COMPTIA SECURITY+ SY0-701 EXAM COMPLETE REAL QUESTIONS AND
100% VERIFIED ANSWERS LATEST VERSION 2026/2027 (PASS GUARANTEE)
Q001 What does the CIA triad stand for in information security?
Confidentiality, Integrity, and Availability — the three core
ANS
principles guiding security policies and controls.
What is the difference between authentication and
Q002
authorization?
Authentication verifies WHO you are (identity). Authorization
ANS
determines WHAT you are allowed to do (permissions).
Q003 What is non-repudiation?
A security property ensuring that a party cannot deny having
ANS performed an action, typically enforced through digital signatures
or audit logs.
Q004 Define a 'threat actor' in cybersecurity.
Any individual, group, or entity that poses a threat to an
ANS organization's security by intentionally or unintentionally causing
harm to information systems.
Q005 What is the principle of least privilege?
Users, systems, and processes should be granted only the
ANS
minimum access rights necessary to perform their job functions.
Q006 What is defense in depth?
A layered security strategy using multiple controls across different
ANS layers (physical, technical, administrative) so that if one fails,
others still protect the asset.
Q007 What is a zero-day vulnerability?
A software vulnerability unknown to the vendor with no available
ANS
patch, leaving systems exposed until a fix is released.
Page 1 of 38 | CompTIA Security+ SY0-701
, What is the difference between a vulnerability, threat, and
Q008
risk?
A vulnerability is a weakness; a threat is a potential event that
ANS exploits it; risk is the probability and impact of the threat exploiting
the vulnerability.
Q009 What is multi-factor authentication (MFA)?
Authentication requiring two or more verification factors:
ANS something you know (password), something you have (token), or
something you are (biometric).
Q010 What is the purpose of a Security Operations Center (SOC)?
A centralized team that continuously monitors, detects, analyzes,
ANS
responds to, and reports on cybersecurity incidents.
Q011 What is a control in information security?
A safeguard or countermeasure designed to avoid, detect,
ANS counteract, or minimize security risks. Can be technical,
administrative, or physical.
What is the difference between symmetric and asymmetric
Q012
encryption?
Symmetric uses the same key for encryption/decryption (faster,
ANS e.g., AES). Asymmetric uses a public/private key pair (slower but
enables secure key exchange, e.g., RSA).
Q013 What is a digital certificate?
An electronic document that binds a public key to an identity,
ANS issued and signed by a Certificate Authority (CA), used to verify
authenticity.
Q014 What is hashing and how does it differ from encryption?
Hashing produces a fixed-size output (digest) from data and is
ANS one-way (irreversible). Encryption is two-way and reversible with
the correct key.
Q015 What is a PKI (Public Key Infrastructure)?
A framework of policies, hardware, software, and procedures for
ANS creating, managing, distributing, using, storing, and revoking
digital certificates and keys.
Page 2 of 38 | CompTIA Security+ SY0-701
,Q016 What is steganography?
The practice of hiding secret data within an ordinary, non-secret
ANS file or message to avoid detection. Different from encryption — the
existence of the message is concealed.
Q017 What is an access control list (ACL)?
A list of permissions attached to an object specifying which users
ANS or system processes can access it and what operations they can
perform.
Q018 What is role-based access control (RBAC)?
An access control model where permissions are assigned to roles,
ANS and users are assigned to roles rather than receiving permissions
directly.
Q019 What does AAA stand for in security?
Authentication, Authorization, and Accounting — the three
ANS functions that control access to network resources and track user
activity.
Q020 What is the purpose of a honeypot?
A decoy system designed to lure attackers, detect intrusion
ANS attempts, and gather information about attack techniques without
risking real systems.
Q021 What is a false positive in security?
When a security system incorrectly flags benign activity as
ANS
malicious (e.g., an IDS alerting on legitimate traffic).
Q022 What is a false negative in security?
When a security system fails to detect actual malicious activity,
ANS
allowing an attack to pass undetected.
Q023 What is the purpose of a VPN?
A Virtual Private Network creates an encrypted tunnel over a
ANS public network, providing secure remote access and maintaining
confidentiality of transmitted data.
Q024 What is TLS and what port does HTTPS use?
Page 3 of 38 | CompTIA Security+ SY0-701
, Transport Layer Security is a cryptographic protocol securing
ANS communications over networks. HTTPS uses port 443 and TLS to
encrypt web traffic.
Q025 What is a Certificate Revocation List (CRL)?
A list published by a Certificate Authority containing serial
ANS numbers of certificates that have been revoked before their
expiration date.
Q026 What is OCSP (Online Certificate Status Protocol)?
A protocol used to check the revocation status of a digital
ANS certificate in real-time, as an alternative to downloading the full
CRL.
What is the difference between a stream cipher and a block
Q027
cipher?
Stream ciphers encrypt data one bit/byte at a time (e.g., RC4).
ANS Block ciphers encrypt fixed-size blocks of data at once (e.g.,
AES).
Q028 What are the three types of security controls?
Technical (firewalls, encryption), Administrative (policies, training),
ANS and Physical (locks, cameras) — each can be preventive,
detective, or corrective.
Q029 What is salting in the context of password hashing?
Adding a random value (salt) to a password before hashing to
ANS ensure identical passwords produce different hashes, defeating
rainbow table attacks.
Q030 What is the purpose of key stretching?
Algorithms like PBKDF2 or bcrypt make brute-force attacks harder
ANS by repeatedly hashing passwords thousands of times, increasing
computational cost.
Q031 What is phishing?
A social engineering attack using deceptive emails that appear
ANS legitimate to trick recipients into revealing credentials, clicking
malicious links, or downloading malware.
Q032 What is spear phishing?
Page 4 of 38 | CompTIA Security+ SY0-701
100% VERIFIED ANSWERS LATEST VERSION 2026/2027 (PASS GUARANTEE)
Q001 What does the CIA triad stand for in information security?
Confidentiality, Integrity, and Availability — the three core
ANS
principles guiding security policies and controls.
What is the difference between authentication and
Q002
authorization?
Authentication verifies WHO you are (identity). Authorization
ANS
determines WHAT you are allowed to do (permissions).
Q003 What is non-repudiation?
A security property ensuring that a party cannot deny having
ANS performed an action, typically enforced through digital signatures
or audit logs.
Q004 Define a 'threat actor' in cybersecurity.
Any individual, group, or entity that poses a threat to an
ANS organization's security by intentionally or unintentionally causing
harm to information systems.
Q005 What is the principle of least privilege?
Users, systems, and processes should be granted only the
ANS
minimum access rights necessary to perform their job functions.
Q006 What is defense in depth?
A layered security strategy using multiple controls across different
ANS layers (physical, technical, administrative) so that if one fails,
others still protect the asset.
Q007 What is a zero-day vulnerability?
A software vulnerability unknown to the vendor with no available
ANS
patch, leaving systems exposed until a fix is released.
Page 1 of 38 | CompTIA Security+ SY0-701
, What is the difference between a vulnerability, threat, and
Q008
risk?
A vulnerability is a weakness; a threat is a potential event that
ANS exploits it; risk is the probability and impact of the threat exploiting
the vulnerability.
Q009 What is multi-factor authentication (MFA)?
Authentication requiring two or more verification factors:
ANS something you know (password), something you have (token), or
something you are (biometric).
Q010 What is the purpose of a Security Operations Center (SOC)?
A centralized team that continuously monitors, detects, analyzes,
ANS
responds to, and reports on cybersecurity incidents.
Q011 What is a control in information security?
A safeguard or countermeasure designed to avoid, detect,
ANS counteract, or minimize security risks. Can be technical,
administrative, or physical.
What is the difference between symmetric and asymmetric
Q012
encryption?
Symmetric uses the same key for encryption/decryption (faster,
ANS e.g., AES). Asymmetric uses a public/private key pair (slower but
enables secure key exchange, e.g., RSA).
Q013 What is a digital certificate?
An electronic document that binds a public key to an identity,
ANS issued and signed by a Certificate Authority (CA), used to verify
authenticity.
Q014 What is hashing and how does it differ from encryption?
Hashing produces a fixed-size output (digest) from data and is
ANS one-way (irreversible). Encryption is two-way and reversible with
the correct key.
Q015 What is a PKI (Public Key Infrastructure)?
A framework of policies, hardware, software, and procedures for
ANS creating, managing, distributing, using, storing, and revoking
digital certificates and keys.
Page 2 of 38 | CompTIA Security+ SY0-701
,Q016 What is steganography?
The practice of hiding secret data within an ordinary, non-secret
ANS file or message to avoid detection. Different from encryption — the
existence of the message is concealed.
Q017 What is an access control list (ACL)?
A list of permissions attached to an object specifying which users
ANS or system processes can access it and what operations they can
perform.
Q018 What is role-based access control (RBAC)?
An access control model where permissions are assigned to roles,
ANS and users are assigned to roles rather than receiving permissions
directly.
Q019 What does AAA stand for in security?
Authentication, Authorization, and Accounting — the three
ANS functions that control access to network resources and track user
activity.
Q020 What is the purpose of a honeypot?
A decoy system designed to lure attackers, detect intrusion
ANS attempts, and gather information about attack techniques without
risking real systems.
Q021 What is a false positive in security?
When a security system incorrectly flags benign activity as
ANS
malicious (e.g., an IDS alerting on legitimate traffic).
Q022 What is a false negative in security?
When a security system fails to detect actual malicious activity,
ANS
allowing an attack to pass undetected.
Q023 What is the purpose of a VPN?
A Virtual Private Network creates an encrypted tunnel over a
ANS public network, providing secure remote access and maintaining
confidentiality of transmitted data.
Q024 What is TLS and what port does HTTPS use?
Page 3 of 38 | CompTIA Security+ SY0-701
, Transport Layer Security is a cryptographic protocol securing
ANS communications over networks. HTTPS uses port 443 and TLS to
encrypt web traffic.
Q025 What is a Certificate Revocation List (CRL)?
A list published by a Certificate Authority containing serial
ANS numbers of certificates that have been revoked before their
expiration date.
Q026 What is OCSP (Online Certificate Status Protocol)?
A protocol used to check the revocation status of a digital
ANS certificate in real-time, as an alternative to downloading the full
CRL.
What is the difference between a stream cipher and a block
Q027
cipher?
Stream ciphers encrypt data one bit/byte at a time (e.g., RC4).
ANS Block ciphers encrypt fixed-size blocks of data at once (e.g.,
AES).
Q028 What are the three types of security controls?
Technical (firewalls, encryption), Administrative (policies, training),
ANS and Physical (locks, cameras) — each can be preventive,
detective, or corrective.
Q029 What is salting in the context of password hashing?
Adding a random value (salt) to a password before hashing to
ANS ensure identical passwords produce different hashes, defeating
rainbow table attacks.
Q030 What is the purpose of key stretching?
Algorithms like PBKDF2 or bcrypt make brute-force attacks harder
ANS by repeatedly hashing passwords thousands of times, increasing
computational cost.
Q031 What is phishing?
A social engineering attack using deceptive emails that appear
ANS legitimate to trick recipients into revealing credentials, clicking
malicious links, or downloading malware.
Q032 What is spear phishing?
Page 4 of 38 | CompTIA Security+ SY0-701
