CompTIA Security+ Questions and Answers
100 questions organized by topic with detailed explanations
CompTIA
SY0-701
100 questions
5 topics
Updated May 2026General Security Concepts
12 questions4 easy5 medium3 hard~12% of exam
An organization deploys a Public Key Infrastructure (PKI). A user's digital certificate is compromised before its expira...Which term describes a security model that requires every user and device to be verified before being granted access to ...A security analyst is reviewing a policy that requires two employees to jointly perform a sensitive financial transactio...
Threats, Vulnerabilities, and Mitigations
22 questions4 easy12 medium6 hard~22% of exam
An attacker sends a carefully crafted email to a specific executive at a company, referencing their recent business trip...A security analyst observes that a newly discovered vulnerability in a widely used library has no available patch from t...An organization's security team detects unusual outbound traffic from a server to an unfamiliar external IP address at r...
Security Architecture
18 questions2 easy10 medium6 hard~18% of exam
Which cloud service model provides customers with virtualized computing resources — such as virtual machines, storage, a...An organization implements a backup strategy where data is backed up daily to a local disk, weekly to a secondary on-sit...An organization is deploying a new application and wants to ensure that all communications between clients and the appli...
Security Operations
28 questions4 easy14 medium10 hard~28% of exam
A company wants to prevent employees from accidentally or intentionally sending sensitive customer data such as credit c...During incident response, a forensic analyst needs to preserve evidence from a compromised server without altering any d...A security operations center (SOC) analyst wants to correlate security events from firewalls, servers, and endpoint agen...
Security Program Management and Oversight
20 questions2 easy10 medium8 hard~20% of exam
An organization experiences a significant data breach. During the incident response review, it is discovered that a key ...During a security audit, an auditor requests evidence that an organization's security controls are operating effectively...Which security governance document defines the high-level expectations for how employees must handle sensitive data, inc...
All Questions
| # | Question | Topic | Difficulty |
|---|---|---|---|
| 1 | An attacker sends a carefully crafted email to a specific executive at a company, referencing their ... | Threats, Vulnerabilities, and Mitigations | medium |
| 2 | An organization experiences a significant data breach. During the incident response review, it is di... | Security Program Management and Oversight | hard |
| 3 | Which cloud service model provides customers with virtualized computing resources — such as virtual ... | Security Architecture | easy |
| 4 | A company wants to prevent employees from accidentally or intentionally sending sensitive customer d... | Security Operations | medium |
| 5 | An organization implements a backup strategy where data is backed up daily to a local disk, weekly t... | Security Architecture | medium |
Sign in to see all 100 questions
Create a free account to browse all questions — completely free during our launch phase.
Ready to test your knowledge?
Take a full CompTIA Security+ practice test with timed exam simulation.
Start Practice Test