CompTIA Security+ Practice Test (SY0-701)
Use the form below to configure your CompTIA Security+ Practice Test (SY0-701). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.
CompTIA Security+ SY0-701 (V7) Information
CompTIA Security+ Certification Exam Overview
The CompTIA Security+ certification is a vendor-neutral credential that validates foundational security skills and knowledge. The current version of the exam is SY0-701. The SY0-701 exam is a computer-based test that consists of up to 90 questions, with a duration of 90 minutes. Candidates must achieve a minimum passing score of 750 points on a scale of 100-900.
Question Types on the Security+ Exam
The Security+ exam includes two primary types of questions:
- Multiple-Choice/Multiple-Selection Questions: These questions require candidates to select one or more correct answers from a list of options.
- Performance-Based Questions (PBQs): These questions involve solving problems in a simulated IT environment, such as command prompt or networking environments. PBQs are also featured in other CompTIA exams, like A+ and Network+.
Exam Prerequisites
CompTIA does not enforce any prerequisites for the Security+ exam. However, it is recommended that candidates have the CompTIA Network+ certification and at least two years of experience in IT administration with a focus on security. Additionally, CompTIA suggests that candidates be at least 13 years old.
Security+ Exam Domains
The SY0-701 exam focuses on five primary domains:
- General Security Concepts (12%)
- Threats, Vulnerabilities, and Mitigations (22%)
- Security Architecture (18%)
- Security Operations (28%)
- Security Program Management and Oversight (20%)
These domains are detailed in the exam objectives, which outline the scope of the test, including domain weighting, test objectives, and example topics.
Exam Renewal Policy
The Security+ certification, along with other CompTIA certifications, must be renewed every three years. The bridge exam scheme was retired on December 31, 2010. Post-January 1, 2011, all new certifications are valid for three years from the date of certification. Renewal can be achieved by passing the latest version of the exam or through the Continuing Education (CE) program. This program allows candidates to keep their skills current through various activities that demonstrate industry knowledge.
Testing Centers
CompTIA exams, including Security+, are available exclusively through Pearson VUE testing centers since July 9, 2012. Exams can be scheduled online, by phone, or at the testing center. Candidates can choose between in-person exams at Pearson VUE centers or online testing.
The CompTIA Security+ certification ensures that IT professionals possess the essential security skills and knowledge required to protect and manage today's increasingly complex IT environments.
More reading:
Free CompTIA Security+ SY0-701 (V7) Practice Test
Press start when you are ready, or press Change to modify any settings for the practice test.
- Questions: 15
- Time: Unlimited
- Included Topics:General Security ConceptsThreats, Vulnerabilities, and MitigationsSecurity ArchitectureSecurity OperationsSecurity Program Management and Oversight
Your organization is reviewing its vulnerability management process and requires a method to routinely identify new and unaddressed vulnerabilities on its network devices, servers, and workstations. Which of the following is the BEST method to accomplish this?
Implementing an enterprise-level firewall with advanced threat detection capabilities
Subscribing to threat feeds that include intelligence on the latest security risks
Conducting regular vulnerability scanning
Performing annual penetration testing
Answer Description
Regular vulnerability scanning is the best method for routinely identifying new and unaddressed vulnerabilities on network devices, servers, and workstations. It allows the organization to detect security weaknesses and ensure that they are addressed before they can be exploited. Although penetration testing can identify vulnerabilities, it is not typically conducted on a routine basis due to its complexity and cost. Threat feeds provide information on new threats but do not identify specific vulnerabilities in systems. Firewalls primarily protect against unauthorized access and do not scan for vulnerabilities within the network.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is vulnerability scanning and how does it work?
What are the differences between vulnerability scanning and penetration testing?
How do threat feeds complement vulnerability scanning?
Data stored on a SAN and not being processed is in which state?
Data in transit
Data in motion
Data in use
Data at rest
Answer Description
Data that isn’t active and is on a storage media is considered data at rest.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'data at rest' specifically refer to?
Why is data at rest considered less vulnerable than data in transit?
What are the common security measures for protecting data at rest?
Your company is deploying a proxy server to centralize and control internet traffic for improved monitoring and access control. Which of the following scenarios best describes a security benefit of implementing this proxy server?
Automating the encryption of sensitive files stored on the server
Filtering out malicious web traffic
Increasing the network speed by compressing data
Providing a platform for hosting the company's internal chat application
Answer Description
By intercepting and analyzing web requests and responses, a proxy server can block unwanted content and prevent access to malicious sites, which enhances network security by reducing the exposure to web-based threats. Answer "Filtering out malicious web traffic" describes this benefit. Other options are not primarily related to the proxy's role in enhancing security, such as increasing network speed, which is more concerned with performance optimization than security.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the main functions of a proxy server?
How does a proxy server filter out malicious web traffic?
What is the difference between a proxy server and a firewall?
In a Zero Trust security model, what is the primary role of a Policy Engine?
It logs all policy approvals to the SIEM for auditing.
It evaluates access requests against security policies and returns allow or deny decisions.
It acts as the primary user authentication mechanism.
It routes data packets between subnets in the network.
Answer Description
The Policy Engine is the decision-making component of a Zero Trust architecture. It receives contextual information about the subject, device, and requested resource, compares that information to enterprise security policies, and returns an allow, deny, or revoke decision. Enforcement of the decision is performed by the Policy Administrator and the Policy Enforcement Point, not by the Policy Engine itself. The distractors describe logging, authentication services, and routing functions that are unrelated to the Policy Engine's role.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Zero Trust architecture?
What factors does a Policy Engine consider when evaluating access rights?
How does a Policy Engine differ from a SIEM?
An organization needs to prevent unauthorized external access to its internal network but still allow employees to access external resources necessary for their work. Which security technology should the organization implement to best achieve this goal?
Deploy an intrusion detection system to monitor network activities for suspicious behavior.
Implement a firewall to control and filter network traffic based on security rules.
Use encryption to secure sensitive data transmitted over the network.
Install physical access controls to restrict entry to the organization's facilities.
Answer Description
Implementing a firewall is the most effective solution in this scenario. A firewall acts as a barrier between the internal network and external sources, controlling incoming and outgoing network traffic based on predefined security rules. It blocks unauthorized access attempts from external entities while allowing legitimate outbound communication required by employees. An intrusion detection system monitors network activities for suspicious behavior and generates alerts but does not prevent access. Encryption secures data but does not control network access. Physical access controls protect the physical hardware and premises but do not safeguard the network from external cyber threats.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What exactly does a firewall do?
What are the different types of firewalls?
How does a firewall differ from an intrusion detection system?
A security manager observes that the organization's IT environment and external threat-intelligence feeds have shown no significant changes during the past six months. Several executives propose skipping the annual tabletop exercise and document review for the incident response plan. Which of the following is the MOST compelling reason to proceed with the scheduled review and update?
Because the environment is static, proactive changes are unnecessary until after a major breach takes place.
Regular reviews uncover otherwise hidden weaknesses and allow the plan to be improved before an actual incident occurs.
Skipping the review conserves budget and staff time for higher-priority projects.
Regulatory and contractual obligations may require documented evidence of regular plan maintenance.
Answer Description
An incident response plan is a living document that must adapt to evolving threats and to lessons learned during drills and audits. Even when the environment appears static, undetected weaknesses or procedural gaps can persist. Regular reviews-through tabletop exercises, simulations, and document updates-surface these weaknesses so they can be corrected before a real incident occurs. Standards such as NIST SP 800-61 recommend at least annual reviews or reviews after any significant change or exercise. Therefore, uncovering hidden weaknesses is the strongest justification. The other options are either secondary considerations, false economies, or contradict best practice.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why should the incident response plan be updated regularly even if threat vectors seem unchanged?
What are 'threat vectors', and how do they impact an incident response plan?
What are some common methods to evaluate and test the effectiveness of an incident response plan?
A network scan of a public-facing server reveals that several ports are open. A system administrator confirms that one of these ports is not required for any of the server's intended applications or services. What is the primary security risk associated with this unnecessary open port?
It will cause immediate data exfiltration from the server's primary application.
It prevents legitimate users from accessing the server's intended services.
It increases the attack surface, providing an additional entry point for potential exploits or unauthorized access attempts.
It consumes a significant amount of CPU and memory resources, degrading server performance.
Answer Description
The correct answer is that an unnecessary open port increases the system's attack surface. Even if no legitimate service is running on the port, it can be probed by attackers using techniques like port scanning. This can reveal information about the operating system and attract further attacks, such as brute-force attempts or the exploitation of a vulnerability if a service is ever misconfigured or a malicious one is installed on that port. Unused ports do not inherently consume significant resources, cause data exfiltration, or block legitimate traffic to other services. Best practice is to close all unused ports to minimize the attack surface.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are network ports and how do they function?
What is port scanning and why is it a threat?
What are zero-day exploits and how do they relate to open ports?
A company is assessing various options to enhance the security of their facility and data center. Which of the following would serve as the best deterrent control to discourage trespassers from entering the secured premises of the data center?
Deploying mantraps at the primary entrance to the data center
Implementing badge readers at all points of entrance and exit
Installing highly visible security cameras around the perimeter and entry points
Erecting security awareness posters regarding tailgating in employee areas
Answer Description
Security cameras are a form of deterrent control designed to discourage unauthorized individuals from attempting to access a secure area. Their presence is often enough to dissuade potential attackers as it increases the likelihood of being caught and recorded, which can lead to identification and potential prosecution. In contrast, badge readers and mantraps, while part of physical security measures, are types of preventive controls that actively prevent unauthorized access. Security awareness posters do not directly discourage trespassers from entering secured premises, as they are more focused on educating authorized personnel on maintaining security practices.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are deterrent controls in security?
How do security cameras help in deterring crime?
What is the difference between deterrent controls and preventive controls?
A cybersecurity analyst has been notified of an active exploitation of a critical vulnerability within the organization's public facing web application. Which of the following incident response steps should the analyst perform FIRST?
Conduct a lessons learned meeting to review the incident response process.
Initiate the recovery process to restore systems to normal operation.
Isolate the affected systems to prevent potential spread.
Inform senior management and other relevant stakeholders about the incident.
Answer Description
During an incident, the analyst should prioritize containing the threat to prevent further damage or exploitation. Containment strategies may include isolating affected systems, blocking malicious traffic, or taking applications offline. Other steps, such as reporting the incident to stakeholders and recovery processes, occur after the immediate threat has been contained and the impact is controlled.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the common methods for isolating affected systems during a cybersecurity incident?
Why is it important to inform senior management during a cybersecurity incident?
What steps follow the isolation of affected systems in an incident response plan?
A company is drafting its initial set of IT security documents. Among them, there is a need to establish a document that offers general advice and recommended practices for users to follow when dealing with company IT resources. Which type of security document should the company develop to fulfill this requirement?
Procedures
Policies
Standards
Guidelines
Answer Description
Guidelines are recommendations and best practices for users to follow. They are not strictly enforced but are designed to provide general advice on how to use IT resources securely. An organization would develop guidelines to offer staff general security advice. Policies, on the other hand, are mandatory rules that must be followed, and standards are specific low-level mandatory controls. Procedures are detailed step-by-step instructions on how to perform specific tasks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are security policies and how do they differ from guidelines?
Can you explain what security standards are and their role?
What are procedures in the context of IT security documents?
What is the primary function of SELinux in a Linux environment?
It optimizes the Linux kernel for better performance on enterprise servers.
It enforces mandatory access controls to provide an additional layer of security.
It provides a graphical user interface for managing firewall rules in Linux.
It is a tool for scanning and removing malware from a Linux system.
Answer Description
SELinux provides a set of security policies that enforce mandatory access controls, limiting programs and system daemons to the minimum level of access they require to perform their tasks. This additional layer of security helps prevent unauthorized access and potential exploitation of vulnerabilities.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are mandatory access controls (MAC) and how do they differ from discretionary access controls (DAC)?
What are some examples of how SELinux policies can limit access in a system?
How do I manage or configure SELinux in a Linux environment?
Geolocation restrictions can be employed to protect data in transit by blocking unauthorized access attempts based on the user's geographic location.
This statement is correct
This statement is incorrect
Answer Description
The statement is false because geolocation restrictions typically apply to controlling access to data based on the physical location of the attempting user or system, which is an effective strategy for protecting data at rest, and to a lesser extent, data in use. However, once data is in transit, it is being transferred across a network and other protection mechanisms, such as encryption, become more relevant to safeguard the data from interception or unauthorized access during the transfer process. Geolocation would not be effective in securing the data as it moves across networks, as it does not prevent interception or eavesdropping.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are geolocation restrictions and how do they work?
What are some other methods to protect data in transit?
Why is encryption more relevant for data in transit than geolocation restrictions?
A network administrator is deploying an inline intrusion prevention system (IPS). Security policy dictates that if the IPS software crashes or the appliance loses power, no traffic may bypass inspection. Which of the following failure modes should the administrator configure on the IPS to satisfy this requirement?
Fail-closed
Fail-open
Fail-safe
Failover
Answer Description
Fail-closed (sometimes called fail-secure) means that when a security control becomes unavailable, it blocks or denies traffic instead of allowing it to pass unchecked. Configuring the IPS to fail-closed therefore prevents uninspected packets from traversing the network during an outage. Fail-open does the opposite-it allows all traffic for the sake of availability. Fail-safe focuses on protecting other components, often by bypassing the device rather than dropping traffic, and failover relies on redundant equipment rather than a traffic-blocking posture.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'fail-closed' mean in a security context?
What are the implications of using fail-closed versus fail-open?
How do security devices determine legitimacy?
A company's network was infiltrated by an attacker who used sophisticated techniques to bypass advanced security measures. The attacker was well-funded and had advanced capabilities. Sensitive data was exfiltrated over an extended period without detection. Which type of threat actor is most likely responsible for this attack?
Hacktivist
Nation-State Actor
Unskilled Attacker
Insider Threat
Answer Description
Nation-state actors are typically well-funded and possess advanced capabilities, enabling them to conduct sophisticated attacks that can bypass even the most robust security measures. They often focus on long-term objectives, such as espionage and data exfiltration over extended periods. Insider threats involve individuals within the organization but may not have the resources or need to use advanced techniques for prolonged undetected access. Hacktivists are motivated by political or social causes but generally lack the resources for highly sophisticated attacks. Unskilled attackers, also known as script kiddies, lack the expertise and resources to perform advanced and prolonged infiltration without detection.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some common techniques used by Nation-State Actors in cyber attacks?
What distinguishes a Nation-State Actor from other types of threat actors?
How can organizations defend against attacks from Nation-State Actors?
As the lead security analyst at a financial institution, you have been tasked with evaluating the effectiveness of the implemented security controls. During the audit, you need to verify that access control policies are correctly enforced and that there are no deviations from the standard configurations across all servers. Which of the following audit practices would be the MOST effective for this purpose?
Conducting a configuration audit
Executing a financial audit
Undertaking an operational audit
Performing a performance audit
Answer Description
A configuration audit specifically assesses configurations against established security baselines and policies, ensuring that systems are compliant with the required security settings. This would detect deviations in access control policies and configurations from the standard across servers. A performance audit, while it assesses the efficiency and effectiveness of an organization's processes, would not focus solely on security settings and policies. A financial audit is concerned with the financial accounts and transactions of an organization, and while an operational audit evaluates the operational aspects of an organization, it does not concentrate on access control policies and system configurations to the extent necessary for the given task.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are access control policies?
What is a configuration audit?
What is a security baseline?
Nice!
Looks like that's it! You can go back and review your answers or click the button below to grade your test.