Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. CompTIA
  3. SY0-701

CompTIA SY0-701 Exam (page: 8)
CompTIA Security+
Updated on: 31-Mar-2026

Viewing Page 8 of 91
SY0-701 PDF 757 Questions

An analyst is performing a vulnerability scan against the web servers exposed to the internet without a system account.
Which of the following is most likely being performed?

  1. Non-credentialed scan
  2. Packet capture
  3. Privilege escalation
  4. System enumeration
  5. Passive scan

Answer(s): A

Explanation:

A) A non-credentialed scan is correct because it runs without system credentials to assess publicly exposed services, identifying vulnerabilities from an external perspective.
B) Packet capture is unrelated to vulnerability scanning; it records traffic, not system weaknesses.
C) Privilege escalation involves exploiting a weakness to gain higher privileges, not performing external scans.
D) System enumeration would require credentials to list detailed system information; the scenario specifies no system account.
E) Passive scan implies monitoring without active probing; vulnerability scanning typically requires active checks, especially against internet-exposed webservers.


Reference:



A security administrator is hardening corporate systems and applying appropriate mitigations by consulting a real-world knowledge base for adversary behavior.
Which of the following would be best for the administrator to reference?

  1. MITRE ATT&CK
  2. CSIRT
  3. CVSS
  4. SOAR

Answer(s): A

Explanation:

The MITRE ATT&CK framework provides a comprehensive, real-world knowledge base of adversary tactics, techniques, and procedures (TTPs) for understanding and mitigating attacks.
A) MITRE ATT&CK
B) CSIRT is a response team, not a knowledge base of attacker behavior.
C) CVSS rates vulnerability severity, not attacker TTPs.
D) SOAR automates response and orchestration, not the adversary behavior catalog.
Correct answer: A


Reference:



An architect has a request to increase the speed of data transfer using JSON requests externally. Currently, the organization uses SFTP to transfer data files.
Which of the following will most likely meet the requirements?

  1. A website-hosted solution
  2. Cloud shared storage
  3. A secure email solution
  4. Microservices using API

Answer(s): D

Explanation:

A secure API-based microservices architecture using API allows fast, structured JSON data transfer over REST/HTTP with authentication, authorization, and scalable endpoints, meeting the requirement for speed and JSON requests while preserving security.
A) A website-hosted solution is not specifically optimized for programmatic JSON data transfer or secure automated exchanges.
B) Cloud shared storage focuses on file storage access, not JSON-based transfer or APIs.
C) A secure email solution is not designed for high-speed programmatic data exchange or JSON payloads.
D) Microservices using API provides defined interfaces, stateless calls, and scalable throughput suitable for externally consuming JSON requests.



Which of the following addresses individual rights such as the right to be informed, the right of access, and the right to be forgotten?

  1. GDPR
  2. PCI DSS
  3. NIST
  4. ISO

Answer(s): A

Explanation:

GDPR protects individual rights such as the right to be informed, access, and erasure (right to be forgotten).
A) GDPR
B) PCI DSS does not address individual privacy rights; it focuses on payment card data security.
C) NIST provides cybersecurity guidelines, not a rights framework.
D) ISO refers to various standards (e.g., ISO 27001) but GDPR specifically governs data protection and privacy rights in the EU.


Reference:



An administrator is installing an LDAP browser tool in order to view objects in the corporate LDAP directory. Secure connections to the LDAP server are required.
When the browser connects to the server, certificate errors are being displayed, and then the connection is terminated.
Which of the following is the most likely solution?

  1. The administrator should allow SAN certificates in the browser configuration.
  2. The administrator needs to install the server certificate into the local truststore.
  3. The administrator should request that the secure LDAP port be opened to the server.
  4. The administrator needs to increase the TLS version on the organization's RA.

Answer(s): B

Explanation:

A secure LDAP (LDAPS) connection requires the client to trust the server’s certificate. Installing the server certificate into the local truststore ensures the LDAP browser can establish a trusted TLS session without certificate validation errors, preventing termination.
A) Allowing SAN certificates in the browser configuration is not relevant because the issue is trust validation of the server certificate, not SAN handling.
C) Opening a port is not about certificate trust and would not resolve TLS certificate errors.
D) Increasing TLS version on RA (RA? likely CA) is not applicable; the problem is the client does not trust the server’s certificate, not a negotiated TLS protocol version.



Which of the following is the most important security concern when using legacy systems to provide production service?

  1. Instability
  2. Lack of vendor support
  3. Loss of availability
  4. Use of insecure protocols

Answer(s): B

Explanation:

A legacy system used for production raises critical risk from lack of vendor support, making patches, vulnerability disclosures, and timely remediation unavailable, which directly impacts risk management and compliance.
A) Instability can occur but is often mitigated by proper change control; it is not as foundational as support for timely security fixes.
C) Loss of availability is a concern but is typically addressed with redundancy and backups rather than vendor support alone.
D) Use of insecure protocols is a concern, but even if addressed, without vendor support there is no ongoing patching or guidance for secure configuration.


Reference:



A security investigation revealed that malicious software was installed on a server using a server administrator's credentials. During the investigation, the server administrator explained that Telnet was regularly used to log in.
Which of the following most likely occurred?

  1. A spraying attack was used to determine which credentials to use.
  2. A packet capture tool was used to steal the password.
  3. A remote-access Trojan was used to install the malware.
  4. A dictionary attack was used to log in as the server administrator.

Answer(s): B

Explanation:

Telnet usage and credential compromise indicate interception of credentials in transit, making a packet capture tool the most likely method to steal the password.
A) Spraying attack targets many accounts with a few common passwords, not specifically tied to Telnet sessions or a single administrator’s credentials. B) Packet capture can capture unencrypted credentials transmitted over Telnet, enabling the attacker to obtain the password. C) Remote-access Trojan describes malware installed after gaining access, not the credential theft method via Telnet. D) Dictionary attack attempts logins by trial of common passwords; it does not explain credential capture from an active Telnet session.



A user is requesting Telnet access to manage a remote development web server. Insecure protocols are not allowed for use within any environment.
Which of the following should be configured to allow remote access to this server?

  1. HTTPS
  2. SNMPv3
  3. SSH
  4. RDP
  5. SMTP

Answer(s): C

Explanation:

SSH provides encrypted remote command-line access, replacing insecure Telnet for remote server management, which aligns with a policy restricting insecure protocols. A) HTTPS is for web traffic encryption but does not provide shell access. B) SNMPv3 offers secure management but is typically for device monitoring, not interactive remote shell. D) RDP can be encrypted but is a graphical remote desktop protocol, not as secure or appropriate for server management in some environments and may introduce risk. E) SMTP is for email delivery, not remote server administration. Therefore SSH is the correct, secure choice for remote management.


Reference:



Viewing Page 8 of 91



Share your comments for CompTIA SY0-701 exam with other users:

Berihun 7/13/2023 7:29:00 AM

all questions are so important and covers all ccna modules
Anonymous


nspk 1/19/2024 12:53:00 AM

q 44. ans:- b (goto setup > order settings > select enable optional price books for orders) reference link --> https://resources.docs.salesforce.com/latest/latest/en-us/sfdc/pdf/sfom_impl_b2b_b2b2c.pdf(decide whether you want to enable the optional price books feature. if so, select enable optional price books for orders. you can use orders in salesforce while managing price books in an external platform. if you’re using d2c commerce, you must select enable optional price books for orders.)
Anonymous


Muhammad Rawish Siddiqui 12/2/2023 5:28:00 AM

"cost of replacing data if it were lost" is also correct.
SAUDI ARABIA


Anonymous 7/14/2023 3:17:00 AM

pls upload the questions
UNITED STATES


Mukesh 7/10/2023 4:14:00 PM

good questions
UNITED KINGDOM


Elie Abou Chrouch 12/11/2023 3:38:00 AM

question 182 - correct answer is d. ethernet frame length is 64 - 1518b. length of user data containing is that frame: 46 - 1500b.
Anonymous


Damien 9/23/2023 8:37:00 AM

i need this exam pls
Anonymous


Nani 9/10/2023 12:02:00 PM

its required for me, please make it enable to access. thanks
UNITED STATES


ethiopia 8/2/2023 2:18:00 AM

seems good..
ETHIOPIA


whoAreWeReally 12/19/2023 8:29:00 PM

took the test last week, i did have about 15 - 20 word for word from this site on the test. (only was able to cram 600 of the questions from this site so maybe more were there i didnt review) had 4 labs, bgp, lacp, vrf with tunnels and actually had to skip a lab due to time. lots of automation syntax questions.
EUROPEAN UNION


vs 9/2/2023 12:19:00 PM

no comments
Anonymous


john adenu 11/14/2023 11:02:00 AM

nice questions bring out the best in you.
Anonymous


Osman 11/21/2023 2:27:00 PM

really helpful
Anonymous


Edward 9/13/2023 5:27:00 PM

question #50 and question #81 are exactly the same questions, azure site recovery provides________for virtual machines. the first says that it is fault tolerance is the answer and second says disater recovery. from my research, it says it should be disaster recovery. can anybody explain to me why? thank you
CANADA


Monti 5/24/2023 11:14:00 PM

iam thankful for these exam dumps questions, i would not have passed without this exam dumps.
UNITED STATES


Anon 10/25/2023 10:48:00 PM

some of the answers seem to be inaccurate. q10 for example shouldnt it be an m custom column?
MALAYSIA


PeterPan 10/18/2023 10:22:00 AM

are the question real or fake?
Anonymous


CW 7/11/2023 3:19:00 PM

thank you for providing such assistance.
UNITED STATES


Mn8300 11/9/2023 8:53:00 AM

nice questions
Anonymous


Nico 4/23/2023 11:41:00 PM

my 3rd purcahse from this site. these exam dumps are helpful. very helpful.
ITALY


Chere 9/15/2023 4:21:00 AM

found it good
Anonymous


Thembelani 5/30/2023 2:47:00 AM

excellent material
Anonymous


vinesh phale 9/11/2023 2:51:00 AM

very helpfull
UNITED STATES


Bhagiii 11/4/2023 7:04:00 AM

well explained.
Anonymous


Rahul 8/8/2023 9:40:00 PM

i need the pdf, please.
CANADA


CW 7/11/2023 2:51:00 PM

a good source for exam preparation
UNITED STATES


Anchal 10/23/2023 4:01:00 PM

nice questions
INDIA


J Nunes 9/29/2023 8:19:00 AM

i need ielts general training audio guide questions
BRAZIL


Ananya 9/14/2023 5:16:00 AM

please make this content available
UNITED STATES


Swathi 6/4/2023 2:18:00 PM

content is good
Anonymous


Leo 7/29/2023 8:45:00 AM

latest dumps please
INDIA


Laolu 2/15/2023 11:04:00 PM

aside from pdf the test engine software is helpful. the interface is user-friendly and intuitive, making it easy to navigate and find the questions.
UNITED STATES


Zaynik 9/17/2023 5:36:00 AM

questions and options are correct, but the answers are wrong sometimes. so please check twice or refer some other platform for the right answer
Anonymous


Massam 6/11/2022 5:55:00 PM

90% of questions was there but i failed the exam, i marked the answers as per the guide but looks like they are not accurate , if not i would have passed the exam given that i saw about 45 of 50 questions from dump
Anonymous