CompTIA Security+ Practice Test (SY0-701)
Use the form below to configure your CompTIA Security+ Practice Test (SY0-701). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.
CompTIA Security+ SY0-701 (V7) Information
CompTIA Security+ Certification Exam Overview
The CompTIA Security+ certification is a vendor-neutral credential that validates foundational security skills and knowledge. The current version of the exam is SY0-701. The SY0-701 exam is a computer-based test that consists of up to 90 questions, with a duration of 90 minutes. Candidates must achieve a minimum passing score of 750 points on a scale of 100-900.
Question Types on the Security+ Exam
The Security+ exam includes two primary types of questions:
- Multiple-Choice/Multiple-Selection Questions: These questions require candidates to select one or more correct answers from a list of options.
- Performance-Based Questions (PBQs): These questions involve solving problems in a simulated IT environment, such as command prompt or networking environments. PBQs are also featured in other CompTIA exams, like A+ and Network+.
Exam Prerequisites
CompTIA does not enforce any prerequisites for the Security+ exam. However, it is recommended that candidates have the CompTIA Network+ certification and at least two years of experience in IT administration with a focus on security. Additionally, CompTIA suggests that candidates be at least 13 years old.
Security+ Exam Domains
The SY0-701 exam focuses on five primary domains:
- General Security Concepts (12%)
- Threats, Vulnerabilities, and Mitigations (22%)
- Security Architecture (18%)
- Security Operations (28%)
- Security Program Management and Oversight (20%)
These domains are detailed in the exam objectives, which outline the scope of the test, including domain weighting, test objectives, and example topics.
Exam Renewal Policy
The Security+ certification, along with other CompTIA certifications, must be renewed every three years. The bridge exam scheme was retired on December 31, 2010. Post-January 1, 2011, all new certifications are valid for three years from the date of certification. Renewal can be achieved by passing the latest version of the exam or through the Continuing Education (CE) program. This program allows candidates to keep their skills current through various activities that demonstrate industry knowledge.
Testing Centers
CompTIA exams, including Security+, are available exclusively through Pearson VUE testing centers since July 9, 2012. Exams can be scheduled online, by phone, or at the testing center. Candidates can choose between in-person exams at Pearson VUE centers or online testing.
The CompTIA Security+ certification ensures that IT professionals possess the essential security skills and knowledge required to protect and manage today's increasingly complex IT environments.
More reading:
Free CompTIA Security+ SY0-701 (V7) Practice Test
Press start when you are ready, or press Change to modify any settings for the practice test.
- Questions: 20
- Time: Unlimited
- Included Topics:General Security ConceptsThreats, Vulnerabilities, and MitigationsSecurity ArchitectureSecurity OperationsSecurity Program Management and Oversight
A corporation is revising its guidelines that dictate the usage of its technology systems. What inclusion effectively communicates the appropriate utilization of these systems while still providing a measure of leniency for personal activity?
Employees may engage in reasonable levels of personal activity on technological systems as long as it does not violate any organizational guidelines and does not hinder professional responsibilities.
Use of organizational systems for any non-official activity is strictly prohibited to maintain a secure and professional environment.
Individuals are granted complete freedom to engage in personal activity utilizing organizational systems to promote a trusting environment.
Storage of organizational information on personal devices is forbidden, ensuring information security is upheld.
Answer Description
Stipulating that limited personal usage of technological systems is allowable, as long as it is in compliance with existing company guidelines and does not impact job duties, provides a clear yet balanced approach to personal use. Prohibiting personal storage of company information on external devices is purely a security-oriented directive without addressing the use of the systems themselves for personal activities. Authorizing unrestricted personal use disregards security concerns, while a total ban on personal use is overly restrictive and likely to be unenforceable.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the importance of having guidelines for personal use of organizational technology systems?
Why is it crucial to prohibit the storage of organizational information on personal devices?
Why is a total ban on personal activity or unlimited use of systems not a viable policy option?
A network administrator wants to implement an intrusion detection system that can monitor network traffic without impacting network performance or flow. Which of the following device attributes would be most suitable for this requirement?
Tap passive device
Inline passive device
Inline active device
Tap active device
Answer Description
A tap passive device monitors network traffic by copying data from the network without being in the direct flow of traffic. This means it does not impact network performance or flow because it is not inline with the traffic; instead, it passively receives a copy of the data. Inline devices, whether active or passive, are placed directly in the path of network traffic and can introduce latency or points of failure. Active devices can take actions such as blocking or modifying traffic, which could impact performance. Therefore, a tap passive device is the most suitable for monitoring without affecting network performance.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a tap passive device?
How is an inline device different from a passive device?
When would you choose an active device over a passive device?
Which of the following statements BEST explains why a network firewall alone cannot provide the same level of protection as encryption for data stored on a network file server?
A firewall enforces access rules for network traffic, but only encryption renders the stored data unreadable to unauthorized users, so both controls are required to protect data at rest.
Encryption secures data moving across the network, whereas a firewall secures all data that resides on the server's drives.
Neither firewalls nor encryption protect data at rest; only physical security controls such as locks and guards can do so.
A properly configured firewall automatically encrypts any files transmitted or stored behind it, eliminating the need for separate data-at-rest encryption.
Answer Description
A firewall filters or blocks network traffic according to predefined rules, helping to prevent unauthorized access over the network. It does not transform the actual data on the server. If an attacker bypasses the firewall-through stolen credentials, an insider threat, or physical access-the files remain readable unless they are encrypted. Encrypting the disk, volume, or files converts them into ciphertext that is unintelligible without the decryption key, preserving confidentiality even if the storage media is stolen or the system is compromised. Therefore, encryption-not the firewall-provides protection for data at rest.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why doesn't a firewall encrypt data?
What is 'data at rest,' and how does encryption protect it?
How might an attacker bypass a firewall, and why does encryption matter in that situation?
During an organization's security policy review meeting, it was observed that there is currently no formal policy pertaining to the acceptable use of organizational assets and network resources. As part of establishing robust security governance within the company, which of the following policies should be proposed and implemented first to address this issue?
Software Development Lifecycle (SDLC) Policy
Acceptable Use Policy (AUP)
Change Management Policy
Disaster Recovery Policy
Answer Description
An Acceptable Use Policy (AUP) provides a set of rules and guidelines that outline how the organization's assets and network resources should be used. It helps to ensure that employees and other stakeholders are aware of what constitutes appropriate and inappropriate use, thereby protecting the organization from various risks associated with misuse. The other options listed do not directly address the specific need for governing the use of organizational assets and network resources.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of an Acceptable Use Policy (AUP)?
What are examples of rules included in an AUP?
How does an AUP protect an organization from risks?
During an audit of the company's disaster-recovery plan, the security administrator must recommend a backup technique that consumes the smallest amount of storage while backing up only data modified since the most recent full or incremental job. Which backup type should the administrator choose?
Differential backup
Full backup
Incremental backup
Snapshot
Answer Description
An incremental backup captures only the data that has changed since the last backup of any type-either full or incremental-so it typically requires the least storage space. A differential backup records all changes since the last full backup, so its size grows each day until another full backup occurs. A snapshot represents a point-in-time copy of a volume rather than a true change-based backup method. A full backup duplicates every selected file and therefore consumes the most storage.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between an incremental backup and a differential backup?
Why might a security administrator choose incremental backups over other types?
What role does a full backup play in an incremental backup strategy?
What is the primary role of a generator within the security architecture of a data center?
To serve as a primary power source during peak operation times
To provide backup power in the event of a main power supply failure
To cool down the server racks and prevent overheating
To regulate the distribution of power to different circuits
Answer Description
The primary role of a generator in the security architecture of a data center is to provide backup power in the event that the main power supply fails. This ensures that critical systems remain operational during power outages, thus maintaining high availability and preventing potential security breaches that could occur due to system downtime.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is a backup power source like a generator critical for data center security?
How does a data center's uninterruptible power supply (UPS) work with a generator?
What are some other components of a data center's power management strategy beyond generators?
Your organization requires a solution to monitor the health and security status of its endpoints. What kind of solution would you deploy to ensure centralized management and real-time alerting for potential security issues?
Deploy an agent-based monitoring tool on all endpoints that reports back to a central management console.
Use a centralized log management platform to passively analyze system logs.
Set up a network analyzer to capture and inspect all traffic in and out of the network.
Regularly schedule manual security audits of all endpoints to check for software updates and configuration issues.
Answer Description
An agent-based monitoring tool would be appropriate for this task because it can be installed on each endpoint to monitor its health and security status in real-time. These agents regularly communicate with a central management console to report on the status of the endpoint and alert security personnel if an anomaly is detected. Other answers involve manual processes, provide incomplete solutions, or are less efficient for real-time monitoring in a large enterprise environment.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an agent-based monitoring tool?
How does an agent-based tool differ from centralized log management?
Why is real-time monitoring important for endpoint security?
Which action best exemplifies the mitigation of a security risk within an organization's risk management strategy?
Acknowledging the existence of a security risk and choosing not to take corrective actions.
Establishing additional access controls to safeguard sensitive information.
Deciding to stop all activities that are associated with a high level of risk to avoid it completely.
Purchasing an insurance policy to transfer the risk associated with potential data breaches.
Answer Description
Mitigation refers to the implementation of measures to reduce the impact of a threat or to reduce the likelihood of its occurrence. Establishing additional access controls to safeguard sensitive information makes it more difficult for unauthorized users to access this information, thus reducing the potential impact of a data breach. On the other hand, transferring the risk involves shifting the responsibility to another entity, such as through insurance. Avoiding the risk would mean completely eliminating the threat, which can be unrealistic for some risks, and accepting the risk would indicate no further actions to decrease its impact.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are access controls, and how do they mitigate risks?
How does risk mitigation differ from risk transference or acceptance?
Why might organizations choose mitigation over risk avoidance?
A midsized enterprise is designing a layered network perimeter that currently includes an edge router, a stateful firewall, and internal routing and switching for user and server segments. Management wants to add a network-based intrusion prevention system (IPS) to detect and automatically block sophisticated attacks. To maximize detection accuracy while minimizing unnecessary processing overhead and latency, where in this topology should the IPS be physically installed?
Immediately behind the perimeter firewall, before traffic reaches any internal routers or switches.
Inline with the edge router so that it inspects every packet entering or leaving the organization.
On a core switch close to user workstations to track possible lateral movement and insider threats.
At the primary datacenter ingress to monitor high-bandwidth server-to-server communications.
Answer Description
Placing the IPS directly behind (internal to) the external firewall allows the firewall to drop obviously disallowed traffic first, so the IPS only analyzes traffic that has already met basic policy rules. This reduces the IPS workload, decreases false positives, and still stops threats before they can reach internal routers, switches, and hosts. Positioning the IPS outside the firewall forces it to inspect all Internet noise, while placing it deep inside the LAN or only at a datacenter ingress leaves gaps during initial ingress and can overwhelm the sensor with east-west traffic.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the main difference between a firewall and an IPS?
What is east-west traffic and why can it overwhelm an IPS?
How does placing an IPS behind a firewall improve performance?
A company is revising its security monitoring strategies to enhance incident detection and response. Their current system is primarily manual, resulting in delayed identification and inconsistent reporting of suspicious activities. Which of the following is the BEST method to improve their incident reporting and monitoring process?
Expanding the in-house security team
Implementing real-time automated monitoring and alerting systems
Conducting more comprehensive employee training sessions
Increasing the frequency of manual security audits
Answer Description
Automated monitoring and alerting systems provide real-time detection of security events, which significantly reduce response times to potential incidents. By setting thresholds and parameters for normal network behavior, these systems can promptly identify and report suspicious activities, enabling quicker remediation. While all other options may contribute to effective security practices, automated alerting will most directly address the current delays and inconsistencies in incident detection and reporting, leading to improved security posture.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are automated monitoring and alerting systems?
How do automated systems compare to manual methods in incident detection?
What is a Security Information and Event Management (SIEM) system?
Which of the following types of disaster recovery sites is typically partially equipped with network connections and other resources, allowing a company to resume operations within a few days after a disaster, but not immediately?
Lukewarm site
Warm site
Hot site
Cold site
Answer Description
A warm site has more equipment in place than a cold site but does not have active data in place like a hot site. It is a compromise between the two other backup sites.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the key difference between a warm site and a hot site?
Why would a company choose a warm site over a hot site or cold site?
What types of organizations typically use warm sites for disaster recovery?
A cybersecurity analyst is tasked with selecting an appropriate tool for scanning the security posture of the organization’s network infrastructure. The emphasis is on identifying misconfigurations and unpatched systems. Which of the following tools should the analyst choose for the BEST results?
Antivirus software
Protocol analyzer
Network sniffer
Vulnerability scanner
Answer Description
A vulnerability scanner is specifically designed to assess computers, systems, and networks for security weaknesses. These tools can check for misconfigurations, unpatched software, and other vulnerabilities, making it the most appropriate choice for the given task. Network sniffers are primarily used for capturing and analyzing network traffic and will not necessarily identify misconfigurations and unpatched systems. Protocol analyzers are best for diagnosing network communication issues but do not actively scan for vulnerabilities. Antivirus software protects against malware and is not a tool for scanning network infrastructures for vulnerabilities.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a vulnerability scanner, and how does it work?
How is a network sniffer different from a vulnerability scanner?
Why is antivirus software not suitable for assessing network security posture?
A security analyst is reviewing authentication logs and notices a high volume of failed login attempts from a single IP address. The attempts target many different user accounts, but all use a small set of common passwords like 'Password123' and 'Winter2025'. This 'low-and-slow' method appears designed to avoid individual account lockouts. Which type of password attack does this activity indicate?
Dictionary attack
Spraying
Rainbow table
Plaintext/Unencrypted
Answer Description
Password spraying is a type of brute-force attack where an attacker attempts to access a large number of accounts with a few commonly used passwords. Unlike a traditional brute-force attack that targets a single account with many passwords, spraying targets many accounts with few passwords to prevent triggering account lockout policies. A dictionary attack is different as it typically uses a large list of passwords against a single account. A rainbow table attack is used to crack password hashes that have already been stolen, not for online authentication attempts. 'Plaintext/Unencrypted' refers to the insecure state of a password, not an attack method.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why do attackers use password spraying instead of traditional brute-force attacks?
What are some common security measures to defend against password spraying attacks?
How does password spraying differ from a dictionary attack?
Which physical security control is primarily used to prevent vehicles from ramming into secure areas or buildings?
Fencing
Security Guard
Bollards
Access Badge
Answer Description
Bollards are designed to prevent vehicle intrusions into secure areas. They are short vertical posts that can be installed outside buildings or around perimeters to create barriers against vehicles. While fencing can also deter vehicles and unauthorized individuals, it is a wider perimeter security measure, not specifically engineered like bollards to withstand vehicle impacts. Security guards provide surveillance and response but are not physical barriers to vehicles. Access badges are a form of identification and access control but do not directly prevent vehicles from entering a secure location.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How do bollards stop vehicles?
What are the differences between bollards and fencing in physical security?
What are K-rated bollards, and why are they important?
An IT department wants to reduce the time it takes to grant new employees access to necessary systems and applications by automating this process. Which use case of automation and scripting best addresses this need?
Ticket creation
Security groups
Continuous integration and testing
User provisioning
Answer Description
User provisioning automates the creation of user accounts and the assignment of appropriate access rights, effectively streamlining the onboarding process. While ticket creation can help manage access requests, it does not automate the provisioning itself. Continuous integration and testing are related to software development practices, and security groups organize users but do not automate access provisioning.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is user provisioning in automation?
How does user provisioning differ from ticket creation?
What role do security groups play in user provisioning?
A network administrator for a company that uses Cisco equipment needs to implement a centralized authentication solution. The requirements are that usernames and passwords are not configured locally on each device, and the entire authentication payload must be encrypted during transit. Which of the following protocols meets all these requirements?
EAP
TACACS+
Kerberos
RADIUS
Answer Description
Terminal Access Controller Access-Control System Plus (TACACS+) is a protocol that provides centralized Authentication, Authorization, and Accounting (AAA) services. It meets the stated security requirements by encrypting the entire body of the packet during transmission. In contrast, RADIUS is a similar AAA protocol but only encrypts the password field within the authentication packet, leaving the username and other data in cleartext. Kerberos is primarily used for service authentication in a domain environment, and Extensible Authentication Protocol (EAP) is an authentication framework, not a standalone AAA protocol for this specific use case.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between TACACS+ and RADIUS?
What does AAA stand for in networking and how does it work?
Why does TACACS+ use full encryption over TCP?
Which software utility assists users in generating, storing, and managing passwords for online and local services securely?
Encrypted storage service
Firewall
Antivirus software
Password manager
Answer Description
A password manager assists users in creating, storing, and managing their passwords for online and local services securely. It protects sensitive information with strong encryption and sometimes offers additional features like syncing across devices and generating unique passwords. Using only a password for encryption or merely saving passwords in a browser does not offer the same level of functionality or security.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does a password manager secure my stored passwords?
What is the difference between saving passwords in a browser and using a password manager?
What are the best practices for choosing a master password?
A financial services company needs to ensure its critical operations can resume as quickly as possible following a catastrophic event at its primary data center. To meet a recovery time objective (RTO) of less than one hour, which type of disaster recovery site should the company implement for the highest level of availability?
Warm site
Cold site
Hot site
Lukewarm site
Answer Description
A hot site is a fully equipped and operational duplicate of the primary site, often with real-time data synchronization, designed for immediate or near-immediate failover. This meets the requirement for the fastest possible recovery time, typically within minutes to hours. A warm site has hardware and connectivity but requires data to be restored from backups, leading to a recovery time of hours to days. A cold site is a basic facility with space, power, and cooling, but no pre-installed hardware, resulting in a recovery time of weeks or longer. 'Lukewarm site' is not a standard industry term for disaster recovery sites.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a hot site in disaster recovery?
What are the main differences between a hot site, a warm site, and a cold site?
What factors determine which type of disaster recovery site to choose?
Your team has deployed a new web application to a staging environment. As a security specialist, you are tasked with identifying vulnerabilities by interacting with the application as a user would, sending various types of data to see how it responds. Which testing technique does this scenario describe?
Dynamic analysis, which involves testing an application during its operation to find flaws that are only discoverable at runtime.
Static analysis, which involves reviewing an application's source code for vulnerabilities before it is compiled or run.
Configuration compliance scanning, which checks that the host server meets secure baseline standards.
Web application firewall (WAF) log review, which looks for evidence of past malicious activity.
Answer Description
This scenario describes dynamic analysis, also known as Dynamic Application Security Testing (DAST). This method involves testing an application while it is running to find vulnerabilities that only appear during operation. It assesses the application from the 'outside-in,' mimicking how an attacker would interact with it. Static analysis reviews the raw code without running it, configuration scanning validates the security of the underlying server, and log review is a reactive process of reviewing past events.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some common tools used for dynamic analysis?
How does dynamic analysis differ from static analysis in approach?
What are the limitations of dynamic analysis?
A security manager has placed conspicuous warning signs around the perimeter of a data center. The signs state, "No Trespassing - Violators Will Be Prosecuted." What type of security control does this action represent?
Compensating
Corrective
Deterrent
Preventive
Answer Description
Deterrent controls are designed to discourage potential attackers. Warning signs are a classic example as they inform individuals of the consequences of trespassing, aiming to deter the action. This is not a preventive control, as it does not physically stop an intruder (e.g., a fence or a lock). It is not a corrective control, which is used after an incident to limit damage (e.g., restoring from backups). It is also not a compensating control, which serves as an alternative when a primary control is not feasible.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of a deterrent control?
How does a deterrent control differ from a preventive control?
What are examples of other deterrent controls besides warning signs?
Nice!
Looks like that's it! You can go back and review your answers or click the button below to grade your test.