CompTIA Security+ SY0-701 2026
Edition\\\questions and answers with
rationales/graded A+/2026
update/100% correct /instant
download
Domain 1: General Security Concepts (12-15%)
1. A security architect is designing a new facility. To prevent malicious actors
from gaining physical access to server racks, they install a mantrap at the
entrance. Which type of control is this primarily considered?
A. Deterrent
B. Detective
C. Preventive
D. Compensating
Correct Answer: C. Preventive
Rationale: A mantrap is a physical access control that physically prevents
unauthorized individuals from following an authorized person through a door
(piggybacking). While it may deter (A), its primary function is to prevent access.
Detective (B) controls identify events (CCTV), while compensating (D) controls are
alternative safeguards.
2. A SaaS provider wants to ensure that if their primary data center goes
offline, customer data remains accessible from a secondary site without any
intervention. Which principle is the organization prioritizing?
A. Non-repudiation
B. High Availability
C. Integrity
D. Authentication
Correct Answer: B. High Availability
Rationale: High availability (HA) ensures systems are operational and accessible
despite failures, often through redundancy (clusters or failover sites).
,Confidentiality ensures secrecy, Integrity ensures data is unaltered, and
Authentication verifies identity.
3. A user receives a text message claiming their bank account is locked,
containing a link that looks nearly identical to the real bank URL but with a
".tk" TLD. Which of the following attacks is this?
A. Phishing
B. Vishing
C. Whaling
D. Pharming
Correct Answer: A. Phishing
Rationale: This describes a standard phishing attempt via SMS (Smishing is a
subset, but if the option is just "Phishing" and it fits the broad definition, Phishing
is correct). Vishing (B) uses voice. Whaling (C) targets executives. Pharming (D)
poisons DNS to redirect traffic without a malicious link.
4. A company decides to implement "Trust but Verify" for every access
request, regardless of whether the request originates from inside the corporate
network or a coffee shop. This strategy is known as:
A. Defense in Depth
B. Network Segmentation
C. Zero Trust Architecture
D. Role-Based Access Control
Correct Answer: C. Zero Trust Architecture
Rationale: Zero Trust explicitly removes the concept of a "trusted internal
network." It assumes breach and verifies every session explicitly. Defense in Depth
(A) is layering controls, while RBAC (D) is an access model that Zero Trust often
uses.
5. An attacker intercepts a communication between two parties and modifies
the message content before re-sending it. Which of the following fundamental
security goals is being directly violated?
A. Availability
B. Authorization
C. Integrity
D. Accounting
, Correct Answer: C. Integrity
Rationale: Integrity ensures that data has not been tampered with or altered by
unauthorized parties. Hashing and digital signatures are used to verify integrity.
6. (HOTSPOT) Match the security control to its function:
1. Firewall Rule -> (Preventive/Technical)
2. Security Guard -> (Deterrent/Physical)
3. Video Surveillance -> (Detective/Physical)
4. Antivirus Quarantine -> (Corrective/Technical)
7. A software developer signs their code with a digital certificate before
releasing it to the public. What security goal does this primarily support?
A. Availability
B. Non-repudiation
C. Anonymity
D. Tokenization
Correct Answer: B. Non-repudiation
Rationale: Signing code proves the origin of the software. The developer cannot
later deny they released that specific version because the signature is
cryptographically tied to their identity.
Domain 2: Threats, Vulnerabilities, and Mitigations (22-25%)
8. The threat actor group "Midnight Blizzard" (Nobelium) gains access to a
network, stays dormant for months, and uses sophisticated custom tools to
avoid detection while exfiltrating intellectual property. Which description best
fits this actor?
A. Script Kiddie
B. Hacktivist
C. Advanced Persistent Threat (APT)
D. Insider Threat
Correct Answer: C. Advanced Persistent Threat (APT)
Rationale: APTs are characterized by nation-state level resources, high skill, long-
term persistence, and specific goals (espionage).
9. A cybersecurity analyst reviews logs and sees that a single IP address sent
10,000 HTTP GET requests to a web server in 2 seconds, causing the server to
Edition\\\questions and answers with
rationales/graded A+/2026
update/100% correct /instant
download
Domain 1: General Security Concepts (12-15%)
1. A security architect is designing a new facility. To prevent malicious actors
from gaining physical access to server racks, they install a mantrap at the
entrance. Which type of control is this primarily considered?
A. Deterrent
B. Detective
C. Preventive
D. Compensating
Correct Answer: C. Preventive
Rationale: A mantrap is a physical access control that physically prevents
unauthorized individuals from following an authorized person through a door
(piggybacking). While it may deter (A), its primary function is to prevent access.
Detective (B) controls identify events (CCTV), while compensating (D) controls are
alternative safeguards.
2. A SaaS provider wants to ensure that if their primary data center goes
offline, customer data remains accessible from a secondary site without any
intervention. Which principle is the organization prioritizing?
A. Non-repudiation
B. High Availability
C. Integrity
D. Authentication
Correct Answer: B. High Availability
Rationale: High availability (HA) ensures systems are operational and accessible
despite failures, often through redundancy (clusters or failover sites).
,Confidentiality ensures secrecy, Integrity ensures data is unaltered, and
Authentication verifies identity.
3. A user receives a text message claiming their bank account is locked,
containing a link that looks nearly identical to the real bank URL but with a
".tk" TLD. Which of the following attacks is this?
A. Phishing
B. Vishing
C. Whaling
D. Pharming
Correct Answer: A. Phishing
Rationale: This describes a standard phishing attempt via SMS (Smishing is a
subset, but if the option is just "Phishing" and it fits the broad definition, Phishing
is correct). Vishing (B) uses voice. Whaling (C) targets executives. Pharming (D)
poisons DNS to redirect traffic without a malicious link.
4. A company decides to implement "Trust but Verify" for every access
request, regardless of whether the request originates from inside the corporate
network or a coffee shop. This strategy is known as:
A. Defense in Depth
B. Network Segmentation
C. Zero Trust Architecture
D. Role-Based Access Control
Correct Answer: C. Zero Trust Architecture
Rationale: Zero Trust explicitly removes the concept of a "trusted internal
network." It assumes breach and verifies every session explicitly. Defense in Depth
(A) is layering controls, while RBAC (D) is an access model that Zero Trust often
uses.
5. An attacker intercepts a communication between two parties and modifies
the message content before re-sending it. Which of the following fundamental
security goals is being directly violated?
A. Availability
B. Authorization
C. Integrity
D. Accounting
, Correct Answer: C. Integrity
Rationale: Integrity ensures that data has not been tampered with or altered by
unauthorized parties. Hashing and digital signatures are used to verify integrity.
6. (HOTSPOT) Match the security control to its function:
1. Firewall Rule -> (Preventive/Technical)
2. Security Guard -> (Deterrent/Physical)
3. Video Surveillance -> (Detective/Physical)
4. Antivirus Quarantine -> (Corrective/Technical)
7. A software developer signs their code with a digital certificate before
releasing it to the public. What security goal does this primarily support?
A. Availability
B. Non-repudiation
C. Anonymity
D. Tokenization
Correct Answer: B. Non-repudiation
Rationale: Signing code proves the origin of the software. The developer cannot
later deny they released that specific version because the signature is
cryptographically tied to their identity.
Domain 2: Threats, Vulnerabilities, and Mitigations (22-25%)
8. The threat actor group "Midnight Blizzard" (Nobelium) gains access to a
network, stays dormant for months, and uses sophisticated custom tools to
avoid detection while exfiltrating intellectual property. Which description best
fits this actor?
A. Script Kiddie
B. Hacktivist
C. Advanced Persistent Threat (APT)
D. Insider Threat
Correct Answer: C. Advanced Persistent Threat (APT)
Rationale: APTs are characterized by nation-state level resources, high skill, long-
term persistence, and specific goals (espionage).
9. A cybersecurity analyst reviews logs and sees that a single IP address sent
10,000 HTTP GET requests to a web server in 2 seconds, causing the server to
