CompTIA Security+ Practice Test (SY0-701)
Use the form below to configure your CompTIA Security+ Practice Test (SY0-701). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.
CompTIA Security+ SY0-701 (V7) Information
CompTIA Security+ Certification Exam Overview
The CompTIA Security+ certification is a vendor-neutral credential that validates foundational security skills and knowledge. The current version of the exam is SY0-701. The SY0-701 exam is a computer-based test that consists of up to 90 questions, with a duration of 90 minutes. Candidates must achieve a minimum passing score of 750 points on a scale of 100-900.
Question Types on the Security+ Exam
The Security+ exam includes two primary types of questions:
- Multiple-Choice/Multiple-Selection Questions: These questions require candidates to select one or more correct answers from a list of options.
- Performance-Based Questions (PBQs): These questions involve solving problems in a simulated IT environment, such as command prompt or networking environments. PBQs are also featured in other CompTIA exams, like A+ and Network+.
Exam Prerequisites
CompTIA does not enforce any prerequisites for the Security+ exam. However, it is recommended that candidates have the CompTIA Network+ certification and at least two years of experience in IT administration with a focus on security. Additionally, CompTIA suggests that candidates be at least 13 years old.
Security+ Exam Domains
The SY0-701 exam focuses on five primary domains:
- General Security Concepts (12%)
- Threats, Vulnerabilities, and Mitigations (22%)
- Security Architecture (18%)
- Security Operations (28%)
- Security Program Management and Oversight (20%)
These domains are detailed in the exam objectives, which outline the scope of the test, including domain weighting, test objectives, and example topics.
Exam Renewal Policy
The Security+ certification, along with other CompTIA certifications, must be renewed every three years. The bridge exam scheme was retired on December 31, 2010. Post-January 1, 2011, all new certifications are valid for three years from the date of certification. Renewal can be achieved by passing the latest version of the exam or through the Continuing Education (CE) program. This program allows candidates to keep their skills current through various activities that demonstrate industry knowledge.
Testing Centers
CompTIA exams, including Security+, are available exclusively through Pearson VUE testing centers since July 9, 2012. Exams can be scheduled online, by phone, or at the testing center. Candidates can choose between in-person exams at Pearson VUE centers or online testing.
The CompTIA Security+ certification ensures that IT professionals possess the essential security skills and knowledge required to protect and manage today's increasingly complex IT environments.
More reading:
Free CompTIA Security+ SY0-701 (V7) Practice Test
- 20 Questions
- Unlimited
- General Security ConceptsThreats, Vulnerabilities, and MitigationsSecurity ArchitectureSecurity OperationsSecurity Program Management and Oversight
You are a network security technician at a mid-sized company. Your employer is planning for significant growth and the CIO has tasked you with implementing a system to consolidate all critical network device logs to a central location. The system should support logs from all routers, firewalls, switches and business critical servers and should send alerts in the event of security issues. What type of solution would best meet these requirements?
Central log point
DLP
SIEM
Hardware security module
Answer Description
Security Information and Event Management (SIEM) systems are used to centralize logging and alerting from various types of network devices. Common functionalities include data aggregation, alerting, forensic analysis and data retention/compliance. They are most commonly found in mid-size to larger networks where there are too many devices to monitor separately.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a SIEM system and how does it work?
What is the difference between a SIEM and a central log point?
Why is a SIEM better suited for larger networks than smaller ones?
An organization is designing a customer-facing web service that runs on several virtual machines behind a load balancer. Management insists that the application must keep functioning even if one server crashes or a software bug causes a container to fail. Within a high-availability architecture, which term best describes the ability of the system to continue operating under these component-level failures?
The geographical diversity of redundant systems to prevent localized disasters from causing data loss.
The capacity of a system to maintain function despite failures or challenges to its components.
The act of encrypting data to protect it from unauthorized access during transmission.
The frequency at which system backups are performed to prevent data loss.
Answer Description
Resilience is the capacity of a system to maintain its intended function when individual hardware or software components fail. By contrast, backup frequency concerns data protection schedules, encryption focuses on confidentiality during transit, and geographic redundancy is a specific strategy-one of many-that can contribute to resilience but does not define the overarching concept.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between resilience and redundancy in high availability architecture?
How is resilience implemented in high availability systems?
Why is resilience important for business operations?
A large financial institution is preparing to revise its security protocols to enhance the protection of client data. The institution has multiple international offices and must comply with various regional encryption standards. Which of the following should be the primary consideration when updating the company-wide encryption standard?
Implement the least strict regional encryption standard to minimize complications in international operations.
Follow only the regional encryption standards of the country where the financial institution's headquarters is located.
Develop a new encryption standard internally that is different from all regional standards but meets the minimum required security level.
Adopt the strictest regional encryption standard as the company-wide standard to ensure compliance across all locations.
Answer Description
The goal is to meet or exceed every region's regulatory requirements with one consistent control set. Adopting the strictest applicable encryption standard ensures global compliance and establishes the highest security baseline enterprise-wide. Creating an entirely new internal standard that only meets minimum requirements, following headquarters-only rules, or choosing the least-restrictive regional standard would leave some locations out of compliance and increase legal and operational risk.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are regional encryption standards?
Why is adopting the strictest encryption standard necessary?
What challenges arise from different encryption standards in international operations?
A security engineer wants to ensure that even if two users have the same password, their stored password hashes are different. Which of the following techniques should be implemented?
Use a different hashing algorithm for each user.
Add unique data to each password before hashing.
Implement asymmetric encryption for password storage.
Store passwords in plain text for verification.
Answer Description
By adding unique data to each password before hashing, the engineer ensures that identical passwords produce different hash values. This method, known as salting, enhances security by preventing attackers from recognizing duplicate passwords through identical hashes. Using different hashing algorithms for each user is impractical and doesn't scale well. Implementing asymmetric encryption is not standard practice for password storage and doesn't solve the problem of identical hashes from identical passwords. Storing passwords in plain text is inherently insecure and should be avoided.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is salting in password hashing?
Why is using a different hashing algorithm for each user impractical?
What makes asymmetric encryption unsuitable for password storage?
A company has various security policies and controls in place. Which of the following is the BEST action to take to ensure these policies and controls remain effective and aligned with current threats?
Provide comprehensive security training to all employees on a weekly basis
Limit user privileges to the minimum necessary for job performance
Conduct regular reviews and updates of security policies and controls
Install the latest antivirus software on all company devices
Answer Description
Regularly reviewing and updating policies and controls is the correct answer because it allows an organization to address new threats and changes in the operational environment. It ensures that the policies and controls continue to be relevant and effective. While employee training, installing antivirus software, and limiting user privileges are important security practices, they do not directly ensure that policies and controls are kept up-to-date with the current threat landscape.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it important to regularly review and update security policies and controls?
What factors should be considered during a security policy review?
How often should security policies be reviewed and updated?
A company is planning to integrate their authentication processes with a third-party service provider to allow employees to use a single set of credentials across both systems. To enhance the user experience and provide secure access to the services offered by the partner, which solution would be the BEST to implement?
Creating additional user credentials for each employee within the third-party service provider's system
Implementing a federated identity management system
Using a central access policy service to manage application access across entities
Adopting a web authentication standard
Answer Description
Federation is the practice of linking a user's electronic identity and attributes, stored across multiple distinct identity management systems. Implementing a federated identity management system would be ideal in this situation as it enables the company's employees to use their existing corporate credentials to access the third-party service provider's resources securely. This negates the need for multiple credentials and simplifies the authentication process for users, which directly aligns with the scenario's requirements of minimizing complexity and offering a streamlined process.
Creating additional user credentials for each employee within the partner's system and relying on a central access policy that governs the usage of applications across both entities, are less efficient solutions that increase complexity and management overhead, which does not fulfill the specified criteria of streamlined access. The web authentication standard accentuates a specific method of authentication that can be utilized in federated environments but does not represent the overarching federated identity management system needed here.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is federated identity management?
How does federated identity management enhance security?
What are some examples of federated identity management in use?
A security administrator needs to implement a control that actively filters network traffic between the company's internal network and the untrusted external internet. The goal is to block unauthorized access and malicious traffic based on a set of security rules. Which of the following security controls BEST fits this requirement?
Firewall
Fencing
Incident response plan
Security awareness training
Answer Description
A firewall is a technical control designed to monitor and control incoming and outgoing network traffic based on predetermined security rules, acting as a barrier between a trusted internal network and an untrusted external network. Security awareness training is a managerial control, fencing is a physical control, and an incident response plan is an operational and corrective control.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a firewall, and how does it work?
How do firewalls differ from access controls?
What is the difference between technical, managerial, and operational controls in cybersecurity?
A security administrator is implementing hardening measures on a critical server to reduce the risk of compromise. The administrator's primary concern is preventing an attacker who has successfully phished a user's password from gaining administrative access. Which of the following controls would be the MOST effective mitigation for this specific threat?
Enforcing a strong password complexity and rotation policy
Enforcing multifactor authentication (MFA) on all administrative accounts
Applying the latest security patches to the operating system
Implementing a host-based firewall to restrict network traffic
Answer Description
The most effective control in this scenario is multifactor authentication (MFA). MFA requires more than just a password to authenticate, so even if an attacker steals a user's password, they cannot access the account without the second factor (e.g., a token, biometric scan, or push notification). A strong password policy is a good practice, but it is defeated once the password is stolen. Applying the latest security patches is crucial for preventing vulnerability exploitation but does not stop an attacker from using valid, stolen credentials. A host-based firewall controls network access but does not prevent a legitimate-looking authentication attempt with a stolen password from a permitted location.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does multifactor authentication (MFA) enhance security?
What are some common types of MFA factors used today?
Why isn't a strong password policy enough to prevent attacks?
Which of the following statements best describes the primary benefit of conducting static code analysis during the software development lifecycle?
It identifies potential security vulnerabilities within the source code before the application is compiled or run, which can be addressed to prevent future exploits.
It ensures that the source code adheres to the coding standards set by the organization to improve readability and maintenance.
It verifies that the code will compile without errors, ensuring that runtime environments are stable and less prone to crashes.
It automates the review process, thus enabling developers to focus solely on the implementation of new features rather than code security.
Answer Description
Static code analysis is most beneficial because it allows developers to find vulnerabilities and issues in code before the application is run or compiled. This 'shift-left' approach to security is proactive and can save time and resources by catching flaws early. While static code analysis tools can enforce coding standards and improve code quality, their primary security benefit is identifying vulnerabilities that could lead to exploits.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is static code analysis?
What does 'shift-left' mean in software development?
How is static code analysis different from dynamic analysis?
Which of the following authorization models uses a set of protocols designed for passing the authorization and authentication information of a user between different security domains?
Role-Based Access Control (RBAC)
Federated identity management
Discretionary Access Control (DAC)
Mandatory Access Control (MAC)
Answer Description
Federated identity management allows a user's identity, authenticated in one security domain, to be accepted in other security domains. It often employs protocols like SAML and OpenID, enabling Single Sign-On (SSO) capabilities across different organizations or services. Discretionary Access Control (DAC) gives the owner of the resource the control to decide who has access. Mandatory Access Control (MAC) is a model where access is granted based on information clearance and classifications, and is not about passing user information across security domains. Role-Based Access Control (RBAC) assigns permissions to roles instead of individual users, which isn't specifically designed for sharing authentication and authorization data across different domains.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Federated Identity Management?
How does SAML work in Federated Identity Management?
What is the difference between Federated Identity Management and Single Sign-On?
Within a secure data center, engineers have enclosed an entire row of server racks inside a conductive mesh that blocks both incoming and outgoing electromagnetic fields. What is the primary security purpose of deploying this enclosure?
Physically deter intruders by acting as a hardened barrier that delays forced entry
Provide redundant environmental controls such as precise humidity and temperature regulation
Detect unauthorized access attempts by monitoring ambient radio-frequency signals
Prevent electromagnetic eavesdropping and data leakage by blocking emissions
Answer Description
The conductive enclosure is a Faraday cage. By blocking electromagnetic emissions, it prevents sensitive signals from being intercepted (TEMPEST/eavesdropping) and shields the equipment from external electromagnetic interference. This makes it a preventive physical control aimed at protecting the confidentiality and integrity of information-not a mechanism for detecting intrusions, regulating environmental conditions, or physically deterring forced entry.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Faraday cage, and how does it work?
What is TEMPEST, and how does it relate to data security?
How does electromagnetic interference (EMI) impact equipment in data centers?
What type of authentication factor requires a user to present a physical object such as a security token or a smart card to gain access to a system?
Something you are
Something you have
Something you know
Somewhere you are
Answer Description
The correct answer requires a physical object that the user must possess in order to authenticate, known as 'something you have'. Unlike knowledge-based factors ('something you know') like passwords, or inherence factors ('something you are') like biometrics, possession factors provide a tangible means of user authentication. This kind of factor can be easily demonstrated by presenting the object and, therefore, serves as a strong layer of security when used as part of multifactor authentication.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are examples of 'something you have' authentication factors?
How does 'something you have' differ from 'something you know' as an authentication factor?
Why is 'something you have' considered secure as part of multifactor authentication?
A security analyst is reviewing the company's disaster recovery plan (DRP). The analyst notes that the DRP focuses heavily on restoring critical business functions but lacks a comprehensive inventory of IT hardware, software, and data assets. Which of the following BEST describes the risk associated with this omission?
Recovery will be faster as teams can focus on broad functions rather than being slowed down by the details of specific assets.
Recovery efforts may be delayed and incomplete because there is no detailed inventory to guide prioritization and restoration.
The lack of an inventory primarily represents a financial risk for insurance claims but does not affect the technical recovery process.
The DRP's effectiveness is not impacted, as the primary goal of restoring business functions makes a specific asset inventory redundant.
Answer Description
A detailed and current asset inventory is a foundational component of an effective disaster recovery plan. Without it, an organization cannot accurately prioritize which systems to restore first, understand dependencies between assets, or ensure that all necessary components are recovered. This leads to inefficient and delayed recovery efforts, potentially preventing the organization from meeting its Recovery Time Objectives (RTOs). The inventory is essential for knowing what needs to be restored to bring critical business functions back online.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Disaster Recovery Plan (DRP)?
What is the importance of an asset inventory in a DRP?
What are Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs)?
Your organization is handling sensitive government contracts and must ensure that information related to these projects is guarded against unauthorized physical access. In accordance with data classification policies, which of the following is the BEST way to handle such data?
Enable detailed logging of all access to the data for audit purposes
Encrypt all data and frequently change encryption keys
Institute policies for secure disposal of printouts and storage media containing the data
Store the data in a physically secure location and enforce strict access controls
Answer Description
Storing information with a 'Restricted' classification in a secure, access-controlled environment ensures that only authorized personnel with the necessary clearance or permissions have access to that data. Keep in mind the question is regarding physical access to the data. While encryption, logging, and secure disposal are important for the overall security posture, they do not inherently restrict access to the data to the appropriate individuals.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of storing data in a physically secure location?
What are physical access controls, and why are they important?
How does enforcing strict access controls differ from logging or encryption?
A cybersecurity team detects a prolonged and sophisticated cyber-espionage operation targeting critical infrastructure across several countries. The attackers are using zero-day exploits and custom malware to infiltrate secure systems and exfiltrate sensitive data. Which threat actor is MOST likely responsible for this attack?
Nation-state actor
Insider threat
Organized crime group
Hacktivist
Answer Description
Nation-state actors are government-sponsored entities with substantial resources, funding, and high levels of sophistication. They are capable of developing zero-day exploits and custom malware to carry out prolonged cyber-espionage campaigns against critical infrastructure. Their motivations often include espionage, data exfiltration, and gaining strategic advantages over other nations. Other threat actors like organized crime groups or hacktivists typically lack the necessary resources or motivations to conduct such complex and targeted attacks on this scale.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a zero-day exploit?
Why are nation-state actors considered highly skilled and resourced?
How do nation-state actors differ from hacktivists and organized crime groups?
Your team has been tasked with performing a penetration test on the organization's network, which they are well-acquainted with from previous security audits. What is the FIRST step they should take to ensure a structured and effective penetration testing process?
Running a full vulnerability scan to identify all potential weak points within the system.
Determining the scope of the penetration test to establish the extent and boundaries of the testing engagement.
Conducting reconnaissance to gather additional information about the target environment.
Directly attempting to exploit known vulnerabilities based on the team's familiarity with the system.
Answer Description
Scoping involves defining the objectives, boundaries, and rules of engagement for the penetration test. This is crucial because it sets clear expectations and limitations, ensuring that the team's efforts are aligned with the organization's goals and legal requirements, thus avoiding unnecessary disruptions or legal implications.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is determining the scope of a penetration test important?
What is the difference between reconnaissance and scoping in a penetration test?
What are the legal implications of not properly scoping a penetration test?
During a regular security scan of the network, you find that several user laptops are infected with the same malware. After cross-referencing the laptop users with the reverse proxy logs, you find that they all accessed an industry news website the day before. You believe your organization may have been specifically targeted. What type of attack best describes this scenario?
Spoofing
Watering hole
SQL injection
SYN Flood
Answer Description
A watering hole is a targeted cyberattack where an attacker compromises a legitimate website that members of a specific organization or industry are known to visit. By infecting the site with malware, the attackers can then infect the systems of their intended targets when they browse the site. This method leverages the trust users have in a familiar website to deliver the malicious payload.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a watering hole attack?
How do attackers typically choose websites for a watering hole attack?
What preventative measures can organizations take to minimize the risks of watering hole attacks?
A security operations center (SOC) manager notices that analysts spend significant time manually reviewing logs from firewalls, servers, and intrusion-detection systems. To accelerate incident detection and improve response times, which type of system should the organization deploy to automatically correlate and analyze security events from these diverse sources?
A compliance reporting tool
A network protocol analyzer
A Security Information and Event Management (SIEM) solution
A threat intelligence platform
Answer Description
A Security Information and Event Management (SIEM) solution centrally collects, stores, and analyzes log and event data from many devices, applies correlation rules, and generates alerts, enabling faster, more accurate incident detection. Threat-intelligence platforms focus on aggregating external threat feeds rather than internal event correlation; network protocol analyzers (sniffers) capture raw packets for troubleshooting but do not perform multi-source event analytics; compliance reporting tools generate regulatory reports and lack real-time correlation features.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a system that provides centralized event and log data analysis?
How does a SIEM system correlate events from multiple sources?
How is a SIEM different from a threat intelligence platform?
An organization recently relocated its primary data center to a new building. Senior management wants to ensure the facility is protected against theft, vandalism, and natural disasters. The security administrator is asked to recommend controls such as bollards at entrances, badge readers on doors, CCTV cameras in hallways, and biometric locks for the server room. Under which category of security control would these recommendations be classified?
Operational Controls
Managerial Controls
Technical Controls
Physical Controls
Answer Description
These safeguards are Physical Controls because they are tangible measures-locks, guards, badge readers, surveillance systems-that protect buildings, equipment, and personnel from physical threats. Technical controls secure information through technology (e.g., firewalls, IDS), managerial controls provide policies and governance, and operational controls address routine procedures like incident response and change management. As the scenario focuses on protecting the physical premises and hardware, Physical Controls are the correct classification.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some examples of Physical Controls in security?
How do Physical Controls differ from Technical Controls?
Can Physical Controls be integrated with other types of controls?
During an internal security review, your organization decides to replace its legacy perimeter-based defenses with a Zero Trust architecture. Which statement most accurately summarizes the guiding principle that distinguishes the Zero Trust Model from traditional approaches?
Enforcing multi-factor authentication for all access requests
Assuming no user, device, or network traffic should be trusted by default
Trusting all users and devices within the network perimeter
Granting least-privilege access to all users
Answer Description
Zero Trust follows a never-trust, always-verify philosophy: it assumes that no user, device, or network traffic is trustworthy by default, even when requests originate from inside the corporate network. Least-privilege access and multi-factor authentication are important security practices often used within Zero Trust environments, but they are not the principle itself.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is the Zero Trust Model necessary in modern networks?
How does Zero Trust differ from traditional security models?
What technologies support the implementation of Zero Trust?
Smashing!
Looks like that's it! You can go back and review your answers or click the button below to grade your test.