CompTIA Security+ Practice Test (SY0-701)
Use the form below to configure your CompTIA Security+ Practice Test (SY0-701). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.
CompTIA Security+ SY0-701 (V7) Information
CompTIA Security+ Certification Exam Overview
The CompTIA Security+ certification is a vendor-neutral credential that validates foundational security skills and knowledge. The current version of the exam is SY0-701. The SY0-701 exam is a computer-based test that consists of up to 90 questions, with a duration of 90 minutes. Candidates must achieve a minimum passing score of 750 points on a scale of 100-900.
Question Types on the Security+ Exam
The Security+ exam includes two primary types of questions:
- Multiple-Choice/Multiple-Selection Questions: These questions require candidates to select one or more correct answers from a list of options.
- Performance-Based Questions (PBQs): These questions involve solving problems in a simulated IT environment, such as command prompt or networking environments. PBQs are also featured in other CompTIA exams, like A+ and Network+.
Exam Prerequisites
CompTIA does not enforce any prerequisites for the Security+ exam. However, it is recommended that candidates have the CompTIA Network+ certification and at least two years of experience in IT administration with a focus on security. Additionally, CompTIA suggests that candidates be at least 13 years old.
Security+ Exam Domains
The SY0-701 exam focuses on five primary domains:
- General Security Concepts (12%)
- Threats, Vulnerabilities, and Mitigations (22%)
- Security Architecture (18%)
- Security Operations (28%)
- Security Program Management and Oversight (20%)
These domains are detailed in the exam objectives, which outline the scope of the test, including domain weighting, test objectives, and example topics.
Exam Renewal Policy
The Security+ certification, along with other CompTIA certifications, must be renewed every three years. The bridge exam scheme was retired on December 31, 2010. Post-January 1, 2011, all new certifications are valid for three years from the date of certification. Renewal can be achieved by passing the latest version of the exam or through the Continuing Education (CE) program. This program allows candidates to keep their skills current through various activities that demonstrate industry knowledge.
Testing Centers
CompTIA exams, including Security+, are available exclusively through Pearson VUE testing centers since July 9, 2012. Exams can be scheduled online, by phone, or at the testing center. Candidates can choose between in-person exams at Pearson VUE centers or online testing.
The CompTIA Security+ certification ensures that IT professionals possess the essential security skills and knowledge required to protect and manage today's increasingly complex IT environments.
More reading:
Free CompTIA Security+ SY0-701 (V7) Practice Test
Press start when you are ready, or press Change to modify any settings for the practice test.
- Questions: 15
- Time: Unlimited
- Included Topics:General Security ConceptsThreats, Vulnerabilities, and MitigationsSecurity ArchitectureSecurity OperationsSecurity Program Management and Oversight
Your employer allows BYOD because the company's software landscape is entirely based on SaaS applications on the internet. Recently, an employee's various accounts were accessed by a hacker. The user tells you they had different passwords for all of the applications. No one else has reported similar issues. After helping the user conduct a malware scan on their personal device, you find that they have malware that records input given to the PC by the user. What option best describes the type of malware found?
Keylogger
Virus
RAT
Worm
Answer Description
The malware found is a Keylogger. It records the input typed by the user and, in this case, recorded user account credentials (username and password) . Situations like this are common when companies allow Bring Your Own Device (BYOD), as network administrators have very limited control over devices not owned by the company. A RAT (Remote Access Trojan) is incorrect because its primary function is to provide remote control, though it may include keylogging capabilities; "Keylogger" is more specific to the described function . A Worm's primary characteristic is self-replication across a network, which is not described . A Virus attaches itself to other programs to replicate, which is too general and not the best description .
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a keylogger and how does it work?
What are some common signs that a device may be infected with a keylogger?
What precautions can be taken to prevent keylogger infections on personal devices?
What is the primary purpose of performing a packet capture in the context of network security?
To restrict access to network resources based on IP addresses
To provide network users with a secure method of file transfer
To collect and analyze network traffic for security monitoring and investigative purposes
To increase the bandwidth and performance of the network
Answer Description
A packet capture involves collecting all the packets that pass through a certain point on a network. It allows security professionals to see the data being transmitted over the network, which can be valuable for analyzing traffic, troubleshooting network problems, or investigating security incidents. Examining packet contents helps to identify malicious activities, policy violations, or unauthorized data exfiltration. It's a detailed form of network monitoring used to closely inspect network traffic.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What tools are commonly used for packet capture in network security?
How does packet capture help in identifying security threats?
What is the difference between a passive and active packet capture?
A security administrator is in the process of defining the initial set of security configurations that will be applied to all new devices in the company. Which of the following is the BEST method to achieve this objective?
Applying a standardized security configuration guide to the devices.
Enforcing full-disk encryption on all new devices.
Setting up a proper disposal and decommissioning process for devices.
Regularly patching the devices as part of routine maintenance.
Answer Description
Using a standardized security configuration guide specifically designed for the intended system or platform is the best method to establish a secure baseline. These guides, often developed by experts and incorporating industry best practices, ensure that all devices start from a common, secure state before being introduced into the production environment. They typically include settings and configurations that have been widely recognized and vetted for their effectiveness in securing devices. While patching, encryption, and decommissioning play roles in the lifecycle of maintaining security for active devices, they are not methods used for establishing the baseline itself.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a security configuration guide?
Why is establishing a baseline security configuration important?
What are some common elements included in a security configuration guide?
Which of the following BEST represents the concept of likelihood when performing a risk assessment?
Determining the potential impact on the company's reputation if a security incident were to occur.
Calculating the monetary loss that could occur if a threat exploits a vulnerability.
Assessing the cost and benefits of implementing additional security controls to address vulnerabilities.
Evaluating the probability that a vulnerability will be exploited by a threat within a given time frame.
Answer Description
Likelihood refers to the probability that a potential vulnerability could be exploited by a threat actor within a given time frame. Calculating likelihood involves evaluating how exposed the vulnerability is, the presence and capabilities of threat actors, the effectiveness of current controls, and the historical data of security incidents similar to the one being assessed. While options such as evaluating the impact of the threat and considering the cost of potential security controls are also parts of risk assessment, they do not directly relate to the determination of likelihood.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What factors should be considered when evaluating the likelihood of a vulnerability being exploited?
How does likelihood differ from impact in risk assessment?
What role does historical data play in assessing likelihood?
A financial services company notices that their online banking platform becomes unresponsive during certain peak hours despite having no unusual activity from legitimate users. The IT team suspects a network-based attack designed to overwhelm their servers. Which type of attack are they most likely experiencing?
DDoS
Credential Replay
DNS Spoofing
Wireless Eavesdropping
Answer Description
The correct answer is a Distributed Denial-of-Service (DDoS) attack. DDoS attacks aim to make an online service unavailable by overwhelming it with traffic from multiple sources, disrupting legitimate user access. Credential Replay involves reusing stolen credentials to gain unauthorized access, DNS Spoofing redirects traffic to malicious sites, and Wireless Eavesdropping intercepts wireless communications. None of these directly cause service unavailability through traffic overload.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a DDoS attack and how does it work?
What measures can organizations take to protect against DDoS attacks?
What are botnets and how are they related to DDoS attacks?
An organization's staff is distributed across varying locations, each with varying levels of network security. To strengthen their security posture for collaborative efforts, which measure would be most effective in ensuring authorized access to shared company resources?
Enforce a policy requiring users to change their passwords monthly.
Limit the connection times to shared resources to specific hours of the working day.
Implement multi-factor authentication for all users when accessing shared company resources.
Mandate email encryption for all internal and external communication.
Answer Description
Implementing multi-factor authentication (MFA) provides a powerful defense against unauthorized access, as it requires users to provide two or more verification factors to gain access to resources, thus protecting against compromised credentials. Email encryption is a security measure that protects the contents of emails but does not secure access to collaboration tools and resources. While limiting connection times could potentially reduce the window of opportunity for an attack, it would not be practical for collaboration needs and does not strengthen authentication methods. The frequency of changing passwords, without the additional step of verifying the user's identity, may be less effective against sophisticated attacks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is multi-factor authentication (MFA)?
Why is MFA important for remote teams?
How does MFA protect against common security threats?
A network scan of a public-facing server reveals that several ports are open. A system administrator confirms that one of these ports is not required for any of the server's intended applications or services. What is the primary security risk associated with this unnecessary open port?
It prevents legitimate users from accessing the server's intended services.
It increases the attack surface, providing an additional entry point for potential exploits or unauthorized access attempts.
It consumes a significant amount of CPU and memory resources, degrading server performance.
It will cause immediate data exfiltration from the server's primary application.
Answer Description
The correct answer is that an unnecessary open port increases the system's attack surface. Even if no legitimate service is running on the port, it can be probed by attackers using techniques like port scanning. This can reveal information about the operating system and attract further attacks, such as brute-force attempts or the exploitation of a vulnerability if a service is ever misconfigured or a malicious one is installed on that port. Unused ports do not inherently consume significant resources, cause data exfiltration, or block legitimate traffic to other services. Best practice is to close all unused ports to minimize the attack surface.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are network ports and how do they function?
What is port scanning and why is it a threat?
What are zero-day exploits and how do they relate to open ports?
Which of the following practices most clearly violates the principle of least privilege on user workstations in an enterprise environment?
Granting standard employees local administrator rights on their workstations
Assigning read-only permissions to employees who only need to view quarterly reports
Restricting database administrators to only the tables they maintain
Providing a time-limited privileged account to a support technician during system maintenance and removing it afterward
Answer Description
Granting standard employees local administrator rights exceeds what they need for their daily tasks and dramatically enlarges the potential attack surface, so it violates the principle of least privilege. The other options either restrict access to only what is required or provide temporary elevated rights that are revoked afterward, which aligns with the principle.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the principle of least privilege?
What are the risks of granting administrative access to general users?
How can organizations implement the principle of least privilege?
What type of risk assessment is conducted as needed, often in response to specific events or changes in the environment?
Recurring
Qualitative
Continuous
Ad Hoc
Answer Description
An 'Ad Hoc' risk assessment is performed as required, without a regular schedule, often in response to significant changes or new threats to an organization's environment. It contrasts with recurring or continuous assessments that happen at regular intervals or constantly, respectively. A 'Qualitative' risk assessment refers to the process that prioritizes risks based on their severity and impact, rather than their frequency or timing.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some examples of events or changes that might trigger an Ad Hoc risk assessment?
How does an Ad Hoc risk assessment differ from a recurring risk assessment?
What is a Qualitative risk assessment, and how does it relate to Ad Hoc assessments?
A lazy programmer at a startup was recently fired for sleeping at their cubicle. Angry about being fired and wanting revenge, the programmer accessed the admin panel of the startup's website using a method they had previously programmed into the application before being dismissed. With access to the admin panel, the former employee was able to delete user accounts from the database, causing significant issues for the company. Which of the following options best describes the methodology of the attack?
Ransomware
Backdoor
Rootkit
SQL injection
Answer Description
The programmer created a backdoor in the application to grant themselves access later on. The backdoor allowed them to bypass the application's usual authentication measures. A backdoor could also be set up by a malicious application, but in this case, it was the work of a lazy programmer who knew he would be fired soon.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a backdoor in cybersecurity?
How can backdoors be prevented in applications?
What are the implications of a backdoor attack for a company?
An IT administrator has noted several workstations in the company are exhibiting similar unsettling behaviors including unexpected slowdowns, random printing of documents, and system restarts occurring without user initiation. These anomalies are observed concurrently in various unrelated business units. What should the IT administrator suspect as the MOST plausible cause for these widespread and consistent issues?
The workstations are likely infected with a virus.
The systems are experiencing widespread hardware failure.
There is a script kiddie exploiting network vulnerabilities.
There is a misconfiguration of system settings across the network.
Answer Description
The specific behaviors outlined – notably the unanticipated system slowdowns, printing of documents without user commands, and unwarranted system restarts – are classic manifestations of a virus infection on a computer. A virus typically engages system resources, causing performance degradation, and can execute unauthorized tasks such as issuing print jobs or rebooting the computer. The cross-departmental propagation suggests the virus could be disseminating through mediums such as network drives, emails, or compromised files. A simple misconfiguration is unlikely to result in this diverse set of symptoms manifesting similarly across multiple disparate departments. While hardware failure can cause system issues, it would not lead to network-wide symptoms. Script kiddie activities, typically representing low-skill-level threats often using pre-made tools, would not commonly result in the widespread and uniform symptoms seen here.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the common symptoms of a virus infection on a computer?
How can a virus spread across multiple workstations in a network?
What steps should an IT administrator take when suspecting a virus infection?
What describes a model where data processing and decision-making are performed at various distributed network points rather than at a single central location?
Decentralized architecture
Hybrid architecture
Centralized architecture
Answer Description
A decentralized architecture spreads out processing and decision-making across multiple network points, which can provide resilience and reduce single points of failure. This is contrasted with a centralized architecture, where processes and decision-making are conducted in a single central location, which can become a single point of failure and may pose more risk if not adequately secured.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the advantages of decentralized architecture?
How does decentralized architecture improve security?
What are some examples of decentralized architectures?
When implementing password protection measures, which of the following best describes a salt in cryptographic terms?
A random value added to each password prior to hashing to ensure that the resulting hash will be unique
The act of repeatedly hashing a password multiple times to extend the amount of time required to hash passwords
An encryption method that dynamically changes the secret key based on a predefined algorithm
A verification process to confirm that a digital message or document is intact and unaltered
Answer Description
A salt in cryptography refers to a randomly generated value that is added to the password before hashing. The salt is not intended to remain secret; its primary purpose is to be unique for each user's password. This uniqueness prevents attackers from using precomputed tables (such as rainbow tables) to reverse hash values into passwords. It also ensures that even if two users have the same password, their hashed values will be distinct.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are rainbow tables and how do they relate to salts?
How is a salt generated and stored?
Why is it important to use unique salts for user passwords?
When a company needs to guard its intellectual property during transmission over a public network, which method should be employed to best secure the data, assure its integrity, and authenticate the communicators?
Enforcing the use of encrypted email services for sharing any sensitive documents
Digitally signing all documents before sharing via the company's standard email service
Utilizing an encrypted file transfer service for all outbound company communications
Employing an encrypted tunneling protocol for securing all company data transmissions
Answer Description
Employing an encrypted tunneling protocol is the best option for securing data sent across a public network because it encloses the data in an encrypted 'tunnel,' ensuring confidentiality and integrity while also providing a means of authenticating the parties involved. Only authorized users can access the tunnel, preventing unauthorized interception or alteration of data. Encrypted email services provide security for email message contents but are not comprehensive for all company data in transit. An encrypted file transfer would secure individual file transfers but lacks the full communication authentication features of a tunneling protocol. Meanwhile, solely digitally signing the documents secures authenticity and integrity, but does not encrypt the actual data contents, leaving them vulnerable if intercepted during transmission.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are encrypted tunneling protocols, and how do they work?
Why is it important to use encryption when transmitting data over a public network?
What are some examples of encrypted tunneling protocols available for companies?
Which firewall would you recommend if the organization is looking for a firewall with the added functionality of an IPS?
Layer 4
Layer 7
WAF
NGFW
Answer Description
A next-generation firewall (NGFW) combines the functionality of a traditional firewall with an IPS to provide additional security.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Next-Generation Firewall (NGFW)?
What is an Intrusion Prevention System (IPS)?
How does a NGFW differ from traditional firewalls?
Wow!
Looks like that's it! You can go back and review your answers or click the button below to grade your test.