CompTIA Security+ Practice Test (SY0-701)
Use the form below to configure your CompTIA Security+ Practice Test (SY0-701). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.
CompTIA Security+ SY0-701 (V7) Information
CompTIA Security+ Certification Exam Overview
The CompTIA Security+ certification is a vendor-neutral credential that validates foundational security skills and knowledge. The current version of the exam is SY0-701. The SY0-701 exam is a computer-based test that consists of up to 90 questions, with a duration of 90 minutes. Candidates must achieve a minimum passing score of 750 points on a scale of 100-900.
Question Types on the Security+ Exam
The Security+ exam includes two primary types of questions:
- Multiple-Choice/Multiple-Selection Questions: These questions require candidates to select one or more correct answers from a list of options.
- Performance-Based Questions (PBQs): These questions involve solving problems in a simulated IT environment, such as command prompt or networking environments. PBQs are also featured in other CompTIA exams, like A+ and Network+.
Exam Prerequisites
CompTIA does not enforce any prerequisites for the Security+ exam. However, it is recommended that candidates have the CompTIA Network+ certification and at least two years of experience in IT administration with a focus on security. Additionally, CompTIA suggests that candidates be at least 13 years old.
Security+ Exam Domains
The SY0-701 exam focuses on five primary domains:
- General Security Concepts (12%)
- Threats, Vulnerabilities, and Mitigations (22%)
- Security Architecture (18%)
- Security Operations (28%)
- Security Program Management and Oversight (20%)
These domains are detailed in the exam objectives, which outline the scope of the test, including domain weighting, test objectives, and example topics.
Exam Renewal Policy
The Security+ certification, along with other CompTIA certifications, must be renewed every three years. The bridge exam scheme was retired on December 31, 2010. Post-January 1, 2011, all new certifications are valid for three years from the date of certification. Renewal can be achieved by passing the latest version of the exam or through the Continuing Education (CE) program. This program allows candidates to keep their skills current through various activities that demonstrate industry knowledge.
Testing Centers
CompTIA exams, including Security+, are available exclusively through Pearson VUE testing centers since July 9, 2012. Exams can be scheduled online, by phone, or at the testing center. Candidates can choose between in-person exams at Pearson VUE centers or online testing.
The CompTIA Security+ certification ensures that IT professionals possess the essential security skills and knowledge required to protect and manage today's increasingly complex IT environments.
More reading:
Free CompTIA Security+ SY0-701 (V7) Practice Test
Press start when you are ready, or press Change to modify any settings for the practice test.
- Questions: 20
- Time: Unlimited
- Included Topics:General Security ConceptsThreats, Vulnerabilities, and MitigationsSecurity ArchitectureSecurity OperationsSecurity Program Management and Oversight
A network administrator is configuring a new firewall. To prioritize security, the firewall is set up to block all network traffic if the device experiences a critical error or power loss. This configuration is an example of which concept?
Fail-open
Fail-closed
Fail-on
Fail-safe
Answer Description
When a system is configured to be fail-closed, also known as fail-secure, it defaults to a secure state upon failure. In this state, it will deny access or block all traffic to prevent potential security breaches. This contrasts with a fail-open system, which would allow traffic to pass through, prioritizing availability over security.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'fail-closed' mean in networking?
How does a 'fail-open' configuration differ from 'fail-closed'?
When should a 'fail-closed' configuration be used?
Which of the following best describes how a modern software supply chain attack typically gains initial access to its victims?
Compromising a trusted third-party vendor or service provider so that malicious code is distributed to downstream customers.
Launching a direct distributed denial-of-service (DDoS) attack against the organization's public web servers.
Physically stealing network switches from the data center to intercept traffic.
Exploiting a critical vulnerability in internally developed source code after breaching the organization's perimeter firewall.
Answer Description
Supply chain attacks usually start by breaching a trusted third-party vendor or service provider and inserting malicious code or components into software or updates that are then distributed to downstream customers. Because the update appears to originate from a legitimate, trusted source, traditional perimeter and host defenses inside the customer's environment often fail to detect the compromise. Attacks that target only an organization's internally developed code, physical theft of hardware, or direct DDoS assaults do not fit the definition of a supply chain attack.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a software supply chain attack?
How do software supply chain attacks bypass traditional defenses?
What is the role of third-party vendors in supply chain attacks?
During preliminary negotiations for a new project, your company needs to ensure that strategic plans, trade secrets, and innovative processes are kept confidential when shared with a potential partner. Which type of legal contract is most appropriate to enforce confidentiality before sharing any detailed project information?
Non-Disclosure Agreement
Employment Agreement
Master Services Agreement
Letter of Intent
Answer Description
The most appropriate type of legal contract to enforce confidentiality during preliminary negotiations is a Non-Disclosure Agreement. It legally binds the parties to keep certain shared information confidential, thereby protecting the company's proprietary information, such as trade secrets or strategic plans. While a Letter of Intent can demonstrate commitment to a deal, it does not typically bind parties to confidentiality. An Employment Agreement is used between an employer and employee and is not suitable for negotiations with a potential partner. A Master Services Agreement sets forth terms of a working relationship, typically finalized after trust has been established and does not necessarily ensure confidentiality at the initial stages of discussion.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Non-Disclosure Agreement (NDA), and what is its main purpose?
How does a Non-Disclosure Agreement differ from a Letter of Intent (LOI)?
When would a Master Services Agreement (MSA) be more appropriate than using an NDA?
Which of the following statements BEST explains why containerization cannot fully prevent a compromise in one container from affecting other containers that run on the same host?
Containers require hardware virtualization extensions that allow direct memory access between containers.
Containers run their own independent kernels, so a vulnerability in one kernel can be exploited to compromise others.
Containers always run with unrestricted network access to every other container on the host, regardless of configuration.
Containers share the host operating-system kernel, so a kernel-level exploit can allow code to escape one container and access others.
Answer Description
Containers share the host's operating-system kernel. If an attacker exploits a kernel-level vulnerability or misconfiguration, the code can escape the original container's namespace and interact with the host or other containers. Virtual machines, by contrast, have their own separate kernels, so a compromise stays isolated inside that VM.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between containers and virtual machines (VMs)?
What is a kernel-level exploit, and how does it affect containers?
How can kernel-level risks in containerized environments be mitigated?
After downsizing its IT department, your company terminated its system administrator. Exactly at midnight on the day after the administrator's last day, every network server's data was wiped. Forensic analysis shows that the former employee had embedded malicious code in the environment that activated at the specified time. Which term best describes this type of malware attack?
Logic bomb
Cryptomalware
Ransomware
Worm
Answer Description
Malicious code that waits for a specific condition-such as a particular date, time, or user action-before executing its payload is called a logic bomb. The code remains dormant and unknown to authorized users until the trigger occurs. Cryptomalware and other ransomware variants encrypt data and demand payment, while a worm focuses on self-replication and propagation, not on timed destruction.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does a logic bomb differ from other types of malware like ransomware or worms?
What are the common ways logic bombs can be introduced into a system?
What tools or processes can be used to detect and prevent logic bomb attacks?
An organization stores highly sensitive financial records in an on-premises relational database. Role-based access control (RBAC) already limits each employee to only the tables required for their job duties. Security analysts are concerned that an attacker could still read the data if they steal a legitimate user's password. Which of the following additional controls would BEST mitigate this risk?
Increase the minimum password length for all database users from 8 to 12 characters.
Require multi-factor authentication (MFA) for all database logins.
Enable full-disk encryption on the database server.
Disable verbose SQL error messages returned to clients.
Answer Description
RBAC restricts what an authenticated account can see, but if the account credentials are stolen the attacker gains the same database access. Requiring multi-factor authentication (MFA) adds a second, independent factor the attacker is unlikely to possess, making stolen passwords alone insufficient. The other options improve security but do not address the stolen-credential threat as effectively: longer passwords still fail once the password is known, full-disk encryption protects only when the system is powered off, and suppressing SQL errors mainly reduces information disclosure during reconnaissance rather than blocking authenticated access.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is multi-factor authentication (MFA) and why does it improve security?
How does RBAC (Role-Based Access Control) limit access to sensitive data?
Why doesn't full-disk encryption protect against stolen credentials in this case?
During the analysis phase after a vulnerability scan, a security administrator is preparing a report for the management team. Which element would BEST assist in the risk prioritization of the findings?
Present the findings using a standardized severity rating to assess the risk level of the vulnerabilities.
Group vulnerabilities by the operating system of the affected devices for clarity.
Categorize the vulnerabilities based on the part of the network infrastructure they affect.
Focus on vulnerabilities that have been exploited in the wild and which could lead to potential data loss.
Answer Description
Presenting the information that applies a recognized scoring system to assess the severity of the vulnerabilities is correct, as it gives an objective measure of risk. This enables management to make informed decisions on which vulnerabilities to address first based on the potential impact. While identification by category, operating system, or the potential for data loss can provide important context, they do not inherently offer a mechanism for prioritization. Therefore, the key to an effective report is not only identifying the vulnerabilities but also clearly indicating which ones pose the greatest risk based on a standardized severity rating.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a standardized severity rating in vulnerability assessment?
Why is CVSS widely used for risk prioritization?
How does focusing on exploited vulnerabilities differ from using a severity rating?
An IT security manager wants to ensure that users can employ complex and unique passwords for each of their accounts without the need to remember each one individually. Which of the following solutions would best meet this requirement?
Implementing a password manager application
Deploying single sign-on authentication for all services
Implementing biometric authentication methods
Enforcing strict password complexity and expiration policies
Answer Description
Implementing a password manager application allows users to securely store and manage complex and unique passwords for all their accounts. This encourages the use of strong, unique passwords without the burden of memorization. Enforcing strict password policies may lead to password reuse or users writing down passwords. Single sign-on (SSO) reduces the number of passwords but does not promote unique passwords for each service. Implementing biometric authentication enhances security but doesn't address the management of multiple complex passwords.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does a password manager work?
Why is single sign-on (SSO) not ideal for unique passwords?
What are some risks of enforcing strict password policies without other tools?
Which data source would an investigator most likely review to trace unauthorized internal traffic patterns indicative of post-breach attacker movement?
Endpoint logs
Network logs
System health reports
Application logs
Answer Description
Network logs are a primary resource for monitoring internal network traffic, which includes tracking unauthorized data flow or lateral movement within the organization's network infrastructure. Application logs are focused on specific software and may not capture network-wide traffic data. Endpoint logs give insight into individual host activity and might not show comprehensive internal traffic patterns. System health reports are typically concerned with the performance and health of systems, and do not usually provide the granular traffic data needed for tracking lateral movements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What specific information can network logs provide to investigators?
How are lateral movements detected in network logs?
What tools can be used to analyze and interpret network logs?
Data integrity is the concept that you can trust that a piece of data is complete and has not been altered or tampered with. Which of the following technologies can be used to ensure the integrity of data?
Checksum
Encryption
Authentication
Confidentiality
Answer Description
A checksum is a sequence of numbers generated by a checksum algorithm (such as check digits and parity bits) used to validate the integrity of data by comparing a calculated checksum to a previously calculated checksum value. Matching values indicate that the data has not been changed.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does a checksum algorithm ensure data integrity?
What are examples of commonly used checksum algorithms?
What is the difference between a checksum and encryption?
An organization has been the victim of a recent data breach. During the breach financial data was stolen that showed the organization was running a ponzi scheme with investor money. These documents were then released to the press. What type of threat actor does this generally describe?
Unskilled attacker
Nation-state
Organized crime
Hacktivist
Answer Description
Hacktivist often commit a form of doxing where they illegally access documents and release them to the public in situations where they believe that transparency is necessary.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a hacktivist?
What is doxing in cybersecurity?
How does a hacktivist differ from other threat actors like nation-states or organized crime?
Which scenario best illustrates the principle of 'Continuous' risk assessment in an organization's risk management process?
Integrating real-time threat intelligence with security systems to dynamically assess risks
Scheduling biannual security audits to review and assess organizational risks
Conducting thorough risk assessments at the end of each fiscal year based on yearly metrics
Performing risk assessments after major changes to IT infrastructure or system updates
Answer Description
The correct answer is the implementation of real-time threat intelligence integrated with security systems for dynamic risk assessment, which exemplifies a continuous risk assessment approach. This approach ensures immediate identification and evaluation of risks as they emerge, allowing for prompt risk management actions. The other options describe more periodic, reactionary, and infrequent methods, which do not reflect the ongoing nature inherent to continuous risk assessment.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is continuous risk assessment?
What is real-time threat intelligence?
How does continuous risk assessment differ from periodic assessments?
A country's primary power grid and water treatment facilities have experienced a series of sophisticated, coordinated cyber attacks aimed at causing widespread service disruption. Which of the following threat actors is MOST likely responsible for this type of attack?
Insider threat
Nation-state
Organized crime
Hacktivist
Answer Description
The correct answer is 'Nation-state'. Nation-state actors possess high levels of sophistication, resources, and funding, and their motivations often include espionage, political gain, and disrupting the critical infrastructure of other nations. Attacks on power grids and water facilities are characteristic of cyber warfare campaigns intended to cause significant societal and economic harm.
- Organized crime is primarily motivated by financial gain and is more likely to use ransomware or steal data for extortion rather than cause widespread service disruption for its own sake.
- A hacktivist is typically motivated by political or social beliefs and usually conducts less sophisticated attacks like website defacement or DDoS attacks against specific organizations, lacking the resources for a large-scale infrastructure attack.
- An insider threat acts from within an organization, and while potentially disruptive, is less likely to orchestrate a widespread, coordinated attack on national critical infrastructure.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why are nation-state actors capable of such sophisticated attacks?
How are attacks on critical infrastructure executed by nation-state actors?
How can countries defend against nation-state cyberattacks?
The administrative (native) VLAN on a switch should be left as VLAN 1 for security best practices.
False
True
Answer Description
This statement is incorrect. The administrative (native) VLAN on a switch should not be left at the default which is usually VLAN 1. It is a security best practice to change the native VLAN to an unused VLAN ID to mitigate VLAN hopping attacks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the native VLAN on a switch?
What is VLAN hopping, and how does it work?
Why is it insecure to leave the native VLAN as VLAN 1?
A security manager observes that the organization's IT environment and external threat-intelligence feeds have shown no significant changes during the past six months. Several executives propose skipping the annual tabletop exercise and document review for the incident response plan. Which of the following is the MOST compelling reason to proceed with the scheduled review and update?
Regular reviews uncover otherwise hidden weaknesses and allow the plan to be improved before an actual incident occurs.
Because the environment is static, proactive changes are unnecessary until after a major breach takes place.
Regulatory and contractual obligations may require documented evidence of regular plan maintenance.
Skipping the review conserves budget and staff time for higher-priority projects.
Answer Description
An incident response plan is a living document that must adapt to evolving threats and to lessons learned during drills and audits. Even when the environment appears static, undetected weaknesses or procedural gaps can persist. Regular reviews-through tabletop exercises, simulations, and document updates-surface these weaknesses so they can be corrected before a real incident occurs. Standards such as NIST SP 800-61 recommend at least annual reviews or reviews after any significant change or exercise. Therefore, uncovering hidden weaknesses is the strongest justification. The other options are either secondary considerations, false economies, or contradict best practice.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why are tabletop exercises critical, even when no major changes are observed?
What is NIST SP 800-61, and how does it relate to incident response?
What are some common weaknesses uncovered during incident response plan reviews?
Your organization is in the process of selecting a new vendor for cloud storage services. As part of this process, what should be conducted to evaluate and address the risks associated with the potential vendor prior to formalizing an agreement?
Due Diligence
Business Impact Analysis
Vendor risk assessment
Right-to-Audit Clause
Answer Description
Performing a vendor risk assessment is crucial as it helps an organization to identify, evaluate, and mitigate the risks associated with a potential vendor. The assessment can reveal security practices and compliance with industry standards, helping the organization understand the level of risk it may assume if entering into an agreement with the vendor. Orders such as 'Right-to-Audit Clause' and 'Due Diligence' are more focused on ongoing monitoring or the preparation for the audit process itself, though they are related to the broader scope of risk management. A 'Business Impact Analysis' is generally used for internal purposes to assess the impact of disruptions on the business and is less about evaluating third-party vendors.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a vendor risk assessment?
What factors are typically evaluated in a vendor risk assessment?
How does a vendor risk assessment differ from due diligence?
During the process of choosing a new third-party provider for cybersecurity services, it has come to light that a member of the leadership team has a close family member who holds a significant position at one of the contending firms. What is the most appropriate step to ensure that the selection process remains unbiased?
Continue the process without a specific protocol in place, as the organization lacks a policy regarding such situations.
The selection should move ahead without acknowledgment, treating all vendors equally.
The leader should simply declare the personal connection publicly before a decision is made.
The involved leader should voluntarily withdraw from any involvement in the procurement decision.
Answer Description
The leader should step back from the procurement activities to avoid any potential bias or influence over the selection process derived from his personal relationship with an individual at one of the competing firms. This action helps in maintaining the integrity and objectivity of the vendor selection process. Merely disclosing the connection does not remove the possibility of bias, and proceeding as if the connection does not exist can undermine the trust in the process and potentially lead to a risk of unfair competitive advantage.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it necessary for the involved leader to step back from the procurement decision process?
What are potential risks if the leader only declares the relationship without stepping back?
How can organizations proactively handle similar conflicts of interest in the future?
An attacker is attempting to extract sensitive information from a company's employee by impersonating a trusted individual over the phone. What is this type of social engineering attack called?
Business email compromise
Phishing
Vishing
Impersonation
Answer Description
Vishing is a type of social engineering attack where an attacker uses the telephone system, often pretending to be a trusted entity, to extract sensitive information from a target. Phishing is similar but primarily occurs through email or other electronic communication. Impersonation could be part of a vishing attack but is a broader term that doesn't specify the method of communication. Business email compromise is an attack targeted at companies to gain access to company information or assets, typically through deception via email.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is vishing, and how does it differ from phishing?
How can organizations protect themselves against vishing attacks?
What are some common tactics attackers use in vishing attacks?
When considering the security implications of hardware and software inventory management, which of the following is a direct consequence of NOT regularly updating the inventory of an organization's computing resources?
Heightened risk of security breaches due to unmanaged or unknown assets
Increased difficulty in managing software licenses and compliance
Difficulties in the physical retrieval of devices for maintenance tasks
Challenges in provisioning adequate resources for new employees
Answer Description
Regularly updating an organization's computing resource inventory is essential for identifying and managing vulnerabilities, as well as ensuring the security posture is up-to-date. Failure to maintain an updated inventory increases the risk of incidents because unmanaged, unknown, or unpatched resources can become vectors for security breaches. It is less about physical tracking or license compliance, and more about understanding what needs to be protected and ensuring appropriate security measures are in place.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it essential to regularly update an organization's hardware and software inventory?
What are examples of 'unmanaged or unknown assets' in an organization?
What tools can organizations use to maintain accurate hardware and software inventories?
A financial services company wants to ensure that its security controls are effectively protecting its network and critical data assets. The company is mandated by regulatory requirements to conduct periodic reviews of its security infrastructure. Which of the following would BEST satisfy the need for an unbiased evaluation of the operational security?
Scheduling regular penetration testing by the in-house cybersecurity team.
Conducting a thorough self-assessment using internal security and audit teams.
Contracting an independent third-party to perform a comprehensive audit of security controls.
Continuous monitoring by an internal audit committee.
Answer Description
An independent third-party audit provides an unbiased review of security controls and practices. It is frequently required by regulatory standards in sensitive industries, such as finance, to ensure controls are up to the required effectiveness because internal teams may have inherent biases or conflicts of interest. A self-assessment, while valuable, can be biased due to internal influence. Penetration testing is a proactive security measure but does not constitute an independent review of all operational security processes. Monitoring by an internal audit committee will not fulfill the requirement for an unbiased and independent evaluation as required by many regulatory frameworks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is an independent third-party audit considered unbiased?
How do regulatory requirements influence the need for third-party audits in financial services?
What is the difference between a security audit and penetration testing?
Neat!
Looks like that's it! You can go back and review your answers or click the button below to grade your test.