CompTIA Security+ Practice Test (SY0-701)
Use the form below to configure your CompTIA Security+ Practice Test (SY0-701). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.
CompTIA Security+ SY0-701 (V7) Information
CompTIA Security+ Certification Exam Overview
The CompTIA Security+ certification is a vendor-neutral credential that validates foundational security skills and knowledge. The current version of the exam is SY0-701. The SY0-701 exam is a computer-based test that consists of up to 90 questions, with a duration of 90 minutes. Candidates must achieve a minimum passing score of 750 points on a scale of 100-900.
Question Types on the Security+ Exam
The Security+ exam includes two primary types of questions:
- Multiple-Choice/Multiple-Selection Questions: These questions require candidates to select one or more correct answers from a list of options.
- Performance-Based Questions (PBQs): These questions involve solving problems in a simulated IT environment, such as command prompt or networking environments. PBQs are also featured in other CompTIA exams, like A+ and Network+.
Exam Prerequisites
CompTIA does not enforce any prerequisites for the Security+ exam. However, it is recommended that candidates have the CompTIA Network+ certification and at least two years of experience in IT administration with a focus on security. Additionally, CompTIA suggests that candidates be at least 13 years old.
Security+ Exam Domains
The SY0-701 exam focuses on five primary domains:
- General Security Concepts (12%)
- Threats, Vulnerabilities, and Mitigations (22%)
- Security Architecture (18%)
- Security Operations (28%)
- Security Program Management and Oversight (20%)
These domains are detailed in the exam objectives, which outline the scope of the test, including domain weighting, test objectives, and example topics.
Exam Renewal Policy
The Security+ certification, along with other CompTIA certifications, must be renewed every three years. The bridge exam scheme was retired on December 31, 2010. Post-January 1, 2011, all new certifications are valid for three years from the date of certification. Renewal can be achieved by passing the latest version of the exam or through the Continuing Education (CE) program. This program allows candidates to keep their skills current through various activities that demonstrate industry knowledge.
Testing Centers
CompTIA exams, including Security+, are available exclusively through Pearson VUE testing centers since July 9, 2012. Exams can be scheduled online, by phone, or at the testing center. Candidates can choose between in-person exams at Pearson VUE centers or online testing.
The CompTIA Security+ certification ensures that IT professionals possess the essential security skills and knowledge required to protect and manage today's increasingly complex IT environments.
More reading:
Free CompTIA Security+ SY0-701 (V7) Practice Test
Press start when you are ready, or press Change to modify any settings for the practice test.
- Questions: 20
- Time: Unlimited
- Included Topics:General Security ConceptsThreats, Vulnerabilities, and MitigationsSecurity ArchitectureSecurity OperationsSecurity Program Management and Oversight
A company has recently deployed a new IoT device in their network. During the security assessment, it was found that the device is still using default credentials. Which of the following actions is the BEST immediate step to mitigate the potential exploitation of this device?
Conduct a thorough vulnerability scan of the device to find potential weaknesses.
Disable remote management features on the IoT device to limit network-based attacks.
Change the default username and password to a complex, unique credential set.
Update the IoT device firmware to the latest version available from the manufacturer.
Answer Description
Changing default credentials is an essential security measure to prevent unauthorized access, as many attack vectors involve using known defaults to gain control over systems. Attackers often rely on databases of default usernames and passwords-such as those exploited by the Mirai botnet-to compromise devices that have not had their credentials changed from the manufacturer's defaults. Regularly updating device passwords to complex, unique values greatly reduces this risk. Conducting a vulnerability scan or updating firmware, while important, would not address the immediate exposure created by default credentials. Disabling remote management could limit some attack vectors but still leaves the device vulnerable if the credentials remain unchanged.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is changing default credentials the best immediate step to secure IoT devices?
What is the Mirai botnet and how does it exploit IoT devices with default credentials?
Why are actions like updating firmware or disabling remote management less effective for immediate mitigation?
A security administrator is tasked with ensuring the organization's security policies and procedures remain effective. Which of the following represents the BEST approach for reviewing these documents?
Only when a major security incident or data breach occurs
On a periodic schedule and in response to significant organizational or environmental changes
Whenever a new technology system is introduced into the environment
At the beginning of each fiscal year when new budgets are allocated
Answer Description
Security policies and procedures should be treated as living documents. The best practice is to review them on a regular, scheduled basis (e.g., annually) and also whenever significant changes occur. Significant changes can include new regulatory requirements, major shifts in technology (like adopting a new cloud platform), emerging threats, or lessons learned from security incidents. Reviewing them only after a major incident is a reactive approach that fails to proactively address risks. While events like the introduction of a new technology or fiscal year planning might trigger reviews, a comprehensive approach involves both periodic reviews and event-driven updates.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a 'living document' in the context of security policies?
What are examples of 'significant organizational or environmental changes' that would trigger a review of security policies?
Why is reviewing security policies only after a major incident a poor approach?
Which of the following best represents the role of endpoint protection software as a system hardening technique in an organization's cybersecurity strategy?
To backup data periodically and ensure disaster recovery for individual endpoint devices
To manage user permissions and access control lists across the network
To provide comprehensive security measures, such as antivirus and personal firewall capabilities, to individual devices within a network
To optimize the performance and speed of endpoint devices for better user experience
Answer Description
Endpoint protection software's role as a system hardening technique is to enhance the security of individual devices within a network by providing a combination of various security measures against threats such as malware, exploits, and unauthorized access attempts. It typically includes functionalities like antivirus, antimalware, and personal firewalls. The correct answer encapsulates these capabilities. The incorrect answers either misrepresent the scope of endpoint protection or attribute unrelated functions to it.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is system hardening and why is it important for cybersecurity?
What specific threats does endpoint protection software defend against?
How does endpoint protection software differ from network-level security tools like firewalls?
When implementing password protection measures, which of the following best describes a salt in cryptographic terms?
An encryption method that dynamically changes the secret key based on a predefined algorithm
A verification process to confirm that a digital message or document is intact and unaltered
The act of repeatedly hashing a password multiple times to extend the amount of time required to hash passwords
A random value added to each password prior to hashing to ensure that the resulting hash will be unique
Answer Description
A salt in cryptography refers to a randomly generated value that is added to the password before hashing. The salt is not intended to remain secret; its primary purpose is to be unique for each user's password. This uniqueness prevents attackers from using precomputed tables (such as rainbow tables) to reverse hash values into passwords. It also ensures that even if two users have the same password, their hashed values will be distinct.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is a salt important in password hashing?
What is the difference between a salt and a hash?
Is the salt stored with the hashed password?
What type of security threat occurs when an attacker manipulates file-referencing variables with sequences like ../ to access files and commands located outside the web server's intended root folder?
Cross-site scripting
Buffer overflow
Directory traversal
SQL injection
Answer Description
A directory traversal attack, also known as path traversal, involves an attacker manipulating variables that reference files with dot-dot-slash (../) sequences to access restricted directories. This can lead to unauthorized viewing of sensitive files or execution of commands located outside of the web server's document root directory. SQL injection targets databases, buffer overflows target memory allocation, and cross-site scripting involves injecting malicious scripts into websites for users to execute; none of these match the described threat.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a directory traversal attack?
How can organizations prevent directory traversal attacks?
What are common indicators of a directory traversal attack?
A security analyst is reviewing the organization's incident reports and notices an incident where attackers sent deceptive messages to employees' mobile phones with the intent to trick them into sharing sensitive information. What type of attack does this scenario describe?
SMS phishing
Direct Malware Injection
Exploit Kits via MMS
Spyware Installation
Answer Description
This scenario describes a phishing attack that is conducted through SMS messages, commonly known as 'SMS phishing' or by its other name Smishing. Both 'Spyware Installation' and 'Direct Malware Injection' can be results of this kind of attack if the recipient takes the bait, but they are not names of the attack method itself. 'Exploit Kits via MMS' involve multimedia content and are not the same as text-based phishing attacks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is smishing, and how is it different from regular phishing?
How can users protect themselves from smishing attacks?
What role do mobile operating systems play in mitigating smishing attacks?
An organization is reviewing its security policies to better protect against unauthorized access to employee accounts. Which of the following would be the BEST mitigation strategy to prevent a brute force attack on user passwords?
Monitoring for unauthorized access attempts on user accounts
Disabling unused accounts
Implementing strong password policies that require complex passwords
Enabling account lockouts after a specified number of failed login attempts
Answer Description
Account lockouts are an effective mitigation strategy against brute force attacks because they prevent unlimited, rapid guessing of passwords by locking the account after a certain number of failed login attempts. This drastically reduces the attacker's ability to systematically try all possible password combinations, thus safeguarding against brute force attacks. While all other options can enhance security, they do not specifically address the prevention of brute force attacks on passwords as directly as account lockouts do. Strong password policies make it more difficult for brute force attacks to succeed but do not stop attempts. Monitoring for unauthorized access can detect an ongoing attack but may not prevent it. Disabling unused accounts helps reduce the attack surface but does not directly prevent a brute force attack on active accounts.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a brute force attack?
How do account lockouts protect against brute force attacks?
Why are strong password policies not sufficient to stop brute force attacks?
Which containment technique would be the best response when a system is believed to be infected with malware?
Determine the attack vector and disable it
Immediately segment the network into the smallest possible groups
Propagation
Isolate the affected systems
Answer Description
Containment techniques are options for limiting the spread of malware after it has been discovered on a network. The best response is to isolate any systems that are infected or believed to be infected so they cannot propagate the malware to other systems. From the security and IT teams can begin determining the impact and remediation options.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is isolating the affected systems considered the best containment method for malware?
What steps should be taken after a system is isolated due to suspected malware?
How does malware propagation work, and why is it important to prevent it early?
An analyst is reviewing application logs to identify unauthorized access to confidential files. Which of the following BEST indicates an incident that requires immediate investigation?
Frequent connection errors to the database server from an application's service account.
A single failed login attempt from a known user's IP address.
Repeated application time-outs during peak business hours.
Multiple failed login attempts followed by a successful login in a short time frame.
Answer Description
An unauthorized user attempting to access confidential files can be detected through application logs by the presence of multiple failed login attempts followed by a successful login, especially if the timestamps of these events suggest that they occurred in rapid succession. This could imply a brute force attack or the compromise of legitimate credentials. It's essential to investigate such anomalies to prevent potential data breaches. Repeated timeouts suggest a denial of service condition but don't necessarily indicate unauthorized file access, while connection errors and single login failures are common and might not represent security incidents.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a brute force attack?
Why are timestamps important when investigating security incidents?
What are application logs and why are they useful?
What term best describes an attribute of a security architecture focused on continuing service delivery in the event of component failures or other issues?
Scalability
Resilience
Responsiveness
Maintainability
Answer Description
Resilience refers to the ability of a system to continue to operate properly in the face of adversity. This can include redundancy, fault tolerance, and robust design choices that allow a system to endure and recover from disruptions. Scalability refers to the capacity of a system to handle growth, while maintainability concerns the ease with which a system can be kept operational. Responsiveness measures how quickly a system reacts to input.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is system resilience in security architecture?
How does resilience differ from fault tolerance?
What strategies can enhance resilience in security architecture?
During routine maintenance, a technician finds a wireless router connected to the corporate network that was not installed by the IT department. An investigation reveals that an employee installed the router for personal convenience to use a laptop wirelessly. What type of threat actor does this scenario represent?
Unskilled attacker
Shadow IT
Insider threat
Organized crime
Answer Description
Shadow IT refers to hardware or software deployed on a network that is not authorized or managed by the IT department. This scenario is a classic example of Shadow IT. While it is a form of an insider threat, 'Shadow IT' is the more specific and accurate term, as the employee's intent was not overtly malicious.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Shadow IT?
Why is Shadow IT a security risk?
How can organizations prevent Shadow IT?
A system administrator has been tasked with securing data at rest for a company's document storage server, ensuring maximum confidentiality. Which of the following solutions would be the MOST appropriate to accomplish this task?
Encrypt each document individually with a unique key.
Ensure Secure Socket Layer (SSL)/Transport Layer Security (TLS) is enabled on the server.
Implement full disk encryption on the document storage server drive.
Utilize a VPN with robust encryption for accessing documents remotely.
Answer Description
Full disk encryption (FDE) is the correct choice as it provides comprehensive encryption of all data on the storage medium, ensuring that without the appropriate decryption key, no data can be read, regardless of the system state or whether the storage device is transferred to another machine. Encrypting individual files, while useful, does not offer the same level of protection if an attacker gains access to the underlying file system. Encrypting data using a VPN only secures data in transit, not at rest. SSL/TLS also protects data in transit and does not apply to data at rest.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is full disk encryption (FDE) and how does it work?
Why is full disk encryption more secure than encrypting files individually?
What is the difference between data at rest and data in transit, and how do encryption methods differ for each?
A network technician is performing the initial setup of a new wireless router. Which of the following is the most important first step the technician should take to secure the device?
Implementing port forwarding
Disabling unused ports
Updating the firmware to the latest beta release
Changing the default credentials
Answer Description
Changing the default credentials of a router is the most effective first step in securing a router because factory-set usernames and passwords are often well-known and easily discoverable by malicious actors. Manufacturers often use the same default credentials across similar router models, which can be easily exploited if not changed. While other hardening steps like disabling unused ports and keeping firmware updated are important, an easily guessable default password presents the most immediate and critical vulnerability.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is changing the default credentials on a wireless router critical for security?
What are some best practices for creating strong credentials for a wireless router?
What is the significance of updating router firmware, and why is the latest beta firmware not recommended?
An organization wants to gather intelligence on attack techniques by implementing a system that mimics vulnerable services and records interactions with potential intruders. Which of the following would BEST achieve this goal?
Honeypot
Firewall configured with logging
Vulnerability scanner
Intrusion detection system
Answer Description
A honeypot is designed to appear as a vulnerable system to attract attackers. By mimicking services and recording interactions, it allows organizations to study attack methods without compromising actual assets. While an intrusion detection system monitors network traffic for suspicious activity, it does not simulate vulnerable services. A firewall configured with logging controls access but doesn't engage attackers to gather intelligence. A vulnerability scanner identifies weaknesses but doesn't record attacker interactions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a honeypot and how does it work?
How does a honeypot differ from an Intrusion Detection System (IDS)?
What are the risks of deploying a honeypot?
An attacker has setup a fraudulent wireless access point on a company’s network that mimics one of the network’s legitimate access points. Through this fraudulent access point the attacker can gain access to the sensitive information transmitted by those who unwittingly connect to it. This fraudulent access point is known as what?
Disassociation
Evil twin
Rouge access point
Jamming
Answer Description
A fraudulent access point that appears to be legitimate used by an attacker to gain access to network traffic is called an evil twin. The attacker can possibly can access to information such as passwords and PII.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does an evil twin attack work?
How is an evil twin different from a rogue access point?
What security measures can prevent an evil twin attack?
A company needs to systematically manage updates and modifications to its IT systems to prevent unintended consequences during regular operations. Which operational control MOST effectively addresses this need?
Change management
Security awareness training
Encryption protocols
Intrusion detection
Answer Description
Change management is an operational control that provides a structured approach for handling modifications to systems. It ensures that all changes are properly reviewed, tested, and approved before implementation, minimizing the risk of disruptions. Intrusion detection is a technical control that monitors for security breaches, security awareness training is a managerial control focused on educating staff, and encryption protocols are technical controls for data protection. Therefore, change management is the most effective operational control for managing system updates and modifications in day-to-day operations.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are operational controls in IT management?
How does change management minimize risk in IT systems?
Why is change management better suited for system updates than intrusion detection?
Which power solution would be the BEST option for a business to maintain data center operations during a short-term power outage and to facilitate graceful shutdown of servers if the outage persists?
Multiple power circuits designed to take over if one fails
A device that generates power after a startup delay and supports long-term outages
A device providing backup power and power conditioning, capable of initiating a controlled shutdown
A device that guards against electrical power surges and spikes only
Answer Description
An Uninterruptible Power Supply provides immediate backup power to connected systems in the event of a power failure, ensuring continuity of operations for a short duration. This allows for continued operation during brief outages and can signal connected devices to execute a safe shutdown process if the outage is prolonged, preserving data integrity. In contrast, surge protectors do not provide backup power but only protect against voltage spikes. Generators may supply power for extended outages but typically have a startup delay and do not supply power instantaneously. Redundant power circuits offer resilience to a failure in one circuit but do not address an outage affecting all primary power sources.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the key functions of an Uninterruptible Power Supply (UPS)?
How does a generator differ from a UPS?
Why do servers need to perform a graceful shutdown during outages?
An employee in your organization received a call from an individual claiming to be from the IT department. The caller stated they were conducting routine security checks and needed the employee's username and password to ensure his account is secure. The caller is exceptionally polite and knowledgeable about company protocols. Which type of social engineering attack is MOST likely occurring?
Pretexting
Baiting
Phishing
Quid pro quo
Answer Description
Pretexting involves the creation of a fabricated scenario designed to persuade a victim to release information or perform some action. In this case, the attacker is pretending to be a familiar and legitimate entity—such as an IT department representative—to gain the trust of the employee and obtain sensitive information. This is a common tactic where attackers carefully craft a believable story that seems legitimate to the victim.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are common tactics used in pretexting attacks?
How is pretexting different from phishing?
What are some ways organizations can prevent pretexting attacks?
During an internal audit, it was discovered that an organization lacked a formal process for employees to report security vulnerabilities. To rectify this, the auditor recommended the creation of a new document. Which document should specifically outline the procedures for reporting security weaknesses?
Business Continuity Policy
Incident Response Policy
Disaster Recovery Policy
Change Management Policy
Answer Description
The Incident Response Policy is designed to provide a framework for reporting and managing security incidents, which includes vulnerabilities. Implementing this policy helps establish clear procedures for employees to follow in the event of a security weakness, ensuring a coherent and swift response. The Disaster Recovery and Business Continuity policies are concerned with maintaining operations during and after a disaster, not the reporting of vulnerabilities. Change Management policies guide the process for system changes but are not specific to security incident reporting.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is the Incident Response Policy recommended for reporting security vulnerabilities?
What differentiates the Incident Response Policy from the Change Management Policy?
How does the Incident Response Policy fit into the larger security framework of an organization?
A company's workforce is highly mobile with employees frequently travelling and working from remote locations. The IT security department needs to ensure that the devices used by this mobile workforce are consistently assessed for vulnerabilities. Which strategy would be most effective for maintaining the security posture of these devices when they are not connected to the company’s network?
Schedule scans using an agentless vulnerability scanning solution when devices are known to be connected to the company's VPN.
Only allow devices to connect to the network through wired connections within the company's premises to ensure constant vulnerability assessments.
Deploy a client-based vulnerability scanning solution with agents installed on each device.
Setup a vulnerability scanning service which all devices must connect to monthly.
Answer Description
For devices that are often off the company's network, a client-based solution, which involves installing an agent on each device, is most effective. This agent can perform vulnerability assessments independently of the device's network connection. Agentless solutions, on the other hand, require that devices be connected to the network for assessments to occur, which is not practical for a mobile workforce.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a client-based vulnerability scanning solution?
Why is an agentless scanning solution not ideal for mobile workforces?
How do agents in client-based solutions perform vulnerability assessments offline?
Woo!
Looks like that's it! You can go back and review your answers or click the button below to grade your test.