edge.
A) Blocklist for all subject lines is impractical and ineffective, as phishing uses varied subjects and attackers can craft new ones.
B) DNS sinkholing the dead domain would only affect DNS resolution, not user access paths blocked by web filtering; it’s not targeted to the URL shortener pattern.
C) Quarantining all emails and notifying users is lengthy and still relies on user action; it does not proactively prevent access to the malicious link.
D) Blocking the URL shortener domain in the web proxy stops redirection before users reach the malicious site, mitigating risk.



A security administrator is working to secure company data on corporate laptops in case the laptops are stolen.
Which of the following solutions should the administrator consider?

  1. Disk encryption
  2. Data loss prevention
  3. Operating system hardening
  4. Boot security

Answer(s): A

Explanation:

A) Disk encryption mitigates data exposure by rendering data unreadable without the proper keys if laptops are stolen.
B) Data loss prevention focuses on preventing unauthorized exfiltration, not protecting data at rest on a stolen device.
C) Operating system hardening reduces attack surface but does not specifically ensure data confidentiality if the device is lost.
D) Boot security protects startup integrity but does not guarantee data confidentiality if the disk is accessed directly.
A) Disk encryption
B) Data loss prevention
C) Operating system hardening
D) Boot security


Reference:



A company needs to keep the fewest records possible, meet compliance needs, and ensure destruction of records that are no longer needed.
Which of the following best describes the policy that meets these requirements?

  1. Security policy
  2. Classification policy
  3. Retention policy
  4. Access control policy

Answer(s): C

Explanation:

A) Retention policy controls how long records are kept, meets compliance, and specifies destruction timelines, aligning with minimal record-keeping and orderly disposal.
B) Classification policy defines data sensitivity, not retention timelines or destruction rules.
C) Retention policy is correct.
D) Access control policy governs who can access data, not how long it is retained or destroyed.


Reference:



Which of the following is a common source of unintentional corporate credential leakage in cloud environments?

  1. Code repositories
  2. Dark web
  3. Threat feeds
  4. State actors
  5. Vulnerability databases

Answer(s): A

Explanation:

A) Common source of unintentional credential leakage in cloud environments is code repositories, where hard-coded or accidentally committed credentials can be exposed to others.
B) Dark web is not a routine internal leakage source; it is where exposed credentials may appear after leakage, not where leakage originates.
C) Threat feeds provide external indicators, not initial credential leakage.
D) State actors are targeted threats, not typical unintentional leakage sources.
E) Vulnerability databases catalog weaknesses, not credential leakage incidents.


Reference:



Which of the following is the best reason an organization should enforce a data classification policy to help protect its most sensitive information?

  1. End users will be required to consider the classification of data that can be used in documents.
  2. The policy will result in the creation of access levels for each level of classification.
  3. The organization will have the ability to create security requirements based on classification levels.
  4. Security analysts will be able to see the classification of data within a document before opening it.

Answer(s): C

Explanation:

A data classification policy enables security requirements to be defined and enforced based on classification levels, guiding controls, handling, and compliance.
A) Focuses on end-user behavior but doesn’t justify policy-driven controls.
B) Access levels may result, but the primary value is policy-defined controls, not just role grants.
C) Correct: classification-driven security requirements are core to protecting sensitive data.
D) Visibility to analysts before access is not the primary objective and could create workflow bottlenecks; policy aims at applying appropriate controls, not pre-opening visibility.


Reference:



Viewing page 8 of 91
Viewing questions 57 - 64 out of 757 questions



Post your Comments and Discuss CompTIA SY0-701 exam dumps with other Community members:

SY0-701 Exam Discussions & Posts

AI Tutor 👋 I’m here to help!