Summer Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmaspas7

Easiest Solution 2 Pass Your Certification Exams

SY0-701 CompTIA Security+ Exam 2026 Free Practice Exam Questions (2026 Updated)

Prepare effectively for your CompTIA SY0-701 CompTIA Security+ Exam 2026 certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2026, ensuring you have the most current resources to build confidence and succeed on your first attempt.

Page: 6 / 7
Total 887 questions

A security analyst needs to propose a remediation plan ' or each item in a risk register. The item with the highest priority requires employees to have separate logins for SaaS solutions and different password complexity requirements for each solution. Which of the following implementation plans will most likely resolve this security issue?

A.

Creating a unified password complexity standard

B.

Integrating each SaaS solution with the Identity provider

C.

Securing access to each SaaS by using a single wildcard certificate

D.

Configuring geofencing on each SaaS solution

Which of the following cryptographic methods is preferred for securing communications with limited computing resources?

A.

Hashing algorithm

B.

Public key infrastructure

C.

Symmetric encryption

D.

Elliptic curve cryptography

Which of the following security control types does an acceptable use policy best represent?

A.

Detective

B.

Compensating

C.

Corrective

D.

Preventive

A security analyst scans a company ' s public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend?

A.

Changing the remote desktop port to a non-standard number

B.

Setting up a VPN and placing the jump server inside the firewall

C.

Using a proxy for web connections from the remote desktop server

D.

Connecting the remote server to the domain and increasing the password length

A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks. Which of the following analysis elements did the company most likely use in making this decision?

A.

MTTR

B.

RTO

C.

ARO

D.

MTBF

Which of the following allows a systems administrator to tune permissions for a file?

A.

Patching

B.

Access control list

C.

Configuration enforcement

D.

Least privilege

A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?

A.

Default credentials

B.

Non-segmented network

C.

Supply chain vendor

D.

Vulnerable software

A company implemented an MDM policy 10 mitigate risks after repealed instances of employees losing company-provided mobile phones. In several cases. The lost phones were used maliciously to perform social engineering attacks against other employees. Which of the following MDM features should be configured to best address this issue? (Select two).

A.

Screen locks

B.

Remote wipe

C.

Full device encryption

D.

Push notifications

E.

Application management

F.

Geolocation

Which of the following techniques would attract the attention of a malicious attacker in an insider threat scenario?

A.

Creating a false text file in /docs/salaries

B.

Setting weak passwords in /etc/shadow

C.

Scheduling vulnerable jobs in /etc/crontab

D.

Adding a fake account to /etc/passwd

A security analyst is reviewing the following logs about a suspicious activity alert for a user ' s VPN log-ins. Which of the following malicious activity indicators triggered the alert?

✅Log Summary:

User logs in fromChicago, ILmultiple times, then suddenly a successful login appears fromRome, Italy, followed again by Chicago logins — all within ashort time span.

A.

Impossible travel

B.

Account lockout

C.

Blocked content

D.

Concurrent session usage

Which of the following can be best used to discover a company ' s publicly available breach information?

A.

OSINT

B.

SIEM

C.

CVE

D.

CVSS

A security analyst must identify abnormal behavior on the server. Which of the following does the analyst most likely need to do?

A.

Disable unnecessary ports.

B.

Patch the system.

C.

Establish baselines.

D.

Perform alert tuning.

An organization experiences a compromise in a cloud-hosted solution that contains customer information. Which of the following strategies will help determine the sensitivity level of the breach?

A.

Permission restrictions

B.

Tabletop exercise

C.

Data classification

D.

Asset inventory

A company must ensure that log searches are conducted in the shortest time frame. Which of the following should the company do to maintain logs in live storage for 90 days?

A.

Conduct deduplication.

B.

Conduct archiving.

C.

Apply aggregation.

D.

Apply compression.

A company wants to track modifications to the code used to build new virtual servers. Which of the following will the company most likely deploy?

A.

Change management ticketing system

B.

Behavioral analyzer

C.

Collaboration platform

D.

Version control tool

While conducting a business continuity tabletop exercise, the security team becomes concerned by potential impacts if a generator fails during failover. Which of the following is the team most likely to consider in regard to risk management activities?

A.

RPO

B.

ARO

C.

BIA

D.

MTTR

A systems administrator set up a perimeter firewall but continues to notice suspicious connections between internal endpoints. Which of the following should be set up in order to mitigate the threat posed by the suspicious activity?

A.

Host-based firewall

B.

Web application firewall

C.

Access control list

D.

Application allow list

A security team purchases a tool for cloud security posture management. The team is quickly overwhelmed by the number of misconfigurations that the tool detects. Which of the following should the security team configure to establish workflows for cloud resource security?

A.

CASB

B.

IAM

C.

SOAR

D.

XDR

Which of the following is prevented by proper data sanitization?

A.

Hackers ' ability to obtain data from used hard drives

B.

Devices reaching end-of-life and losing support

C.

Disclosure of sensitive data through incorrect classification

D.

Incorrect inventory data leading to a laptop shortage

Which of the following would enable a data center to remain operational through a multiday power outage?

A.

Generator

B.

Uninterruptible power supply

C.

Replication

D.

Parallel processing

A hacker gained access to a system via a phishing attempt that was a direct result of a user clicking a suspicious link. The link laterally deployed ransomware, which laid dormant for multiple weeks, across the network. Which of the following would have mitigated the spread?

A.

IPS

B.

IDS

C.

WAF

D.

UAT

Which of the following best explains the benefit of using asymmetric encryption?

A.

It provides mutual authentication by using identical keys for both encryption and decryption.

B.

It uses a shared secret key to reduce the number of keys needed.

C.

It allows faster encryption and decryption than symmetric methods.

D.

It enables secure data exchanges without requiring both parties to share a private key.

Which of the following should an internal auditor check for first when conducting an audit of the organization ' s risk management program?

A.

Policies and procedures

B.

Asset management

C.

Vulnerability assessment

D.

Business impact analysts

Which of the following would be the best solution to deploy a low-cost standby site that includes hardware and internet access?

A.

Recovery site

B.

Cold site

C.

Hot site

D.

Warm site

A company makes a change during the appropriate change window, but the unsuccessful change extends beyond the scheduled time and impacts customers. Which of the following would prevent this from reoccurring?

A.

User notification

B.

Change approval

C.

Risk analysis

D.

Backout plan

A company recently decided to allow employees to work remotely. The company wants to protect us data without using a VPN. Which of the following technologies should the company Implement?

A.

Secure web gateway

B.

Virtual private cloud end point

C.

Deep packet Inspection

D.

Next-gene ration firewall

An alert references attacks associated with a zero-day exploit. An analyst places a bastion host in the network to reduce the risk of the exploit. Which of the following types of controls is the analyst implementing?

A.

Compensating

B.

Detective

C.

Operational

D.

Physical

The Chief Information Security Officer (CISO) requires that new servers include hardware-level memory encryption. Which of the following data states does the CISO want to protect?

A.

Data in use

B.

Data at rest

C.

Data in transit

D.

Data sovereignty

Which of the following resources is the most useful for a researcher to find more details about threat activities?

A.

Risk register

B.

Audit report

C.

Dark web

D.

Bug bounty submissions

A marketing team launches a new AI solution that trains on sensitive customer data to help provide recommendations on its next possible marketing campaign. This team requires granular access to the tool for different levels of sensitive data. Which of the following should a systems administrator prioritize when provisioning access?

A.

Emergency access

B.

Least-privilege accounts

C.

Just-in-time (JIT) access

D.

Group managed service accounts

Which of the following agreements defines response time, escalation, and performance metrics?

A.

BPA

B.

MOA

C.

NDA

D.

SLA

An employee decides to collect PII data from the company ' s system for personal use. The employee compresses the data into a single encrypted file before sending the file to their personal email. The security department becomes aware of the attempted misuse and blocks the attachment from leaving the corporate environment. Which of the following types of employee training would most likely reduce the occurrence of this type of issue?

(Select two).

A.

Privacy legislation

B.

Social engineering

C.

Risk management

D.

Company compliance

E.

Phishing

F.

Remote work

A user downloads a patch from an unknown repository… FIM alerts indicate OS file hashes have changed. Which attack most likely occurred?

A.

Logic bomb

B.

Keylogger

C.

Ransomware

D.

Rootkit

An analyst is reviewing an incident in which a user clicked on a link in a phishing email. Which of the following log sources would the analyst utilize to determine whether the connection was successful?

A.

Network

B.

System

C.

Application

D.

Authentication

A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?

A.

Accept

B.

Transfer

C.

Mitigate

D.

Avoid

A legacy device is being decommissioned and is no longer receiving updates or patches. Which of the following describes this scenario?

A.

End of business

B.

End of testing

C.

End of support

D.

End of life

An attacker forces an internal company employee to inject malware into corporate systems under threat of publishing the employee ' s sensitive personal files. Which of the following best describes the attacker ' s motivation in this type of attack?

A.

Financial gain

B.

Revenge

C.

Blackmail

D.

Espionage

Which of the following actions must an organization take to comply with a person ' s request for the right to be forgotten?

A.

Purge all personally identifiable attributes.

B.

Encrypt all of the data.

C.

Remove all of the person’s data.

D.

Obfuscate all of the person’s data.

Which of the following risk management strategies is being used when a Chief Information Security Officer ignores known vulnerabilities identified during a risk assessment?

A.

Transfer

B.

Avoid

C.

Mitigate

D.

Accept

A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users. Which of the following would be a good use case for this task?

A.

Off-the-shelf software

B.

Orchestration

C.

Baseline

D.

Policy enforcement

Page: 6 / 7
Total 887 questions
Copyright © 2014-2026 Solution2Pass. All Rights Reserved