Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. CompTIA
  3. SY0-701

CompTIA Security+ SY0-701 Exam Questions in PDF

Free CompTIA SY0-701 Dumps Questions (page: 2)

SY0-701 PDF — 804 Questions

Which of the following examples would be best mitigated by input sanitization?

  1. <script>alert("Warning!");</script>
  2. nmap - 10.11.1.130
  3. Email message: "Click this link to get your free gift card."
  4. Browser message: "Your connection is not private."

Answer(s): A

Explanation:

Option A is correct because input sanitization mitigates injection and XSS by removing or neutralizing unsafe input that could be executed by a browser or server.
A) Correct — the string contains an inline script tag that, if rendered, could execute JavaScript (XSS). Sanitization strips or encodes tags to prevent script execution.
B) Incorrect — nmap is a network scanner; input sanitization does not apply to command-line tool usage or to the data being sent, which is not an injection point in this context.
C) Incorrect — while phishing-like content can be mitigated by user education and filtering, input sanitization alone does not specifically prevent link clicking or credential phishing beyond URL handling.
D) Incorrect — a browser security warning about TLS/HTTPS; sanitization does not address certificate warnings or TLS-related issues.



An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?

  1. Smishing
  2. Disinformation
  3. Impersonating
  4. Whaling

Answer(s): C

Explanation:

Option C is correct because impersonating the CEO to compel an action is a form of social engineering known as impersonation or pretexting, targeting associations of authority to bypass controls.
A) Incorrect — Smishing is phishing via SMS, not CEO impersonation calls.
B) Incorrect — Disinformation involves spreading false information, not a direct leadership impersonation tactic.
D) Incorrect — Whaling specifically refers to phishing aimed at high-status individuals like executives; while related, the technique described is impersonation, not the general whaling category.



After conducting a vulnerability scan, a systems administrator notices that one of the identified vulnerabilities is not present on the systems that were scanned. Which of the following describes this example?

  1. False positive
  2. False negative
  3. True positive
  4. True negative

Answer(s): A

Explanation:

Option A is correct because a false positive occurs when a vulnerability is reported but does not actually exist on the system after verification. Incorrect — B (false negative) would mean a real vulnerability was not detected. C (true positive) would mean a vulnerability was correctly detected and present. D (true negative) would mean no vulnerability is present and correctly reported as absent. The scenario describes over-reporting of a non-existent vulnerability, not an actual missing detection or a confirmed vulnerability.



A recent penetration test identified that an attacker could flood the MAC address table of network switches. Which of the following would best mitigate this type of attack?

  1. Load balancer
  2. Port security
  3. IPS
  4. NGFW

Answer(s): B

Explanation:

Option B is correct because port security on switches limits the number of MAC addresses learned on a port, preventing MAC flooding from overwhelming the MAC address table. Incorrect — A) Load balancer operates at Layer 4-7 and does not prevent MAC learning table floods. Incorrect — C) IPS detects and prevents known threats at network/transport layers but not proactively cap MAC table growth. Incorrect — D) NGFW provides next-gen firewall features but does not specifically mitigate MAC flooding on switch ports.



A user would like to install software and features that are not available with a smartphone's default software. Which of the following would allow the user to install unauthorized software and enable new features?

  1. SQLi
  2. Cross-site scripting
  3. Jailbreaking
  4. Side loading

Answer(s): C

Explanation:

Option C is correct because jailbreaking removes vendor restrictions, enabling installation of unauthorized software and features not provided by the default OS. Incorrect — A) SQLi is a web app vulnerability (SQL injection), not a device modification. Incorrect — B) Cross-site scripting is a web security flaw that injects scripts into pages, not a method to install apps. Incorrect — D) Side loading is the process of installing apps from outside the official store; it does not inherently enable feature unlocks or unauthorized software beyond what the OS restrictions typically allow, and is a consequence of jailbreaking in many ecosystems.



Which of the following phases of an incident response involves generating reports?

  1. Recovery
  2. Preparation
  3. Lessons learned
  4. Containment

Answer(s): C

Explanation:

Option C is correct because the Lessons learned phase involves post-incident analysis, including documenting findings and generating reports to improve future response and security controls.
A) Incorrect — Recovery focuses on restoring systems and operations, not reporting.
B) Incorrect — Preparation involves planning, policy creation, and training, not generating incident reports.
D) Incorrect — Containment aims to limit the incident’s spread, not reporting outputs.



Which of the following methods would most likely be used to identify legacy systems?

  1. Bug bounty program
  2. Vulnerability scan
  3. Package monitoring
  4. Dynamic analysis

Answer(s): B

Explanation:

Option B is correct because vulnerability scans identify weaknesses and outdated software on assets, helping to uncover legacy systems that lack current patches or support. Incorrect — A) Bug bounty programs target external researchers for finding vulnerabilities, not specifically identifying legacy systems. Incorrect — C) Package monitoring tracks software bills of materials and changes, not primarily for detecting legacy systems. Incorrect — D) Dynamic analysis tests running applications to observe behavior in real-time, not specifically for locating legacy or unpatched systems.



Employees located off-site must have access to company resources in order to complete their assigned tasks. These employees utilize a solution that allows remote access without interception concerns. Which of the following best describes this solution?

  1. Proxy server
  2. NGFW
  3. VPN
  4. Security zone

Answer(s): C

Explanation:

Option C is correct because a VPN provides encrypted tunnel for remote access, protecting data in transit and meeting zero interception concerns when connecting to corporate resources.
A) Proxy server: forwards requests but does not inherently secure end-to-end encryption for all traffic or provide full remote access tunneling like a VPN.
B) NGFW: next-generation firewall offers advanced threat protection and access control, not primarily a remote access solution.
D) Security zone: refers to network segmentation concepts, not a remote access mechanism.



Viewing page 2 of 102

Share your comments for CompTIA SY0-701 exam with other users:

A
Anonymous User
4/16/2026 10:54:18 AM

Question 1:

  • Correct answer: Edate = sys.argv[1]
  • Why this is correct:
- When a Databricks Job passes parameters to a notebook, those parameters are supplied to the notebook's Python process as command-line arguments. The first argument after the script name is sys.argv[1], so date = sys.argv[1] captures the passed date value directly.
  • How it compares to other options:
- date = spark.conf.get("date") reads from Spark config, not from job parameters. - input() waits for user input at runtime, which isn’t how job parameters are provided. - date = dbutils.notebooks.getParam("date") would work if the notebook were invoked via dbutils.notebook.run with parameters, not

Innisfil, Canada
A
Anonymous User
4/15/2026 4:42:07 AM

Question 528:

  • Correct answer: NSG flow logs for NSG1 (Option B)

  • Why:
- Traffic Analytics uses NSG flow logs to analyze traffic patterns. You must have NSG flow logs enabled for the NSGs you want to monitor. - An Azure Log Analytics workspace is also required to store and query the traffic data. - Network Watcher must be available in the subscription for traffic analytics to function.
  • What to configure (brief steps):
- Ensure Network Watcher is enabled in the East US region (for the subscription/region). - Enable NSG flow logs on NSG1. - Ensure a Log Analytics workspace exists and is accessible (read/write) so Traffic Analytics can store and query logs.
  • Why other options aren’t correct:
- “Diagnostic settings for VM1” or “Diagnostic settings for NSG1” alone don’t guarantee flow logs are captured and sent to Log Analytics, which Traffic Analytics relies on. - “Insights for VM1” is not how Traffic Analytics collects traffic data.

Hamburg, Germany
A
Anonymous User
4/15/2026 2:43:53 AM

Question 23:
The correct answer is Domain admin (option B), not Fabric admin.

  • Domain admin provides domain-level management: create domains/subdomains and assign workspaces within those domains, which matches the tasks while following least privilege.
  • Fabric admin is global-level access and is more privileges than needed for this scenario (it would grant broader control across the Fabric environment).

Kottayam, India
A
Anonymous User
4/14/2026 12:31:34 PM

Question 2:
For question 2, the key concept is the Longest Prefix Match. Routers pick the route whose subnet mask is the most specific (largest prefix length) that still matches the destination IP.
From the options:

  • A) 10.10.10.0/28 ? 10.10.10.0–10.10.10.15
  • B) 10.10.13.0/25 ? 10.10.13.0–10.10.13.127
  • C) 10.10.13.144/28 ? 10.10.13.144–10.10.13.159
  • D) 10.10.13.208/29 ? 10.10.13.208–10.10.13.215

The destination Host A’s IP must fall within 10.10.13.208–10.10.13.215 for the /29 to be the best match. Since /29 is the longest prefix among the matching options, Router1 will use 10.10.13.208/29.
Thus, the correct answer is D.

Canada
S
srameh
4/14/2026 10:09:29 AM

Question 3:

  • Correct answer: Phase 4, Post Accreditation

  • Explanation:
- In DITSCAP, the four phases are: - Phase 1: Definition (concept and requirements) - Phase 2: Verification (design and testing) - Phase 3: Validation (fielding and evaluation) - Phase 4: Post Accreditation (ongoing operations and lifecycle management) - The description—continuing operation of an accredited IT system and addressing changing threats throughout its life cycle—fits the Post Accreditation phase, which covers operations, maintenance, monitoring, and reauthorization as threats and environment evolve.

France
O
onibokun10
4/13/2026 7:50:14 PM

Question 129:
Correct answer: CNAME

  • A CNAME record creates an alias for a domain, so newapplication.comptia.org will resolve to whatever IP address www.comptia.org resolves to. This ensures both names point to the same resource without duplicating the IP.
  • Why not the others:
- SOA defines authoritative information for a zone. - MX specifies mail exchange servers. - NS designates name servers for a zone.
  • Notes: The alias name (newapplication.comptia.org) should not have other records if you use a CNAME for it, and CNAMEs aren’t used for the zone apex (root) domain. This scenario uses a subdomain, so a CNAME is appropriate.

Swindon, United Kingdom
A
Anonymous User
4/13/2026 6:29:58 PM

Question 1:

  • Correct answer: C

  • Why this is best:
- Uses OS Login with IAM, so SSH access is granted via Google accounts rather than distributing per-user SSH keys. - Granting the compute.osAdminLogin role to a Google group gives admin access to all team members in a centralized, auditable way. - Access is auditable: Cloud Audit Logs show who accessed which VM, satisfying the security requirement to determine who accessed a given instance.
  • How it works:
- Enable OS Login on the project/instances (enable-oslogin metadata). - Add the team’s

Germany
A
Anonymous User
4/13/2026 1:00:51 PM

Question 2:

  • Answer: D. Azure Advisor

  • Why: To view security-related recommendations for resources in the Compute and Apps area (including App Service Web Apps and Functions), you use Azure Advisor. Advisor surfaces personalized best-practice recommendations across resources, including security, and shows which resources are affected and the severity.

  • Why not the others:
- Azure Log Analytics is for ad-hoc querying of telemetry, not for viewing security recommendations. - Azure Event Hubs is for streaming telemetry data, not for security recommendations.
  • Quick tip: In the portal, navigate to Azure Advisor and check the Security recommendations for App Services to see actionable items and affe

    Brazil
D
Don
4/11/2026 5:36:42 AM

Recommend using AI for Solutions rather the Answer(s) submitted here

Hamburg, Germany
M
Mogae Malapela
4/8/2026 6:37:56 AM

This is very interesting

Gaborone, Botswana
A
Anon
4/6/2026 5:22:54 PM

Are these the same questions you have to pay for in ExamTopics?

Amsterdam, The Netherlands
L
LRK
3/22/2026 2:38:08 PM

For Question 7 - while the answer description indicates the correct answer, the option no. mentioned is incorrect. Nice and Comprehensive. Thankyou

Paris, France
R
Rian
3/19/2026 9:12:10 AM

This is very good and accurate. Explanation is very helpful even thou some are not 100% right but good enough to pass.

United States
G
Gerrard
3/18/2026 6:58:37 AM

The DP-900 exam can be tricky if you aren't familiar with Microsoft’s specific cloud terminology. I used the practice questions from free-braindumps.com and found them incredibly helpful. The site breaks down core data concepts and Azure services in a way that actually mirrors the real test. As a resutl I passed my exam.

United States
V
Vineet Kumar
3/6/2026 5:26:16 AM

interesting

Anonymous
J
Joe
1/20/2026 8:25:24 AM

Passed this exam 2 days ago. These questions are in the exam. You are safe to use them.

UNITED STATES
N
NJ
12/24/2025 10:39:07 AM

Helpful to test your preparedness before giving exam

Anonymous
A
Ashwini
12/17/2025 8:24:45 AM

Really helped

Anonymous
J
Jagadesh
12/16/2025 9:57:10 AM

Good explanation

INDIA
S
shobha
11/29/2025 2:19:59 AM

very helpful

INDIA
P
Pandithurai
11/12/2025 12:16:21 PM

Question 1, Ans is - Developer,Standard,Professional Direct and Premier

Anonymous
E
Einstein
11/8/2025 4:13:37 AM

Passed this exam in first appointment. Great resource and valid exam dump.

Anonymous
D
David
10/31/2025 4:06:16 PM

Today I wrote this exam and passed, i totally relay on this practice exam. The questions were very tough, these questions are valid and I encounter the same.

UNITED STATES
T
Thor
10/21/2025 5:16:29 AM

Anyone used this dump recently?

NEW ZEALAND
V
Vladimir
9/25/2025 9:11:14 AM

173 question is A not D

Anonymous
K
khaos
9/21/2025 7:07:26 AM

nice questions

Anonymous
K
Katiso Lehasa
9/15/2025 11:21:52 PM

Thanks for the practice questions they helped me a lot.

Anonymous
E
Einstein
9/2/2025 7:42:00 PM

Passed this exam today. All questions are valid and this is not something you can find in ChatGPT.

UNITED KINGDOM
V
vito
8/22/2025 4:16:51 AM

i need to pass exam for VMware 2V0-11.25

Anonymous
M
Matt
7/31/2025 11:44:40 PM

Great questions.

UNITED STATES
O
OLERATO
7/1/2025 5:44:14 AM

great dumps to practice for the exam

SOUTH AFRICA
A
Adekunle willaims
6/9/2025 7:37:29 AM

How reliable and relevant are these questions?? also i can see the last update here was January and definitely new questions would have emerged.

Anonymous
A
Alex
5/24/2025 12:54:15 AM

Can I trust to this source?

Anonymous
S
SPriyak
3/17/2025 11:08:37 AM

can you please provide the CBDA latest test preparation

UNITED STATES
AI Tutor 👋 I’m here to help!