CompTIA Security+ Practice Test (SY0-701)
Use the form below to configure your CompTIA Security+ Practice Test (SY0-701). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.
CompTIA Security+ SY0-701 (V7) Information
CompTIA Security+ Certification Exam Overview
The CompTIA Security+ certification is a vendor-neutral credential that validates foundational security skills and knowledge. The current version of the exam is SY0-701. The SY0-701 exam is a computer-based test that consists of up to 90 questions, with a duration of 90 minutes. Candidates must achieve a minimum passing score of 750 points on a scale of 100-900.
Question Types on the Security+ Exam
The Security+ exam includes two primary types of questions:
- Multiple-Choice/Multiple-Selection Questions: These questions require candidates to select one or more correct answers from a list of options.
- Performance-Based Questions (PBQs): These questions involve solving problems in a simulated IT environment, such as command prompt or networking environments. PBQs are also featured in other CompTIA exams, like A+ and Network+.
Exam Prerequisites
CompTIA does not enforce any prerequisites for the Security+ exam. However, it is recommended that candidates have the CompTIA Network+ certification and at least two years of experience in IT administration with a focus on security. Additionally, CompTIA suggests that candidates be at least 13 years old.
Security+ Exam Domains
The SY0-701 exam focuses on five primary domains:
- General Security Concepts (12%)
- Threats, Vulnerabilities, and Mitigations (22%)
- Security Architecture (18%)
- Security Operations (28%)
- Security Program Management and Oversight (20%)
These domains are detailed in the exam objectives, which outline the scope of the test, including domain weighting, test objectives, and example topics.
Exam Renewal Policy
The Security+ certification, along with other CompTIA certifications, must be renewed every three years. The bridge exam scheme was retired on December 31, 2010. Post-January 1, 2011, all new certifications are valid for three years from the date of certification. Renewal can be achieved by passing the latest version of the exam or through the Continuing Education (CE) program. This program allows candidates to keep their skills current through various activities that demonstrate industry knowledge.
Testing Centers
CompTIA exams, including Security+, are available exclusively through Pearson VUE testing centers since July 9, 2012. Exams can be scheduled online, by phone, or at the testing center. Candidates can choose between in-person exams at Pearson VUE centers or online testing.
The CompTIA Security+ certification ensures that IT professionals possess the essential security skills and knowledge required to protect and manage today's increasingly complex IT environments.
More reading:
Free CompTIA Security+ SY0-701 (V7) Practice Test
- 20 Questions
- Unlimited
- General Security ConceptsThreats, Vulnerabilities, and MitigationsSecurity ArchitectureSecurity OperationsSecurity Program Management and Oversight
Free Preview
This test is a free preview, no account required.
Subscribe to unlock all content, keep track of your scores, and access AI features!
During an audit it is identified that a host providing FTP services has several additional ports open. The server is currently listening on 21, 20, 43, 80, and 3389. Your manager asks you to close any ports that are not required for FTP functionality. Which port or ports should remain open?
20 and 3389
43 and 80
20 and 21
21 only
Answer Description
Standard FTP operates on two well-known TCP ports. Port 21 is the control (command) channel, and port 20 is the default data channel. All other listed ports (43 for WHOIS, 80 for HTTP, and 3389 for Remote Desktop Protocol) are unrelated to FTP and should be closed to reduce the attack surface. Therefore, only ports 20 and 21 should stay open.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of FTP and why does it use ports 20 and 21?
Why is it a security risk to leave unused ports open?
What are the roles of ports 43, 80, and 3389, which should be closed in this scenario?
Which part of the AAA security framework refers to what a user is allowed to do on the network?
Authorization
Non-repudiation
Accounting
Authentication
Answer Description
Authorization is the component of AAA that indicates what a user is authorized to do on the network aka their permissions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the AAA security framework?
How does Authorization differ from Authentication?
Why is Authorization important in network security?
A company is revising its security monitoring strategies to enhance incident detection and response. Their current system is primarily manual, resulting in delayed identification and inconsistent reporting of suspicious activities. Which of the following is the BEST method to improve their incident reporting and monitoring process?
Conducting more comprehensive employee training sessions
Implementing real-time automated monitoring and alerting systems
Increasing the frequency of manual security audits
Expanding the in-house security team
Answer Description
Automated monitoring and alerting systems provide real-time detection of security events, which significantly reduce response times to potential incidents. By setting thresholds and parameters for normal network behavior, these systems can promptly identify and report suspicious activities, enabling quicker remediation. While all other options may contribute to effective security practices, automated alerting will most directly address the current delays and inconsistencies in incident detection and reporting, leading to improved security posture.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are automated monitoring and alerting systems?
How do automated systems compare to manual methods in incident detection?
What is a Security Information and Event Management (SIEM) system?
You are a security analyst and have networking monitoring solutions in place to detect strange or potentially malicious traffic. One of these solutions has sent an alert saying it detected outgoing network traffic from the company's network that was routing to a well-known malicious endpoint. Of the following options which is the most likely to be the cause of this traffic?
A hacker is probing the company network from the outside
An infected server or user machine is attempting to contact a command-and-control server
A colleague on your team is conducting a pentest
A user has attached confidential materials to an outgoing email
Answer Description
Some malware will attempt to contact a Command-and-Control (C2) server or network to let the creators of the malware know it has infected a target. The malware will then be given commands remotely from the C2 server to steal data, infect more hosts, or begin monitoring the infected device. The act of calling a C2 server is also called a beacon. Communication with known C2 addresses is a common sign that an infection has occurred within a network. One common use of this type of malware is for a botnet. The C2 server may, for example, then send a command to all infected devices to initiate a Distributed Denial-of-Service (DDoS) attack (this is just one example).
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Command-and-Control (C2) server?
How do network monitoring solutions detect communication with malicious endpoints?
What is the purpose of a botnet in a malware attack?
Which of the following options is a network device that can use VLANs to reduce collisions and the size of broadcast domains?
Hub
Switch
Firewall
Router
Packet Tracer
Packet Switcher
Answer Description
Switches automatically reduce collision domains by only transmitting data on the physical ports that are needed based on MAC addresses (as opposed to a Hub which broadcasts all data to all ports). When used with VLANs switches also reduce broadcast domains.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the function of VLANs in reducing broadcast domains?
How does a switch differ from a hub in handling collision domains?
Why can’t routers or firewalls reduce collisions in the same way as switches?
What does the term 'resource provisioning' refer to in the context of securing computing resources?
The process of allocating and managing computing resources to users or systems according to security policies
The step-by-step methodology of responding to security incidents
The act of installing antivirus software on workstations and servers
The storage and classification of organizational data in accordance with established compliance requirements
Answer Description
Resource provisioning refers to the process of allocating and managing computing resources, like user accounts and permission sets, to users or systems in a way that aligns with organizational security policies. Incorrect answers might seem plausible because they involve similar processes, but they do not accurately describe the act of resource allocation and management as resource provisioning does.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are examples of computing resources involved in resource provisioning?
How do organizations ensure security during resource provisioning?
What is the role of automation in resource provisioning?
A financial institution is implementing a policy that allows employees to use their personal smartphones for work-related tasks. The institution wants to ensure that company-specific information and configurations can be remotely removed from these smartphones when an employee terminates employment, while preserving the employee's personal data and apps. Which feature should the company look for in a software solution that allows for the central management of mobile devices?
Remote locking
Selective wipe
Full wipe
Encryption
Answer Description
A feature known as a 'selective wipe' or 'corporate wipe' is designed for the scenario presented. It allows an organization to remove only the data and configurations that pertain to the company, preserving the personal information of the user. This is critical for organizations that allow the use of personal devices for work, to manage the risk associated with data retention when employees leave. A 'full wipe' would erase all data from the device, which affects personal information and therefore is not suitable. 'Remote locking' secures a device against unauthorized use, but it doesn't address the removal of data. 'Encryption' secures data but does not offer a method for selective removal of company data upon employee departure.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between a selective wipe and a full wipe?
How does a selective wipe ensure employee privacy?
What role does Mobile Device Management (MDM) play in implementing a selective wipe?
You are taking a walk around the neighborhood. You see a sign in one of your neighbor’s unfenced yards that reads “No trespassing!” in large red letters. The sign is what type of control?
Compensating
Preventive
Corrective
Detective
Deterrent
Answer Description
A deterrent control is a control that simply deters from taking an action. The control in no way prevents the action from being taken but is only there to persuade not to. The other choices are other types of controls that serve other purposes.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the differences between a deterrent control and a preventive control?
Can a control be both deterrent and another type, like preventive?
What are compensating controls, and how are they different from deterrent controls?
Your organization is in the process of selecting a new vendor for cloud storage services. As part of this process, what should be conducted to evaluate and address the risks associated with the potential vendor prior to formalizing an agreement?
Vendor risk assessment
Due Diligence
Right-to-Audit Clause
Business Impact Analysis
Answer Description
Performing a vendor risk assessment is crucial as it helps an organization to identify, evaluate, and mitigate the risks associated with a potential vendor. The assessment can reveal security practices and compliance with industry standards, helping the organization understand the level of risk it may assume if entering into an agreement with the vendor. Orders such as 'Right-to-Audit Clause' and 'Due Diligence' are more focused on ongoing monitoring or the preparation for the audit process itself, though they are related to the broader scope of risk management. A 'Business Impact Analysis' is generally used for internal purposes to assess the impact of disruptions on the business and is less about evaluating third-party vendors.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a vendor risk assessment?
What factors are typically evaluated in a vendor risk assessment?
How does a vendor risk assessment differ from due diligence?
A security analyst is reviewing the source code of a legacy application and discovers a function that is used to hash user passwords before storing them. The function consistently produces a 128-bit hash value. The organization's security policy requires migrating away from any algorithms known to be weak or deprecated. Which of the following hashing algorithms was most likely used in this legacy application?
SHA-256
SHA-1
MD5
RIPEMD-160
Answer Description
MD5 (Message Digest 5) is a hashing algorithm that produces a 128-bit fixed-size hash value. It is considered a legacy algorithm with known vulnerabilities and is no longer recommended for security purposes like password hashing. SHA-1 produces a 160-bit hash. SHA-256 is part of the SHA-2 family and produces a 256-bit hash. RIPEMD-160 produces a 160-bit hash.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the main purpose of a hashing algorithm?
Why is MD5 considered outdated for security purposes?
What is the difference between MD5 and SHA1?
During a recent audit of security logs, an analyst discovers that certain log entries are sporadically missing over the past month. Understanding the importance of logs for detecting and troubleshooting anomalies, which of the following is the BEST explanation for the missing logs?
Scheduled maintenance activities
Time synchronization issues between servers
Log tampering by an unauthorized party
Log rotation configured without proper archiving
Answer Description
Log tampering is a deliberate act to manipulate or erase logs to hide unauthorized activities or to disrupt the integrity of the logging process. While logs can be lost due to technical issues such as configuration errors or system overload, sporadic and selective disappearance is more indicative of a deliberate effort to alter logs, which signifies that log tampering is the most likely explanation. Scheduled maintenance wouldn't selectively affect log entries, and time synchronization issues would cause discrepancies in timestamps rather than missing entries. Log rotation without archiving could lead to loss of older records, but would not usually result in sporadic missing entries.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is log tampering and how is it detected?
How do time synchronization issues affect logs?
What is log rotation, and how can it result in data loss?
During an audit as a third party security consultant you are told that the organization being audited conducts an exercise annually during which prominent IT staff and the security team gather in a meeting room and discuss how they would handle various security incidents and disaster scenarios. This exercise is then used to update any policies and playbooks. What type of exercise are they describing?
Tabletop Exercise
DR Planning
Dungeons and Dragons (DND)
Incident Response Planning (IRP)
Business Impact Exercise (BIE)
Answer Description
In a tabletop exercise the key staff of an organization gather and discuss their actions during an incident (security incident, disaster, etc.). The staff is sometimes organized into blue and red teams (attackers and defenders). The exercise is used to train staff, promote collaboration and identify any weak spots in existing procedures and plans.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a tabletop exercise in cybersecurity?
What is the difference between a tabletop exercise and a live simulation?
Why are tabletop exercises important for organizations?
In a highly secure network environment with strict throughput requirements, which device attribute would MOST likely be preferred when implementing a security control intended to scrutinize traffic without causing significant latency?
An inline security device configured to interact with traffic
A tap/monitor setup that passively observes traffic
An active security device configured to make real-time decisions
A security device configured to fail-open to reduce latency
Answer Description
A tap/monitor setup is preferred in scenarios where monitoring is essential, but it is crucial not to introduce latency or a single point of failure within the network traffic flow. An inline device would actively interact with traffic, potentially introducing latency, which is undesirable in strict throughput environments. Active devices are designed to intervene and could affect performance, whereas fail-open implies a state during failure, which is not relevant to the operational performance during normal conditions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a tap/monitor setup in a network?
Why does an inline security device cause latency?
What is the difference between 'fail-open' and 'fail-closed' security devices?
A security analyst is reviewing a report from a recent vulnerability scan that identified over 200 issues across various systems, including web servers, databases, and network switches. To manage the remediation process effectively, the analyst groups the vulnerabilities based on common characteristics, such as the type of weakness (e.g., SQL injection, cross-site scripting) and the affected technology stack. What is this process of categorizing vulnerabilities called?
Vulnerability indexing
Vulnerability enumeration
Vulnerability classification
Vulnerability scoring
Answer Description
Vulnerability classification is the process of systematically categorizing security weaknesses based on their nature, such as the type of flaw (e.g., buffer overflow, misconfiguration) or the affected system. This allows an organization to group similar issues, assign them to the correct teams, and develop a prioritized and organized approach to remediation. Vulnerability scoring, like CVSS, assigns a severity score but does not categorize the vulnerability type. Vulnerability enumeration, like CVE, involves identifying and listing individual vulnerabilities.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between vulnerability classification and vulnerability scoring?
What role does CVE play in vulnerability management?
How does vulnerability classification improve remediation efforts?
A security administrator at a small warehouse needs a control that allows staff to monitor and record any unauthorized after-hours entry so they can alert law enforcement rather than physically confronting intruders. Which physical control would BEST meet this requirement?
Keypad door locks
Mantrap
Bollards
Surveillance cameras
Answer Description
Surveillance cameras provide continuous visual coverage, enabling staff to detect and verify unauthorized activity from a safe location while also recording evidence. They serve as both a deterrent and a detective control. Bollards are intended to stop or slow vehicles but do not provide visual monitoring. Keypad door locks regulate entry but offer no real-time visibility into an attempted breach. A mantrap limits access to one person at a time but typically lacks external video coverage of wider areas, so it does not satisfy the requirement for remote visibility.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How do surveillance cameras act as a deterrent?
What is the difference between a physical control like surveillance cameras and an access control such as keypad door locks?
When should a mantrap be used instead of surveillance cameras for security purposes?
A company requires a solution to securely generate, store, and manage cryptographic keys for their data encryption needs. This solution must be resistant to tampering and capable of integrating with existing hardware to provide secure boot, disk encryption, and digital rights management services. Which of the following options represents the BEST tool for this requirement?
Trusted Platform Module (TPM)
Key Management System
Secure Enclave
Hardware Security Module (HSM)
Answer Description
The correct answer is Hardware Security Module (HSM). An HSM is a physical computing device that safeguards and manages digital keys for strong authentication and provides cryptoprocessing. It is resistant to tampering and integrates with existing systems to facilitate secure boot, disk encryption, and digital rights management, fitting the company's needs. Trusted Platform Module (TPM) is also dedicated hardware designed to protect hardware through integrated cryptographic keys, but it is typically used for securing individual computers rather than for managing keys across an organization. Secure Enclave provides hardware-based key management, primarily in mobile devices, and is less suitable for enterprise-scale key management and lacks the full functionality of an HSM. Lastly, Key Management System is a more general term for systems that manage cryptographic keys; however, it doesn't specify resistance to physical tampering or integration capabilities needed for secure boot or digital rights management, which an HSM provides.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What makes an HSM tamper-resistant compared to other security solutions?
How does an HSM facilitate secure boot and disk encryption?
How does an HSM differ from a Trusted Platform Module (TPM)?
A software development company wants to allow its users to log into a third-party code repository from their in-house development platform. The company aims to facilitate this without sharing user credentials with the third-party service. Which protocol is best suited to allow the company's platform to request access to the third-party service on behalf of the user?
Lightweight Directory Access Protocol (LDAP)
Terminal Access Controller Access-Control System Plus (TACACS+)
Open Authorization (OAuth)
Remote Authentication Dial-In User Service (RADIUS)
Answer Description
Open Authorization, commonly known as OAuth, is best suited for this purpose. OAuth is a protocol that enables applications to obtain limited access to user accounts on an HTTP service without passing user credentials to the application. It works by using access tokens provided by the authorization server, which mediate the authentication of the end user by the information provider.
- LDAP (Lightweight Directory Access Protocol) is primarily used for accessing and maintaining distributed directory information services over an IP network, which is not the goal in this scenario.
- RADIUS (Remote Authentication Dial-In User Service) provides centralized authentication, authorization, and accounting for users who connect and use a network service, but does not cater to the specific needs of application-to-application authorization.
- TACACS+ (Terminal Access Controller Access-Control System Plus) provides detailed accounting information and flexible administrative control over authentication and authorization processes, but it is not designed for delegating user authorization between web services.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is OAuth and how does it allow secure access to third-party services?
How does OAuth differ from LDAP in terms of functionality?
What security features does OAuth provide to protect user data?
A company is reviewing its disaster recovery plan to ensure that the amount of data loss in the event of a disaster does not exceed business operational tolerances. Which metric should be assessed to determine the optimal frequency of data backups?
Recovery Point Objective (RPO)
Recovery Time Objective (RTO)
Annualized Loss Expectancy (ALE)
Single Loss Expectancy (SLE)
Answer Description
The Recovery Point Objective (RPO) represents the maximum period of data that an organization can tolerate losing during a disaster event. A tighter RPO calls for more frequent backups, whereas a lenient RPO allows for less frequent backups. Understanding the RPO helps to determine the backup schedule that aligns with the business's data loss tolerance. On the contrary, Recovery Time Objective (RTO) focuses on the maximum amount of time an organization can tolerate to recover operations; meanwhile, Single Loss Expectancy (SLE) and Annualized Loss Expectancy (ALE) pertain to financial impacts of data loss and do not directly dictate backup frequencies.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between RPO and RTO?
How do organizations determine an appropriate RPO?
What technologies or strategies can help achieve a low RPO?
Which of the following statements BEST describes who is responsible for securing the application layer (for example, patching application code and mitigating application-level vulnerabilities) under the cloud shared-responsibility model?
In IaaS the provider secures applications, whereas in SaaS the customer does.
The cloud service provider is always responsible, no matter which service model is used.
The customer is always responsible, regardless of the service model.
Responsibility shifts by service model: customers secure the application layer in IaaS (and generally in PaaS), but the provider secures it in SaaS.
Answer Description
Under the shared-responsibility model, duties move up the stack as you transition from IaaS to SaaS:
- IaaS: The customer controls and secures the guest OS and anything above it, including the application code.
- PaaS: The provider secures the underlying OS and runtime, but the customer still secures any applications they develop and deploy on the platform.
- SaaS: The provider operates and patches the application itself, while the customer focuses on data protection, identity, and configuration. Therefore, the most accurate statement is that responsibility varies by service model: the customer handles the application layer in IaaS and usually in PaaS, whereas the provider handles it in SaaS.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the shared-responsibility model in cloud computing?
What does the customer secure in the IaaS service model?
How does responsibility differ between PaaS and SaaS in the shared-responsibility model?
A company is migrating its application servers to an Infrastructure as a Service (IaaS) cloud provider. The IT team is debating who is responsible for applying security patches to the guest operating systems on the virtual machines. Which cloud computing concept should they consult to clarify this division of duties?
Shared Responsibility Model
Cloud Control Matrix
Cloud Security Alliance Matrix
Service Level Agreement Matrix
Answer Description
The correct answer is the Shared Responsibility Model. This model outlines the security obligations of the cloud service provider versus the customer. In an IaaS model, the provider is responsible for the security of the cloud (i.e., the physical infrastructure), while the customer is responsible for security in the cloud. This includes securing and patching the guest operating system, managing applications, and protecting data. A Service Level Agreement (SLA) focuses on service performance metrics like uptime and response times, not the comprehensive division of security duties. The Cloud Control Matrix is a specific framework of security controls used for assessment and compliance, not the high-level conceptual model of responsibility itself.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the Shared Responsibility Model?
How does the Shared Responsibility Model differ across cloud service types (IaaS, PaaS, SaaS)?
Why is understanding the Shared Responsibility Model crucial for cloud security?
Smashing!
Looks like that's it! You can go back and review your answers or click the button below to grade your test.