Free CompTIA Security+ SY0-701 Practice Questions

Original practice questions with a full explanation for every answer β€” see why the right choice is right and why each wrong one is wrong.

Entry-levelPracticeSY0-701
⏱️ 12 questions

Click an answer to reveal the reasoning. These are original questions written to test the same concepts as the exam β€” not copied exam items β€” so you learn the <em>why</em>.

In short: These are free, original CompTIA Security+ SY0-701 practice questions covering all five exam domains. Each question includes a full explanation of the correct answer and why the other options are wrong. No signup is required.

Security+ SY0-701 practice set

Twelve original questions across the five domains. Tap an option to check it, or use β€œShow all answers” to review the reasoning.

Domain 1 Β· General Security Concepts
1. A company wants to ensure that data has not been altered between sender and receiver. Which part of the CIA triad does this goal address?
Correct answer: Integrity. Ensuring data has not been altered is integrity. Confidentiality is about keeping data secret; availability is about it being accessible when needed; authentication (not part of the CIA triad) is about proving identity. Hashing is the usual integrity mechanism.
Domain 1 Β· General Security Concepts
2. A user logs in with a password and a code from an authenticator app. Which concept BEST describes this?
Correct answer: Multi-factor authentication. A password (something you know) plus an authenticator code (something you have) are two different factor types, so this is multi-factor authentication. Single sign-on and federation are about reusing one identity across systems, not about factor types.
Domain 2 Β· Threats & Vulnerabilities
3. An attacker sends an email that appears to come from the CEO, urgently asking the finance team to wire funds. This is an example of:
Correct answer: Phishing using authority and urgency. Impersonating an executive to pressure a target is a phishing attack that leans on the social-engineering principles of authority and urgency (often called CEO fraud or business email compromise). It's not a technical exploit like SQL injection, and it isn't a DoS.
Domain 2 Β· Threats & Vulnerabilities
4. Which type of malware encrypts a victim's files and demands payment for the decryption key?
Correct answer: Ransomware. Ransomware encrypts data and extorts payment. A rootkit hides an attacker's presence, a logic bomb triggers on a condition, and a keylogger records keystrokes β€” none of which is defined by encrypting files for ransom.
Domain 3 Β· Security Architecture
5. A security team wants to limit how far an attacker can move if one server is compromised. Which design approach BEST achieves this?
Correct answer: Network segmentation. Segmentation divides the network into isolated zones, so a foothold in one segment doesn't grant free lateral movement to the rest. Longer passwords and full-disk encryption are useful but don't limit lateral movement; a captcha addresses automated login attempts.
Domain 3 Β· Security Architecture
6. Which protocol should replace Telnet to administer a router securely?
Correct answer: SSH. SSH (port 22) provides an encrypted remote-admin session, unlike Telnet, which sends everything β€” including credentials β€” in cleartext. FTP and HTTP are also unencrypted, and SNMPv1 has no strong security; SNMPv3 would be the secure monitoring choice.
Domain 4 Β· Security Operations
7. A new employee is given access only to the systems required for their role, and nothing more. This is an application of:
Correct answer: Least privilege. Granting only the access needed for the job is least privilege. Separation of duties splits a sensitive task across people; mandatory vacation surfaces fraud during absence; defense in depth is layering multiple controls.
Domain 4 Β· Security Operations
8. Which tool centrally collects and correlates logs from many systems to alert on suspicious activity?
Correct answer: A SIEM. A SIEM (Security Information and Event Management) aggregates and correlates logs to generate alerts. A firewall filters traffic, a load balancer distributes it, and a password manager stores credentials β€” none of which is a central log-correlation platform.
Domain 4 Β· Security Operations
9. Put the incident-response phases in the correct order.
Correct answer: Preparation β†’ Detection β†’ Containment β†’ Eradication β†’ Recovery β†’ Lessons learned. The standard order is Preparation β†’ Detection/Analysis β†’ Containment β†’ Eradication β†’ Recovery β†’ Lessons Learned. You prepare before anything happens, detect the incident, contain it to stop spread, remove the cause, restore operations, then review to improve.
Domain 5 Β· Program Management
10. A company reviews a cloud vendor's security controls before signing a contract. This activity is BEST described as:
Correct answer: Third-party / vendor risk management. Assessing a supplier's security before engaging them is third-party (vendor) risk management. Change management governs modifications to systems, continuity planning keeps the business running during disruption, and data classification labels information by sensitivity.
Domain 5 Β· Program Management
11. Which risk response is being used when a company buys cyber-insurance to offset potential breach costs?
Correct answer: Risk transference. Shifting the financial impact to another party (an insurer) is risk transference. Avoidance stops the risky activity entirely, acceptance knowingly takes the risk on, and mitigation reduces the likelihood or impact with controls.
Domain 1 Β· General Security Concepts
12. Which encryption approach is BEST suited to quickly encrypting a large volume of data at rest?
Correct answer: Symmetric encryption (e.g., AES). Symmetric algorithms like AES use one shared key and are fast, making them ideal for bulk data. Asymmetric encryption is far slower and is used for key exchange/signing. Hashing is one-way (not reversible), and Base64 is encoding, not encryption at all.
πŸ”‘ How to read your score

Your result here reflects how you did on these practice questions β€” it is not a prediction of your real exam score. Use it to spot which domains to review next.

Frequently asked questions

Are these real Security+ exam questions?

No. Every question here is original, written to test the same concepts as the exam. Reproducing real exam items would breach CompTIA's candidate agreement and copyright, and it wouldn't help you understand the material.

Do I need to sign up to see the answers?

No. The answer and full explanation for every question are free and shown on this page.

Ready to test yourself under exam-style conditions?
Try the full Security+ practice exam β†’

Independent study resource. Not affiliated with, authorized, endorsed by, or sponsored by CompTIA, Amazon Web Services, Microsoft, or ISC2. All trademarks are the property of their respective owners and are used here for identification only. All practice questions are original.