CompTIA Security+ Practice Test (SY0-701)
Use the form below to configure your CompTIA Security+ Practice Test (SY0-701). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.

CompTIA Security+ SY0-701 (V7) Information
CompTIA Security+ Certification Exam Overview
The CompTIA Security+ certification is a vendor-neutral credential that validates foundational security skills and knowledge. The current version of the exam is SY0-701. The SY0-701 exam is a computer-based test that consists of up to 90 questions, with a duration of 90 minutes. Candidates must achieve a minimum passing score of 750 points on a scale of 100-900.
Question Types on the Security+ Exam
The Security+ exam includes two primary types of questions:
- Multiple-Choice/Multiple-Selection Questions: These questions require candidates to select one or more correct answers from a list of options.
- Performance-Based Questions (PBQs): These questions involve solving problems in a simulated IT environment, such as command prompt or networking environments. PBQs are also featured in other CompTIA exams, like A+ and Network+.
Exam Prerequisites
CompTIA does not enforce any prerequisites for the Security+ exam. However, it is recommended that candidates have the CompTIA Network+ certification and at least two years of experience in IT administration with a focus on security. Additionally, CompTIA suggests that candidates be at least 13 years old.
Security+ Exam Domains
The SY0-701 exam focuses on five primary domains:
- General Security Concepts (12%)
- Threats, Vulnerabilities, and Mitigations (22%)
- Security Architecture (18%)
- Security Operations (28%)
- Security Program Management and Oversight (20%)
These domains are detailed in the exam objectives, which outline the scope of the test, including domain weighting, test objectives, and example topics.
Exam Renewal Policy
The Security+ certification, along with other CompTIA certifications, must be renewed every three years. The bridge exam scheme was retired on December 31, 2010. Post-January 1, 2011, all new certifications are valid for three years from the date of certification. Renewal can be achieved by passing the latest version of the exam or through the Continuing Education (CE) program. This program allows candidates to keep their skills current through various activities that demonstrate industry knowledge.
Testing Centers
CompTIA exams, including Security+, are available exclusively through Pearson VUE testing centers since July 9, 2012. Exams can be scheduled online, by phone, or at the testing center. Candidates can choose between in-person exams at Pearson VUE centers or online testing.
The CompTIA Security+ certification ensures that IT professionals possess the essential security skills and knowledge required to protect and manage today's increasingly complex IT environments.
More reading:
Free CompTIA Security+ SY0-701 (V7) Practice Test
Press start when you are ready, or press Change to modify any settings for the practice test.
- Questions: 20
- Time: Unlimited
- Included Topics:General Security ConceptsThreats, Vulnerabilities, and MitigationsSecurity ArchitectureSecurity OperationsSecurity Program Management and Oversight
What does the concept of ongoing supportability in the context of cybersecurity operations entail?
The initial implementation of security controls in a new system.
The capacity for continued maintenance and updates of security systems and processes.
The periodic change in security policies dictated by organizational structure.
The step-by-step playbook used for responding to security incidents.
Answer Description
Ongoing supportability refers to the ability to regularly update and maintain security systems and processes over their operational life. This includes providing necessary patches, updates, and modifications to adapt to emerging threats and maintain compliance with industry standards. It ensures that systems can continue to be secured effectively throughout their use. The incorrect options, while possibly related to security operations, do not define the term 'ongoing supportability'.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why are patches and updates important for ongoing supportability?
How does ongoing supportability help in adapting to new cybersecurity threats?
What is the role of compliance in ongoing supportability?
An organization seeks a solution to automate vulnerability assessments and ensure consistent security configurations across various systems and tools. Which of the following would BEST help achieve this goal?
Deploy an Endpoint Detection and Response solution
Utilize a Configuration Management Database (CMDB)
Implement the Security Content Automation Protocol (SCAP)
Set up a Network Access Control system
Answer Description
The Security Content Automation Protocol (SCAP) is a framework of standards that enables automated vulnerability management, measurement, and policy compliance evaluation. It provides a standardized approach for sharing security data across different tools, which helps automate assessments and maintain consistent security configurations.
A Configuration Management Database (CMDB) stores information about hardware and software assets within an organization but does not automate vulnerability assessments or enforce security configurations.
An Endpoint Detection and Response (EDR) solution focuses on real-time monitoring and response to threats on endpoint devices but doesn't provide a standardized method for automating vulnerability assessments across various systems and tools.
A Network Access Control (NAC) system enforces security policy compliance for devices attempting to access the network but doesn't automate assessments or manage configurations across all systems and tools.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SCAP and how does it work?
How does SCAP differ from a CMDB?
Why isn’t NAC or EDR suitable for this scenario?
Which of the following is a decoy system designed to attract and analyze the behavior of attackers?
Honeypot
Honeynet
Honeyfile
Honeytoken
Answer Description
A honeypot is a security mechanism set up to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems. Honeypots can come in the form of network-attached systems, applications, or data that simulate a real environment but are closely monitored to gain insights into attacker motives and tactics. This is distinctly different from the other options: Honeynet is a network of honeypots, a honeyfile is a decoy file rather than a system, and a honeytoken is not a system, but a piece of data or a token that serves as a trap.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the primary purposes of a honeypot in cybersecurity?
How does a honeypot differ from a honeynet?
What are the risks associated with deploying honeypots?
When setting up a network device monitoring strategy, which approach enables the automatic receipt of alerts upon specific event occurrences without requiring a management system to initiate a check?
Implementing a widely-used, original version of the network management protocol to ensure compatibility.
Adopting a notification-by-acknowledgment mode for transmitting event data from network devices.
Scheduling the management system to regularly query the network devices for updates.
Enabling the network devices to send notifications independently using an advanced version emphasizing security with authentication and encryption.
Answer Description
To receive alerts without the need for regular polling by the management system, network devices can be configured to transmit notifications autonomously when certain events are detected. This is a critical mechanism for immediate identification and response to network incidents. The most secure way to configure this functionality is to use a current and robust version of the management protocol offering strong authentication and encryption features. It is understood that the said protocol refers to the latest version available, providing enhanced security compared to earlier versions that lack sufficient security measures. Comparatively, systematic checks involve a passive approach, hence not suitable for the proactive requirement. Furthermore, employing the capabilities of older, less secure iterations of the protocol would compromise security. Lastly, notification mechanisms that require acknowledgments can slow down the reporting process and are not ideal for rapid notifications in dynamic network environments.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What protocol is commonly used for autonomous notifications in network monitoring?
How does SNMPv3 improve security over older versions of the protocol?
What are SNMP traps, and why are they useful in proactive network monitoring?
What is it called when a business opts to take no action in response to a risk following an assessment?
Transfer
Accept
Avoid
Mitigate
Answer Description
When a company accepts a risk, they decide that the cost of any of the other risk treatments isn’t worth the potential loss if the risk is realized. They just accept the risk and any loss that could come with it.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Can you explain why a company might choose to accept a risk instead of mitigating or transferring it?
How do businesses document and monitor accepted risks over time?
What is the difference between accepting and avoiding a risk?
During a risk assessment it was concluded that the value of an asset was less than the cost of the security control needed to protect it from an identified risk. Because of this, it has been decided not to use the control but still utilize the asset. What type of risk management strategy is being used?
Avoidance
Mitigation
Acceptance
Transference
Answer Description
Risk acceptance is the risk management strategy where a risk to an asset is accepted and no action is taken. This usually happens when the cost to mitigate the risk is more than the loss that would occur in the event the risk materializes.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the concept of risk acceptance in risk management?
How does risk acceptance differ from risk transference?
What factors should be considered before choosing risk acceptance as a strategy?
Your organization has decided to migrate to a cloud service model. As the IT security professional, you are reviewing the shared responsibility matrix provided by the potential cloud service provider. According to the matrix, which of these responsibilities would typically be managed by your organization rather than the provider in an Infrastructure as a Service (IaaS) model?
Patching of the host operating system
Environmental control of the hardware
Physical security of the data center
Virtualization platform management
Answer Description
In an Infrastructure as a Service (IaaS) model, the cloud service provider manages the infrastructure up to the virtualization layer. However, from the operating system and upwards including applications, data security, and identity management tasks typically become the customer's responsibility. This includes ensuring that operating systems are patched and secure, managing the security policies of applications, and safeguarding data through encryption and access controls. Network controls may be shared responsibilities depending on the service agreement. The provider would not typically manage client's application updates or the patching of operating systems.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Infrastructure as a Service (IaaS)?
What is a shared responsibility matrix in cloud computing?
Why is patching the operating system the customer’s responsibility in IaaS?
Which of the following best describes controls that are designed to establish security policies, procedures, and guidelines?
Operational Controls
Technical Controls
Physical Controls
Managerial Controls
Answer Description
Managerial controls are designed to establish security policies, procedures, and guidelines within an organization. They help in the strategic alignment of security practices with business operations and in ensuring that organizational security objectives are met. They are essential for the governance of security within the company.
Technical controls, on the other hand, involve the use of technology to enforce security measures, such as firewalls and encryption. Operational controls are more about implementing and maintaining day-to-day security tasks. Physical controls include tangible measures like locks, biometrics, and surveillance systems.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Can you explain the difference between managerial and operational controls?
Why are managerial controls important for organizational security?
How do technical and managerial controls complement each other?
A company's primary security measure for their sensitive server room is a biometric access control system. Due to a recent natural disaster, the biometric system is temporarily unavailable. Which of the following would be the BEST compensating control to implement immediately to ensure that only authorized personnel can access the server room while maintaining a similar level of security?
Implement a sign-in/out log that is monitored by a security guard.
Set up a temporary key code lock on the server room door.
Replace the biometric system with a standard key lock.
Disable access to the server room until the system is repaired.
CCTV
Answer Description
A sign-in/out log with a security guard would be the best compensating control because it would provide a record of all individuals accessing the server room and could be carefully monitored. While it's not as secure as biometric controls, it is a reasonable temporary measure that also ensures human oversight. Using a key code might still be secure but it doesn't provide an audit trail of who actually enters, as codes can be shared. CCTV is a deterrent and provides a record but does not control access. A standard key lock might be easy to implement but it is less secure than biometrics. A notice is simply a warning and does nothing to secure the area.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is a sign-in/out log with a security guard considered a good temporary compensating control?
Why is CCTV not an appropriate immediate compensating control for access control?
How does a biometric system improve security compared to compensating controls like a security guard or key lock?
An organization wants to ensure that its employees adhere to the company's acceptable use guidelines. Which of the following controls would BEST help achieve this goal?
Encrypting network communications with SSL/TLS.
Setting up surveillance cameras in work areas.
Installing antivirus software on all employee computers.
Implementing security policies and conducting regular compliance audits.
Answer Description
Implementing security policies and conducting regular compliance audits is a managerial control that ensures employees are aware of the guidelines and that adherence is monitored. This approach helps enforce organizational rules and identifies areas where further training may be needed. Installing antivirus software on all employee computers is a technical control focused on malware prevention, not policy adherence. Setting up surveillance cameras in work areas is a physical control aimed at physical security, which does not directly enforce acceptable use policies. Encrypting network communications with SSL/TLS is a technical control that protects data in transit but does not address whether employees follow company guidelines.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between a managerial, technical, and physical control?
How do compliance audits work, and why are they important?
Why are acceptable use policies essential for organizations?
You administer several customer-facing web applications hosted at account.example.com, checkout.example.com, and helpdesk.example.com. You want each subdomain to present a trusted HTTPS connection without requesting, tracking, or renewing a separate certificate every time a new subdomain is deployed. Which type of certificate issued by a public certificate authority best meets this requirement?
Multi-domain (SAN) certificate
Root certificate
Self-signed certificate
Wildcard certificate
Answer Description
A wildcard certificate (for example, *.example.com) secures an unlimited number of first-level subdomains under the specified parent domain, so one certificate covers any present or future host such as account.example.com or checkout.example.com, greatly simplifying lifecycle management. A multi-domain SAN certificate can secure several hostnames, but every domain must be listed explicitly; adding another subdomain later requires re-issuance. A root certificate is a self-signed trust anchor used by certificate authorities and cannot be purchased to authenticate a commercial website. A self-signed certificate is not trusted by browsers unless the visitor manually installs the issuing root, making it unsuitable for a public e-commerce environment.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a wildcard certificate?
How does a wildcard certificate differ from a multi-domain (SAN) certificate?
Why is a self-signed certificate not suitable for public websites?
An organization's network has been infected with a software that propagates itself across computers, encrypting files and demanding payment for the decryption key. Which of the following BEST describes this type of malicious code?
Ransomware
Virus
Worm
Trojan
Answer Description
Ransomware is characterized by its ability to encrypt files on infected systems and subsequently demand payment for a decryption key, often leading to monetary loss for affected users and organizations. Worms are typically standalone malware that replicate themselves to spread to other computers, without the need for user interaction, but do not demand ransom for recovery. Trojans are malicious programs that disguise themselves as legitimate software but do not have the self-replicating ability of worms or the specific extortion function of ransomware. Viruses, like worms, can self-replicate and spread, but they usually require some form of user action to initiate and may or may not include ransomware characteristics. The correct answer is ransomware because it best fits the criteria of encrypting files and demanding payment.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does ransomware propagate across a network?
What is the difference between a worm and ransomware?
What steps can an organization take to prevent ransomware attacks?
What is the primary benefit of using containerization in a security architecture?
It integrates all applications into one operating system for better performance.
It automates the process of data recovery.
It isolates applications to enhance security and manageability.
It completely eliminates the need for physical servers.
It allows unlimited data storage capacity.
It ensures that applications have direct access to hardware resources.
Answer Description
Containerization provides a lightweight alternative to full virtualization by encapsulating an application in a container with its own operating environment. This isolation ensures that applications do not interfere with each other and can be managed independently, enhancing security by containing potential breaches within the isolated environment of the container.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does containerization differ from full virtualization?
What security benefits does containerization provide?
What is a practical example of using containerization in security?
During a recent audit of security logs, an analyst discovers that certain log entries are sporadically missing over the past month. Understanding the importance of logs for detecting and troubleshooting anomalies, which of the following is the BEST explanation for the missing logs?
Time synchronization issues between servers
Scheduled maintenance activities
Log tampering by an unauthorized party
Log rotation configured without proper archiving
Answer Description
Log tampering is a deliberate act to manipulate or erase logs to hide unauthorized activities or to disrupt the integrity of the logging process. While logs can be lost due to technical issues such as configuration errors or system overload, sporadic and selective disappearance is more indicative of a deliberate effort to alter logs, which signifies that log tampering is the most likely explanation. Scheduled maintenance wouldn't selectively affect log entries, and time synchronization issues would cause discrepancies in timestamps rather than missing entries. Log rotation without archiving could lead to loss of older records, but would not usually result in sporadic missing entries.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is log tampering and how is it detected?
How do time synchronization issues affect logs?
What is log rotation, and how can it result in data loss?
A systems administrator observes that every Friday afternoon, right after the stock market closes, a series of unauthorized transactions and excessive resource utilization occurs on a finance company's trading application server. What type of malware is most likely responsible for this recurring incident?
Worm
Logic bomb
Spyware
Trojan
Answer Description
A logic bomb is a type of malware that is designed to execute a malicious action when certain conditions are met, such as a specific time or event. The recurring nature of the incident every Friday suggests that it is triggered by a time-based event, characteristic of a logic bomb. Other types of malware like Trojans or worms do not have this behavior tied to a specific condition and typically continue to execute or propagate regardless of specific events or times.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What makes a logic bomb different from other types of malware?
How can systems administrators detect and prevent logic bombs?
Why is it important to address insider threats related to logic bombs?
You receive a call and the caller ID indicates that it is from your bank. You answer and are told that your account has been compromised. The person on the phone says that before they can proceed you need to verify your account number and security pin. What term best describes this type of social engineering attack?
Whaling
Smishing
Phishing
Vishing
Spear phishing
Answer Description
Vishing (also called voice phishing) is conducting phishing attacks using telephony. This often involves using VoIP features such as caller ID spoofing to avoid detection.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between vishing and phishing?
How does caller ID spoofing work in vishing attacks?
What steps can you take to protect yourself from vishing attacks?
An organization is conducting a Business Impact Analysis. Which metric should be determined to establish the maximum time frame that a critical system can be disrupted before severe impact to business operations occurs?
Establishing the data backup frequency is necessary for scheduling maintenance windows.
Determining the maximum tolerable downtime for critical systems, otherwise known as the Recovery Time Objective, is essential for prioritizing their restoration.
Assessing the annual likelihood of a system failure occurring will forecast the potential interruptions in operations.
Calculating the cost of system outages per day can provide insight into potential financial losses.
Answer Description
Identifying the Recovery Time Objective (RTO) during a Business Impact Analysis is critical because it denotes the maximum duration that a service or system can be unavailable before causing unacceptable detriment to the business. Setting the RTO helps in crafting prioritized recovery strategies, ensuring that the most crucial systems are restored within a timeframe that prevents significant operational or financial loss. The other options, while related to business continuity and disaster recovery, do not directly address the focus on time frame for critical system recovery, like the RTO does.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the Recovery Time Objective (RTO)?
How is RTO different from Recovery Point Objective (RPO)?
How is the RTO determined during a Business Impact Analysis (BIA)?
Which statement BEST describes an organization's obligation to comply with a country's information-security laws and regulations when it conducts business within that country's borders?
An organization can choose which nation's laws it will follow, provided it documents the decision in a written risk acceptance.
Compliance is required only if the organization stores data physically inside the country's borders; remote or cloud-based activities are exempt.
They apply to any organization that conducts business or processes data within the country, regardless of where the organization is headquartered.
They apply only to organizations that are incorporated in that country; foreign firms may rely solely on their home-country laws.
Answer Description
Any organization that operates, processes data, or otherwise conducts business within a country is subject to that nation's information-security and privacy laws, even if the company is foreign-owned or headquartered elsewhere. This concept-often referred to as data sovereignty-means compliance is mandatory in each jurisdiction where operations occur; failure can lead to fines, sanctions, or loss of the right to do business. The other options are incorrect because host-nation laws are not optional, cannot be ignored in favor of home-country rules, and apply to activities such as cloud or remote processing, not only to data stored physically on local servers.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is data sovereignty?
How do cloud services fit into data sovereignty requirements?
What are the potential consequences of failing to comply with data sovereignty laws?
XYZ Corporation utilizes a primary and secondary data center for their mission-critical systems to maintain uptime in case of failure. When the primary data center experiences an outage, systems automatically switch to the secondary data center without manual intervention. Which type of failover strategy is XYZ Corporation employing?
Active-active configuration
Automatic failover
Active-passive configuration
Manual failover
Answer Description
Automatic failover is when systems or services switch to a redundant or standby system automatically, typically without human intervention, in the event of a failure or service interruption. This type of failover is essential for mission-critical applications where downtime must be minimized. Manual failover, while it involves intentional human intervention to switch systems, would not apply as the question indicates the switch happens without manual intervention. Active-active and active-passive describe configurations of how systems are set up for redundancy, but they do not define the type of failover process.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between automatic failover and manual failover?
How does automatic failover detect and activate the secondary data center?
What is the difference between active-active and active-passive configurations?
Which social engineering attack is most effectively combated by implementing strong organizational verification procedures and training employees to confirm requests through multi-channel verifications?
Phishing
Shadow IT
Piggybacking
Business Email Compromise (BEC)
Answer Description
Business Email Compromise (BEC) is effectively combated by strong organizational verification procedures. In a BEC attack, an attacker impersonates an executive or a partner organization in an email to trick an employee into making a financial transfer or revealing sensitive information. Training employees to verify such requests using multiple communication channels, like phone calls or face-to-face meetings, is crucial in preventing successful BEC attacks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Business Email Compromise (BEC)?
What are multi-channel verifications?
How do attackers typically execute BEC attacks?
That's It!
Looks like that's it! You can go back and review your answers or click the button below to grade your test.