Summer Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmaspas7

Easiest Solution 2 Pass Your Certification Exams

SY0-701 CompTIA Security+ Exam 2026 Free Practice Exam Questions (2026 Updated)

Prepare effectively for your CompTIA SY0-701 CompTIA Security+ Exam 2026 certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2026, ensuring you have the most current resources to build confidence and succeed on your first attempt.

Page: 5 / 7
Total 887 questions

A security analyst investigates an incident in which a PowerShell script was identified as a potential IoC. Which of the following will best help the analyst identify an attempt to compromise the system?

A.

SNMP logs

B.

Firewall logs

C.

EDR logs

D.

IPS logs

A security analyst finds a rogue device during a monthly audit of current endpoint assets that are connected to the network. The corporate network utilizes 002.1X for access control. To be allowed on the network, a device must have a Known hardware address, and a valid user name and password must be entered in a captive portal. The following is the audit report:

Which of the following is the most likely way a rogue device was allowed to connect?

A.

A user performed a MAC cloning attack with a personal device.

B.

A DMCP failure caused an incorrect IP address to be distributed

C.

An administrator bypassed the security controls for testing.

D.

DNS hijacking let an attacker intercept the captive portal traffic.

Which of the following is the best way to securely store an encryption key for a data set in a manner that allows multiple entities to access the key when needed?

A.

Public key infrastructure

B.

Open public ledger

C.

Public key encryption

D.

Key escrow

An external vendor recently visited a company ' s headquarters tor a presentation. Following the visit a member of the hosting team found a file that the external vendor left behind on a server. The file contained detailed architecture information and code snippets. Which of the following data types best describes this file?

A.

Government

B.

Public

C.

Proprietary

D.

Critical

During a security incident, the security operations team identified sustained network traffic from a malicious IP address:

10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization’s network. Which of the following fulfills this request?

A.

access-list inbound deny ig source 0.0.0.0/0 destination 10.1.4.9/32

B.

access-list inbound deny ig source 10.1.4.9/32 destination 0.0.0.0/0

C.

access-list inbound permit ig source 10.1.4.9/32 destination 0.0.0.0/0

D.

access-list inbound permit ig source 0.0.0.0/0 destination 10.1.4.9/32

A security administrator would like to protect data on employees’ laptops. Which of the following encryption techniques should the security administrator use?

A.

Partition

B.

Asymmetric

C.

Full disk

D.

Database

Two companies are in the process of merging. The companies need to decide how to standardize their information security programs. Which of the following would best align the security programs?

A.

Shared deployment of CIS baselines

B.

Joint cybersecurity best practices

C.

Both companies following the same CSF

D.

Assessment of controls in a vulnerability report

Which of the following activities should a systems administrator perform to quarantine a potentially infected system?

A.

Move the device into an air-gapped environment.

B.

Disable remote log-in through Group Policy.

C.

Convert the device into a sandbox.

D.

Remote wipe the device using the MDM platform.

A systems administrator creates a script that validates OS version, patch levels, and installed applications when users log in. Which of the following examples best describes the purpose of this script?

A.

Resource scaling

B.

Policy enumeration

C.

Baseline enforcement

D.

Guardrails implementation

A systems administrator is redesigning now devices will perform network authentication. The following requirements need to be met:

• An existing Internal certificate must be used.

• Wired and wireless networks must be supported

• Any unapproved device should be Isolated in a quarantine subnet

• Approved devices should be updated before accessing resources

Which of the following would best meet the requirements?

A.

802.IX

B.

EAP

C.

RADIUS

D.

WPA2

Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software?

A.

Configure all systems to log scheduled tasks.

B.

Collect and monitor all traffic exiting the network.

C.

Block traffic based on known malicious signatures.

D.

Install endpoint management software on all systems.

A company is in the process of cutting jobs to manage costs. The Chief Information Security Officer is concerned about the increased risk of an insider threat. Which of the following would most likely help the security awareness team address this potential threat?

A.

Immediately disable the accounts of staff who are likely to be terminated.

B.

Train supervisors to identify and manage disgruntled employees.

C.

Configure DLP to monitor staff who will be terminated.

D.

Raise awareness for business leaders on social engineering techniques.

Which of the following should be used to ensure that a new software release has not been modified before reaching the user?

A.

Tokenization

B.

Encryption

C.

Hashing

D.

Obfuscation

An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following social engineering techniques are being attempted? (Choose two.)

A.

Typosquatting

B.

Phishing

C.

Impersonation

D.

Vishing

E.

Smishing

F.

Misinformation

A security analyst identifies an incident in the network. Which of the following incident response activities would the security analyst perform next?

A.

Containment

B.

Detection

C.

Eradication

D.

Recovery

Which of the following best explains how open service ports increase an organization ' s attack surface?

A.

They are commonly overlooked by endpoint antivirus tools during scans.

B.

They can make the company’s remote entry point available to the internet.

C.

They enable automatic application updates to reduce vulnerability windows.

D.

They can expose unnecessary services to unauthorized access if not properly restricted.

A systems administrator notices that one of the systems critical for processing customer transactions is running an end-of-life operating system. Which of the following techniques would increase enterprise security?

A.

Installing HIDS on the system

B.

Placing the system in an isolated VLAN

C.

Decommissioning the system

D.

Encrypting the system ' s hard drive

An organization wants to improve the company ' s security authentication method for remote employees. Given the following requirements:

• Must work across SaaS and internal network applications

• Must be device manufacturer agnostic

• Must have offline capabilities

Which of the following would be the most appropriate authentication method?

A.

Username and password

B.

Biometrics

C.

SMS verification

D.

Time-based tokens

During a routine audit, an analyst discovers that a department at a high school uses a simul-ation program that was not properly vetted before deployment.

Which of the following threats is this an example of?

A.

Espionage

B.

Data exfiltration

C.

Shadow IT

D.

Zero-day

A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours. Which of the following is most likely occurring?

A.

A worm is propagating across the network.

B.

Data is being exfiltrated.

C.

A logic bomb is deleting data.

D.

Ransomware is encrypting files.

A company is concerned with supply chain compromise of new servers and wants to limit this risk. Which of the following should the company review first?

A.

Sanitization procedure

B.

Acquisition process

C.

Change management

D.

Asset tracking

An organization has issues with deleted network share data and improper permissions. Which solution helps track and remediate these?

A.

DLP

B.

EDR

C.

FIM

D.

ACL

An accounting clerk sent money to an attacker ' s bank account after receiving fraudulent instructions over the phone to use a new account. Which of the following would most likely prevent this activity in the future?

A.

Standardizing security incident reporting

B.

Executing regular phishing campaigns

C.

Implementing insider threat detection measures

D.

Updating processes for sending wire transfers

Which of the following is a benefit of an RTO when conducting a business impact analysis?

A.

It determines the likelihood of an incident and its cost.

B.

It determines the roles and responsibilities for incident responders.

C.

It determines the state that systems should be restored to following an incident.

D.

It determines how long an organization can tolerate downtime after an incident.

A Chief Information Security Officer (CISO) has developed information security policies that relate to the software development methodology. Which of the following would the CISO most likely include in the organization ' s documentation?

A.

Peer review requirements

B.

Multifactor authentication

C.

Branch protection tests

D.

Secrets management configurations

A company receives an alert that a network device vendor, which is widely used in the enterprise, has been banned by the government.

Which of the following will the company ' s general counsel most likely be concerned with during a hardware refresh of these devices?

A.

Sanctions

B.

Data sovereignty

C.

Cost of replacement

D.

Loss of license

Which of the following would be the greatest concern for a company that is aware of the consequences of non-compliance with government regulations?

A.

Right to be forgotten

B.

Sanctions

C.

External compliance reporting

D.

Attestation

After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network. Which of the following is the most appropriate to disable?

A.

Console access

B.

Routing protocols

C.

VLANs

D.

Web-based administration

Which of the following describes the understanding between a company and a client about what will be provided and the accepted time needed to provide the company with the resources?

A.

SLA

B.

MOU

C.

MOA

D.

BPA

Which of the following techniques would identify whether data has been modified in transit?

A.

Hashing

B.

Tokenization

C.

Masking

D.

Encryption

A penetration tester visits a client’s website and downloads the site ' s content. Which of the following actions is the penetration tester performing?

A.

Unknown environment testing

B.

Vulnerability scan

C.

Due diligence

D.

Passive reconnaissance

An organization needs to monitor its users ' activities to prevent insider threats. Which of the following solutions would help the organization achieve this goal?

A.

Behavioral analytics

B.

Access control lists

C.

Identity and access management

D.

Network intrusion detection system

Which of the following prevents unauthorized modifications to internal processes, assets, and security controls?

A.

Change management

B.

Playbooks

C.

Incident response

D.

Acceptable use policy

Which of the following is the most likely reason a security analyst would review SIEM logs?

A.

To check for recent password reset attempts

B.

To monitor for potential DDoS attacks

C.

To assess the scope of a privacy breach

D.

To see correlations across multiple hosts

A company is experiencing issues with employees leaving the company for a competitor and taking customer contact information with them. Which of the following tools will help prevent this from reoccurring?

A.

FIM

B.

NAC

C.

IDS

D.

UBA

Which of the following threat actors would most likely target an organization by using a logic bomb within an internally-developed application?

A.

Nation-state

B.

Trusted insider

C.

Organized crime group

D.

Hacktivist

An organization wants a third-party vendor to do a penetration test that targets a specific device. The organization has provided basic information about the device. Which of the following best describes this kind of penetration test?

A.

Partially known environment

B.

Unknown environment

C.

Integrated

D.

Known environment

Which of the following log sources best detects port scan activity?

A.

Firewall

B.

Proxy

C.

Endpoint

D.

NetFlow

A company is considering an expansion of access controls for an application that contractors and internal employees use to reduce costs. Which of the following risk elements should the implementation team understand before granting access to the application?

A.

Threshold

B.

Appetite

C.

Avoidance

D.

Register

A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?

A.

Private

B.

Critical

C.

Sensitive

D.

Public

Page: 5 / 7
Total 887 questions
Copyright © 2014-2026 Solution2Pass. All Rights Reserved