CompTIA Security+ Practice Test (SY0-701)
Use the form below to configure your CompTIA Security+ Practice Test (SY0-701). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.
CompTIA Security+ SY0-701 (V7) Information
CompTIA Security+ Certification Exam Overview
The CompTIA Security+ certification is a vendor-neutral credential that validates foundational security skills and knowledge. The current version of the exam is SY0-701. The SY0-701 exam is a computer-based test that consists of up to 90 questions, with a duration of 90 minutes. Candidates must achieve a minimum passing score of 750 points on a scale of 100-900.
Question Types on the Security+ Exam
The Security+ exam includes two primary types of questions:
- Multiple-Choice/Multiple-Selection Questions: These questions require candidates to select one or more correct answers from a list of options.
- Performance-Based Questions (PBQs): These questions involve solving problems in a simulated IT environment, such as command prompt or networking environments. PBQs are also featured in other CompTIA exams, like A+ and Network+.
Exam Prerequisites
CompTIA does not enforce any prerequisites for the Security+ exam. However, it is recommended that candidates have the CompTIA Network+ certification and at least two years of experience in IT administration with a focus on security. Additionally, CompTIA suggests that candidates be at least 13 years old.
Security+ Exam Domains
The SY0-701 exam focuses on five primary domains:
- General Security Concepts (12%)
- Threats, Vulnerabilities, and Mitigations (22%)
- Security Architecture (18%)
- Security Operations (28%)
- Security Program Management and Oversight (20%)
These domains are detailed in the exam objectives, which outline the scope of the test, including domain weighting, test objectives, and example topics.
Exam Renewal Policy
The Security+ certification, along with other CompTIA certifications, must be renewed every three years. The bridge exam scheme was retired on December 31, 2010. Post-January 1, 2011, all new certifications are valid for three years from the date of certification. Renewal can be achieved by passing the latest version of the exam or through the Continuing Education (CE) program. This program allows candidates to keep their skills current through various activities that demonstrate industry knowledge.
Testing Centers
CompTIA exams, including Security+, are available exclusively through Pearson VUE testing centers since July 9, 2012. Exams can be scheduled online, by phone, or at the testing center. Candidates can choose between in-person exams at Pearson VUE centers or online testing.
The CompTIA Security+ certification ensures that IT professionals possess the essential security skills and knowledge required to protect and manage today's increasingly complex IT environments.
More reading:
Free CompTIA Security+ SY0-701 (V7) Practice Test
Press start when you are ready, or press Change to modify any settings for the practice test.
- Questions: 20
- Time: Unlimited
- Included Topics:General Security ConceptsThreats, Vulnerabilities, and MitigationsSecurity ArchitectureSecurity OperationsSecurity Program Management and Oversight
Which of the following BEST illustrates the purpose of performing regular self-assessments of security governance within an organization?
To ensure that all new technological implementations are secure before they go live into the production environment.
To assess individual employee compliance with security training requirements on an annual basis.
To measure and analyze the effectiveness and compliance of the security governance against internal standards and regulatory requirements.
To reactively provide details to stakeholders following a security breach or incident.
Answer Description
Regular self-assessments allow an organization to measure and analyze the effectiveness, efficiency, and compliance of its security governance against internal standards and regulatory requirements. This proactive approach serves to identify gaps or weaknesses before they can be exploited, providing an opportunity for improvements and risk mitigation strategies to be implemented. Assessments focused only on technology do not capture the full scope of security governance, and limiting assessments to after an incident occurs would not provide the proactive benefits of regular, preemptive analysis and adjustments.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is security governance important for an organization?
What are some examples of internal standards and regulatory requirements in security governance?
What are the main components of a regular self-assessment in security governance?
You are responsible for application security for a small startup. You are responsible for conducting regular penetration tests. Recently the startup has faced some budget issues and lacks the funds to create a stand alone system to be used for vulnerability scanning applications. Due to this constraint you must conduct vulnerability scans on the live system (the same one being used by customers). What type of scan should be used to ensure vulnerabilities are found but not executed?
credentialed
non-credentialed
intrusive
non-intrusive
Answer Description
As you are scanning the live/production system a non-intrusive scan is best. Non-intrusive means security issues will be identified but not exploited as to not negatively impact the system. The issue with this is some vulnerabilities cannot be found without trying an exploit (e.g. a SQL injection to delete data can't be tested without actually deleting data). Due to this the scenario described in the question is not ideal and it's possible vulnerabilities that exist will not be found.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a non-intrusive scan?
Why might some vulnerabilities remain undetected during non-intrusive scans?
How does a non-intrusive scan differ from an intrusive scan?
An organization wants to enhance server security by implementing a hardware device that can securely generate and manage cryptographic keys and offload cryptographic operations from the servers, thereby improving performance and security. Which of the following would BEST meet this requirement?
Key Management System
Secure Enclave
Hardware Security Module
TPM
Answer Description
A Hardware Security Module (HSM) is a dedicated hardware device designed to securely generate, store, and manage cryptographic keys and perform cryptographic operations. By offloading these tasks from servers, HSMs improve both security and performance in enterprise environments.
A TPM is a hardware chip embedded on a computer's motherboard, primarily used to store cryptographic keys and ensure platform integrity, but it's not designed to offload cryptographic processing from servers.
A Secure Enclave is a secure area within a processor for executing sensitive code, commonly found in mobile devices; it does not function as a separate hardware device for server cryptographic operations.
A Key Management System typically refers to software solutions for managing cryptographic keys' lifecycle but does not provide hardware-based processing capabilities.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the primary function of a Hardware Security Module (HSM)?
How does a TPM differ from an HSM?
Why is a Key Management System (KMS) not the best solution for securely generating and managing cryptographic keys?
Which of the following password policies is likely to provide the highest security?
Long passwords consisting solely of alphabetic characters
Passwords comprising common keyboard paths, changed monthly
Password length of 16 mixed characters with no dictionary words
Mandatory password change every 30 days without complexity requirements
Answer Description
The correct answer 'Password length of 16 mixed characters with no dictionary words' embodies multiple best practices for password security, including a long length and the avoidance of dictionary words which can be susceptible to dictionary attacks. Using common keyboard paths (like 'qwerty') provides patterns that can be easily exploited, and relying solely on length without considering the use of mixed character types or avoiding common words can still lead to vulnerabilities. While having a password expiration policy can be a beneficial security practice, without further context of password complexity requirements, it does not inherently guarantee a high level of security.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is password length important for security?
What are dictionary attacks, and how can they be mitigated?
Why are common patterns, like keyboard paths, insecure for passwords?
Which feature of an Intrusion Detection/Prevention System (IDS/IPS) is leveraged to provide up-to-date capabilities in detecting and preventing the latest known attack vectors?
Configuration changes
Rule adjustments
Novel software updates
Signature updates
Answer Description
Signature updates in an IDS/IPS are vital to maintain the system's effectiveness against new threats. As attack methodologies evolve, the system must be updated with information about these new threats to accurately detect and potentially prevent them. Novel software updates would pertain to general software enhancements rather than threat intelligence. Configuration changes may improve system performance but do not directly relate to new threat intelligence. Rule adjustments generally involve customizing how the system responds to detected threats, not updating its threat detection capabilities.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the role of signature updates in an IDS/IPS?
How do signature updates differ from software or patch updates?
What happens if signature updates are delayed in an IDS/IPS?
A security audit of a financial application reveals a critical vulnerability. The application first checks a user's account balance to authorize a transfer (time-of-check) and then, in a separate step, processes the withdrawal (time-of-use). An attacker found that by sending multiple, simultaneous requests, they could withdraw funds exceeding their actual balance because the balance was not locked during the transaction. Which of the following vulnerabilities does this scenario describe?
Race condition
Buffer overflow
Privilege escalation
SQL injection
Answer Description
This scenario describes a race condition, specifically a Time-of-check to Time-of-use (TOCTOU) vulnerability. The application checks a condition (the account balance) at one point in time but uses the result of that check at a later point. An attacker can exploit the delay between the check and the use to change the state (in this case, by initiating another withdrawal), leading to unexpected and insecure behavior like withdrawing more money than is available in the account.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a race condition?
What is TOCTOU (Time-of-check to Time-of-use)?
How can race conditions like TOCTOU be mitigated?
Your employer is planning to place wireless devices at the entrance of their retail locations. The devices will use WiFi to connect to the store's wireless network and use beams of light to detect when someone enters through the entrance. Other than WiFi, what type of wireless communication is being used?
802.11
NFC
Bluetooth
Infrared
Answer Description
Infrared is the only option that uses light as a communication medium. 802.11 (the standard for WLAN), Near Field Communication (NFC) & Bluetooth all use Radio Frequencies. Infrared is best for the type of device in the question as it requires line of sight to operate. When LOS is broken the device will register a person in the entrance.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Line of Sight (LOS) in infrared communication?
Why can't WiFi, NFC, or Bluetooth replace infrared in the described scenario?
Where else is infrared communication commonly used?
A company's workforce is highly mobile with employees frequently travelling and working from remote locations. The IT security department needs to ensure that the devices used by this mobile workforce are consistently assessed for vulnerabilities. Which strategy would be most effective for maintaining the security posture of these devices when they are not connected to the company’s network?
Schedule scans using an agentless vulnerability scanning solution when devices are known to be connected to the company's VPN.
Deploy a client-based vulnerability scanning solution with agents installed on each device.
Only allow devices to connect to the network through wired connections within the company's premises to ensure constant vulnerability assessments.
Setup a vulnerability scanning service which all devices must connect to monthly.
Answer Description
For devices that are often off the company's network, a client-based solution, which involves installing an agent on each device, is most effective. This agent can perform vulnerability assessments independently of the device's network connection. Agentless solutions, on the other hand, require that devices be connected to the network for assessments to occur, which is not practical for a mobile workforce.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a client-based vulnerability scanning solution?
Why is an agentless scanning solution not ideal for mobile workforces?
How do agents in client-based solutions perform vulnerability assessments offline?
Which data type specifically refers to information whose collection, storage, and transmission are governed by external laws or industry regulations such as HIPAA for medical records or PCI-DSS for credit-card information?
Trade secret
Regulated
Intellectual property
Public
Answer Description
Regulated data is subject to statutes or industry frameworks that prescribe how it must be secured (for example, HIPAA, FERPA, GDPR, or PCI-DSS). Because non-compliance can trigger fines and legal liability, organizations must implement controls such as encryption, strict access control, and auditing. Other data types like trade secrets or intellectual property may be highly valuable but are not dictated by external regulations in the same way.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is HIPAA and how does it apply to regulated data?
How does PCI-DSS help secure regulated data in the context of credit card information?
What’s the difference between regulated data and trade secrets?
A security analyst has just finished applying patches to a critical server to address several vulnerabilities discovered during a recent scan. What is the most important next step the analyst should take to validate the remediation efforts?
Reboot the server to ensure all patches are fully applied.
Review the server's event logs for new error messages.
Perform a follow-up vulnerability scan on the server.
Document the applied patches in the change management system.
Answer Description
The correct action is to perform a follow-up vulnerability scan. Rescanning is an essential step to verify that the applied patches have successfully remediated the identified vulnerabilities and to ensure that no new vulnerabilities were introduced in the process. Reviewing event logs, rebooting the server, and documenting the changes are all plausible activities, but they do not directly validate that the security flaw has been eliminated. Documentation is a procedural step, and rebooting is part of the patching process itself, not the validation phase.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is a follow-up vulnerability scan necessary after patching?
What is the difference between patching and validation?
Can a vulnerability scan detect all potential security risks on a server?
A group of attackers targets a corporation's network because they disagree with its environmental practices. Which motivation best describes their actions?
Financial gain
Blackmail
Data exfiltration
Philosophical/political beliefs
Answer Description
The attackers are driven by their ideological differences with the corporation's environmental practices. This is a case of philosophical or political beliefs motivating cyber attacks. They are not seeking financial gain, engaging in blackmail, or attempting to steal data.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between ideological hacking and financially motivated hacking?
What are some other examples of attacks driven by philosophical or political beliefs?
What strategies can organizations use to protect against ideologically motivated cyber attacks?
Which password attack technique involves attempting access with a set of commonly used passwords on multiple user accounts to avoid account lockout policies?
Brute force attack
Password spraying
Credential stuffing
Dictionary attack
Answer Description
Password spraying is a technique used by attackers where they try common passwords against many different accounts to find a match. They do this without triggering the account's lockout policy as they do not make too many attempts on a single account. It differs from brute force attacks which generally try many password combinations on one account, potentially triggering lockout mechanisms.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does password spraying avoid account lockout policies?
How is password spraying different from a brute force attack?
What tools or methods are commonly used in password spraying attacks?
Regular auditing of user permissions and access rights primarily belongs to which type of security control?
Corrective control
Deterrent control
Preventive control
Detective control
Answer Description
Auditing gathers evidence after the fact by reviewing log and permission data to uncover unauthorized access or policy violations. Because it identifies issues that have already occurred, its chief purpose is detection, not prevention, correction, or deterrence. Therefore, it is categorized as a detective control.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of a detective control in security?
How does regular auditing align with the detective control category?
Can you explain the difference between preventive, detective, and corrective controls?
What is the primary benefit of using containerization in a security architecture?
It ensures that applications have direct access to hardware resources.
It integrates all applications into one operating system for better performance.
It isolates applications to enhance security and manageability.
It automates the process of data recovery.
It allows unlimited data storage capacity.
It completely eliminates the need for physical servers.
Answer Description
Containerization provides a lightweight alternative to full virtualization by encapsulating an application in a container with its own operating environment. This isolation ensures that applications do not interfere with each other and can be managed independently, enhancing security by containing potential breaches within the isolated environment of the container.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does containerization differ from full virtualization?
What security benefits does containerization provide?
What is a practical example of using containerization in security?
An administrator needs to securely access and manage servers located in an isolated, high-security network segment. To minimize the attack surface, direct administrative access from the general corporate network is prohibited. Which of the following should be used to provide a controlled and monitored entry point for this purpose?
Jump server
VPN concentrator
Proxy server
Load balancer
Answer Description
A jump server, also known as a jump host or bastion host, is a hardened server that acts as a secure intermediary and single point of entry for administrators to connect to other devices in a separate security zone. This approach centralizes access control and monitoring.
A proxy server primarily acts as an intermediary for user requests to other servers (like web servers), but it is not specifically designed for administrative access sessions. A load balancer distributes incoming traffic across multiple servers to improve availability and performance but does not serve as a secure administrative gateway. A VPN concentrator is used to establish secure, encrypted tunnels for remote access, but it typically provides broader network-level access rather than the specific, audited host-to-host administrative access that a jump server provides.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a jump server and how does it provide secure access?
Why is a VPN concentrator not suitable for controlling administrative access?
How does a jump server differ from a proxy server in function?
An application has a security flaw that enables attackers to run their own code on another user's system without any direct interaction from the victim. Which category does this vulnerability belong to?
A Man-in-the-Middle vulnerability in communications
A vulnerability that allows unauthorized code execution remotely
An injection vulnerability enabling unauthorized data submission
A vulnerability leading to a Denial of Service
Answer Description
This type of security flaw is categorized as a vulnerability that allows unauthorized code execution remotely, typically without the need for user interaction, which is a hallmark characteristic of vulnerabilities that allow execution of arbitrary code on a victim's system. 'Injection' is incorrect since it generally refers to inserting untrusted input into a program, such as SQL injection, which may lead to data leaks rather than code execution. 'Denial of Service' focuses on making resources unavailable to legitimate users, and while it can be a serious issue, it does not involve unauthorized code execution. 'Man-in-the-Middle' is not a vulnerability classification but a type of attack that involves intercepting and possibly altering communications between two parties without their knowledge.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is remote code execution (RCE)?
How does RCE differ from injection attacks?
How can remote code execution vulnerabilities be mitigated?
An organization needs to ensure that its most critical systems are protected from external network threats and unauthorized access. Which of the following methods provides the MOST secure way to achieve this level of isolation?
Employ network address translation (NAT) for these devices
Implement an air-gapped network for these systems
Use a VLAN to segment these systems from the corporate network
Install a firewall to filter traffic between these systems and other networks
Answer Description
Implementing an air-gapped network means these critical systems are physically disconnected from any other networks and the internet, providing the highest level of isolation. This prevents remote access and network-based attacks. While using VLANs, firewalls, or NAT can enhance security through logical segmentation and filtering, they do not offer the same level of isolation because the systems remain connected to other networks, potentially exposing them to threats.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an air-gapped network?
Why is an air-gapped network more secure than a VLAN?
What are some disadvantages of using an air-gapped network?
When using security controls, at times you will need additional controls to make up for the shortcoming of existing controls. This is called what kind of control?
Preventive
Detective
Compensating
Corrective
Answer Description
When an existing security control is found to not mitigate risk down to an acceptable level, a compensating control can be used to bring the risk to the desired level.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a compensating control?
How do compensating controls differ from corrective controls?
Can compensating controls be used in place of all other security controls?
A network technician is tasked with planning a new wireless network deployment for an office building. The technician has the architectural blueprints for the facility. Which of the following is the MOST crucial step to take to ensure optimal and secure wireless coverage?
Conduct a physical site survey to identify RF interference and physical obstructions.
Place access points near existing network drops as indicated on the blueprints.
Calculate the required number of access points based on the building's total square footage.
Use a predictive modeling tool with the blueprints to determine access point placement.
Answer Description
While architectural blueprints are useful for an initial predictive survey, they do not provide information about potential radio frequency (RF) interference, the signal attenuation properties of various building materials, or other environmental factors. A physical site survey is essential to identify sources of interference (like neighboring networks, microwave ovens, or industrial equipment), discover unexpected physical obstructions, and measure actual signal propagation. This allows for the strategic placement of access points to ensure comprehensive coverage, strong signal strength, and a secure and reliable network, which cannot be guaranteed by blueprints alone.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is a physical site survey essential for wireless network deployment?
What is radio frequency (RF) interference, and how does it impact wireless networks?
What tools are commonly used during a physical site survey?
A security administrator needs to block all incoming, unencrypted web traffic to a company's public web server at IP address 10.10.5.25. To accomplish this, the administrator is writing a new firewall rule. Which of the following rules will successfully implement this policy?
deny tcp any host 10.10.5.25 eq 443
deny tcp any host 10.10.5.25 eq 80
allow tcp any host 10.10.5.25 eq 80
deny udp any host 10.10.5.25 eq 80
Answer Description
The correct rule to block unencrypted web traffic (HTTP) is deny tcp any host 10.10.5.25 eq 80. This rule correctly identifies the 'deny' action, the 'tcp' protocol used by HTTP, any source address ('any'), the specific destination server ('host 10.10.5.25'), and the correct destination port for HTTP ('eq 80'). The other options are incorrect because they either block the wrong port (443 for HTTPS), use the wrong protocol (UDP), or perform the wrong action (allow).
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an ACL?
Why is traffic on port 80 significant?
How does denying 'tcp any server tcp 80' work?
Neat!
Looks like that's it! You can go back and review your answers or click the button below to grade your test.