00:15:00

CompTIA Security+ Practice Test (SY0-701)

Use the form below to configure your CompTIA Security+ Practice Test (SY0-701). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.

Logo for CompTIA Security+ SY0-701
Questions
Number of questions in the practice test
Free users are limited to 20 questions, upgrade to unlimited
Seconds Per Question
Determines how long you have to finish the practice test
Exam Objectives
Which exam objectives should be included in the practice test

CompTIA Security+ SY0-701 Information

CompTIA Security+ Certification Exam Overview

The CompTIA Security+ certification is a vendor-neutral credential that validates foundational security skills and knowledge. The current version of the exam is SY0-701. The SY0-701 exam is a computer-based test that consists of up to 90 questions, with a duration of 90 minutes. Candidates must achieve a minimum passing score of 750 points on a scale of 100-900.

Question Types on the Security+ Exam

The Security+ exam includes two primary types of questions:

  • Multiple-Choice/Multiple-Selection Questions: These questions require candidates to select one or more correct answers from a list of options.
  • Performance-Based Questions (PBQs): These questions involve solving problems in a simulated IT environment, such as command prompt or networking environments. PBQs are also featured in other CompTIA exams, like A+ and Network+.

Exam Prerequisites

CompTIA does not enforce any prerequisites for the Security+ exam. However, it is recommended that candidates have the CompTIA Network+ certification and at least two years of experience in IT administration with a focus on security. Additionally, CompTIA suggests that candidates be at least 13 years old.

Security+ Exam Domains

The SY0-701 exam focuses on five primary domains:

  • General Security Concepts (12%)
  • Threats, Vulnerabilities, and Mitigations (22%)
  • Security Architecture (18%)
  • Security Operations (28%)
  • Security Program Management and Oversight (20%)

These domains are detailed in the exam objectives, which outline the scope of the test, including domain weighting, test objectives, and example topics.

Exam Renewal Policy

The Security+ certification, along with other CompTIA certifications, must be renewed every three years. The bridge exam scheme was retired on December 31, 2010. Post-January 1, 2011, all new certifications are valid for three years from the date of certification. Renewal can be achieved by passing the latest version of the exam or through the Continuing Education (CE) program. This program allows candidates to keep their skills current through various activities that demonstrate industry knowledge.

Testing Centers

CompTIA exams, including Security+, are available exclusively through Pearson VUE testing centers since July 9, 2012. Exams can be scheduled online, by phone, or at the testing center. Candidates can choose between in-person exams at Pearson VUE centers or online testing.

The CompTIA Security+ certification ensures that IT professionals possess the essential security skills and knowledge required to protect and manage today's increasingly complex IT environments.

More reading:

Free CompTIA Security+ SY0-701 Practice Test

Press start when you are ready, or press Change to modify any settings for the practice test.

  • Questions: 15
  • Time: Unlimited
  • Included Topics:
    General Security Concepts
    Threats, Vulnerabilities, and Mitigations
    Security Architecture
    Security Operations
    Security Program Management and Oversight
Question 1 of 15

A company wants to provide their employees flexibility to work from anywhere within their large corporate campus. As a part of this policy, employees aren’t allowed to take company equipment off of the company grounds. Which mobile device management figure should the company implement to most effectively enforce this policy?

  • You selected this option

    Application management

  • You selected this option

    Geofencing

  • You selected this option

    Geolocation

  • You selected this option

    Content management

  • You selected this option

    Remote wipe

Question 2 of 15

Disabling unnecessary services and ports on a server is a recommended practice to reduce its attack surface.

  • You selected this option

    False

  • You selected this option

    True

Question 3 of 15

What is a key benefit of implementing automation in the process of increasing an organization's computing resources?

  • You selected this option

    Allows for increased hands-on configuration time for IT staff

  • You selected this option

    Ensures consistent application of security settings and policies

  • You selected this option

    Decreases the overall cost of the IT budget

  • You selected this option

    Reduces the need for security monitoring tools

Question 4 of 15

Your company is engaging a vendor to develop a proprietary network security solution. Which document is primarily responsible for defining the tasks to be completed, the deliverables expected, and a timeline for when these milestones should be achieved?

  • You selected this option

    Agreement for Services

  • You selected this option

    Statement of Work

  • You selected this option

    Confidentiality Agreement

  • You selected this option

    Partnership Agreement

Question 5 of 15

Which form of access control is specifically designed to adapt in real-time to the perceived threat level, improving the security stance by continuously evaluating the risk and context associated with user access requests?

  • You selected this option

    Mandatory access control (MAC)

  • You selected this option

    Adaptive Policy-driven access control

  • You selected this option

    Discretionary access control (DAC)

  • You selected this option

    Role-based access control (RBAC)

Question 6 of 15

Which part of the AAA security framework refers to what a user is allowed to do on the network?

  • You selected this option

    Authorization

  • You selected this option

    Accounting

  • You selected this option

    Non-repudiation

  • You selected this option

    Authentication

Question 7 of 15

A company is looking to protect its customers' credit card information within its database while still using the data for transactional processes. Which method ensures the original data cannot be derived from the information stored in the database without access to a separate mapping system?

  • You selected this option

    Tokenization

  • You selected this option

    Format-Preserving Encryption

  • You selected this option

    One-way Hashing

  • You selected this option

    Data Masking with Fixed Mask Characters

Question 8 of 15

Which technology is used to securely transmit data over untrusted networks by encrypting the data before sending it?

  • You selected this option

    File transfer protocol (FTP)

  • You selected this option

    Virtual Private Network (VPN)

  • You selected this option

    Remote desktop

  • You selected this option

    Secure Shell (SSH)

Question 9 of 15

Which of the following techniques involves replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security?

  • You selected this option

    Encryption

  • You selected this option

    Tokenization

  • You selected this option

    Salting

  • You selected this option

    Anonymization

Question 10 of 15

An organization is considering acquiring new hardware components from an unfamiliar manufacturer. As the security analyst, you are tasked with evaluating potential risks before making the purchase. Which of the following actions should you take to conduct a thorough supply chain analysis?

  • You selected this option

    Verify that the equipment integrates with the organization's current network setup.

  • You selected this option

    Arrange a demonstration of the equipment's features by the vendor's sales team.

  • You selected this option

    Examine the vendor's component sourcing and manufacturing processes for security vulnerabilities.

  • You selected this option

    Investigate the vendor's compliance with international trade regulations and industry standards.

Question 11 of 15

A financial company has decided to implement an additional security layer for accessing its internal customer database system to ensure that only authenticated and authorized employees can view sensitive customer information. The system now requires an access code from a hardware token in addition to the username and password. This change primarily strengthens which element of AAA?

  • You selected this option

    Authorization

  • You selected this option

    Accounting

  • You selected this option

    Authentication

  • You selected this option

    Non-repudiation

Question 12 of 15

A security analyst notices unauthorized applications running on company-issued mobile devices. Further investigation reveals that default security features have been bypassed on these devices. Which of the following is the MOST likely cause?

  • You selected this option

    The devices are infected with malware

  • You selected this option

    The devices have outdated firmware

  • You selected this option

    The devices are connected to an unsecured Wi-Fi network

  • You selected this option

    The devices have been jailbroken

Question 13 of 15

A system administrator has been notified that an audit has found certain files containing proprietary source code to be accessible by all employees through a shared network drive. The source code should only be accessible to members of the development team. To align with best practices for permissions management, which of the following actions should the system administrator implement FIRST to remediate this issue?

  • You selected this option

    Set up an alert system to monitor file access patterns and flag any unauthorized attempts

  • You selected this option

    Modify the permissions on the files to restrict access solely to the development team

  • You selected this option

    Disable the shared network drive until a full user account review can be performed

  • You selected this option

    Initiate a company-wide training on the importance of data confidentiality

Question 14 of 15

What is a potential consequence for an organization that fails to comply with the license terms for a software product it uses?

  • You selected this option

    Password expiration

  • You selected this option

    Loss of license

  • You selected this option

    Network latency issues

  • You selected this option

    Reduction in workforce

Question 15 of 15

What aspect of data retention policies is MOST crucial for ensuring compliance with legal and regulatory frameworks?

  • You selected this option

    The storage costs associated with different types of data

  • You selected this option

    The categorization of data as sensitive, confidential, or public

  • You selected this option

    The encryption strength used to protect data during the retention period

  • You selected this option

    The length of time that data must be stored before it can be destroyed or archived