CompTIA Security+ practice questions.

A junior SOC analyst is documenting controls for the organization's authentication system. Multi-factor authentication is enforced for all administrative access; the help desk is empowered to override MFA on a documented exception basis with a 24-hour expiry. Which control category and type best describe the help-desk override capability under the SY0-701 control taxonomy?

An organization is designing its zero-trust architecture per NIST SP 800-207. The team has identified the resources to be protected and the subjects requesting access. They need to add the component that evaluates the access request against policy and decides whether to grant access. Which NIST 800-207 component performs this function?

A cryptography lead is selecting a key-stretching technique to protect stored password hashes. The chosen technique must add computational cost per password verification, must be widely supported, and must allow the cost factor to be tuned as hardware improves. Which option best meets these criteria?

A security analyst is triaging an alert that a public-facing image processor crashed and a denial-of-service condition followed. Investigation shows that a crafted image carried embedded shell code, and the application copied the image header into a fixed-size stack buffer without bounds checking. Which vulnerability class best describes this finding?

A risk register lists a single threat actor described as well-funded, persistent, focused on long-term intelligence collection, and operating with the support of a government. Which category of actor best matches this profile under the SY0-701 actor taxonomy?

An application allow list is deployed on a workstation fleet to control which executables can run. Several finance users report that their tax-prep tool fails to launch after a minor version update. The IT team must restore functionality without weakening the allow list. Which response best preserves the security control while addressing the reported failure?

A SaaS company is mapping its cloud architecture against the data-states taxonomy. Customer payment-card data is encrypted with AES-GCM in the customer-facing database and re-encrypted with a hardware-backed key when paid through to the payment processor's API. During an in-application search, the application decrypts the relevant rows into memory to perform a substring match. Which data state best describes the data during the substring match?

A team is designing the resilience strategy for a regulated SaaS deployment. Their requirements include the ability to fail over to a second geographic region within 30 minutes RTO and to recover with no more than 5 minutes of data loss (RPO). They also require an annual tabletop and an annual fail-over test. Which combination of design choices satisfies these requirements at the lowest credible cost?

An infrastructure-as-code template defines a load balancer, an application tier, and a database tier in a single virtual private cloud, each in its own subnet. The load balancer should be reachable from the public internet; the application tier should accept connections only from the load balancer; the database tier should accept connections only from the application tier. Which set of design controls best implements the requirement?

A SOC analyst opens a phishing-related alert. The alert was raised by the email gateway after a user clicked a link in an inbound message that resolved to a credential-harvesting page. The analyst confirms the user submitted credentials before reporting the message. Per NIST SP 800-61 Rev. 2, the analyst's current activity sits in which phase of the incident-response lifecycle?

An organization wants to add a passwordless authentication option for employees. Requirements: must support phishing-resistant authentication, must work across the major browsers, and must let users authenticate without typing a shared secret. Which technology best meets the requirements?

A forensics technician is preparing to image a suspect workstation under a court-ordered subpoena. The technician must preserve evidence integrity for downstream legal proceedings. Which step ensures the imaged copy can be authenticated as identical to the source drive at trial?

A vendor risk team is selecting a quantitative risk-assessment approach for an information system. They want a single-number expected annual loss they can compare across systems. Which formula expresses that single number?

A third-party risk team is reviewing a contract with a critical software vendor. The contract must obligate the vendor to a specific minimum service-level expectation with measurable metrics and remedies for breach. Which agreement type matches that obligation?

An organization's security awareness program is producing low engagement on its annual training module. The CISO wants to shift to a recognition-based design that helps employees identify and report risky situations. Which of the following best matches the SY0-701 'anomalous behavior recognition' framework?