00:15:00

CompTIA Security+ Practice Test (SY0-701)

Use the form below to configure your CompTIA Security+ Practice Test (SY0-701). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.

Logo for CompTIA Security+ SY0-701
Questions
Number of questions in the practice test
Free users are limited to 20 questions, upgrade to unlimited
Seconds Per Question
Determines how long you have to finish the practice test
Exam Objectives
Which exam objectives should be included in the practice test

CompTIA Security+ SY0-701 Information

CompTIA Security+ Certification Exam Overview

The CompTIA Security+ certification is a vendor-neutral credential that validates foundational security skills and knowledge. The current version of the exam is SY0-701. The SY0-701 exam is a computer-based test that consists of up to 90 questions, with a duration of 90 minutes. Candidates must achieve a minimum passing score of 750 points on a scale of 100-900.

Question Types on the Security+ Exam

The Security+ exam includes two primary types of questions:

  • Multiple-Choice/Multiple-Selection Questions: These questions require candidates to select one or more correct answers from a list of options.
  • Performance-Based Questions (PBQs): These questions involve solving problems in a simulated IT environment, such as command prompt or networking environments. PBQs are also featured in other CompTIA exams, like A+ and Network+.

Exam Prerequisites

CompTIA does not enforce any prerequisites for the Security+ exam. However, it is recommended that candidates have the CompTIA Network+ certification and at least two years of experience in IT administration with a focus on security. Additionally, CompTIA suggests that candidates be at least 13 years old.

Security+ Exam Domains

The SY0-701 exam focuses on five primary domains:

  • General Security Concepts (12%)
  • Threats, Vulnerabilities, and Mitigations (22%)
  • Security Architecture (18%)
  • Security Operations (28%)
  • Security Program Management and Oversight (20%)

These domains are detailed in the exam objectives, which outline the scope of the test, including domain weighting, test objectives, and example topics.

Exam Renewal Policy

The Security+ certification, along with other CompTIA certifications, must be renewed every three years. The bridge exam scheme was retired on December 31, 2010. Post-January 1, 2011, all new certifications are valid for three years from the date of certification. Renewal can be achieved by passing the latest version of the exam or through the Continuing Education (CE) program. This program allows candidates to keep their skills current through various activities that demonstrate industry knowledge.

Testing Centers

CompTIA exams, including Security+, are available exclusively through Pearson VUE testing centers since July 9, 2012. Exams can be scheduled online, by phone, or at the testing center. Candidates can choose between in-person exams at Pearson VUE centers or online testing.

The CompTIA Security+ certification ensures that IT professionals possess the essential security skills and knowledge required to protect and manage today's increasingly complex IT environments.

More reading:

Free CompTIA Security+ SY0-701 Practice Test

Press start when you are ready, or press Change to modify any settings for the practice test.

  • Questions: 15
  • Time: Unlimited
  • Included Topics:
    General Security Concepts
    Threats, Vulnerabilities, and Mitigations
    Security Architecture
    Security Operations
    Security Program Management and Oversight
Question 1 of 15

A playbook includes a collection of pre-defined rules, actions, and recommendations to automate response and remediation activities for common security incidents.

  • You selected this option

    True

  • You selected this option

    False

Question 2 of 15

Which of the following best describes the process of sanitization in asset disposal?

  • You selected this option

    Physically destroying a storage device to prevent it from being repurposed.

  • You selected this option

    Removing all data from a storage device to prevent data retrieval when it is disposed of or repurposed.

  • You selected this option

    Compressing files on a storage device to save space before disposal.

  • You selected this option

    Encrypting the contents of a storage device as part of the disposal process.

Question 3 of 15

Allow lists are a security measure that permits only approved entities to access resources.

  • You selected this option

    True

  • You selected this option

    False

Question 4 of 15

Which of the following consequences directly arises from a violation of security clauses within a business agreement between two companies?

  • You selected this option

    Regulatory fines imposed by a third-party authority

  • You selected this option

    Contractual penalties such as fines and legal action

  • You selected this option

    Inevitable loss of business and clients

  • You selected this option

    Mandated immediate cybersecurity upgrades

Question 5 of 15

A company is revising its strategic plan and wants to balance its growth objectives with its information security risks. The company seeks neither to aggressively pursue risk for potential gains nor to minimize risk at the expense of new opportunities. Which of the following best describes the company's risk strategy?

  • You selected this option

    The company strictly minimizes any potential security risks, even if it means passing on potentially lucrative opportunities.

  • You selected this option

    The company is adopting a neutral risk strategy to support steady growth while efficiently managing security risks.

  • You selected this option

    The company assesses security risks on a case-by-case basis, with no predefined strategy towards risk.

  • You selected this option

    The company is aggressively expanding into new markets, often prioritizing potential gains over the strict management of information security risks.

Question 6 of 15

Which type of digital certificate allows an organization to secure all subdomains of a domain with a single certificate?

  • You selected this option

    Root certificate

  • You selected this option

    Wildcard certificate

  • You selected this option

    Self-signed certificate

  • You selected this option

    Extended Validation certificate

Question 7 of 15

Which of the following best describes the legal implications that should be considered when managing a security program for an organization operating within a specific country?

  • You selected this option

    Alignment with regional trends

  • You selected this option

    Compliance with national laws and regulations

  • You selected this option

    Following global standards

  • You selected this option

    Adherence to local business norms

Question 8 of 15

Automated systems for compliance monitoring eradicate the necessity for any manual verification processes to maintain adherence to relevant legal and industry-specific guidelines.

  • You selected this option

    True

  • You selected this option

    False

Question 9 of 15

A corporation has determined that the likelihood of a data breach in their system is once every five years. The estimated financial damage from a single breach event is $3 million. As the Security Analyst tasked with calculating the Annualized Loss Expectancy (ALE) for the data breach risk, which of the following correctly calculates the ALE?

  • You selected this option

    $1.5 million

  • You selected this option

    $15 million

  • You selected this option

    $600,000

  • You selected this option

    $3 million

Question 10 of 15

An organization wants to ensure its systems are protected against known security vulnerabilities promptly while maintaining operational stability. Which of the following approaches would BEST achieve this objective?

  • You selected this option

    Schedule annual security assessments to identify vulnerabilities

  • You selected this option

    Restrict user permissions to prevent unauthorized software changes

  • You selected this option

    Discontinue the use of software that requires frequent updates

  • You selected this option

    Implement an automated testing and deployment process for software fixes

Question 11 of 15

Your company's critical infrastructure is being targeted by highly sophisticated cyber attacks aiming to disrupt defense systems during escalating international tensions. The attackers demonstrate extensive resources and capabilities. Which type of threat actor is MOST likely responsible for these attacks?

  • You selected this option

    Cybercriminal organization

  • You selected this option

    Disgruntled employee

  • You selected this option

    State-sponsored actor

  • You selected this option

    Hacktivist group

Question 12 of 15

In the event of failure, the external firewall is configured to stop allowing traffic to pass through. This is an example of what concept?

  • You selected this option

    Fail-closed

  • You selected this option

    Fail-safe

  • You selected this option

    Fail-open

  • You selected this option

    Fail-on

Question 13 of 15

An organization's security department has detected an ongoing attack that is highly sophisticated, seems to be targeting specific data related to national defense, and is suspected to have significant financial backing. Which type of threat actor is MOST likely responsible for this attack?

  • You selected this option

    Insider threat

  • You selected this option

    Hacktivist

  • You selected this option

    Nation-state

  • You selected this option

    Unskilled attacker

Question 14 of 15

A Key Escrow is used to enhance the availability of a user's cryptographic keys by having a third-party store a copy.

  • You selected this option

    True

  • You selected this option

    False

Question 15 of 15

In Mandatory Access Control systems, permissions to access specific resources are determined at the discretion of the resource owner.

  • You selected this option

    True

  • You selected this option

    False