CompTIA SY0-701 Online Practice
Questions and Exam Preparation
SY0-701 Exam Details
Exam Code
:SY0-701
Exam Name
:CompTIA Security+
Certification
:CompTIA Certifications
Vendor
:CompTIA
Total Questions
:983 Q&As
Last Updated
:May 26, 2026
CompTIA SY0-701 Online Questions &
Answers
Question 301:
A new employee logs in to the email system for the first time and notices a message from human resources about onboarding. The employee hovers over a few of the links within the email and discovers that the links do not correspond to links associated with the company.
Which of the following attack vectors is most likely being used?
A. Business email B. Social engineering C. Unsecured network D. Default credentials
B. Social engineering
Explanation
The employee notices that the links in the email do not correspond to the company's official URLs, indicating that this is likely a social engineering attack. Social engineering involves manipulating individuals into divulging confidential information or performing actions that may compromise security. Phishing emails, like the one described, often contain fraudulent links to trick the recipient into providing sensitive information or downloading malware. Business email refers to business email compromise (BEC), which typically involves impersonating a high-level executive to defraud the company. Unsecured network is unrelated to the email content. Default credentials do not apply here, as the issue is with suspicious links, not login credentials.
Question 302:
A security administrator is performing an audit on a stand-alone UNIX server, and the following message is immediately displayed:
(Error 13): /etc/shadow: Permission denied.
Which of the following best describes the type of tool that is being used?
A. Pass-the-hash monitor B. File integrity monitor C. Forensic analysis D. Password cracker
B. File integrity monitor
Question 303:
After failing an audit twice, an organization has been ordered by a government regulatory agency to pay fines.
Which of the following causes this action?
A. Non-compliance B. Contract violations C. Government sanctions D. Rules of engagement
A. Non-compliance
Explanation
Failure to meet regulatory standards or requirements (non-compliance) can result in fines and penalties imposed by a government regulatory agency. When an organization does not comply with mandated regulations or fails audits, it may face financial repercussions to enforce adherence to required standards.
Question 304:
Which of the following is the most likely motivation for a hacktivist?
A. Financial gain B. Service disruption C. Philosophical beliefs D. Corporate espionage
C. Philosophical beliefs
Question 305:
A penetration test has demonstrated that domain administrator accounts were vulnerable to pass-the-hash attacks.
Which of the following would have been the best strategy to prevent the threat actor from using domain administrator accounts?
A. Audit each domain administrator account weekly for password compliance. B. Implement a privileged access management solution. C. Create IDS policies to monitor domain controller access. D. Use Group Policy to enforce password expiration.
B. Implement a privileged access management solution.
Explanation
Privileged access management (PAM) solutions effectively mitigate pass-the-hash attacks by enforcing least privilege and session management for administrative accounts. These tools restrict how and when credentials can be accessed, thereby reducing attack surfaces.
A company allows customers to upload PDF documents to its public e-commerce website.
Which of the following would a security analyst most likely recommend?
A. Utilizing attack signatures in an IDS B. Enabling malware detection through a UTM C. Limiting the affected servers with a load balancer D. Blocking command injections via a WAF
B. Enabling malware detection through a UTM
Question 307:
During an investigation, an incident response team attempts to understand the source of an incident.
Which of the following incident response activities describes this process?
A. Analysis B. Lessons learned C. Detection D. Containment
A. Analysis
Explanation
Analysis is the incident response activity that describes the process of understanding the source of an incident. Analysis involves collecting and examining evidence, identifying the root cause, determining the scope and impact, and assessing the threat actor's motives and capabilities. Analysis helps the incident response team to formulate an appropriate response strategy, as well as to prevent or mitigate future incidents. Analysis is usually performed after detection and before containment, eradication, recovery, and lessons learned.
Question 308:
An administrator is installing an SSL certificate on a new system. During testing, errors indicate that the certificate is not trusted. The administrator has verified with the issuing CA and has validated the private key.
Which of the following should the administrator check for next?
A. If the wildcard certificate is configured B. If the certificate signing request is valid C. If the root certificate is installed D. If the public key is configured
C. If the root certificate is installed
Explanation
If the certificate is not trusted, it's often because the root certificate (or intermediate certificate) from the issuing Certificate Authority (CA) is not installed or not recognized by the system. The root certificate verifies the chain of trust, and without it, the SSL certificate may not be trusted by the system or browser. Installing the root and any necessary intermediate certificates should resolve the trust issue.
Question 309:
Which of the following actors attacking an organization is the most likely to be motivated by personal beliefs?
A. Nation-state B. Organized crime C. Hacktivist D. Insider threat
C. Hacktivist
Explanation
A hacktivist is a type of attacker who is motivated by personal or political beliefs, often aiming to promote a cause or to protest against certain actions or policies. Hacktivists typically use hacking as a means of expressing their views or making a statement, rather than for financial gain or other personal benefits, which distinguishes them from other types of threat actors like nation-states or organized crime groups.
Question 310:
A user's workstation becomes unresponsive and displays a ransom note demanding payment to decrypt files. Before the attack, the user opened a resume they received in a message, browsed the company's website, and installed OS updates.
Which of the following is the most likely vector of this attack?
A. Spear-phishing attachment B. Watering hole C. Infected website D. Typosquatting
A. Spear-phishing attachment
Explanation
The most likely vector of this attack is a spear-phishing attachment. The user opened a resume received in a message, which is a common method used in spear-phishing attacks. These attacks often involve sending a specifically crafted attachment (like a resume) to the targeted user. Once the attachment is opened, it could trigger malware, such as ransomware, which encrypts files on the system and displays a ransom note. This attack vector aligns with the described symptoms, as the user interacted with the malicious attachment before experiencing the ransomware infection.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SY0-701 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.