Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. CompTIA
  3. SY0-701

CompTIA SY0-701 Exam (page: 1)
CompTIA Security+
Updated on: 31-Mar-2026

Viewing Page 1 of 91
SY0-701 PDF 757 Questions

A company purchased cyber insurance to address items listed on the risk register.
Which of the following strategies does this represent?

  1. Accept
  2. Transfer
  3. Mitigate
  4. Avoid

Answer(s): B

Explanation:

The correct answer is B: Transfer. Cyber insurance shifts financial risk from the organization to a third party, covering losses identified in the risk register. Accept means risks are acknowledged without action, which isn’t the case here. Mitigate involves reducing the likelihood or impact of a risk through controls, not transferring the cost. Avoid entails changing plans to eliminate risk entirely, which insurance does not accomplish. A cyber insurance policy related to identified risks aligns with risk transfer as a treatment option in risk management. A) Accept: not applicable. C) Mitigate: incorrect. D) Avoid: incorrect.



Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?

  1. Risk tolerance
  2. Risk transfer
  3. Risk register
  4. Risk analysis

Answer(s): C

Explanation:

A risk register is the formal document that records identified risks, owners, thresholds, and mitigation actions. It provides accountability and a centralized view for risk management.
A) Risk tolerance reflects the amount of risk an organization is willing to accept, not a document listing risks and owners.
B) Risk transfer involves shifting risk to terceros (e.g., insurance), not documenting risks or thresholds.
D) Risk analysis is the process of identifying and evaluating risks, not the recording and ownership document.
C) Risk register



HOTSPOT (Drag and Drop is not supported)

You are a security administrator investigating a potential infection on a network.

INSTRUCTIONS

Click on each host and firewall. Review all logs to determine which host originated the infection and then identify if each remaining host is clean or infected.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.













Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



A systems administrator notices that the research and development department is not using the company VPN when accessing various company-related services and systems.
Which of the following scenarios describes this activity?

  1. Espionage
  2. Data exfiltration
  3. Nation-state attack
  4. Shadow IT

Answer(s): D

Explanation:

A) Shadow IT activity occurs when employees use unsanctioned tools or networks, such as bypassing the VPN to access services, which is exactly the scenario described.
B) Data exfiltration involves unauthorized transfer of data, typically after access is gained, not the act of using unsanctioned network access tools.
C) Nation-state attack implies a state-backed operation targeting the organization, which is not implied by departmental VPN avoidance.
D) Espionage refers to obtaining confidential information; while related, the term here best captures unauthorized use of non-approved IT resources within the organization.



Which of the following threat vectors is most commonly utilized by insider threat actors attempting data exfiltration?

  1. Unidentified removable devices
  2. Default network device credentials
  3. Spear phishing emails
  4. Impersonation of business units through typosquatting

Answer(s): A

Explanation:

Insider threat data exfiltration most often leverages uncontrolled or unmanaged removable media, enabling covert copying of sensitive data offsite.
A) Unidentified removable devices
B) Default network device credentials
C) Spear phishing emails
D) Impersonation of business units through typosquatting


Reference:



Which of the following agreement types defines the time frame in which a vendor needs to respond?

  1. SOW
  2. SLA
  3. MOA
  4. MOU

Answer(s): B

Explanation:

Acknowledged: The correct answer is B.
B) Defines the expected service level and response times in a vendor relationship, establishing the time frame for incident and request responses as part of an service level agreement (SLA).
A) SOW specifies project scope, deliverables, and timelines, not ongoing response windows.
C) MOA outlines mutual aims for collaboration; it does not set response time requirements.
D) MOU documents intent to cooperate but lacks enforceable performance metrics like specific response times.


Reference:



Which of the following is a feature of a next-generation SIEM system?

  1. Virus signatures
  2. Automated response actions
  3. Security agent deployment
  4. Vulnerability scanning

Answer(s): B

Explanation:

A next-generation SIEM incorporates automated response actions to contain and remediate threats in real time.
A) Virus signatures are traditional AV signatures, not a NG-SIEM feature.
C) Security agent deployment is typical of EDR/agents, not intrinsic to NG-SIEM capabilities.
D) Vulnerability scanning is a separate assessment function, not a core NG-SIEM feature.


Reference:



To improve the security at a data center, a security administrator implements a CCTV system and posts several signs about the possibility of being filmed.
Which of the following best describe these types of controls? (Choose two.)

  1. Preventive
  2. Deterrent
  3. Corrective
  4. Directive
  5. Compensating
  6. Detective

Answer(s): B,F

Explanation:

The correct choices are B and F because CCTV and signage deter potential intruders (deterrent control) and provide evidence of incidents or wrongdoing (detective control). Deterrents discourage activity through the threat of being recorded; detectives identify and document events after they occur.
A) Preventive is about stopping events before they happen, which CCTV/signage alone do not guarantee.
C) Corrective refers to actions taken to restore systems after a security incident, not ongoing deterrence or evidence collection.
D) Directive governs behavior through policy or instruction, not the physical security measure.
E) Compensating provides alternative controls when a primary control fails; not applicable here.
F) Detective is correct for evidence collection and incident identification.


Reference:



Viewing Page 1 of 91



Share your comments for CompTIA SY0-701 exam with other users:

Andy 12/26/2023 9:35:00 PM

plan to take theaws certified developer - associate dva-c02 in the next few weeks
SINGAPORE


siva 5/17/2023 12:32:00 AM

very helpfull
Anonymous


mouna 9/27/2023 8:53:00 AM

good questions
Anonymous


Bhavya 9/12/2023 7:18:00 AM

help to practice csa exam
Anonymous


Malik 9/28/2023 1:09:00 PM

nice tip and well documented
Anonymous


rodrigo 6/22/2023 7:55:00 AM

i need the exam
Anonymous


Dan 6/29/2023 1:53:00 PM

please upload
Anonymous


Ale M 11/22/2023 6:38:00 PM

prepping for fsc exam
AUSTRALIA


ahmad hassan 9/6/2023 3:26:00 AM

pd1 with great experience
Anonymous


Žarko 9/5/2023 3:35:00 AM

@t it seems like azure service bus message quesues could be the best solution
UNITED KINGDOM


Shiji 10/15/2023 1:08:00 PM

helpful to check your understanding.
INDIA


Da Costa 8/27/2023 11:43:00 AM

question 128 the answer should be static not auto
Anonymous


bot 7/26/2023 6:45:00 PM

more comments here
UNITED STATES


Kaleemullah 12/31/2023 1:35:00 AM

great support to appear for exams
Anonymous


Bsmaind 8/20/2023 9:26:00 AM

useful dumps
Anonymous


Blessious Phiri 8/13/2023 8:37:00 AM

making progress
Anonymous


Nabla 9/17/2023 10:20:00 AM

q31 answer should be d i think
FRANCE


vladputin 7/20/2023 5:00:00 AM

is this real?
UNITED STATES


Nick W 9/29/2023 7:32:00 AM

q10: c and f are also true. q11: this is outdated. you no longer need ownership on a pipe to operate it
Anonymous


Naveed 8/28/2023 2:48:00 AM

good questions with simple explanation
UNITED STATES


cert 9/24/2023 4:53:00 PM

admin guide (windows) respond to malicious causality chains. when the cortex xdr agent identifies a remote network connection that attempts to perform malicious activity—such as encrypting endpoint files—the agent can automatically block the ip address to close all existing communication and block new connections from this ip address to the endpoint. when cortex xdrblocks an ip address per endpoint, that address remains blocked throughout all agent profiles and policies, including any host-firewall policy rules. you can view the list of all blocked ip addresses per endpoint from the action center, as well as unblock them to re-enable communication as appropriate. this module is supported with cortex xdr agent 7.3.0 and later. select the action mode to take when the cortex xdr agent detects remote malicious causality chains: enabled (default)—terminate connection and block ip address of the remote connection. disabled—do not block remote ip addresses. to allow specific and known s
Anonymous


Yves 8/29/2023 8:46:00 PM

very inciting
Anonymous


Miguel 10/16/2023 11:18:00 AM

question 5, it seems a instead of d, because: - care plan = case - patient = person account - product = product2;
SPAIN


Byset 9/25/2023 12:49:00 AM

it look like real one
Anonymous


Debabrata Das 8/28/2023 8:42:00 AM

i am taking oracle fcc certification test next two days, pls share question dumps
Anonymous


nITA KALE 8/22/2023 1:57:00 AM

i need dumps
Anonymous


CV 9/9/2023 1:54:00 PM

its time to comptia sec+
GREECE


SkepticReader 8/1/2023 8:51:00 AM

question 35 has an answer for a different question. i believe the answer is "a" because it shut off the firewall. "0" in registry data means that its false (aka off).
UNITED STATES


Nabin 10/16/2023 4:58:00 AM

helpful content
MALAYSIA


Blessious Phiri 8/15/2023 3:19:00 PM

oracle 19c is complex db
Anonymous


Sreenivas 10/24/2023 12:59:00 AM

helpful for practice
Anonymous


Liz 9/11/2022 11:27:00 PM

support team is fast and deeply knowledgeable. i appreciate that a lot.
UNITED STATES


Namrata 7/15/2023 2:22:00 AM

helpful questions
Anonymous


lipsa 11/8/2023 12:54:00 PM

thanks for question
Anonymous