Free CompTIA Security+ Certification Exam SY0-701 Exam Practice Test

Which of the following vulnerabilities is exploited when an attacker overwrites a register with a malicious address?

• VM escape
• SQL injection
• Buffer overflow
• Race condition

A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?

• Private
• Critical
• Sensitive
• Public

Employees in the research and development business unit receive extensive training to ensure they understand how to best protect company data. Which of the following is the type of data these employees are most likely to use in day-to-day work activities?

• Encrypted
• Intellectual property
• Critical
• Data in transit

A security analyst scans a company's public network and discovers a host is running a remotedesktop that can be used to access the production network. Which of the following changes should the security analyst recommend?

• Changing the remote desktop port to a non-standard number
• Setting up a VPN and placing the jump server inside the firewall
• Using a proxy for web connections from the remote desktop server
• Connecting the remote server to the domain and increasing the password length

A security consultant needs secure, remote access to a client environment. Which of the following should the security consultant most likely use to gain access?

• EAP
• DHCP
• IPSec
• NAT

A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users. Which of the following would be a good use case for this task?

• Off-the-shelf software
• Orchestration
• Baseline
• Policy enforcement

Which of the following describes the process of concealing code or text inside a graphical image?

• Symmetric encryption
• Hashing
• Data masking
• Steganography

Which of the following factors are the most important to address when formulating a training curriculum plan for a security awareness program? (Select two).

• Channels by which the organization communicates with customers
• The reporting mechanisms for ethics violations
• Threat vectors based on the industry in which the organization operates
• Secure software development training for all personnel
• Cadence and duration of training events
• Retraining requirements for individuals who fail phishing simulations

A security manager created new documentation to use in response to various types of security incidents. Which of the following is the next step the manager should take?

• Set the maximum data retention policy.
• Securely store the documents on an air-gapped network.
• Review the documents' data classification policy.
• Conduct a tabletop exercise with the team.

A company’s web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non- encrypted websites?

• encryption=off\
• http://
• www.*.com
• :443