CompTIA Security+ Practice Test (SY0-701)
Use the form below to configure your CompTIA Security+ Practice Test (SY0-701). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.
CompTIA Security+ SY0-701 (V7) Information
CompTIA Security+ Certification Exam Overview
The CompTIA Security+ certification is a vendor-neutral credential that validates foundational security skills and knowledge. The current version of the exam is SY0-701. The SY0-701 exam is a computer-based test that consists of up to 90 questions, with a duration of 90 minutes. Candidates must achieve a minimum passing score of 750 points on a scale of 100-900.
Question Types on the Security+ Exam
The Security+ exam includes two primary types of questions:
- Multiple-Choice/Multiple-Selection Questions: These questions require candidates to select one or more correct answers from a list of options.
- Performance-Based Questions (PBQs): These questions involve solving problems in a simulated IT environment, such as command prompt or networking environments. PBQs are also featured in other CompTIA exams, like A+ and Network+.
Exam Prerequisites
CompTIA does not enforce any prerequisites for the Security+ exam. However, it is recommended that candidates have the CompTIA Network+ certification and at least two years of experience in IT administration with a focus on security. Additionally, CompTIA suggests that candidates be at least 13 years old.
Security+ Exam Domains
The SY0-701 exam focuses on five primary domains:
- General Security Concepts (12%)
- Threats, Vulnerabilities, and Mitigations (22%)
- Security Architecture (18%)
- Security Operations (28%)
- Security Program Management and Oversight (20%)
These domains are detailed in the exam objectives, which outline the scope of the test, including domain weighting, test objectives, and example topics.
Exam Renewal Policy
The Security+ certification, along with other CompTIA certifications, must be renewed every three years. The bridge exam scheme was retired on December 31, 2010. Post-January 1, 2011, all new certifications are valid for three years from the date of certification. Renewal can be achieved by passing the latest version of the exam or through the Continuing Education (CE) program. This program allows candidates to keep their skills current through various activities that demonstrate industry knowledge.
Testing Centers
CompTIA exams, including Security+, are available exclusively through Pearson VUE testing centers since July 9, 2012. Exams can be scheduled online, by phone, or at the testing center. Candidates can choose between in-person exams at Pearson VUE centers or online testing.
The CompTIA Security+ certification ensures that IT professionals possess the essential security skills and knowledge required to protect and manage today's increasingly complex IT environments.
More reading:
Free CompTIA Security+ SY0-701 (V7) Practice Test
Press start when you are ready, or press Change to modify any settings for the practice test.
- Questions: 15
- Time: Unlimited
- Included Topics:General Security ConceptsThreats, Vulnerabilities, and MitigationsSecurity ArchitectureSecurity OperationsSecurity Program Management and Oversight
Which of the following scenarios best describes an attack that is likely to cause abnormal consumption of system resources, potentially leading to a system outage?
Phishing attack that deceives a user into sharing their password
Email spam campaign distributing unsolicited messages
DDoS attack
Social engineering attack that tricks an employee into wiring money
Answer Description
A Distributed Denial-of-Service (DDoS) attack is a cyber-attack in which multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers, causing a drastic spike in resource consumption. This can overwhelm the system, leading to slowdowns or complete denial of service. In contrast, phishing and social engineering attacks primarily focus on deception to gain information, and they do not typically result in excessive resource consumption. Email spam may consume resources, but it is typically not as impactful as a coordinated DDoS attack that targets and exhausts system resources.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What exactly is a DDoS attack? How does it work?
What are the potential consequences of a successful DDoS attack?
How can organizations protect themselves from DDoS attacks?
A company's network was infiltrated by an attacker who used sophisticated techniques to bypass advanced security measures. The attacker was well-funded and had advanced capabilities. Sensitive data was exfiltrated over an extended period without detection. Which type of threat actor is most likely responsible for this attack?
Hacktivist
Unskilled Attacker
Insider Threat
Nation-State Actor
Answer Description
Nation-state actors are typically well-funded and possess advanced capabilities, enabling them to conduct sophisticated attacks that can bypass even the most robust security measures. They often focus on long-term objectives, such as espionage and data exfiltration over extended periods. Insider threats involve individuals within the organization but may not have the resources or need to use advanced techniques for prolonged undetected access. Hacktivists are motivated by political or social causes but generally lack the resources for highly sophisticated attacks. Unskilled attackers, also known as script kiddies, lack the expertise and resources to perform advanced and prolonged infiltration without detection.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some common techniques used by Nation-State Actors in cyber attacks?
What distinguishes a Nation-State Actor from other types of threat actors?
How can organizations defend against attacks from Nation-State Actors?
A company is planning to integrate their authentication processes with a third-party service provider to allow employees to use a single set of credentials across both systems. To enhance the user experience and provide secure access to the services offered by the partner, which solution would be the BEST to implement?
Using a central access policy service to manage application access across entities
Implementing a federated identity management system
Adopting a web authentication standard
Creating additional user credentials for each employee within the third-party service provider's system
Answer Description
Federation is the practice of linking a user's electronic identity and attributes, stored across multiple distinct identity management systems. Implementing a federated identity management system would be ideal in this situation as it enables the company's employees to use their existing corporate credentials to access the third-party service provider's resources securely. This negates the need for multiple credentials and simplifies the authentication process for users, which directly aligns with the scenario's requirements of minimizing complexity and offering a streamlined process.
Creating additional user credentials for each employee within the partner's system and relying on a central access policy that governs the usage of applications across both entities, are less efficient solutions that increase complexity and management overhead, which does not fulfill the specified criteria of streamlined access. The web authentication standard accentuates a specific method of authentication that can be utilized in federated environments but does not represent the overarching federated identity management system needed here.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is federated identity management?
What are the benefits of using a federated identity management system?
How does federated identity management work with third-party service providers?
Of the following options, which is a cryptographic algorithm classified as asymmetric?
DES
Blowfish
RSA
RC4
RC5
AES
Answer Description
RSA (Rivest–Shamir–Adleman) is an asymmetric cryptographic algorithm commonly used for data transmission. It uses public and private key pairs.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is asymmetric cryptography?
How does RSA work?
What are some other asymmetric algorithms?
A company is assessing various options to enhance the security of their facility and data center. Which of the following would serve as the best deterrent control to discourage trespassers from entering the secured premises of the data center?
Erecting security awareness posters regarding tailgating in employee areas
Deploying mantraps at the primary entrance to the data center
Implementing badge readers at all points of entrance and exit
Installing highly visible security cameras around the perimeter and entry points
Answer Description
Security cameras are a form of deterrent control designed to discourage unauthorized individuals from attempting to access a secure area. Their presence is often enough to dissuade potential attackers as it increases the likelihood of being caught and recorded, which can lead to identification and potential prosecution. In contrast, badge readers and mantraps, while part of physical security measures, are types of preventive controls that actively prevent unauthorized access. Security awareness posters do not directly discourage trespassers from entering secured premises, as they are more focused on educating authorized personnel on maintaining security practices.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are deterrent controls in security?
How do security cameras help in deterring crime?
What is the difference between deterrent controls and preventive controls?
In a scenario where a regional healthcare provider is implementing a strategy to segregate its administrative, clinical, and guest networks to both minimize its attack surface and comply with health information privacy regulations, which technology should be utilized to not only separate the segments but also enforce distinct security policies and control inter-segment traffic?
Border Gateway Protocol (BGP) for routing control
Transport Layer Security (TLS) for secure communications
Quality of Service (QoS) configuration for traffic prioritization
Next-generation firewall (NGFW)
Answer Description
A next-generation firewall (NGFW) provides the advanced functionality needed for logical network segmentation, augmenting classic firewall capabilities with features such as application awareness and intrusion prevention. NGFWs ensure that strict security policies can be enforced and managed between segmented zones, which is perfect for an environment handling sensitive health records. This technology provides the required granularity for compliance with healthcare regulations, making it the optimal choice over other options that either lack the sophistication in policy management or are not primarily designed for inter-segment traffic control within the same network.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What features make a Next-Generation Firewall (NGFW) stand out compared to a traditional firewall?
How does inter-segment traffic control work within an NGFW?
Why is it essential for healthcare providers to comply with health information privacy regulations?
A security analyst is tasked with implementing a solution to receive timely data on emerging malware, malicious IP addresses, and known vulnerabilities. Which of the following would BEST fulfill this requirement?
A vulnerability scanner
A security baseline
A Security Information and Event Management (SIEM) system
A threat feed
Answer Description
The correct answer is a threat feed. A threat feed is a real-time or near-real-time stream of data providing information on current and potential cyber threats, including indicators of compromise like malicious IPs, URLs, and malware signatures. A security baseline defines a standard state for a system, a SIEM is used to aggregate and analyze log data from internal sources, and a vulnerability scanner actively probes systems for weaknesses rather than providing a continuous external data stream.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are threat feeds and how do they work?
What are indicators of compromise (IoCs)?
How can organizations utilize threat feeds effectively?
The security team at a multinational corporation has been alerted to a potential vulnerability that affects multiple operating systems. This vulnerability allows remote attackers to execute arbitrary code on affected systems. To address this concern swiftly, the team must reference a categorized list of known vulnerabilities. Which resource should they use to find the detailed information about this vulnerability?
Internet Engineering Task Force (IETF)
Open Web Application Security Project (OWASP)
CERT Coordination Center
National Vulnerability Database (NVD)
Answer Description
The correct answer is the National Vulnerability Database (NVD) because it is a comprehensive database where CVE details are cataloged and can be searched. The CVE identifier would provide a standardized reference for the vulnerability in question, allowing the security team to access the details they need to begin assessing the impact and planning their response. The CERT Coordination Center deals with coordinating responses to security incidents, not cataloging CVEs. The Open Web Application Security Project (OWASP) focuses on improving software security, specifically for web applications, and does not serve as a database for CVEs. The Internet Engineering Task Force (IETF) develops and promotes voluntary internet standards and protocols, but does not manage a database of vulnerabilities.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the National Vulnerability Database (NVD)?
What is a CVE Identifier?
How do organizations typically use the information found in the NVD?
A lazy programmer at a startup was recently fired for sleeping at their cubicle. Angry about being fired and wanting revenge, the programmer accessed the admin panel of the startup's website using a method they had previously programmed into the application before being dismissed. With access to the admin panel, the former employee was able to delete user accounts from the database, causing significant issues for the company. Which of the following options best describes the methodology of the attack?
Ransomware
SQL injection
Backdoor
Rootkit
Answer Description
The programmer created a backdoor in the application to grant themselves access later on. The backdoor allowed them to bypass the application's usual authentication measures. A backdoor could also be set up by a malicious application, but in this case, it was the work of a lazy programmer who knew he would be fired soon.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a backdoor in cybersecurity?
How can backdoors be prevented in applications?
What are the implications of a backdoor attack for a company?
Which type of penetration test involves combining both offensive and defensive techniques to thoroughly assess an organization's security posture?
Integrated Penetration Testing
Defensive Penetration Testing
Offensive Penetration Testing
Physical Penetration Testing
Answer Description
Integrated Penetration Testing involves the collaboration of offensive and defensive techniques to comprehensively evaluate an organization's security. This approach allows for a more effective identification of vulnerabilities by leveraging multiple perspectives and methods.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are offensive and defensive techniques in penetration testing?
What are some benefits of Integrated Penetration Testing?
What role does vulnerability assessment play in Integrated Penetration Testing?
Which of the following best describes the primary purpose of corrective controls in a security context?
To identify and detect security incidents as they happen
To substitute for primary security controls when they are not available
To limit the damage and impact after a security incident has occurred
To prevent security incidents from occurring in the first place
Answer Description
Corrective controls are designed to limit the damage and impact after a security incident has already occurred. They are reactive measures that help organizations recover from an incident and minimize the extent of the damage. Examples of corrective controls include backup systems that allow for data restoration and incident response plans that outline the steps to be taken after an incident is detected. While preventive controls aim to stop incidents from occurring in the first place, and detective controls focus on identifying incidents, corrective controls are specifically designed to mitigate the consequences of an incident after it has happened.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some examples of corrective controls?
How do corrective controls differ from preventive and detective controls?
Why is it important for organizations to implement corrective controls?
A multinational corporation has shifted its workforce to a primarily remote model and migrated most of its business applications to various cloud providers. The Chief Information Security Officer (CISO) is concerned about the high latency and security gaps created by backhauling all user traffic to a central on-premises data center for inspection. The goal is to provide users with direct, secure, and high-performance access to cloud resources regardless of their location.
Which of the following solutions BEST addresses the company's requirements?
Using a Cloud Access Security Broker (CASB) to monitor all cloud traffic.
Implementing a traditional VPN concentrator at the main data center.
Hardening the on-premises firewalls and increasing internet bandwidth.
Deploying a Secure Access Service Edge (SASE) architecture.
Answer Description
A Secure Access Service Edge (SASE) architecture is the best solution for this scenario. SASE combines networking capabilities, specifically SD-WAN, with a suite of cloud-native security services (like SWG, CASB, ZTNA, and FWaaS) into a single, unified platform. This model moves security enforcement to the cloud edge, allowing remote users to connect directly to cloud resources securely and efficiently without needing to route traffic back through a central data center. A traditional VPN would still backhaul traffic, a CASB alone only addresses cloud application security without the networking component, and simply hardening on-premises firewalls does not solve the inefficient traffic routing issue.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the main components of SASE?
What is the role of SD-WAN in SASE?
How does SASE improve security for remote users?
Your company has recently rolled out a new security awareness training program focused on recognizing social engineering attacks. To ensure the effectiveness of the training, what is the MOST effective method to evaluate employee understanding and application of the training content?
Including a quiz at the end of the training session
Publishing a quarterly newsletter highlighting social engineering threats
Conducting unannounced phishing simulation campaigns
Unannounced network scans after training completion
Answer Description
Phishing simulations are a practical method of testing employees' abilities to recognize and respond to social engineering attacks. This type of simulation provides actionable insights by creating realistic scenarios similar to actual phishing attempts, without the associated risk. This helps measure the effectiveness of the training and identifies areas where additional training may be necessary. Answer options like 'Unannounced network scans' and 'Publishing quarterly newsletters' are less direct and less effective methods of assessing the specific understanding of recognizing social engineering attacks. Although helpful in a broader security context, they do not directly test the application of the training content. 'Including a quiz at the end of the training session' can validate immediate retention but does not measure long-term understanding or practical application in an actual work environment.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are phishing simulations, and how do they work?
Why are unannounced phishing attacks more effective than quizzes?
What other methods can companies use to reinforce training on social engineering attacks?
The IT Security team of a financial institution is implementing a new system that should ensure that access permissions to sensitive financial records align strictly with employee job functions. Compliance requirements dictate that every access permission must be auditable and cannot be based on individual discretion. Which authorization model best suits the security and compliance requirements of this scenario?
Discretionary Access Control (DAC)
Attribute-Based Access Control (ABAC)
Role-Based Access Control (RBAC)
Security Support Provider Interface (SSPI)
Answer Description
The Role-Based Access Control (RBAC) model is designed to restrict system access to authorized users. This model is the most aligned with scenarios in which access to resources needs to be assigned based on roles within an organization, making it easier to manage and audit. Attribute-Based Access Control (ABAC) and Discretionary Access Control (DAC) are less suited for this scenario. ABAC can be highly dynamic, which can be complex to audit, while DAC allows owners of the resources to specify access, which does not meet the non-discretionary requirement of the scenario. The Security Support Provider Interface (SSPI) is a Microsoft API used for security-related functions and is not an access control model.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the main features of Role-Based Access Control (RBAC)?
How does Attribute-Based Access Control (ABAC) differ from RBAC?
Why is Discretionary Access Control (DAC) not suitable for this scenario?
A security analyst implements intrusion detection sensors and automated log analysis tools. The primary purpose of these tools is to identify anomalies or disruptions in network traffic and system activities and then trigger an alert. Which type of security control does this implementation represent?
Corrective
Deterrent
Detective
Preventive
Answer Description
This scenario describes a detective control. Detective controls are designed to find and alert on security incidents after they have already occurred or as they are happening. Intrusion detection systems (IDS) and log analysis tools fit this description perfectly as they monitor for and report on suspicious activity, rather than stopping it outright.
- Preventive controls aim to stop an incident before it happens (e.g., a firewall blocking a malicious IP address).
- Corrective controls are used to limit the damage and restore systems after an incident has been detected (e.g., restoring from a backup after a ransomware attack).
- Deterrent controls are meant to discourage potential attackers (e.g., warning banners).
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are detective controls in cybersecurity?
What are preventive measures in security architecture?
How can an organization improve its incident response after detecting a threat?
Nice!
Looks like that's it! You can go back and review your answers or click the button below to grade your test.