Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. CompTIA
  3. SY0-701

CompTIA SY0-701 Exam (page: 13)
CompTIA Security+
Updated on: 31-Mar-2026

Viewing Page 13 of 91
SY0-701 PDF 757 Questions

An organization requests a third-party full-spectrum analysis of its supply chain.
Which of the following would the analysis team use to meet this requirement?

  1. Vulnerability scanner
  2. Penetration test
  3. SCAP
  4. Illumination tool

Answer(s): D

Explanation:

A) D
The correct choice is Illumination tool because full-spectrum analysis of supply chain requires comprehensive visibility and monitoring across vendors, components, and risks, which illumination tools are designed to provide. They enhance situational awareness by aggregating telemetry and indicators from the supply chain to detect anomalies and threats. B) Penetration test is a targeted active attack to find exploitable weaknesses, not a holistic supply chain view. C) SCAP is a standard for automated vulnerability management data exchange, not a full-spectrum supply chain analysis. A) Vulnerability scanner only detects known weaknesses in systems, not comprehensive supply chain illumination.


Reference:



A systems administrator deployed a monitoring solution that does not require installation on the endpoints that the solution is monitoring.
Which of the following is described in this scenario?

  1. Agentless solution
  2. Client-based soon
  3. Open port
  4. File-based solution

Answer(s): A

Explanation:

A) An agentless solution is described because monitoring occurs without installing software on endpoints, relying on network-based access, APIs, or remote protocols.
B) Client-based soon is incorrect and not a standard term in security monitoring.
C) Open port refers to network exposure, not the absence of endpoint agents.
D) File-based solution implies data or rules delivered as files on endpoints, requiring local presence, unlike agentless approaches.


Reference:



A security analyst is reviewing the source code of an application in order to identify misconfigurations and vulnerabilities.
Which of the following kinds of analysis best describes this review?

  1. Dynamic
  2. Static
  3. Gap
  4. Impact

Answer(s): B

Explanation:

A) Static is correct because source code analysis is performed without executing the program, identifying misconfigurations and vulnerabilities through static review.
B) Dynamic analyzes the running application to observe behavior at runtime, not suitable for source code review.
C) Gap analysis compares current controls to desired controls to identify gaps, not specifically about code inspection.
D) Impact assesses the consequence of a threat, not the method of reviewing code for defects.



Which of the following agreement types is used to limit external discussions?

  1. BPA
  2. NDA
  3. SLA
  4. MSA

Answer(s): B

Explanation:

A brief non-disclosure agreement (NDA) is used to limit external discussions by restricting the sharing of confidential information with outsiders.
A) NDA is correct because it legally binds parties to keep specified information confidential and limits external discussions.
B) BPA (Business Process Agreement) generally outlines processes, not confidentiality.
C) SLA (Service Level Agreement) defines performance metrics and service expectations, not restricts discussions.
D) MSA (Master Service Agreement) sets overarching terms for multiple projects, not primarily for restricting external communications.



A security analyst is evaluating a SaaS application that the human resources department would like to implement. The analyst requests a SOC 2 report from the SaaS vendor.
Which of the following processes is the analyst most likely conducting?

  1. Internal audit
  2. Penetration testing
  3. Attestation
  4. Due diligence

Answer(s): D

Explanation:

A) Due diligence: The analyst seeks a SOC 2 report to assess the vendor’s controls and risk posture before adoption, which is due diligence in third-party risk management. B) Penetration testing: SOC 2 reports are not conducted by penetration tests but by independent auditors reviewing controls; this option misstates the activity. C) Attestation: SOC 2 is an attestation report, but the question focuses on the process of evaluating a vendor; “due diligence” more accurately describes the preparatory vendor assessment. D) Internal audit: SOC 2 is an external attestation provided by an independent auditor, not an internal audit activity.



Which of the following is used to conceal credit card information in a database log file?

  1. Tokenization
  2. Masking
  3. Hashing
  4. Obfuscation

Answer(s): B

Explanation:

Tokenization is used to replace sensitive data with tokens, but masking specifically conceals portions of data within logs, making credit card numbers unreadable while preserving length.
A) Tokenization replaces data with tokens, not visible masking in the log.
B) Masking hides portions of data (e.g., 4111 **** **** 1111) in logs, preserving recognizable format for analysis without exposing full numbers.
C) Hashing irreversibly transforms data, unsuitable for logs needing readability or reversible lookup.
D) Obfuscation is vague and less standardized for PCI-DSS logging; masking is the defined technique for concealing card data in logs.



SIMULATION (Drag and Drop is not supported)

A systems administrator is configuring a site-to-site VPN between two branch offices. Some of the settings have already been configured correctly. The systems administrator has been provided the following requirements as part of completing the configuration:

Most secure algorithms should be selected

All traffic should be encrypted over the VPN

A secret password will be used to authenticate the two VPN concentrators

INSTRUCTIONS

Click on the two VPN Concentrators to configure the appropriate settings.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.









  1. See explanation below.

Answer(s): A

Explanation:



An organization recently started hosting a new service that customers access through a web portal. A security engineer needs to add to the existing security devices a new solution to protect this new service.
Which of the following is the engineer most likely to deploy?

  1. Layer 4 firewall
  2. NGFW
  3. WAF
  4. UTM

Answer(s): C

Explanation:

A Web Application Firewall (WAF) is designed to protect online web services and portals from common application-layer attacks (SQLi, XSS) by inspecting HTTP/HTTPS traffic and enforcing OWASP-relevant controls.
A) Layer 4 firewall protects network flows and ports (stateless/stateful), not specifically web app logic.
B) NGFW (next-generation firewall) adds application awareness and threat prevention but is broader than just web app protection.
D) UTM consolidates multiple security services but may not provide focused web application-layer protection as effectively as a dedicated WAF.



Viewing Page 13 of 91



Share your comments for CompTIA SY0-701 exam with other users:

Mayur Shermale 11/23/2023 12:22:00 AM

its intresting, i would like to learn more abouth this
JAPAN


JM 12/19/2023 2:23:00 PM

q252: dns poisoning is the correct answer, not locator redirection. beaconing is detected from a host. this indicates that the system has been infected with malware, which could be the source of local dns poisoning. location redirection works by either embedding the redirection in the original websites code or having a user click on a url that has an embedded redirect. since users at a different office are not getting redirected, it isnt an embedded redirection on the original website and since the user is manually typing in the url and not clicking a link, it isnt a modified link.
UNITED STATES


Freddie 12/12/2023 12:37:00 PM

helpful dump questions
SOUTH AFRICA


Da Costa 8/25/2023 7:30:00 AM

question 423 eigrp uses metric
Anonymous


Bsmaind 8/20/2023 9:22:00 AM

hello nice dumps
Anonymous


beau 1/12/2024 4:53:00 PM

good resource for learning
UNITED STATES


Sandeep 12/29/2023 4:07:00 AM

very useful
Anonymous


kevin 9/29/2023 8:04:00 AM

physical tempering techniques
Anonymous


Blessious Phiri 8/15/2023 4:08:00 PM

its giving best technical knowledge
Anonymous


Testbear 6/13/2023 11:15:00 AM

please upload
ITALY


shime 10/24/2023 4:23:00 AM

great question with explanation thanks!!
ETHIOPIA


Thembelani 5/30/2023 2:40:00 AM

does this exam have lab sections?
Anonymous


Shin 9/8/2023 5:31:00 AM

please upload
PHILIPPINES


priti kagwade 7/22/2023 5:17:00 AM

please upload the braindump for .net
UNITED STATES


Robe 9/27/2023 8:15:00 PM

i need this exam 1z0-1107-2. please.
Anonymous


Chiranthaka 9/20/2023 11:22:00 AM

very useful!
Anonymous


Not Miguel 11/26/2023 9:43:00 PM

for this question - "which three type of basic patient or member information is displayed on the patient info component? (choose three.)", list of conditions is not displayed (it is displayed in patient card, not patient info). so should be thumbnail of chatter photo
Anonymous


Andrus 12/17/2023 12:09:00 PM

q52 should be d. vm storage controller bandwidth represents the amount of data (in terms of bandwidth) that a vms storage controller is using to read and write data to the storage fabric.
Anonymous


Raj 5/25/2023 8:43:00 AM

nice questions
UNITED STATES


max 12/22/2023 3:45:00 PM

very useful
Anonymous


Muhammad Rawish Siddiqui 12/8/2023 6:12:00 PM

question # 208: failure logs is not an example of operational metadata.
SAUDI ARABIA


Sachin Bedi 1/5/2024 4:47:00 AM

good questions
Anonymous


Kenneth 12/8/2023 7:34:00 AM

thank you for the test materials!
KOREA REPUBLIC OF


Harjinder Singh 8/9/2023 4:16:00 AM

its very helpful
HONG KONG


SD 7/13/2023 12:56:00 AM

good questions
UNITED STATES


kanjoe 7/2/2023 11:40:00 AM

good questons
UNITED STATES


Mahmoud 7/6/2023 4:24:00 AM

i need the dumb of the hcip security v4.0 exam
EGYPT


Wei 8/3/2023 4:18:00 AM

upload the dump please
HONG KONG


Stephen 10/3/2023 6:24:00 PM

yes, iam looking this
AUSTRALIA


Stephen 8/4/2023 9:08:00 PM

please upload cima e2 managing performance dumps
Anonymous


hp 6/16/2023 12:44:00 AM

wonderful questions
Anonymous


Priyo 11/14/2023 2:23:00 AM

i used this site since 2000, still great to support my career
INDONESIA


Jude 8/29/2023 1:56:00 PM

why is the answer to "which of the following is required by scrum?" all of the following stated below since most of them are not mandatory? sprint retrospective. members must be stand up at the daily scrum. sprint burndown chart. release planning.
UNITED STATES


Marc blue 9/15/2023 4:11:00 AM

great job. hope this helps out.
UNITED STATES