1|Page
CompTIA Security+ (SY0-701) Certification Exam (2
Versions) | Latest Verified Questions and Detailed
Answers
OVERVIEW DESCRIPTION:
This comprehensive study resource provides two full-length exams for the CompTIA Security+
(SY0-701) certification, each containing 90 meticulously crafted multiple-choice questions.
These tests cover all five key domains, with a heavy emphasis on Security Operations, modern
threats, and enterprise security concepts like Zero Trust and hybrid cloud environments. Each
question is paired with a concise expert rationale to help you understand not just the correct
answer, but the core principle behind it.
Exam Set 1
QUESTION 1
A security analyst is reviewing logs and notices that a user's account successfully
authenticated from two different countries within a 30-minute window. Which type of
security control would be most effective at automatically preventing this type of activity
in the future?
A. Time-based one-time password (TOTP)
B. Geofencing and impossible travel time rules
C. USB device policy enforcement
D. Increased password complexity requirements
CORRECT ANSWER: B
EXPERT RATIONALE: Impossible travel time rules detect when a user logs in from
geographically distant locations in a timeframe that makes physical travel impossible,
,2|Page
which is a strong indicator of account compromise. Geofencing can then block access
from unexpected locations.
QUESTION 2
A company wants to ensure that data stored in a cloud database is unreadable if the
storage media is physically removed from the data center. Which technique best
addresses this requirement?
A. Encrypting the data at rest using AES-256
B. Implementing a web application firewall (WAF)
C. Using TLS 1.3 for all data in transit
D. Applying strict network access control lists (ACLs)
CORRECT ANSWER: A
EXPERT RATIONALE: Encryption at rest protects data that is stored on persistent media,
making it unreadable without the proper decryption key. This directly mitigates the risk
of physical media theft.
QUESTION 3
A small business wants to implement a security policy where administrators must use
two different fingers to authenticate with a biometric scanner. This is an example of
which type of authentication factor?
A. Something you know
B. Something you have
C. Something you are
D. Somewhere you are
CORRECT ANSWER: C
,3|Page
EXPERT RATIONALE: Biometrics, such as fingerprints, are classified as "something you
are" authentication factors. Using multiple fingerprints is still using the same factor type,
not implementing multi-factor authentication (MFA).
QUESTION 4
Which of the following scenarios best describes a distributed denial-of-service (DDoS)
attack?
A. An attacker injects malicious SQL code into a web form to dump the database.
B. Malware encrypts all user files and demands a ransom for the decryption key.
C. A flood of SYN requests is sent from a botnet to overwhelm a web server.
D. An attacker spoofs the CEO's email address to trick an employee into wiring money.
CORRECT ANSWER: C
EXPERT RATIONALE: A DDoS attack uses multiple compromised systems (a botnet) to
flood a target with traffic, rendering it unavailable to legitimate users. The SYN flood is a
common method to consume server resources.
QUESTION 5
An organization's security policy requires that all laptops have their hard drives fully
encrypted. A user reports that their laptop was stolen. What is the primary security
benefit of the encryption policy in this situation?
A. It prevents the thief from using the laptop to access the corporate network.
B. It ensures that the data on the hard drive remains confidential.
C. It allows the IT department to remotely wipe the laptop.
D. It guarantees that the laptop can be recovered via GPS.
CORRECT ANSWER: B
, 4|Page
EXPERT RATIONALE: Full-disk encryption renders the data on the drive inaccessible
without the proper credentials, thus preserving the confidentiality of the data. This is the
primary defense against data breaches from stolen hardware.
QUESTION 6
Which of the following is a key characteristic of a zero trust security model?
A. Implicit trust for users and devices once inside the corporate network
B. "Trust but verify" approach focused on the network perimeter
C. "Never trust, always verify," requiring continuous authentication and authorization
D. Reliance on a single, strong firewall at the internet gateway
CORRECT ANSWER: C
EXPERT RATIONALE: Zero trust operates on the principle of "never trust, always verify,"
meaning no user or device is trusted by default, regardless of whether they are inside or
outside the network perimeter. It requires continuous validation.
QUESTION 7
A security administrator is configuring a new firewall and wants to create a rule that
allows web traffic from any internal user to any external web server. Which port should
be specified in the rule?
A. 25
B. 53
C. 80
D. 443
CORRECT ANSWER: D
CompTIA Security+ (SY0-701) Certification Exam (2
Versions) | Latest Verified Questions and Detailed
Answers
OVERVIEW DESCRIPTION:
This comprehensive study resource provides two full-length exams for the CompTIA Security+
(SY0-701) certification, each containing 90 meticulously crafted multiple-choice questions.
These tests cover all five key domains, with a heavy emphasis on Security Operations, modern
threats, and enterprise security concepts like Zero Trust and hybrid cloud environments. Each
question is paired with a concise expert rationale to help you understand not just the correct
answer, but the core principle behind it.
Exam Set 1
QUESTION 1
A security analyst is reviewing logs and notices that a user's account successfully
authenticated from two different countries within a 30-minute window. Which type of
security control would be most effective at automatically preventing this type of activity
in the future?
A. Time-based one-time password (TOTP)
B. Geofencing and impossible travel time rules
C. USB device policy enforcement
D. Increased password complexity requirements
CORRECT ANSWER: B
EXPERT RATIONALE: Impossible travel time rules detect when a user logs in from
geographically distant locations in a timeframe that makes physical travel impossible,
,2|Page
which is a strong indicator of account compromise. Geofencing can then block access
from unexpected locations.
QUESTION 2
A company wants to ensure that data stored in a cloud database is unreadable if the
storage media is physically removed from the data center. Which technique best
addresses this requirement?
A. Encrypting the data at rest using AES-256
B. Implementing a web application firewall (WAF)
C. Using TLS 1.3 for all data in transit
D. Applying strict network access control lists (ACLs)
CORRECT ANSWER: A
EXPERT RATIONALE: Encryption at rest protects data that is stored on persistent media,
making it unreadable without the proper decryption key. This directly mitigates the risk
of physical media theft.
QUESTION 3
A small business wants to implement a security policy where administrators must use
two different fingers to authenticate with a biometric scanner. This is an example of
which type of authentication factor?
A. Something you know
B. Something you have
C. Something you are
D. Somewhere you are
CORRECT ANSWER: C
,3|Page
EXPERT RATIONALE: Biometrics, such as fingerprints, are classified as "something you
are" authentication factors. Using multiple fingerprints is still using the same factor type,
not implementing multi-factor authentication (MFA).
QUESTION 4
Which of the following scenarios best describes a distributed denial-of-service (DDoS)
attack?
A. An attacker injects malicious SQL code into a web form to dump the database.
B. Malware encrypts all user files and demands a ransom for the decryption key.
C. A flood of SYN requests is sent from a botnet to overwhelm a web server.
D. An attacker spoofs the CEO's email address to trick an employee into wiring money.
CORRECT ANSWER: C
EXPERT RATIONALE: A DDoS attack uses multiple compromised systems (a botnet) to
flood a target with traffic, rendering it unavailable to legitimate users. The SYN flood is a
common method to consume server resources.
QUESTION 5
An organization's security policy requires that all laptops have their hard drives fully
encrypted. A user reports that their laptop was stolen. What is the primary security
benefit of the encryption policy in this situation?
A. It prevents the thief from using the laptop to access the corporate network.
B. It ensures that the data on the hard drive remains confidential.
C. It allows the IT department to remotely wipe the laptop.
D. It guarantees that the laptop can be recovered via GPS.
CORRECT ANSWER: B
, 4|Page
EXPERT RATIONALE: Full-disk encryption renders the data on the drive inaccessible
without the proper credentials, thus preserving the confidentiality of the data. This is the
primary defense against data breaches from stolen hardware.
QUESTION 6
Which of the following is a key characteristic of a zero trust security model?
A. Implicit trust for users and devices once inside the corporate network
B. "Trust but verify" approach focused on the network perimeter
C. "Never trust, always verify," requiring continuous authentication and authorization
D. Reliance on a single, strong firewall at the internet gateway
CORRECT ANSWER: C
EXPERT RATIONALE: Zero trust operates on the principle of "never trust, always verify,"
meaning no user or device is trusted by default, regardless of whether they are inside or
outside the network perimeter. It requires continuous validation.
QUESTION 7
A security administrator is configuring a new firewall and wants to create a rule that
allows web traffic from any internal user to any external web server. Which port should
be specified in the rule?
A. 25
B. 53
C. 80
D. 443
CORRECT ANSWER: D
