Summer Special Sale - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

Page: 1 / 14
Total 266 questions
Exam Code: SY0-701                Update: Jul 8, 2026
Exam Name: CompTIA Security+ Exam 2026

CompTIA CompTIA Security+ Exam 2026 SY0-701 Exam Dumps: Updated Questions & Answers (July 2026)

Question # 1

A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the following best describes this step?

A.

Capacity planning

B.

Redundancy

C.

Geographic dispersion

D.

Tablet exercise

Question # 2

For which of the following reasons would a systems administrator leverage a 3DES hash from an installer file that is posted on a vendor ' s website?

A.

To test the integrity of the file

B.

To validate the authenticity of the file

C.

To activate the license for the file

D.

To calculate the checksum of the file

Question # 3

During a penetration test, a vendor attempts to enter an unauthorized area using an access badge Which of the following types of tests does this represent?

A.

Defensive

B.

Passive

C.

Offensive

D.

Physical

Question # 4

Which of the following would a security administrator use to comply with a secure baseline during a patch update?

A.

Information security policy

B.

Service-level expectations

C.

Standard operating procedure

D.

Test result report

Question # 5

An organization has recently decided to implement SSO. The requirements are to leverage access tokens and focus on application authorization rather than user authentication. Which of the following solutions would the engineering team most likely configure?

A.

LDAP

B.

Federation

C.

SAML

D.

OAuth

Question # 6

A security administrator recently reset local passwords and the following values were recorded in the system:

Which of the following in the security administrator most likely protecting against?

A.

Account sharing

B.

Weak password complexity

C.

Pass-the-hash attacks

D.

Password compromise

Question # 7

The Chief Information Security Officer (CISO) at a large company would like to gain an understanding of how the company ' s security policies compare to the requirements imposed by external regulators. Which of the following should the CISO use?

A.

Penetration test

B.

Internal audit

C.

Attestation

D.

External examination

Question # 8

Which of the following exercises should an organization use to improve its incident response process?

A.

Tabletop

B.

Replication

C.

Failover

D.

Recovery

Question # 9

Which of the following is an example of a false negative vulnerability detection in a scan report?

A.

A vulnerability that does not actually exist

B.

A vulnerability that has already been remediated

C.

A result that shows no known vulnerability

D.

A zero-day vulnerability with a known remediation

Question # 10

An employee emailed a new systems administrator a malicious web link and convinced the administrator to change the email server ' s password. The employee used this access to remove the mailboxes of key personnel. Which of the following security awareness concepts would help prevent this threat in the future?

A.

Recognizing phishing

B.

Providing situational awareness training

C.

Using password management

D.

Reviewing email policies

Question # 11

A security practitioner completes a vulnerability assessment on a company ' s network and finds several vulnerabilities, which the operations team remediates. Which of the following should be done next?

A.

Conduct an audit.

B.

Initiate a penetration test.

C.

Rescan the network.

D.

Submit a report.

Question # 12

An administrator implements web-filtering products but still sees that users are visiting malicious links. Which of the following configuration items does the security administrator need to review?

A.

Intrusion prevention system

B.

Content categorization

C.

Encryption

D.

DNS service

Question # 13

A systems administrator discovers a system that is no longer receiving support from the vendor. However, this system and its environment are critical to running the business, cannot be modified, and must stay online. Which of the following risk treatments is the most appropriate in this situation?

A.

Refect

B.

Accept

C.

Transfer

D.

Avoid

Question # 14

An organization experiences a suspected data breach that affects sensitive client information. The incident response team must preserve logs, server images, and email communications related to the breach. Which of the following best describes this course of action?

A.

Maintaining the chain of custody

B.

Performing root cause analysis

C.

Enforcing a legal hold

D.

Conducting a containment activity

Question # 15

An alert references attacks associated with a zero-day exploit. An analyst places a bastion host in the network to reduce the risk of the exploit. Which of the following types of controls is the analyst implementing?

A.

Compensating

B.

Detective

C.

Operational

D.

Physical

Question # 16

Which of the following is the main consideration when a legacy system that is a critical part of a company ' s infrastructure cannot be replaced?

A.

Resource provisioning

B.

Cost

C.

Single point of failure

D.

Complexity

Question # 17

A security analyst learns that an attack vector, which was used as a part of a recent incident, was a well-known IoT device exploit. The analyst needs to review logs to identify the time of initial exploit. Which of the following logs should the analyst review first?

A.

Wireless access point

B.

Switch

C.

Firewall

D.

NAC

Question # 18

Which of the following techniques would attract the attention of a malicious attacker in an insider threat scenario?

A.

Creating a false text file in /docs/salaries

B.

Setting weak passwords in /etc/shadow

C.

Scheduling vulnerable jobs in /etc/crontab

D.

Adding a fake account to /etc/passwd

Question # 19

A company is in the process of cutting jobs to manage costs. The Chief Information Security Officer is concerned about the increased risk of an insider threat. Which of the following would most likely help the security awareness team address this potential threat?

A.

Immediately disable the accounts of staff who are likely to be terminated.

B.

Train supervisors to identify and manage disgruntled employees.

C.

Configure DLP to monitor staff who will be terminated.

D.

Raise awareness for business leaders on social engineering techniques.

Question # 20

A security team receives reports about high latency and complete network unavailability throughout most of the office building. Flow logs from the campus switches show high traffic on TCP 445. Which of the following is most likely the root cause of this incident?

A.

Buffer overflow

B.

NTP amplification attack

C.

Worm

D.

Kerberoasting attack

Page: 1 / 14
Total 266 questions

Most Popular Certification Exams

Payment

       

Contact us

Site Secure

mcafee secure

TESTED 08 Jul 2026