Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

CompTIA Security+ Exam 2026

Actual Preparation Beats Generic Memorization

We have coached hundreds of candidates through this cybersecurity milestone. The ones who struggle are almost always those who relied on low-quality, static brain dumps that fail to simulate the actual exam environment. At Exact2Pass, we have focused our ecosystem entirely on the underlying technical rationale. Our CompTIA Security+ SY0-701 exam prep includes rigorous engineering explanations for every single query, ensuring you comprehend the "why" behind the answer. We deep-dive into complex threat actor vectors, identity governance frameworks, and real-world cryptographic implementations. It is the definitive difference between blindly hoping for a pass and knowing you possess the practical expertise to handle whatever performance-based questions (PBQs) the Pearson VUE terminal presents to you.

Question # 241

Which of the following would best ensure a controlled version release of a new software application?

A.

Business continuity planning

B.

Quantified risk analysis

C.

Static code analysis

D.

Change management procedures

Question # 242

An administrator wants to perform a risk assessment without using proprietary company information. Which of the following methods should the administrator use to gather information?

A.

Network scanning

B.

Penetration testing

C.

Open-source intelligence

D.

Configuration auditing

Question # 243

A university employee logged on to the academic server and attempted to guess the system administrators ' log-in credentials. Which of the following security measures should the university have implemented to detect the employee ' s attempts to gain access to the administrators ' accounts?

A.

Two-factor authentication

B.

Firewall

C.

Intrusion prevention system

D.

User activity logs

Question # 244

Which of the following teams combines both offensive and defensive testing techniques to protect an organization ' s critical systems?

A.

Red

B.

Blue

C.

Purple

D.

Yellow

Question # 245

Which of the following describes the procedures a penetration tester must follow while conducting a test?

A.

Rules of engagement

B.

Rules of acceptance

C.

Rules of understanding

D.

Rules of execution

Question # 246

In a rush to meet an end-of-year business goal, the IT department was told to implement a new business application. The security engineer reviews the attributes of the application and decides the time needed to perform due diligence is insufficient from a cybersecurity perspective. Which of the following best describes the security engineer ' s response?

A.

Risk tolerance

B.

Risk acceptance

C.

Risk importance

D.

Risk appetite

Question # 247

Which of the following data states applies to data that is being actively processed by a database server?

A.

In use

B.

At rest

C.

In transit

D.

Being hashed

Question # 248

While a school district is performing state testing, a security analyst notices all internet services are unavailable. The analyst discovers that ARP poisoning is occurring on the network and then terminates access for the host. Which of the following is most likely responsible for this malicious activity?

A.

Unskilled attacker

B.

Shadow IT

C.

Credential stuffing

D.

DMARC failure

Question # 249

A company ' s accounts payable clerk receives a message from a vendor asking to change their bank account before paying an invoice. The clerk makes the change and sends the payment to the new account. Days later, the clerk receives another message from the same vendor with a request for a missing payment to the original bank account. Which of the following has most likely occurred?

A.

Phishing campaign

B.

Data exfiltration

C.

Pretext calling

D.

Business email compromise

Question # 250

A security analyst must recover files from a USB drive associated with a ransomware attack. Which of the following tools will help the analyst securely retrieve the files?

A.

Sandboxing environment

B.

Intrusion prevention system

C.

File integrity management tool

D.

Static code analysis tool

Question # 251

An employee receives a text message from an unknown number claiming to be the company ' s Chief Executive Officer and asking the employee to purchase several gift cards. Which of the following types of attacks does this describe?

A.

Vishing

B.

Smishing

C.

Pretexting

D.

Phishing

Question # 252

The management team reports employees are missing features on company-provided tablets, causing productivity issues. The team directs IT to resolve the issue within 48 hours. Which of the following is the best solution?

A.

EDR

B.

COPE

C.

MDM

D.

FDE

Question # 253

A security analyst estimates that a small security incident will cost $10,000 and will occur twice per year. The analyst recommends a budget of $20,000 for next year. Which of the following does the $10,000 represent?

A.

ARO

B.

SLE

C.

ALE

D.

RPO

Question # 254

A software developer would like to ensure. The source code cannot be reverse engineered or debugged. Which of the following should the developer consider?

A.

Version control

B.

Obfuscation toolkit

C.

Code reuse

D.

Continuous integration

E.

Stored procedures

Question # 255

Which of the following most accurately describes the order in which a security engineer should implement secure baselines?

A.

Deploy, maintain, establish

B.

Establish, maintain, deploy

C.

Establish, deploy, maintain

D.

Deploy, establish, maintain

Question # 256

Visitors to a secured facility are required to check in with a photo ID and enter the facility through an access control vestibule Which of the following but describes this form of security control?

A.

Physical

B.

Managerial

C.

Technical

D.

Operational

Question # 257

Which of the following actors attacking an organization is the most likely to be motivated by personal beliefs?

A.

Nation-state

B.

Organized crime

C.

Hacktvist

D.

Insider threat

Question # 258

A new employee logs in to the email system for the first time and notices a message from human resources about onboarding. The employee hovers over a few of the links within the email and discovers that the links do not correspond to links associated with the company. Which of the following attack vectors is most likely being used?

A.

Business email

B.

Social engineering

C.

Unsecured network

D.

Default credentials

Question # 259

A company performs a risk assessment on the information security program each year. Which of the following best describes this risk assessment?

A.

Recurring

B.

Ad hoc

C.

One time

D.

Continuous

Question # 260

A company installed cameras and added signs to alert visitors that they are being recorded. Which of the following controls did the company implement? (Select two).

A.

Directive

B.

Deterrent

C.

Preventive

D.

Detective

E.

Corrective

F.

Technical

Go to page: