Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. CompTIA
  3. SY0-701

CompTIA SY0-701 Exam (page: 10)
CompTIA Security+
Updated on: 31-Mar-2026

Viewing Page 10 of 91
SY0-701 PDF 757 Questions

A company wants to implement MFA. Which of the following enables the additional factor while using a smart card?

  1. PIN
  2. Hardware token
  3. User ID
  4. SMS

Answer(s): A

Explanation:

A) PIN is the correct factor: when using a smart card as a second factor, a Personal Identification Number provides the something-you-have (smart card) plus something-you-know (PIN) combination for multi-factor authentication. It ensures the user possesses the card and can authenticate with a secret, protecting against card loss theft if the PIN is required. B) Hardware token is a separate second factor device, not the card-based factor described. C) User ID is a credential, not a factor. D) SMS is a one-factor channel for OTP, not tied to smart card usage.


Reference:



A company hired an external consultant to assist with required system upgrades to a critical business application. A systems administrator needs to secure the consultant's access without sharing passwords to critical systems.
Which of the following solutions should most likely be utilized?

  1. TACACS+
  2. SAML
  3. An SSO platform
  4. Role-based access control
  5. PAM software

Answer(s): E

Explanation:

An answer: E) PAM software. Privileged Access Management provides time-bound, just-in-time access and credential vaulting for external consultants, minimizing password sharing and limiting privileges, aligning with need-to-know and audit requirements. A) TACACS+ is a protocol for device administration, not primarily for ephemeral consultant credentials. B) SAML enables federated authentication but doesn’t manage high-risk privileged access workflows or credential vaulting. C) An SSO platform centralizes login but doesn’t enforce granular PAM controls or secret vaulting. D) RBAC defines permissions but not secure credential management or session isolation for external contractors.



A newly implemented wireless network is designed so that visitors can connect to the wireless network for business activities. The legal department is concerned that visitors might connect to the network and perform illicit activities.
Which of me following should the security team implement to address this concern?

  1. Configure a RADIUS server to manage device authentication.
  2. Use 802.1X on all devices connecting to wireless.
  3. Add a guest captive portal requiring visitors to accept terms and conditions.
  4. Allow for new devices to be connected via WPS.

Answer(s): C

Explanation:

A guest captive portal requiring visitors to accept terms and conditions enforces acceptable use policy and provides a legal framework to restrict illicit activity, with network access controls at the edge for guests.
A) RADIUS manages user or device authentication but does not enforce terms of use or capture visitor consent; it focuses on authentication, not policy enforcement.
B) 802.1X on all devices improves authentication but still lacks a visitor-specific policy acceptance and may be impractical for diverse guest devices.
D) WPS is insecure and enables easy access, not suitable for enforcing acceptable use or auditing guest activity.



Which of the following data roles is responsible for identifying risks and appropriate access to data?

  1. Owner
  2. Custodian
  3. Steward
  4. Controller

Answer(s): A

Explanation:

A) The data owner is responsible for identifying data risks and determining who should have access, aligning ownership with risk management and access control decisions.
B) Custodian handles day-to-day data management and security controls but not ownership of risk decisions.
C) Steward uses data assets and enforces data handling practices, yet ownership and risk authorization lie with the owner.
D) Controller is not a standard data role in data governance; governance roles typically include owner, custodian, and steward.


Reference:



Which of the following physical controls can be used to both detect and deter? (Choose two.)

  1. Lighting
  2. Fencing
  3. Signage
  4. Sensor
  5. Bollard
  6. Lock

Answer(s): A,D

Explanation:

A) Lighting is a deterrent and, when integrated with sensors or cameras, can aid in detection of unauthorized activity.
D) Sensor directly detects activity or tampering, providing a detection mechanism and can be part of deterrence when visible.
B) Fencing alone primarily deters; it does not inherently detect.
C) Signage deters by warning but does not detect activity.
E) Bollard deters vehicle access but does not detect.
F) Lock provides deterrence and access control but is not a detection mechanism by itself.


Reference:



A multinational bank hosts several servers in its data center. These servers run a business-critical application used by customers to access their account information.
Which of the following should the bank use to ensure accessibility during peak usage times?

  1. Load balancer
  2. Cloud backups
  3. Geographic dispersal
  4. Disk multipathing

Answer(s): A

Explanation:

A) Load balancer – Distributes client requests across multiple servers to maintain availability during peak usage, preventing any single server from becoming a bottleneck. B) Cloud backups are for data integrity and recovery, not active load distribution. C) Geographic dispersal helps resilience and latency reduction but is not an active mechanism to handle peak traffic unless combined with other services. D) Disk multipathing improves storage I/O performance but does not scale application availability across multiple servers.


Reference:



The author of a software package is concerned about bad actors repackaging and inserting malware into the software. The software download is hosted on a website, and the author exclusively controls the website's contents.
Which of the following techniques would best ensure the software's integrity?

  1. Input validation
  2. Code signing
  3. Secure cookies
  4. Fuzzing

Answer(s): B

Explanation:

A code signing ensures software integrity by enabling users to validate that the code originates from the publisher and has not been tampered with after publication.
A) Input validation is about data validation in applications, not protecting downloaded binaries from tampering.
B) Code signing provides a verifiable signature tied to the author, safeguarding integrity during distribution.
C) Secure cookies protect session data in web browsers, not code integrity for downloads.
D) Fuzzing tests software for vulnerabilities, not ensuring the authenticity or integrity of distributed packages.


Reference:



A third-party vendor is moving a particular application to the end-of-life stage at the end of the current year.
Which of the following is the most critical risk if the company chooses to continue running the application?

  1. Lack of security updates
  2. Lack of new features
  3. Lack of support
  4. Lack of source code access

Answer(s): A

Explanation:

The lack of security updates is the most critical risk when running an end-of-life application, as unpatched vulnerabilities remain exploitable and can lead to breaches, compliance failures, and incident response burdens.
A) Lack of security updates
B) Lack of new features
C) Lack of support
D) Lack of source code access


Reference:



Viewing Page 10 of 91



Share your comments for CompTIA SY0-701 exam with other users:

Dave Gregen 9/4/2023 3:17:00 PM

please upload p_sapea_2023
SWEDEN


Sarah 6/13/2023 1:42:00 PM

anyone use this? the question dont seem to follow other formats and terminology i have been studying im getting worried
CANADA


Shuv 10/3/2023 8:19:00 AM

good questions
UNITED STATES


Reb974 8/5/2023 1:44:00 AM

hello are these questions valid for ms-102
CANADA


Mchal 7/20/2023 3:38:00 AM

some questions are wrongly answered but its good nonetheless
POLAND


Sonbir 8/8/2023 1:04:00 PM

how to get system serial number using intune
Anonymous


Manju 10/19/2023 1:19:00 PM

is it really helpful to pass the exam
Anonymous


LeAnne Hair 8/24/2023 12:47:00 PM

#229 in incorrect - all the customers require an annual review
UNITED STATES


Abdul SK 9/28/2023 11:42:00 PM

kindy upload
Anonymous


Aderonke 10/23/2023 12:53:00 PM

fantastic assessment on psm 1
UNITED KINGDOM


SAJI 7/20/2023 2:51:00 AM

56 question correct answer a,b
Anonymous


Raj Kumar 10/23/2023 8:52:00 PM

thank you for providing the q bank
CANADA


piyush keshari 7/7/2023 9:46:00 PM

true quesstions
Anonymous


B.A.J 11/6/2023 7:01:00 AM

i can´t believe ms asks things like this, seems to be only marketing material.
Anonymous


Guss 5/23/2023 12:28:00 PM

hi, could you please add the last update of ns0-527
Anonymous


Rond65 8/22/2023 4:39:00 PM

question #3 refers to vnet4 and vnet5. however, there is no vnet5 listed in the case study (testlet 2).
UNITED STATES


Cheers 12/13/2023 9:55:00 AM

sometimes it may be good some times it may be
GERMANY


Sumita Bose 7/21/2023 1:01:00 AM

qs 4 answer seems wrong- please check
AUSTRALIA


Amit 9/7/2023 12:53:00 AM

very detailed explanation !
HONG KONG


FisherGirl 5/16/2022 10:36:00 PM

the interactive nature of the test engine application makes the preparation process less boring.
NETHERLANDS


Chiranthaka 9/20/2023 11:15:00 AM

very useful.
Anonymous


SK 7/15/2023 3:51:00 AM

complete question dump should be made available for practice.
Anonymous


Gamerrr420 5/25/2022 9:38:00 PM

i just passed my first exam. i got 2 exam dumps as part of the 50% sale. my second exam is under work. once i write that exam i report my result. but so far i am confident.
AUSTRALIA


Kudu hgeur 9/21/2023 5:58:00 PM

nice create dewey stefen
CZECH REPUBLIC


Anorag 9/6/2023 9:24:00 AM

i just wrote this exam and it is still valid. the questions are exactly the same but there are about 4 or 5 questions that are answered incorrectly. so watch out for those. best of luck with your exam.
CANADA


Nathan 1/10/2023 3:54:00 PM

passed my exam today. this is a good start to 2023.
UNITED STATES


1 10/28/2023 7:32:00 AM

great sharing
Anonymous


Anand 1/20/2024 10:36:00 AM

very helpful
UNITED STATES


Kumar 6/23/2023 1:07:00 PM

thanks.. very helpful
FRANCE


User random 11/15/2023 3:01:00 AM

i registered for 1z0-1047-23 but dumps qre available for 1z0-1047-22. help me with this...
UNITED STATES


kk 1/17/2024 3:00:00 PM

very helpful
UNITED STATES


Raj 7/24/2023 10:20:00 AM

please upload oracle 1z0-1110-22 exam pdf
INDIA


Blessious Phiri 8/13/2023 11:58:00 AM

becoming interesting on the logical part of the cdbs and pdbs
Anonymous


LOL what a joke 9/10/2023 9:09:00 AM

some of the answers are incorrect, i would be wary of using this until an admin goes back and reviews all the answers
UNITED STATES