CompTIA Security+ Certification Exam (2026) SY0-701 Practice Questions

Page: 1 / 14
Total 887 questions
Question 1

A penetration tester was able to gain unauthorized access to a hypervisor platform. Which of the following vulnerabilities was most likely exploited?



Answer : D

VM escape is a vulnerability where an attacker breaks out of a virtual machine guest environment to access the host hypervisor, gaining control over other guests or the host system itself.

Cross-site scripting (A) and SQL injection (B) are application-layer attacks. Race condition (C) is a timing-related vulnerability.

VM escape is a critical threat in virtualized environments discussed under Threats and Vulnerabilities in SY0-7016:Chapter 2CompTIA Security+ Study Guide.


Question 2

In which of the following scenarios is tokenization the best privacy technique 10 use?



Answer : C

Tokenization is a process that replaces sensitive data, such as credit card information, with a non-sensitive equivalent (token) that can be used in place of the actual data. This technique is particularly useful in securely storing payment information because the token can be safely stored and transmitted without exposing the original credit card number.


CompTIA Security+ SY0-701 Course Content: Domain 03 Security Architecture.

CompTIA Security+ SY0-601 Study Guide: Chapter on Cryptography and Data Protection.

Question 3

A software company currently secures access using a combination of traditional username/password configurations and one-time passwords for MFA. However, employees still struggle to maintain both a password manager and the authenticator application. The company wants to migrate to a single, integrated authentication solution that is more secure and provides a smoother login experience for its employees. Which of the following solutions will best satisfy the company's needs?



Answer : A

The best answer is A. Migrating to FIDO2 passkeys, utilizing built-in device biometrics for user authentication.

The company wants a single, integrated authentication solution that is both more secure and easier for employees to use. FIDO2 passkeys best match this requirement because they allow passwordless authentication using cryptographic credentials stored on the user's device, often unlocked with biometrics or a local PIN.

This improves security and usability because:

users no longer need to manage a password plus a separate authenticator app

phishing resistance is stronger than traditional passwords and OTPs

authentication is integrated into the device experience

biometric unlock makes login smoother for users

Why the other options are incorrect:

B . Implementing SMS-based one-time passwords as the primary second factor for all loginsSMS is weaker than modern phishing-resistant methods and still does not solve the issue of streamlining authentication as well as passkeys.

C . Implementing SAML federation across authentication servers so employees can use SSO to access applicationsSSO improves convenience, but it does not by itself replace passwords with a more secure integrated authentication method. It solves access federation, not the core password-plus-authenticator problem.

D . Deploying a PKI system that requires all employees to use smart cards for login accessSmart cards can be secure, but they are less convenient and less seamless than device-based passkeys and biometrics for many organizations.

From a SY0-701 perspective, FIDO2 and passwordless authentication are strong modern controls that improve both security and user experience. Therefore, A is the best answer.


Question 4

During a penetration test, a vendor attempts to enter an unauthorized area using an access badge Which of the following types of tests does this represent?



Answer : D

Attempting to enter an unauthorized area using an access badge during a penetration test is an example of a physical test. This type of test evaluates the effectiveness of physical security controls, such as access badges, security guards, and locks, in preventing unauthorized access to restricted areas.

Defensive and offensive testing typically refer to digital or network-based penetration testing strategies.

Passive testing involves observing or monitoring but not interacting with the environment.


Question 5

A company is utilizing an offshore team to help support the finance department. The company wants to keep the data secure by keeping it on a company device but does not want to provide equipment to the offshore team. Which of the following should the company implement to meet this requirement?



Answer : A

Virtual Desktop Infrastructure (VDI) allows a company to host desktop environments on a centralized server. Offshore teams can access these virtual desktops remotely, ensuring that sensitive data stays within the company's infrastructure without the need to provide physical devices to the team. This solution is ideal for maintaining data security while enabling remote work, as all data processing occurs on the company's secure servers.


CompTIA Security+ SY0-701 Course Content: VDI is discussed as a method for securely managing remote access to company resources without compromising data security.

Question 6

A security analyst locates a potentially malicious video file on a server and needs to identify both the creation date and the file's creator. Which of the following actions would most likely give the security analyst the information required?



Answer : D

Metadata is data that describes other data, such as its format, origin, creation date, author, and other attributes. Video files, like other types of files, can contain metadata that can provide useful information for forensic analysis. For example, metadata can reveal the camera model, location, date and time, and software used to create or edit the video file.To query the file's metadata, a security analyst can use various tools, such as MediaInfo1, ffprobe2, or hexdump3, to extract anddisplay the metadata from the video file. By querying the file's metadata, the security analyst can most likely identify both the creation date and the file's creator, as well as other relevant information. Obtaining the file's SHA-256 hash, checking endpoint logs, or using hexdump on the file's contents are other possible actions, but they are not the most appropriate to answer the question. The file's SHA-256 hash is a cryptographic value that can be used to verify the integrity or uniqueness of the file, but it does not reveal any information about the file's creation date or creator. Checking endpoint logs can provide some clues about the file's origin or activity, but it may not be reliable or accurate, especially if the logs are tampered with or incomplete.Using hexdump on the file's contents can show the raw binary data of the file, but it may not be easy or feasible to interpret the metadata from the hex output, especially if the file is large or encrypted. Reference:1:How do I get the meta-data of a video file?2:How to check if an mp4 file contains malware?3: [Hexdump - Wikipedia]


Question 7

While analyzing SIEM alerts for a company's WAF, an incident response analyst observes the following:

https://corporate-A.com/loadimage?filename=/etc/

https://corporate-A.com/loadimage?filename=../../etc/passwd

https://corporate-A.com/loadimage?filename=./etc/passwd

Which of the following best describes the observed behavior?



Answer : B

The best answer is B. Directory traversal.

The URLs show attempts to manipulate the filename parameter in order to access sensitive files and directories on the server, especially:

/etc/

/../etc/passwd

/etc/passwd

This is a classic directory traversal attack, also known as path traversal. The attacker is trying to move outside the intended directory structure and access protected operating system files. The reference to /etc/passwd is a common indicator of an attempt to read sensitive files on Unix/Linux systems.

Why the other options are incorrect:

A . Credential replayCredential replay involves reusing captured authentication credentials, which is not what these requests show.

C . Brute-force attackA brute-force attack involves repeated guessing, usually of passwords, keys, or codes. That is not the behavior shown here.

D . Resource exhaustionResource exhaustion involves overwhelming a system with requests or usage to reduce availability. These examples instead show attempts to access files through manipulated paths.

From a Security+ standpoint, attacks using ../ to escape directories are a well-known example of directory traversal, so B is the correct answer.


Page:    1 / 14   
Total 887 questions