Career upgrade: Learn practical AI skills for better jobs and higher pay.
Level up
PracticeVideosBlogFlashcardsEspañol
All Practice Exams

200+ Free Security+ Practice Questions

Pass your CompTIA Security+ (SY0-701) exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
Not published Pass Rate
200+ Questions
100% Free
1 / 200
Question 1
Score: 0/0

An organization determines that it can tolerate losing no more than 1 hour of transaction data in the event of a system failure. Which metric defines this data loss tolerance?

A
B
C
D
to track
Same family resources

Explore More CompTIA Certifications

Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.

CompTIA A+

Practice QuestionsStudy GuideCheat SheetFlashcards1 video4 blogs

CompTIA Network+

Practice QuestionsStudy GuideCheat SheetFlashcards1 video2 blogs

CompTIA CySA+

Practice QuestionsStudy GuideCheat SheetFlashcards1 blog

CompTIA Cloud+

Practice Questions1 blog

CompTIA PenTest+

Practice Questions1 blog

CompTIA Linux+

Practice Questions1 blog

More From This Family

Videos and articles for deeper review.

VideoFREE Cisco CCST Cybersecurity (100-160) Exam Guide 2026: Pass First TryThis examVideoFREE Fortinet NSE 4 Exam Guide 2026: FortiOS 7.6, FCP Rebrand, Pass First TryThis examVideoSecurity+ SY0-701 Domain Weights & Percentages (2026)This examVideoBest Cable Testers for Network Technicians in 2026: Klein VDV526-200 vs Fluke vs TRENDnetArticleFREE Cisco CCST Cybersecurity (100-160) Exam Guide 2026: Pass First Try20 min readArticleFREE Fortinet NSE 4 Exam Guide 2026: FortiOS 7.6, FCP Rebrand, Pass First Try22 min readArticleIs CompTIA Security+ Worth It in 2026? Jobs, Salary, DoD 814015 min readArticleSecurity+ SY0-701 Domain Weights & Percentages (2026)13 min read
2026 Statistics

Key Facts: Security+ Exam

Not published

Pass Rate

CompTIA

750/900

Passing Score

CompTIA

SY0-701

Current Code

CompTIA

Nov 7, 2023

Launch Date

CompTIA

$425

Exam Fee

CompTIA

90 min

Exam Duration

CompTIA

CompTIA Security+ (SY0-701) is the current Security+ V7 exam series. It launched November 7, 2023, has a maximum of 90 multiple-choice and performance-based questions, allows 90 minutes, and requires a 750 score on CompTIA's 100-900 scale.

Sample Security+ Practice Questions

Try these sample questions to test your Security+ exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 200+ question experience with AI tutoring.

1A company installs security cameras throughout its office building to discourage unauthorized access. What type of security control is this?
A.Preventive technical control
B.Detective physical control
C.Deterrent physical control
D.Compensating administrative control
Explanation: Security cameras that are visible serve as a deterrent physical control because their primary purpose is to discourage malicious activity by making potential attackers aware they are being watched. While cameras also have detective capabilities (recording incidents), their visible placement is primarily intended to deter unauthorized behavior.
2An organization requires all employees to complete annual security awareness training. Which category and type of control does this represent?
A.Technical preventive control
B.Administrative preventive control
C.Physical detective control
D.Operational corrective control
Explanation: Security awareness training is an administrative preventive control. It is administrative because it involves policies, procedures, and training (managed by people rather than technology or physical barriers). It is preventive because the goal is to reduce the likelihood of security incidents before they occur by educating employees about threats and proper security practices.
3After a firewall rule is found to be too restrictive for a critical business application, the security team implements a proxy-based workaround that still enforces security policies. What type of control is this proxy solution?
A.Corrective control
B.Preventive control
C.Compensating control
D.Directive control
Explanation: A compensating control is an alternative security measure implemented when the primary control cannot be applied as intended. In this scenario, the proxy workaround serves as a compensating control because it provides an equivalent level of security protection while accommodating the business requirement that the original firewall rule could not satisfy.
4A SIEM system generates an alert when it detects unusual login patterns from a user account. What type of security control does the SIEM represent in this scenario?
A.Preventive technical control
B.Detective technical control
C.Corrective technical control
D.Deterrent administrative control
Explanation: A SIEM (Security Information and Event Management) system that generates alerts based on unusual activity is a detective technical control. It is technical because it uses technology to monitor and analyze events. It is detective because its primary function is to identify and alert on security incidents that have occurred or are occurring, rather than preventing them from happening.
5Following a malware infection, the IT team restores affected systems from clean backups. What type of security control does this backup restoration represent?
A.Preventive control
B.Detective control
C.Corrective control
D.Compensating control
Explanation: Restoring systems from backup after a malware infection is a corrective control. Corrective controls are designed to restore systems to a known-good state after a security incident has occurred. The backup and restore process remediates the damage caused by the malware, returning the environment to normal operations.
6A security architect is designing a defense strategy that uses firewalls at the network perimeter, host-based intrusion detection on servers, and endpoint protection on workstations. Which security principle does this approach best illustrate?
A.Least privilege
B.Defense in depth
C.Zero trust
D.Separation of duties
Explanation: Defense in depth is a layered security strategy that deploys multiple security controls at different levels of the environment. By using firewalls at the perimeter, IDS on servers, and endpoint protection on workstations, the organization creates overlapping layers of defense so that if one control fails, others are in place to detect or prevent the attack.
7An organization classifies its security controls into categories: managerial, operational, and technical. A policy requiring background checks for new hires falls under which category?
A.Technical control
B.Operational control
C.Managerial (administrative) control
D.Physical control
Explanation: A background check policy is a managerial (administrative) control because it is a policy-driven measure established by management to govern the hiring process. Administrative controls include policies, procedures, guidelines, and management directives that define how the organization manages and oversees security. Background checks help prevent insider threats by vetting personnel before granting access.
8A security team deploys a honeypot server designed to appear as a vulnerable database server. What is the PRIMARY control type this honeypot serves?
A.Preventive control
B.Deterrent control
C.Detective control
D.Corrective control
Explanation: A honeypot primarily functions as a detective control. Its main purpose is to detect and monitor unauthorized access attempts by luring attackers to a decoy system. While honeypots can also serve as deterrent controls (if their existence is known), their primary value is in detecting intrusions and gathering intelligence about attacker techniques, tools, and behaviors.
9A hospital encrypts all patient records stored in its database to ensure only authorized medical staff can read the information. Which element of the CIA triad is this primarily protecting?
A.Confidentiality
B.Integrity
C.Availability
D.Non-repudiation
Explanation: Encrypting patient records primarily protects confidentiality, which ensures that information is accessible only to those authorized to view it. By encrypting the data at rest, even if an unauthorized person gains access to the database files, they cannot read the actual patient information without the proper decryption keys.
10A financial institution implements checksums and digital signatures on all wire transfer instructions. Which element of the CIA triad is being primarily addressed?
A.Confidentiality
B.Integrity
C.Availability
D.Authentication
Explanation: Checksums and digital signatures primarily protect integrity by ensuring that data has not been altered during transmission or storage. If a wire transfer instruction is modified after being signed, the checksum or signature verification will fail, alerting the recipient that the message has been tampered with.

About the Security+ Exam

The most widely held cybersecurity certification and a DoD 8570/8140 approved baseline. Security+ SY0-701 validates core security skills needed for any cybersecurity role.

Questions

90 scored questions

Time Limit

90 minutes

Passing Score

750/900

Exam Fee

$425 (CompTIA)

Security+ Exam Content Outline

12%

General Security Concepts

Security controls, CIA triad, authentication, authorization, and zero trust

22%

Threats, Vulnerabilities, and Mitigations

Threat actors, attack types, malware, social engineering, and vulnerability management

18%

Security Architecture

Network architecture, cloud security, cryptography, and PKI

28%

Security Operations

Monitoring, incident response, forensics, endpoint security, and vulnerability management

20%

Security Program Management and Oversight

Risk management, governance, compliance, data privacy, and security awareness

How to Pass the Security+ Exam

What You Need to Know

  • Passing score: 750/900
  • Exam length: 90 questions
  • Time limit: 90 minutes
  • Exam fee: $425

Keys to Passing

  • Complete 500+ practice questions
  • Score 80%+ consistently before scheduling
  • Focus on highest-weighted sections
  • Use our AI tutor for tough concepts

Security+ Study Tips from Top Performers

1Focus on Security Operations (28%) and Threats/Vulnerabilities (22%) — they make up half the exam
2Practice performance-based questions (PBQs) — skip them initially during the exam and return after multiple choice
3Know the difference between similar concepts: IDS vs IPS, symmetric vs asymmetric, authentication vs authorization
4Understand risk management formulas: ALE = ARO x SLE, and qualitative vs quantitative analysis
5Master common ports and protocols: 22 (SSH), 443 (HTTPS), 3389 (RDP), 389/636 (LDAP/LDAPS)

Frequently Asked Questions

What is the Security+ SY0-701 exam format?

The Security+ SY0-701 exam has a maximum of 90 questions with a 90-minute time limit. Question types include multiple choice and performance-based questions (PBQs). You need a score of 750 on a scale of 100-900 to pass. The standard U.S. exam voucher price is $425 USD.

Is Security+ good for beginners?

Yes, Security+ is designed as an entry-level to intermediate cybersecurity certification. While CompTIA recommends CompTIA Network+ and 2 years of IT experience, many candidates pass without prior certifications. It is one of the most recommended first cybersecurity certifications.

Which Security+ SY0-701 domains should I prioritize?

Prioritize by official weight and by your misses. Security Operations is 28%, Threats, Vulnerabilities, and Mitigations is 22%, Security Program Management and Oversight is 20%, Security Architecture is 18%, and General Security Concepts is 12%. Operations plus threats make up half the exam.

Is Security+ DoD approved?

Yes, CompTIA Security+ is approved under DoD Directive 8570/8140 for IAT Level II, IAM Level I, and IASAE Level I positions. This makes it required for many government and defense contractor cybersecurity roles. It is the most commonly held DoD-approved certification.

How long should I study for Security+?

Most candidates should plan 90-150 hours, adjusted for prior networking and security experience. Focus on Security Operations (28%) and Threats/Vulnerabilities (22%), then use missed practice questions to target weaker domains.

What should I practice beyond definitions?

Practice scenario decisions: matching attacks to mitigations, reading firewall rules, ordering incident response steps, prioritizing vulnerabilities, reviewing access rights, and identifying the best evidence for compliance controls. SY0-701 rewards applied judgment more than vocabulary alone.