CompTIA Security+ SY0-701 Practice Exam

What the CompTIA Security+ SY0-701 exam covers

• General Security Concepts93 questions
• Threats, Vulnerabilities, and Mitigations100 questions
• Security Architecture92 questions
• Security Operations103 questions
• Security Program Management and Oversight105 questions

Free CompTIA Security+ SY0-701 sample questions

A sample of 10 questions with answers and explanations. Sign up free to practice all 493.

1. Question 1General Security Concepts

   Which of the following BEST describes the concept of confidentiality in the CIA triad?

   • AEnsuring that users cannot deny having performed an action
   • BEnsuring that data is only accessible to those with proper authorizationCorrect
   • CEnsuring that data has not been altered in an unauthorized manner
   • DEnsuring that data is accessible when needed by authorized users
   ✓ Correct answer: B

   This is the correct answer. Which of the following BEST describes the concept of confidentiality in the CIA triad requires understanding this concept thoroughly. This answer is technically accurate and aligns with industry standards and best practices.

   Why the other options are wrong

   • A"Ensuring that users cannot deny having performed an action" is incorrect.
   • C"Ensuring that data has not been altered in an unauthorized manner" is incorrect.
   • D"Ensuring that data is accessible when needed by authorized users" is incorrect.
2. Question 2General Security Concepts

   What is the purpose of a data classification scheme?

   • ATo organize data alphabetically in databases
   • BTo categorize data based on its sensitivity and the impact of unauthorized disclosureCorrect
   • CTo compress data for efficient storage
   • DTo convert data between different file formats
   ✓ Correct answer: B

   This is the correct answer. What is the purpose of a data classification scheme requires understanding this concept thoroughly. This answer is technically accurate and aligns with industry standards and best practices.

   Why the other options are wrong

   • A"To organize data alphabetically in databases" is incorrect.
   • C"To compress data for efficient storage" is incorrect.
   • D"To convert data between different file formats" is incorrect.
3. Question 3Threats, Vulnerabilities, and MitigationsSelect all that apply

   Which TWO of the following are characteristics of a worm that distinguish it from a virus? (Choose two.)

   • AIt can spread independently without needing to be embedded in another programCorrect
   • BIt always requires the user to open an email attachment to activate
   • CIt can self-replicate across networks without user interactionCorrect
   • DIt requires a host file to attach to in order to spread
   ✓ Correct answer: A, C

   It can self-replicate across networks without user interaction These answers together represent the key concepts. Understanding all of these components is essential.

   Why the other options are wrong

   • B"It always requires the user to open an email attachment to activate" is not part of the correct answer set.
   • D"It requires a host file to attach to in order to spread" is not part of the correct answer set.
4. Question 4Threats, Vulnerabilities, and Mitigations

   StormWatch Security is reviewing network logs and finds numerous failed login attempts from a single IP address targeting multiple user accounts with commonly used passwords. What type of attack is this?

   • ABrute force attack
   • BRainbow table attack
   • CPassword spraying attackCorrect
   • DDictionary attack
   ✓ Correct answer: C

   This is the correct answer. StormWatch Security is reviewing network logs and finds numerous failed login attempts from a single IP address targeting multiple user accounts with commonly used passwords. What type of attack is this requires understanding this concept thoroughly. This answer is technically accurate and aligns with industry standards and best practices.

   Why the other options are wrong

   • A"Brute force attack" is incorrect.
   • B"Rainbow table attack" is incorrect.
   • D"Dictionary attack" is incorrect.
5. Question 5Threats, Vulnerabilities, and MitigationsSelect all that apply

   A company's security team is implementing mitigations against social engineering attacks. Which TWO of the following controls would be MOST effective? (Choose two.)

   • AImplementing verification procedures for sensitive requestsCorrect
   • BDeploying additional storage servers
   • CSecurity awareness training for all employeesCorrect
   • DUpgrading firewall firmware
   • EIncreasing network bandwidth
   ✓ Correct answer: A, C

   Security awareness training for all employees These answers together represent the key concepts. Understanding all of these components is essential.

   Why the other options are wrong

   • B"Deploying additional storage servers" is not part of the correct answer set.
   • D"Upgrading firewall firmware" is not part of the correct answer set.
   • E"Increasing network bandwidth" is not part of the correct answer set.
6. Question 6Security Architecture

   TechVault Corp is implementing an intrusion detection system. What is the difference between a signature-based IDS and an anomaly-based IDS?

   • Asignature-based detects known patterns; anomaly-based detects deviations from normal behaviorCorrect
   • Bsignature-based uses machine learning; anomaly-based uses static rules
   • Csignature-based is always inline; anomaly-based is always passive
   • Dsignature-based prevents attacks; anomaly-based only logs them
   ✓ Correct answer: A

   This is the correct answer. TechVault Corp is implementing an intrusion detection system. What is the difference between a signature-based IDS and an anomaly-based IDS requires understanding this concept thoroughly. This answer is technically accurate and aligns with industry standards and best practices.

   Why the other options are wrong

   • B"signature-based uses machine learning; anomaly-based uses static rules" is incorrect.
   • C"signature-based is always inline; anomaly-based is always passive" is incorrect.
   • D"signature-based prevents attacks; anomaly-based only logs them" is incorrect.
7. Question 7Security Operations

   A security analyst receives an alert that a workstation is communicating with a known command-and-control (C2) server. Which action should the analyst take FIRST?

   • AReformat the workstation immediately
   • BIsolate the workstation from the networkCorrect
   • CUpdate the antivirus definitions on the workstation
   • DNotify law enforcement
   ✓ Correct answer: B

   When a workstation is confirmed to be communicating with a known command-and-control (C2) server, the first priority is containment by isolating the workstation from the network. This immediately stops the attacker from issuing new commands to the malware, prevents lateral movement to other network resources, and halts any ongoing data exfiltration. Network isolation can be achieved by disabling the network adapter, removing the network cable, or applying a VLAN quarantine policy, while preserving the system's powered-on state for forensic memory acquisition.

   Why the other options are wrong

   • AReformat the workstation immediately is incorrect because immediate reformatting destroys volatile forensic evidence such as memory contents, active processes, and malware artifacts needed to understand the attack chain, and should only occur after investigation and evidence preservation.
   • CUpdate the antivirus definitions on the workstation is incorrect because updating antivirus definitions while the system is still connected to the network allows the C2 channel to remain active, giving the attacker continued control; moreover, advanced malware may evade antivirus detection regardless of definition updates.
   • DNotify law enforcement is incorrect because law enforcement notification is an appropriate step later in the incident response process, but the immediate technical priority is containing the active threat by severing the C2 communication channel.
8. Question 8Security Operations

   What type of backup only copies files that have changed since the last full backup, regardless of any incremental backups in between?

   • AIncremental backup
   • BFull backup
   • CDifferential backupCorrect
   • DSnapshot backup
   ✓ Correct answer: C

   A differential backup copies all data that has changed since the last full backup, accumulating more data with each differential run as the baseline remains the last full backup. Because it always compares against the last full backup rather than the last incremental backup, a differential backup set grows larger each day but requires only two restores: the last full backup plus the most recent differential.

   Why the other options are wrong

   • AThis differentiates it from incremental backups, which only capture changes since the last backup of any type and require restoring the full backup plus every incremental in sequence.
   • BIncremental backup is incorrect because an incremental backup copies only data changed since the last backup of any type (whether full or incremental), meaning each incremental captures a smaller, distinct window of changes rather than all changes accumulated since the last full backup. Full backup is incorrect because a full backup copies all selected data regardless of when it last changed; it does not selectively copy only changed files and produces a complete standalone backup set rather than a change-based subset.
   • DSnapshot backup is incorrect because a snapshot captures the state of a storage volume or virtual machine at a specific point in time using pointers to changed blocks in the storage system, and is a point-in-time consistency mechanism rather than a traditional backup strategy based on file change tracking.
9. Question 9Security Program Management and Oversight

   Which of the following regulations specifically governs the protection of personal data for residents of the European Union?

   • ACCPA
   • BHIPAA
   • CFISMA
   • DGDPRCorrect
   ✓ Correct answer: D

   The General Data Protection Regulation (GDPR) is European Union law that establishes comprehensive rights for EU residents regarding their personal data and imposes obligations on any organization that processes personal data of EU residents, regardless of where the organization is located. GDPR requirements include obtaining explicit consent for data processing, providing data subjects the right to access and erase their data, implementing privacy by design, conducting data protection impact assessments, and mandatory breach notification within 72 hours. Non-compliance can result in fines of up to 4% of global annual revenue or 20 million euros.

   Why the other options are wrong

   • ACCPA is incorrect because the California Consumer Privacy Act (CCPA) is a US state law that provides privacy rights specifically for California residents, not EU residents; while similar in concept to GDPR, CCPA is a US regulation with different scope, rights, and enforcement mechanisms.
   • BHIPAA is incorrect because HIPAA (Health Insurance Portability and Accountability Act) is a US federal law governing the privacy and security of protected health information (PHI) in healthcare settings; it applies to US covered entities and business associates, not broadly to personal data for EU residents.
   • CFISMA is incorrect because FISMA (Federal Information Security Management Act) is a US federal law requiring federal government agencies and their contractors to implement information security programs; it applies to US federal information systems, not to the protection of personal data for EU residents.
10. Question 10Security Program Management and Oversight

    Which document provides a high-level overview of an organization's security objectives and the management framework for implementing them?

    • ASecurity baseline
    • BSecurity procedure
    • CSecurity guideline
    • DSecurity policyCorrect
    ✓ Correct answer: D

    A security policy is the authoritative, high-level governance document that provides a strategic overview of the organization's security objectives, principles, and management commitment to information security, along with the governance framework that assigns responsibilities for achieving those objectives.

    Why the other options are wrong

    • ASecurity baseline is incorrect because a security baseline specifies the minimum acceptable configuration settings for a specific technology type, such as operating system hardening requirements; it is a technical specification for a particular system type, not a high-level strategic overview of the security program. Security procedure is incorrect because a security procedure provides step-by-step operational instructions for performing a specific security task; it is the most granular, implementation-focused level of the security documentation hierarchy, not the high-level strategic framework.
    • BSecurity policies are broad and directional rather than prescriptive; they define the what and why of the security program, providing the foundation from which specific standards, procedures, and guidelines are derived and to which all security activities must align.
    • CSecurity guideline is incorrect because a security guideline provides non-mandatory recommendations and best practices for implementing security measures; it is advisory in nature and does not provide the authoritative management commitment and organizational security objectives that define a security policy.

CompTIA Security+ SY0-701 practice exam FAQ