Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. CompTIA
  3. SY0-701

CompTIA SY0-701 Exam (page: 11)
CompTIA Security+
Updated on: 31-Mar-2026

Viewing Page 11 of 91
SY0-701 PDF 757 Questions

A security analyst recently read a report about a flaw in several of the organization's printer models that causes credentials to be sent over the network in cleartext, regardless of the encryption settings.
Which of the following would be best to use to validate this finding?

  1. Wireshark
  2. netcat
  3. Nessus
  4. Nmap

Answer(s): A

Explanation:

A) Wireshark is right because it captures and analyzes network traffic, enabling inspection of credentials in transit and confirmation of cleartext transmission across printers. B) netcat is wrong; it can create raw network connections but isn’t suited for detailed packet analysis or credential interception verification. C) Nessus is wrong; it’s a vulnerability scanner, not a live traffic analyzer to verify credentials sent in plain text. D) Nmap is wrong; it performs port and service discovery, not deep packet inspection to validate whether credentials traverse the network unencrypted.


Reference:



A development team is launching a new public-facing web product. The Chief Information Security Officer has asked that the product be protected from attackers who use malformed or invalid inputs to destabilize the system.
Which of the following practices should the development team implement?

  1. Fuzzing
  2. Continuous deployment
  3. Static code analysis
  4. Manual peer review

Answer(s): A

Explanation:

Fuzzing is the correct choice because it tests how the web product handles malformed or invalid inputs by sending random or unexpected data to uncover stability and security weaknesses. A) Fuzzing: specifically targets input validation and error handling to prevent input-based exploits. B) Continuous deployment focuses on rapid release pipelines, not input validation or resilience to malformed data. C) Static code analysis reviews source code for flaws without executing the program, but fuzzing tests runtime input handling. D) Manual peer review helps identify issues but is less systematic for uncovering input-induced crashes compared to automated fuzzing.


Reference:



During an annual review of the system design, an engineer identified a few issues with the currently released design.
Which of the following should be performed next according to best practices?

  1. Risk management process
  2. Product design process
  3. Design review process
  4. Change control process

Answer(s): D

Explanation:

Implementing a change control process (D) is the correct next step to formally assess and authorize modifications after identifying design issues, ensuring traceability, risk evaluation, and proper rollback plans. A) Risk management process is ongoing but not the immediate procedural step to handle a known design issue. B) Product design process is upstream and would not address the current issue in the released design. C) Design review process may occur earlier; after issues are found, formal change control is required to manage deviations. D) Change control process is the correct mechanism to authorize, document, and implement design changes.



Which of the following is best to use when determining the severity of a vulnerability?

  1. CVE
  2. OSINT
  3. SOAR
  4. CVSS

Answer(s): D

Explanation:

A vulnerability’s severity is best determined using CVSS because it provides a standardized scoring system for base, temporal, and environmental factors, yielding a numeric severity that facilitates risk assessment and prioritization.
A) CVE identifiers catalog vulnerabilities but do not provide severity scoring.
B) OSINT gathers public information but does not quantify impact or severity.
C) SOAR automates response and orchestration, not severity scoring.
D) CVSS provides the standardized scoring framework used to measure vulnerability impact and priority.


Reference:



An organization experienced a security breach that allowed an attacker to send fraudulent wire transfers from a hardened PC exclusively to the attacker's bank through remote connections. A security analyst is creating a timeline of events and has found a different PC on the network containing malware. Upon reviewing the command history, the analyst finds the following:

PS>.\mimikatz.exe "sekurlsa::pth /user:localadmin /domain:corp-domain.com / ntlm:B4B9B02E1F29A3CF193EAB28C8D617D3F327

Which of the following best describes how the attacker gained access to the hardened PC?

  1. The attacker created fileless malware that was hosted by the banking platform.
  2. The attacker performed a pass-the-hash attack using a shared support account.
  3. The attacker utilized living-off-the-land binaries to evade endpoint detection and response software.
  4. The attacker socially engineered the accountant into performing bad transfers.

Answer(s): B

Explanation:

The command shows mimikatz performing a pass-the-hash using a stolen NTLM hash to impersonate an administrator and access resources remotely.
A) Incorrect: Fileless malware refers to living in memory or legitimate tooling, not indicated by NTLM hash usage in the command.
B) Correct: Pass-the-hash uses an NTLM hash to authenticate to services without credentials, fitting the command.
C) Incorrect: LOTB binaries describe using legitimate tools but not the cryptographic hash-based credential reuse shown here.
D) Incorrect: Social engineering is outside the technical evidence; the command demonstrates credential reuse, not persuasion.


Reference:



Which of the following is the best resource to consult for information on the most common application exploitation methods?

  1. OWASP
  2. STIX
  3. OVAL
  4. Threat intelligence feed
  5. Common Vulnerabilities and Exposures

Answer(s): A

Explanation:

A) Best resource for common application exploitation methods is OWASP, which documents top risks, vulnerability patterns, and secure coding practices impacting web apps.
B) STIX focuses on threat intelligence sharing and cyber threat data structure, not specifically common app exploitation methods.
C) OVAL is for validating, testing, and representing system configurations and vulnerabilities, not detailing exploitation techniques.
D) Threat intelligence feed provides indicators and context but is not a centralized best-practice guide for exploitation techniques.
E) CVE catalogs vulnerabilities, not the common exploitation methods or attacker techniques.


Reference:



A security analyst is reviewing the logs on an organization's DNS server and notices the following unusual snippet:



Which of the following attack techniques was most likely used?

  1. Determining the organization's ISP-assigned address space
  2. Bypassing the organization's DNS sinkholing
  3. Footprinting the internal network
  4. Attempting to achieve initial access to the DNS server
  5. Exfiltrating data from fshare.int.complia.org

Answer(s): C

Explanation:

A) Footprinting the internal network is the correct rationale because DNS log anomalies often indicate reconnaissance to map internal hosts and services, typical of footprinting.
B) Bypassing DNS sinkholing would show indicators of evasion against known malicious domains, not general footprinting patterns.
C) Determining the organization’s ISP-assigned address space is more about external network footprinting, not internal DNS server activity.
D) Attempting to achieve initial access to the DNS server would present login or privilege escalation events, not generic DNS query patterns.
E) Exfiltrating data from fshare.int.complia.org would show large outbound DNS tunneling or data transfer indicators, not typical footprinting signals.


Reference:



A security analyst at an organization observed several user logins from outside the organization's network. The analyst determined that these logins were not performed by individuals within the organization.
Which of the following recommendations would reduce the likelihood of future attacks? (Choose two.)

  1. Disciplinary actions for users
  2. Conditional access policies
  3. More regular account audits
  4. Implementation of additional authentication factors
  5. Enforcement of content filtering policies
  6. A review of user account permissions

Answer(s): B,D

Explanation:

A strong two-factor and location-aware approach mitigates unauthorized access.
B) Conditional access policies limit access based on location, device, risk, or symptoms, reducing exposure from noncompliant endpoints and suspicious contexts.
D) Implementation of additional authentication factors adds something the user has/knows/are, making credential theft less effective.
A) Disciplinary actions do not prevent credential misuse or compromised devices.
C) Regular account audits help detect issues but don’t directly prevent external logins.
E) Content filtering addresses web content, not authentication.
F) Reviewing permissions helps least-privilege but won’t stop zero-day or credential abuse without stronger auth.


Reference:



Viewing Page 11 of 91



Share your comments for CompTIA SY0-701 exam with other users:

TTB 8/22/2023 5:30:00 AM

hi, could you please update the latest dump version
Anonymous


T 7/28/2023 9:06:00 PM

this question is keep repeat : you are developing a sales application that will contain several azure cloud services and handle different components of a transaction. different cloud services will process customer orders, billing, payment, inventory, and shipping. you need to recommend a solution to enable the cloud services to asynchronously communicate transaction information by using xml messages. what should you include in the recommendation?
NEW ZEALAND


Gurgaon 9/28/2023 4:35:00 AM

great questions
UNITED STATES


wasif 10/11/2023 2:22:00 AM

its realy good
UNITED ARAB EMIRATES


Shubhra Rathi 8/26/2023 1:12:00 PM

oracle 1z0-1059-22 dumps
Anonymous


Leo 7/29/2023 8:48:00 AM

please share me the pdf..
INDIA


AbedRabbou Alaqabna 12/18/2023 3:10:00 AM

q50: which two functions can be used by an end user when pivoting an interactive report? the correct answer is a, c because we do not have rank in the function pivoting you can check in the apex app
GREECE


Rohan Limaye 12/30/2023 8:52:00 AM

best to practice
Anonymous


Aparajeeta 10/13/2023 2:42:00 PM

so far it is good
Anonymous


Vgf 7/20/2023 3:59:00 PM

please provide me the dump
Anonymous


Deno 10/25/2023 1:14:00 AM

i failed the cisa exam today. but i have found all the questions that were on the exam to be on this site.
Anonymous


CiscoStudent 11/15/2023 5:29:00 AM

in question 272 the right answer states that an autonomous acces point is "configured and managed by the wlc" but this is not what i have learned in my ccna course. is this a mistake? i understand that lightweight aps are managed by wlc while autonomous work as standalones on the wlan.
Anonymous


pankaj 9/28/2023 4:36:00 AM

it was helpful
Anonymous


User123 10/8/2023 9:59:00 AM

good question
UNITED STATES


vinay 9/4/2023 10:23:00 AM

really nice
Anonymous


Usman 8/28/2023 10:07:00 AM

please i need dumps for isc2 cybersecuity
Anonymous


Q44 7/30/2023 11:50:00 AM

ans is coldline i think
UNITED STATES


Anuj 12/21/2023 1:30:00 PM

very helpful
Anonymous


Giri 9/13/2023 10:31:00 PM

can you please provide dumps so that it helps me more
UNITED STATES


Aaron 2/8/2023 12:10:00 AM

thank you for providing me with the updated question and answers. this version has all the questions from the exam. i just saw them in my exam this morning. i passed my exam today.
SOUTH AFRICA


Sarwar 12/21/2023 4:54:00 PM

how i can see exam questions?
CANADA


Chengchaone 9/11/2023 10:22:00 AM

can you please upload please?
Anonymous


Mouli 9/2/2023 7:02:00 AM

question 75: option c is correct answer
Anonymous


JugHead 9/27/2023 2:40:00 PM

please add this exam
Anonymous


sushant 6/28/2023 4:38:00 AM

please upoad
EUROPEAN UNION


John 8/7/2023 12:09:00 AM

has anyone recently attended safe 6.0 certification? is it the samq question from here.
Anonymous


Blessious Phiri 8/14/2023 3:49:00 PM

expository experience
Anonymous


concerned citizen 12/29/2023 11:31:00 AM

52 should be b&c. controller failure has nothing to do with this type of issue. degraded state tells us its a raid issue, and if the os is missing then the bootable device isnt found. the only other consideration could be data loss but thats somewhat broad whereas b&c show understanding of the specific issues the question is asking about.
UNITED STATES


deedee 12/23/2023 5:10:00 PM

great help!!!
UNITED STATES


Samir 8/1/2023 3:07:00 PM

very useful tools
UNITED STATES


Saeed 11/7/2023 3:14:00 AM

looks a good platform to prepare az-104
Anonymous


Matiullah 6/24/2023 7:37:00 AM

want to pass the exam
Anonymous


SN 9/5/2023 2:25:00 PM

good resource
UNITED STATES


Zoubeyr 9/8/2023 5:56:00 AM

question 11 : d
FRANCE