CompTIA Security+ Practice Test (SY0-701)
Use the form below to configure your CompTIA Security+ Practice Test (SY0-701). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.
CompTIA Security+ SY0-701 (V7) Information
CompTIA Security+ Certification Exam Overview
The CompTIA Security+ certification is a vendor-neutral credential that validates foundational security skills and knowledge. The current version of the exam is SY0-701. The SY0-701 exam is a computer-based test that consists of up to 90 questions, with a duration of 90 minutes. Candidates must achieve a minimum passing score of 750 points on a scale of 100-900.
Question Types on the Security+ Exam
The Security+ exam includes two primary types of questions:
- Multiple-Choice/Multiple-Selection Questions: These questions require candidates to select one or more correct answers from a list of options.
- Performance-Based Questions (PBQs): These questions involve solving problems in a simulated IT environment, such as command prompt or networking environments. PBQs are also featured in other CompTIA exams, like A+ and Network+.
Exam Prerequisites
CompTIA does not enforce any prerequisites for the Security+ exam. However, it is recommended that candidates have the CompTIA Network+ certification and at least two years of experience in IT administration with a focus on security. Additionally, CompTIA suggests that candidates be at least 13 years old.
Security+ Exam Domains
The SY0-701 exam focuses on five primary domains:
- General Security Concepts (12%)
- Threats, Vulnerabilities, and Mitigations (22%)
- Security Architecture (18%)
- Security Operations (28%)
- Security Program Management and Oversight (20%)
These domains are detailed in the exam objectives, which outline the scope of the test, including domain weighting, test objectives, and example topics.
Exam Renewal Policy
The Security+ certification, along with other CompTIA certifications, must be renewed every three years. The bridge exam scheme was retired on December 31, 2010. Post-January 1, 2011, all new certifications are valid for three years from the date of certification. Renewal can be achieved by passing the latest version of the exam or through the Continuing Education (CE) program. This program allows candidates to keep their skills current through various activities that demonstrate industry knowledge.
Testing Centers
CompTIA exams, including Security+, are available exclusively through Pearson VUE testing centers since July 9, 2012. Exams can be scheduled online, by phone, or at the testing center. Candidates can choose between in-person exams at Pearson VUE centers or online testing.
The CompTIA Security+ certification ensures that IT professionals possess the essential security skills and knowledge required to protect and manage today's increasingly complex IT environments.
More reading:
Free CompTIA Security+ SY0-701 (V7) Practice Test
Press start when you are ready, or press Change to modify any settings for the practice test.
- Questions: 20
- Time: Unlimited
- Included Topics:General Security ConceptsThreats, Vulnerabilities, and MitigationsSecurity ArchitectureSecurity OperationsSecurity Program Management and Oversight
What is the primary role of a generator within the security architecture of a data center?
To provide backup power in the event of a main power supply failure
To cool down the server racks and prevent overheating
To serve as a primary power source during peak operation times
To regulate the distribution of power to different circuits
Answer Description
The primary role of a generator in the security architecture of a data center is to provide backup power in the event that the main power supply fails. This ensures that critical systems remain operational during power outages, thus maintaining high availability and preventing potential security breaches that could occur due to system downtime.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is a backup power source like a generator critical for data center security?
How does a data center's uninterruptible power supply (UPS) work with a generator?
What are some other components of a data center's power management strategy beyond generators?
A company develops a third-party application that needs to access user data from a popular social media platform without exposing user credentials. Which method provides the most secure way for the application to request and receive authorization to access the platform's data on the user's behalf?
Store user credentials locally on the user device and reuse them to authenticate every session with the social media platform.
Use the OAuth protocol to request an authorization code and exchange it for an access token from the social media platform.
Use basic access authentication by sending a base64-encoded string containing the user's username and password in each request.
Embed user credentials in the application code and authenticate directly with the social media platform.
Answer Description
OAuth enables a user to grant a third-party application scoped access by issuing an access token through the platform's authorization server. Because the token, not the user's password, is presented in subsequent API calls, the user's credentials remain undisclosed. Methods that embed or transmit passwords-whether stored locally, hard-coded, or sent with basic authentication-violate least-privilege and credential-handling best practices and are therefore less secure.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is OAuth, and how does it work?
How does using OAuth align with the principle of least privilege?
What are the security risks of embedding or storing user credentials in an application?
What improvements does a VLAN offer for network security?
Allows for session dropping in the event of an anomaly detection
Provides layer 4 filtering (TCP/UDP)
Logically separates network segments
Physically restricts unauthorized devices from network access
Answer Description
A Virtual Local Area Network (VLAN) provides a logical or virtual way to separate areas of a network. This means devices can physically share the same network infrastructure (e.g. using a common switch) but remain separated from each other on the network.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does VLAN improve security by logically separating network segments?
What are some common use cases for implementing VLANs in an organization?
What is the difference between physical network segmentation and VLAN-based segmentation?
Which deception technology involves deploying a decoy system or service that imitates a genuine production asset in order to attract, engage, and monitor attackers?
Honeynet
Honeypot
Honeytoken
Honeyfile
Answer Description
A honeypot is an intentionally vulnerable, stand-alone system or service that appears legitimate to threat actors. Any interaction with it is automatically suspicious, allowing defenders to record, analyze, and learn from attacker activity without exposing production assets. A honeynet is a larger collection of multiple honeypots that emulates an entire network. A honeyfile is a single decoy document placed to detect unauthorized access, and a honeytoken is a small piece of fake data (such as bogus credentials) embedded in real systems for the same purpose. These alternatives are also forms of deception, but none of them is a single decoy system.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the primary purpose of a honeypot?
How does a honeypot differ from a honeynet?
What are the key differences between honeyfiles, honeytokens, and honeypots?
During business continuity planning, an organization decides it needs an alternate facility that can assume full production processing within minutes of a disaster because it is already equipped with compatible hardware, software, network connectivity, and up-to-date data. Which type of disaster-recovery site best satisfies this requirement?
Cold site
Warm site
Mobile site
Hot site
Answer Description
A hot site is an exact or near-exact replica of the primary site. It contains all necessary hardware, software, and near-real-time copies of data, allowing the organization to fail over and resume operations almost immediately. A warm site has only some infrastructure and typically requires additional configuration and data restoration before it can take over. A cold site provides only basic power and environmental controls with no pre-installed systems, resulting in the longest recovery time. A mobile site is a temporary facility that also requires additional setup before becoming fully operational.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the key differences between hot, warm, and cold sites?
Why would an organization choose a hot site despite its higher cost?
What role does data replication play in maintaining a hot site?
What does it mean when a password policy specifies an expiration period?
The account will be locked if the password is not changed within the given time
Users receive a notification to update their password but it is not mandatory
Passwords will automatically update themselves when they expire
Users must update their passwords after a certain period to maintain account security
Answer Description
When a password policy specifies an expiration period, this means that the user is required to change their password after the set period of time has elapsed. This is done to reduce the risk of unauthorized access from compromised passwords over time. It is a precautionary measure to prompt users to regularly update their passwords, potentially preventing continued access by a malicious actor who has obtained an old password. Password expiration is less about the strength of the individual password and more about limiting the window of opportunity for its misuse.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is password expiration important for cybersecurity?
How is a password expiration period typically enforced?
What are best practices for creating a secure new password after expiration?
Which of the following scenarios best describes an attack that is likely to cause abnormal consumption of system resources, potentially leading to a system outage?
Social engineering attack that tricks an employee into wiring money
Phishing attack that deceives a user into sharing their password
Email spam campaign distributing unsolicited messages
DDoS attack
Answer Description
A Distributed Denial-of-Service (DDoS) attack is a cyber-attack in which multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers, causing a drastic spike in resource consumption. This can overwhelm the system, leading to slowdowns or complete denial of service. In contrast, phishing and social engineering attacks primarily focus on deception to gain information, and they do not typically result in excessive resource consumption. Email spam may consume resources, but it is typically not as impactful as a coordinated DDoS attack that targets and exhausts system resources.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What differentiates a DDoS attack from other cyber-attacks like phishing or social engineering?
How is a DDoS attack carried out using multiple systems?
What are some common mitigation techniques for DDoS attacks?
A security engineer is preparing an embedded industrial controller that runs a real-time operating system (RTOS) for deployment on the plant network. Which of the following hardening actions will BEST reduce the attack surface of the controller before it is placed into production?
Run every process with administrative privileges to avoid permission-related latency.
Allow unrestricted inbound and outbound traffic on all ports and protocols.
Enable the vendor's remote debugging service so developers can troubleshoot in production.
Remove or disable all nonessential services and applications on the RTOS.
Answer Description
Removing or disabling all nonessential services and applications is a fundamental hardening practice for any operating system and is explicitly recommended for RTOS devices. Limiting functionality to only what the device requires eliminates unnecessary listening ports and code paths that attackers could exploit.
- Allowing unrestricted traffic (choice B) widens, rather than reduces, the attack surface.
- Enabling remote debugging (choice C) leaves powerful interfaces exposed to attackers.
- Running every process with administrative privileges (choice D) violates least-privilege principles and increases potential damage from a compromise.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an RTOS and why is it used in embedded systems?
Why should nonessential services and applications be disabled in a production environment?
What is the principle of least privilege and why is it relevant to hardening?
A finance department employee receives an instant message from what appears to be a senior executive asking for verification of their login credentials to resolve an urgent issue. What type of attack is the employee experiencing?
Man-in-the-Middle
Vishing
Phishing
Denial-of-Service
Answer Description
Phishing involves sending deceptive messages, like instant messages, to trick individuals into revealing sensitive information such as login credentials. In this scenario, the attacker impersonates a senior executive to gain trust and elicit the employee's credentials, which is characteristic of a phishing attack. Vishing refers to phishing conducted via voice calls, Denial-of-Service attacks aim to disrupt service availability, and Man-in-the-Middle attacks involve intercepting communications between two parties without their knowledge.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is phishing and how does it work?
How can someone spot the signs of a phishing attempt?
What are some ways to prevent falling victim to phishing attacks?
A network administrator for a small business wants to simplify the company's security posture by deploying a single appliance that integrates a firewall, intrusion prevention, content filtering, and anti-malware capabilities. Which of the following network appliances BEST describes this type of all-in-one solution?
Unified Threat Management (UTM) appliance
Web Application Firewall (WAF)
Proxy server
Next-Generation Firewall (NGFW)
Answer Description
A Unified Threat Management (UTM) appliance is the correct answer because it is an all-in-one security solution that consolidates multiple security functions into a single device. This typically includes a firewall, intrusion prevention system (IPS), antivirus/anti-malware, content filtering, and VPN capabilities. A Next-Generation Firewall (NGFW) has many overlapping features but is generally considered a more enterprise-grade product focused on deep packet inspection and application control. A Web Application Firewall (WAF) is specifically designed to protect web applications from Layer 7 attacks, not to be an all-in-one network security device. A proxy server primarily forwards user requests to the internet and can provide content filtering and caching, but it does not encompass the broad range of security features found in a UTM.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between a UTM appliance and a Next-Generation Firewall (NGFW)?
What specific security functions are included in a UTM appliance?
Is a Web Application Firewall (WAF) the same as a UTM appliance?
Which of the following examples best represents an unintentional security risk?
An employee unknowingly installing malware on their workstation while attempting to update software.
A social engineer impersonating IT staff to gain access to sensitive areas.
A user deliberately sharing their credentials with a coworker who forgot their own.
An insider intentionally downloading confidential data to sell on the black market.
Answer Description
An employee unknowingly installing malware on their workstation after believing they are updating legitimate software best represents an unintentional security risk. Unlike intentional actions that are derived from malicious intent, unintentional risks are often due to lack of awareness or mistakes made without malice. The employee did not intend to harm the company but did so by mistake. The other options involve deliberate actions and do not exemplify an unintentional security risk.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between intentional and unintentional security risks?
How can organizations reduce the likelihood of unintentional security risks?
Why is unknowingly installing malware considered an unintentional security risk?
Which of the following best describes the process hollowing technique used by attackers to execute malicious code while evading process-based defenses?
Launch a legitimate process in a suspended state, hollow out its memory, inject a malicious payload, and resume the process so the payload runs under the trusted process name.
Force an existing process to load a malicious DLL by calling LoadLibrary through a remote thread.
Replace the import address table (IAT) of a process so that API calls are redirected to attacker-controlled functions.
Encrypt malware in memory and decrypt only small chunks immediately before execution to avoid static detection.
Answer Description
Process hollowing starts a legitimate process (for example, explorer.exe) in a suspended state, removes (unmaps) the original code from its address space, writes the attacker's payload into the now-empty memory region, adjusts the thread context to point to the malicious entry point, and then resumes the thread. Because the process appears to be a normal signed executable, many security tools that only inspect new process creation events can be bypassed. DLL injection (choice B) and IAT hooking (choice C) modify a running process in different ways, while in-memory obfuscation (choice D) changes how code is stored, not where it runs.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of starting a process in a suspended state in process hollowing?
How does process hollowing differ from other techniques like DLL injection?
Why do security tools often fail to detect process hollowing?
An organization wants to address the risk associated with a potential financial loss from a future cyber attack. Which of the following actions exemplifies the 'Transfer' risk management strategy?
Buying a cybersecurity insurance policy to cover costs associated with data breaches
Developing a comprehensive incident response strategy for potential cyber attacks
Adjusting security controls to enhance detection of unauthorized access attempts
Conducting regular security awareness training for employees
Answer Description
Risk transfer is characterized by shifting the financial burden of a risk to another entity. Obtaining a cybersecurity insurance policy effectively transfers the financial risk of a cyber attack to the insurance company. Adjusting security controls to enhance detection would be an example of mitigation, which aims at reducing the risk's probability or impact. Developing a response strategy falls under preparedness and mitigation, as it prepares the organization to handle the impact, but does not transfer the risk. Lastly, training employees is a preventive measure and also falls into risk mitigation; it does not transfer the risk.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is risk transfer in risk management?
How does cybersecurity insurance work in risk transfer?
What is the difference between risk transfer and risk mitigation?
Which system is implemented to safeguard sensitive information from being leaked outside of the corporate network?
Antivirus software
Intrusion Prevention System (IPS)
Firewall
Data Loss Prevention (DLP) system
Answer Description
A Data Loss Prevention (DLP) system is implemented within an organization to ensure that sensitive information does not exit the corporate network in an unauthorized manner. It monitors, detects, and blocks the flow of data to prevent data breaches. Whereas an Intrusion Prevention System (IPS) is primarily used to identify and prevent known threats from affecting a network, and a Firewall provides a barrier between trusted and untrusted networks. Antivirus software is used to prevent, detect, and remove malware.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does a Data Loss Prevention (DLP) system work?
What is the difference between DLP and a Firewall?
Can DLP prevent both intentional and accidental data leaks?
Why does end-of-life (EOL) hardware pose a security risk to an organization?
It operates only on isolated legacy networks, preventing any external access and attacks.
Built-in firmware security modules render additional software patches unnecessary.
Regulations exempt EOL hardware from compliance audits, reducing the organization's risk exposure.
It no longer receives vendor security patches, so attackers can exploit known vulnerabilities.
Answer Description
When hardware reaches end-of-life, the vendor stops releasing firmware or driver updates, including security patches. Any publicly known or newly discovered vulnerability therefore remains unpatched and can be exploited by threat actors, turning the outdated hardware into an easy entry point for attacks. Organizations must plan to replace or isolate such assets to maintain a secure posture.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is end-of-life (EOL) hardware?
How can organizations mitigate the risks associated with EOL hardware?
Why are vendor security patches critical for hardware security?
A company issues cell phones to its employees that are owned by the organization. The employees are permitted to use these phones for personal phone calls and applications in addition to their work-related duties. This scenario is an example of which mobile device deployment model?
POCE
COPE
BYOD
CYOD
Answer Description
In a corporate-owned, personally enabled (COPE) model, the company purchases and owns the devices, but allows employees to use them for both personal and business activities. This contrasts with a Bring Your Own Device (BYOD) model, where employees use their personally-owned devices for work. A Choose Your Own Device (CYOD) model allows an employee to select a device from a company-approved list, which the company then provides to them. POCE is not a standard industry term for a mobile deployment model.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the key benefits of the COPE model?
How does COPE differ from BYOD in terms of security?
What are some examples of the policies companies can enforce under COPE?
In the context of security control types, which of the following BEST describes the primary purpose of an Intrusion Detection System (IDS)?
Preventive control
Detective control
Corrective control
Deterrent control
Answer Description
An Intrusion Detection System monitors network or host activity and generates alerts when suspicious behavior is detected. Because it identifies potential incidents rather than blocking or remediating them, it is categorized as a detective control. Preventive controls (e.g., firewalls) attempt to stop incidents, corrective controls focus on recovery, and deterrent controls primarily discourage attackers.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does an Intrusion Detection System (IDS) do?
How is an IDS different from an Intrusion Prevention System (IPS)?
What are examples of detective controls besides IDS?
An administrator is configuring permissions for a new network share according to the principle of least privilege. Members of the accounting department must be able to add and edit files in the folder. Members from the auditing and sales departments should only be able to review the contents. Which set of permissions should the administrator assign to the accounting, auditing, and sales groups, respectively?
Read & execute for accounting, Write for auditing, Modify for sales
Full control for accounting, Read & execute for auditing, Write for sales
Modify for accounting, Read & execute for auditing, Read for sales
Write for accounting, Read for auditing and sales
Answer Description
The correct set of permissions adheres to the principle of least privilege. The accounting department's requirement to 'add and edit files' is best met with the 'Write' permission. The auditing and sales departments' requirement to 'review the contents' is met with the 'Read' permission. Using 'Read & execute' would be excessive for the auditing and sales teams as there is no requirement to run programs from the share. Granting 'Modify' or 'Full control' to the accounting department would also violate least privilege, as these permissions include rights (like deletion or changing permissions) that were not specified in the requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the principle of least privilege?
What is the difference between 'Read' and 'Read & execute' permissions?
Why is 'Write' permission appropriate for the accounting department in this scenario?
A company's security policy requires that access to its internal database servers should be denied from all external IP addresses except from its own VPN network, which has an IP range of 10.200.0.0/16. As a security administrator, which of the following rules should you apply to BEST meet the security policy requirement?
Deny from all, Allow from 10.200.0.0/16
Allow from all, Deny from 10.200.0.0/16
Deny from 10.200.1.0/24
Allow from 192.168.1.0/24
Answer Description
The correct answer ensures that only the VPN network (10.200.0.0/16) is allowed access to the internal database servers while all other external IP addresses are blocked. The rule ‘Deny from all, Allow from 10.200.0.0/16’ follows the principle of least privilege by denying access by default and only allowing a specific range. Other answers are incorrect because they either permit more access than the security policy allows or because the IP range specified does not match the VPN network's IP range, thus potentially providing access to unauthorized users or entirely blocking legitimate access.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 10.200.0.0/16 represent in IP addressing?
Why is 'Deny from all' considered a good security practice?
What is the difference between an internal database server and a VPN network?
A midsized enterprise is designing a layered network perimeter that currently includes an edge router, a stateful firewall, and internal routing and switching for user and server segments. Management wants to add a network-based intrusion prevention system (IPS) to detect and automatically block sophisticated attacks. To maximize detection accuracy while minimizing unnecessary processing overhead and latency, where in this topology should the IPS be physically installed?
At the primary datacenter ingress to monitor high-bandwidth server-to-server communications.
Immediately behind the perimeter firewall, before traffic reaches any internal routers or switches.
Inline with the edge router so that it inspects every packet entering or leaving the organization.
On a core switch close to user workstations to track possible lateral movement and insider threats.
Answer Description
Placing the IPS directly behind (internal to) the external firewall allows the firewall to drop obviously disallowed traffic first, so the IPS only analyzes traffic that has already met basic policy rules. This reduces the IPS workload, decreases false positives, and still stops threats before they can reach internal routers, switches, and hosts. Positioning the IPS outside the firewall forces it to inspect all Internet noise, while placing it deep inside the LAN or only at a datacenter ingress leaves gaps during initial ingress and can overwhelm the sensor with east-west traffic.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the main difference between a firewall and an IPS?
What is east-west traffic and why can it overwhelm an IPS?
How does placing an IPS behind a firewall improve performance?
Nice!
Looks like that's it! You can go back and review your answers or click the button below to grade your test.