Summer Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmaspas7

Easiest Solution 2 Pass Your Certification Exams

SY0-701 CompTIA Security+ Exam 2026 Free Practice Exam Questions (2026 Updated)

Prepare effectively for your CompTIA SY0-701 CompTIA Security+ Exam 2026 certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2026, ensuring you have the most current resources to build confidence and succeed on your first attempt.

Page: 1 / 7
Total 887 questions

A company processes personal data from customers in multiple countries. Which of the following actions is most critical for maintaining legal compliance with global privacy regulations?

A.

Storing all customer data on encrypted local servers

B.

Hiring a data privacy officer to review contracts

C.

Ensuring DPAs are in place with third-party vendors

D.

Using strong passwords and firewalls on all endpoints

Which of the following is the best way to remove personal data from a social media account that is no longer being used?

A.

Exercise the right to be forgotten

B.

Uninstall the social media application

C.

Perform a factory reset

D.

Terminate the social media account

An administrator discovers that some files on a database server were recently encrypted. The administrator sees from the security logs that the data was last accessed by a domain user. Which of the following best describes the type of attack that occurred?

A.

Insider threat

B.

Social engineering

C.

Watering-hole

D.

Unauthorized attacker

An attacker floods an organization ' s VoIP phone system with thousands of requests. This causes legitimate calls to drop or fail to connect. Analysis shows the attacker faked internal extensions to trick users into answering calls and sharing sensitive information. Which of the following types of attacks has the attacker used in this incident? (Select two).

A.

SIP spoofing attack

B.

On-path attack

C.

Packet sniffing attack

D.

Vishing attack

E.

Denial-of-service attack

F.

Supply chain attack

A company wants to get alerts when others are researching and doing reconnaissance on the company One approach would be to host a part of the Infrastructure online with known vulnerabilities that would appear to be company assets. Which of the following describes this approach?

A.

Watering hole

B.

Bug bounty

C.

DNS sinkhole

D.

Honeypot

Which of the following activities is included in the post-incident review phase?

A.

Determining the root cause of the incident

B.

Developing steps to mitigate the risks of the incident

C.

Validating the accuracy of the evidence collected during the investigation

D.

Reestablishing the compromised system ' s configuration and settings

An organization failed to account for the right-to-be-forgotten regulations. Which of the following impacts might this action have on the company?

A.

Fines

B.

Data breaches

C.

Revenue loss

D.

Blackmail

Which of the following would be the best way to block unknown programs from executing?

A.

Access control list

B.

Application allow list.

C.

Host-based firewall

D.

DLP solution

A security analyst learns that an attack vector, used as part of a recent incident, was a well-known IoT device exploit. The analyst needs to review logs to identify the time of the initial exploit. Which of the following logs should the analyst review first?

A.

Endpoint

B.

Application

C.

Firewall

D.

NAC

Which of the following explains how to determine the global regulations that data is subject to regardless of the country where the data is stored?

A.

Geographic dispersion

B.

Data sovereignty

C.

Geographic restrictions

D.

Data segmentation

Which of the following security concepts is accomplished when granting access after an individual has logged into a computer network?

A.

Authorization

B.

Identification

C.

Non-repudiation

D.

Authentication

A security analyst is concerned malicious actors are lurking in an environment but has not received any alerts regarding suspicious activity. Which of the following should the analyst conduct to further investigate the presence of these actors?

A.

Threat hunting

B.

Digital forensics

C.

Vulnerability scanning

D.

E-discovery

A security administrator is reissuing a former employee ' s laptop. Which of the following is the best combination of data handling activities for the administrator to perform? (Select two).

A.

Data retention

B.

Certification

C.

Tokenization

D.

Classification

E.

Sanitization

F.

Enumeration

Which of the following best describes why me SMS DIP authentication method is more risky to implement than the TOTP method?

A.

The SMS OTP method requires an end user to have an active mobile telephone service and SIM card.

B.

Generally. SMS OTP codes are valid for up to 15 minutes while the TOTP time frame is 30 to 60 seconds

C.

The SMS OTP is more likely to be intercepted and lead to unauthorized disclosure of the code than the TOTP method.

D.

The algorithm used to generate on SMS OTP code is weaker than the one used to generate a TOTP code

An analyst identifies that multiple users have the same passwords, but the hashes appear to be completely different. Which of the following most likely explains this issue?

A.

Data masking

B.

Salting

C.

Key escrow

D.

Tokenization

Which of the following data protection strategies can be used to confirm file integrity?

A.

Masking

B.

Encryption

C.

Hashing

D.

Obfuscation

The management team notices that new accounts that are set up manually do not always have correct access or permissions.

Which of the following automation techniques should a systems administrator use to streamline account creation?

A.

Guard rail script

B.

Ticketing workflow

C.

Escalation script

D.

User provisioning script

A security administrator needs to protect the integrity of a compromised laptop. The administrator turns off the laptop for a forensic investigation. Which of the following tasks should the administrator do first before analyzing the hard drive?

A.

Metadata review

B.

Snapshot

C.

Bit-level copy

D.

Memory dump

An accounting employee recently used software that was not approved by the company. Which of the following risks does this most likely represent?

A.

Unskilled attacker

B.

Hacktivist

C.

Shadow IT

D.

Supply chain

Which of the following is an example of a certificate that is generated by an internal source?

A.

Digital signature

B.

Asymmetric key

C.

Self-signed

D.

Symmetric key

An attacker used XSS to compromise a web server. Which of the following solutions could have been used to prevent this attack?

A.

NGFW

B.

UTM

C.

WAF

D.

NAC

The help desk receives multiple calls that machines with an outdated OS version are running slowly. Several users are seeing virus detection alerts. Which of the following mitigation techniques should be reviewed first?

A.

Patching

B.

Segmentation

C.

Monitoring

D.

Isolation

The private key for a website was stolen, and a new certificate has been issued. Which of the following needs to be updated next?

A.

SCEP

B.

CRL

C.

OCSP

D.

CSR

A company must ensure sensitive data at rest is rendered unreadable. Which of the following will the company most likely use?

A.

Hashing

B.

Tokenization

C.

Encryption

D.

Segmentation

A security analyst has determined that a security breach would have a financial impact of $15,000 and is expected to occur twice within a three-year period. Which of the following is the ALE for this risk?

A.

$7,500

B.

$10,000

C.

$15,000

D.

$30,000

Which of the following describes an executive team that is meeting in a board room and testing the company ' s incident response plan?

A.

Continuity of operations

B.

Capacity planning

C.

Tabletop exercise

D.

Parallel processing

A security analyst receives an alert from a web server that contains the following logs:

GET /image?filename=../../../etc/passwd

Host: AcmeInc.web.net

useragent: python-request/2.27.1

GET /image?filename=../../../etc/shadow

Host: AcmeInc.web.net

useragent: python-request/2.27.1

Which of the following attacks is being attempted?

A.

File injection

B.

Privilege escalation

C.

Directory traversal

D.

Cookie forgery

A newly appointed board member with cybersecurity knowledge wants the board of directors to receive a quarterly report detailing the number of incidents that impacted the organization. The systems administrator is creating a way to present the data to the board of directors. Which of the following should the systems administrator use?

A.

Packet captures

B.

Vulnerability scans

C.

Metadata

D.

Dashboard

While analyzing SIEM alerts for a company ' s WAF, an incident response analyst observes the following:

https://corporate-A.com/loadimage?filename=/etc/

https://corporate-A.com/loadimage?filename=../../etc/passwd

https://corporate-A.com/loadimage?filename=./etc/passwd

Which of the following best describes the observed behavior?

A.

Credential replay

B.

Directory traversal

C.

Brute-force attack

D.

Resource exhaustion

A systems administrator wants to use a technical solution to explicitly define file permissions for the entire team. Which of the following should the administrator implement?

A.

ACL

B.

Monitoring

C.

Isolation

D.

HIPS

The management team wants to assess the cybersecurity team ' s readiness to respond to a threat scenario. Which of the following will adequately assess and formalize a response within a short time?

A.

Send a message to all IT managers and request formal action plans.

B.

Create a bug bounty program and assess the findings.

C.

Execute a tabletop exercise and document the performance results.

D.

Hire an external consultant to independently assess the cybersecurity processes.

Which of the following receives logs from various devices and services, and then presents alerts?

A.

SIEM

B.

SCADA

C.

SNMP

D.

SCAP

Which of the following would most likely be used by attackers to perform credential harvesting?

A.

Social engineering

B.

Supply chain compromise

C.

Third-party software

D.

Rainbow table

Which of the following techniques can be used to sanitize the data contained on a hard drive while allowing for the hard drive to be repurposed?

A.

Degaussing

B.

Drive shredder

C.

Retention platform

D.

Wipe tool

Which of the following data types best describes an AI tool developed by a company to automate the ticketing system under a specific contract?

A.

Classified

B.

Regulated information

C.

Open source

D.

Intellectual property

During a risk treatment exercise, an administrator discovers a risk that cannot be mitigated. Which of the following best describes this situation?

A.

Residual risk

B.

Risk appetite

C.

Reviewed risk

D.

Risk register

A security analyst is assessing several company firewalls. Which of the following cools would The analyst most likely use to generate custom packets to use during the assessment?

A.

hping

B.

Wireshark

C.

PowerShell

D.

netstat

A security engineer needs to quickly identify a signature from a known malicious file. Which of the following analysis methods would the security engineer most likely use?

A.

Static

B.

Sandbox

C.

Network traffic

D.

Package monitoring

Which of the following vulnerabilities would likely be mitigated by setting up an MDM platform?

A.

TPM

B.

Buffer overflow

C.

Jailbreaking

D.

SQL injection

An administrator has configured a quarantine subnet for all guest devices that connect to the network. Which of the following would be best for the security team to configure on the MDM before allowing access to corporate resources?

A.

Device fingerprinting

B.

Compliance attestation

C.

NAC

D.

802.1X

Page: 1 / 7
Total 887 questions
Copyright © 2014-2026 Solution2Pass. All Rights Reserved