CompTIA Security+ Practice Test (2026): Free SY0-701 Questions

Test your readiness for the CompTIA Security+ (SY0-701) exam with these free, exam-style questions spanning all five domains — from general security concepts to security operations. Click Reveal answer to check your reasoning and read a short explanation.

CompTIA Security+ (SY0-701) at a glance

• Questions: up to 90 (multiple-choice and performance-based)
• Length: 90 minutes
• Passing score: 750 on a scale of 100–900
• Cost: ~$392 USD (voucher)
• Recommended experience: Network+ and ~2 years of IT/security experience

Free CompTIA Security+ practice questions

1. Which element of the CIA triad ensures data has not been altered?
   A) Confidentiality   B) Integrity   C) Availability   D) Authentication

   Reveal answer

   B) Integrity. Integrity guarantees data is accurate and unaltered; hashing is the primary mechanism used to verify it.

2. An attacker secretly relays and alters traffic between two parties. What is this called?
   A) On-path attack   B) Replay attack   C) DDoS   D) Privilege escalation

   Reveal answer

   A) On-path attack (formerly “man-in-the-middle”). The attacker positions between two hosts to intercept or modify communication.

3. Which encryption type uses the same key to encrypt and decrypt?
   A) Asymmetric   B) Symmetric   C) Hashing   D) Steganography

   Reveal answer

   B) Symmetric. Symmetric algorithms (e.g., AES) use one shared key — fast, but key distribution is the challenge.

4. A phishing attack that specifically targets a senior executive is known as:
   A) Vishing   B) Smishing   C) Whaling   D) Pharming

   Reveal answer

   C) Whaling. Whaling is spear-phishing aimed at high-value targets such as executives (“big fish”).

5. Which principle grants users only the access required to do their job?
   A) Defense in depth   B) Least privilege   C) Separation of duties   D) Zero trust

   Reveal answer

   B) Least privilege. Limiting access to the minimum necessary reduces the impact of compromised accounts.

6. What does hashing primarily provide?
   A) Confidentiality   B) Integrity   C) Availability   D) Non-repudiation only

   Reveal answer

   B) Integrity. A hash is a one-way fingerprint; if the data changes, the hash changes — so it verifies integrity, not confidentiality.

7. A security guard stationed at a data-center entrance is which control category?
   A) Technical   B) Managerial   C) Physical   D) Detective only

   Reveal answer

   C) Physical. Guards, locks, fences, and bollards are physical controls (and can act as both deterrent and preventive).

8. Multi-factor authentication combines a password with which of the following?
   A) A second password   B) A different factor such as a token or fingerprint   C) A longer password   D) A security question

   Reveal answer

   B) A different factor. MFA requires factors from different categories — something you know, have, or are. Two passwords are still one factor.

9. Which attack overwhelms a service with traffic from many compromised hosts?
   A) DoS   B) DDoS   C) Brute force   D) Buffer overflow

   Reveal answer

   B) DDoS. A Distributed Denial-of-Service uses many sources (often a botnet) to exhaust a target’s resources.

10. Which document defines how employees may use company systems?
    A) SLA   B) AUP   C) MOU   D) BPA

    Reveal answer

    B) AUP (Acceptable Use Policy). It sets the rules for acceptable use of organizational systems and data.

Security+ practice test FAQ

How many questions are on the Security+ exam?

Up to 90 questions (multiple-choice and performance-based) in 90 minutes.

What is the Security+ passing score?

750 on a scale of 100 to 900.

How hard is the Security+ exam?

It’s an entry-to-intermediate certification. CompTIA recommends Network+ and about two years of hands-on security experience, plus structured prep and practice questions like these.