2025 CompTIA Security+ SY0-701
Exam – 90 Actual Questions with
Verified Answers & Detailed
Security Rationales | A+ Graded
Domain 1: General Security Concepts (11 Questions)
1. What is the primary goal of the CIA triad in cybersecurity?
a. Compliance, Investigation, Authorization
b. Confidentiality, Integrity, Availability
c. Control, Identity, Authentication
d. Central Intelligence Access
Answer: b. Confidentiality, Integrity, Availability
Rationale: The CIA triad is a foundational cybersecurity model ensuring confidentiality
(protecting data from unauthorized access), integrity (ensuring data accuracy), and
availability (ensuring data is accessible), per CompTIA SY0-701 objectives.
2. Which principle ensures users have only the minimum access needed for their job?
a. Defense in Depth
b. Least Privilege
c. Separation of Duties
d. Risk Avoidance
Answer: b. Least Privilege
Rationale: Least privilege limits user access to only what is necessary for their role,
reducing risk, as outlined in SY0-701 General Security Concepts.
3. What is a characteristic of a zero trust architecture?
a. Single Authentication
b. Open Access
c. Continuous Verification
d. No Encryption
Answer: c. Continuous Verification
Rationale: Zero trust assumes no inherent trust and requires continuous verification of all
users and devices, a key SY0-701 concept.
4. Which framework guides cybersecurity best practices?
a. HTTP
b. NIST CSF
c. FTP
d. DNS
Answer: b. NIST CSF
, 2
Rationale: The NIST Cybersecurity Framework (CSF) provides a structured approach to
managing cybersecurity risks, per SY0-701 objectives.
5. What is the purpose of non-repudiation in cybersecurity?
a. Encrypt Data
b. Prove Action Authenticity
c. Monitor Traffic
d. Assign IP Addresses
Answer: b. Prove Action Authenticity
Rationale: Non-repudiation ensures that actions or transactions cannot be denied, often
through digital signatures, as per SY0-701.
6. Which security concept ensures data accuracy and prevents unauthorized changes?
a. Confidentiality
b. Integrity
c. Availability
d. Authentication
Answer: b. Integrity
Rationale: Integrity protects data from unauthorized modification, ensuring accuracy, a
core SY0-701 principle.
7. What is a benefit of multifactor authentication (MFA)?
a. Single Factor Usage
b. Multiple Verification Methods
c. No Encryption
d. Open Access
Answer: b. Multiple Verification Methods
Rationale: MFA enhances security by requiring multiple authentication factors (e.g.,
password, token), per SY0-701.
8. Which process proactively identifies security risks?
a. Penetration Testing
b. Risk Assessment
c. Vulnerability Scanning
d. Log Monitoring
Answer: b. Risk Assessment
Rationale: Risk assessment identifies and evaluates potential security risks, a
foundational SY0-701 process.
9. What is a common authentication factor?
a. Open Ports
b. Password
c. Firewall Rules
d. Network Traffic
Answer: b. Password
Rationale: Passwords are a knowledge-based authentication factor, widely used in
identity management, per SY0-701.
10. Which concept ensures resources are accessible when needed?
a. Integrity
b. Availability
c. Confidentiality
, 3
d. Non-repudiation
Answer: b. Availability
Rationale: Availability ensures systems and data are accessible to authorized users, per
SY0-701 objectives.
11. What type of control is a firewall rule?
a. Physical
b. Administrative
c. Technical
d. Operational
Answer: c. Technical
Rationale: Firewall rules are technical controls enforced by software or hardware to
protect networks, per SY0-701.
Domain 2: Threats, Vulnerabilities, and Mitigations (20
Questions)
12. Which attack uses fraudulent emails to steal credentials?
a. SQL Injection
b. Phishing
c. Buffer Overflow
d. ARP Poisoning
Answer: b. Phishing
Rationale: Phishing uses deceptive emails to trick users into revealing sensitive
information, a key SY0-701 threat.
13. What is a common vulnerability in web applications?
a. Open Ports
b. SQL Injection
c. Strong Passwords
d. Encrypted Traffic
Answer: b. SQL Injection
Rationale: SQL injection exploits unsanitized database inputs, a prevalent web
application vulnerability, per SY0-701.
14. Which attack involves overwhelming a server with traffic?
a. Phishing
b. DDoS
c. Man-in-the-Middle
d. Brute Force
Answer: b. DDoS
Rationale: Distributed Denial-of-Service (DDoS) attacks flood servers to disrupt
availability, per SY0-701.
15. What mitigates unpatched software vulnerabilities?
a. Two-Factor Authentication
b. Regular Patch Management
c. Network Encryption
d. User Training