CompTIA Security+ SY0-701 Certification
2025/2026 | Real Exam Practice Q&A With
Detailed Explanations
Domain 1.0: General Security Concepts
1. A security policy that states all employees must wear a visible ID badge at all
times is primarily designed to address which security concept?
A. Non-repudiation
B. Integrity
C. Identification
D. Encryption
Explanation: Identification is the process of a subject claiming an identity (e.g., "I
am John Doe"). The ID badge is a physical token that makes this claim visible,
which is the first step in the access control process (Identification ->
Authentication -> Authorization).
2. The "Principle of Least Privilege" is best defined as:
A. Users should be granted permissions only to the resources they need to
perform their job functions.
B. All users must have their identity verified with at least two factors.
C. A single user should not control all aspects of a critical process.
D. User access should be periodically reviewed and updated.
Explanation: The Principle of Least Privilege (PoLP) is a core security concept that
mandates users and systems be granted the minimum level of access—
permissions and rights—necessary to perform their assigned tasks.
3. Which of the following is the BEST example of a preventive technical control?
A. Security Awareness Training
B. A Firewall
C. A CCTV System
D. An Incident Response Plan
,Explanation: A preventive control stops an incident from occurring. A firewall,
which blocks unauthorized network traffic based on rules, is a technical control
that prevents attacks. (A is administrative, C is physical/detective, D is corrective).
4. A company mandates that no single individual should be able to both initiate
and approve a financial transaction. This is an example of:
A. Job Rotation
B. Separation of Duties
C. Least Privilege
D. Mandatory Vacations
Explanation: Separation of Duties (SoD) is designed to prevent fraud and error by
splitting a critical task among multiple users. No one person has all the power to
complete a potentially harmful action.
5. What type of security control is an Intrusion Detection System (IDS)?
A. Preventive
B. Corrective
C. Detective
D. Compensating
Explanation: An IDS monitors network or system traffic for suspicious activity and
generates alerts. It identifies incidents after they have started or after they have
occurred, making it a detective control.
6. The process of converting plaintext into ciphertext is known as:
A. Decryption
B. Hashing
C. Obfuscation
D. Encryption
Explanation: Encryption is the fundamental process of using an algorithm and a
key to transform readable data (plaintext) into an unreadable form (ciphertext) to
protect its confidentiality.
7. A security team is implementing a new data classification scheme. The
standard "For Official Use Only" would typically fall under which classification
, level?
A. Public
B. Confidential
C. Secret
D. Top Secret
Explanation: In many classification schemes, "Confidential" is the lowest level of
classified information, the disclosure of which could cause damage to national
security. "For Official Use Only" (FOUO) is a common designation for this level.
8. Which concept ensures that a user cannot deny having performed a specific
action, such as sending an email?
A. Confidentiality
B. Integrity
C. Availability
D. Non-Repudiation
Explanation: Non-repudiation provides proof of the origin and integrity of data,
preventing an entity from denying they were the source of the information. Digital
signatures are a key technology for achieving this.
9. A company policy requires employees to change their passwords every 90
days. This is an example of what type of control?
A. Technical
B. Managerial
C. Physical
D. Compensating
Explanation: This is a policy-based control, which falls under the category of
managerial (or administrative) controls. These are the rules and procedures set by
management to guide the organization.
10. A security guard at a building entrance is primarily what type of control?
A. Technical
B. Corrective
C. Physical
D. Detective
2025/2026 | Real Exam Practice Q&A With
Detailed Explanations
Domain 1.0: General Security Concepts
1. A security policy that states all employees must wear a visible ID badge at all
times is primarily designed to address which security concept?
A. Non-repudiation
B. Integrity
C. Identification
D. Encryption
Explanation: Identification is the process of a subject claiming an identity (e.g., "I
am John Doe"). The ID badge is a physical token that makes this claim visible,
which is the first step in the access control process (Identification ->
Authentication -> Authorization).
2. The "Principle of Least Privilege" is best defined as:
A. Users should be granted permissions only to the resources they need to
perform their job functions.
B. All users must have their identity verified with at least two factors.
C. A single user should not control all aspects of a critical process.
D. User access should be periodically reviewed and updated.
Explanation: The Principle of Least Privilege (PoLP) is a core security concept that
mandates users and systems be granted the minimum level of access—
permissions and rights—necessary to perform their assigned tasks.
3. Which of the following is the BEST example of a preventive technical control?
A. Security Awareness Training
B. A Firewall
C. A CCTV System
D. An Incident Response Plan
,Explanation: A preventive control stops an incident from occurring. A firewall,
which blocks unauthorized network traffic based on rules, is a technical control
that prevents attacks. (A is administrative, C is physical/detective, D is corrective).
4. A company mandates that no single individual should be able to both initiate
and approve a financial transaction. This is an example of:
A. Job Rotation
B. Separation of Duties
C. Least Privilege
D. Mandatory Vacations
Explanation: Separation of Duties (SoD) is designed to prevent fraud and error by
splitting a critical task among multiple users. No one person has all the power to
complete a potentially harmful action.
5. What type of security control is an Intrusion Detection System (IDS)?
A. Preventive
B. Corrective
C. Detective
D. Compensating
Explanation: An IDS monitors network or system traffic for suspicious activity and
generates alerts. It identifies incidents after they have started or after they have
occurred, making it a detective control.
6. The process of converting plaintext into ciphertext is known as:
A. Decryption
B. Hashing
C. Obfuscation
D. Encryption
Explanation: Encryption is the fundamental process of using an algorithm and a
key to transform readable data (plaintext) into an unreadable form (ciphertext) to
protect its confidentiality.
7. A security team is implementing a new data classification scheme. The
standard "For Official Use Only" would typically fall under which classification
, level?
A. Public
B. Confidential
C. Secret
D. Top Secret
Explanation: In many classification schemes, "Confidential" is the lowest level of
classified information, the disclosure of which could cause damage to national
security. "For Official Use Only" (FOUO) is a common designation for this level.
8. Which concept ensures that a user cannot deny having performed a specific
action, such as sending an email?
A. Confidentiality
B. Integrity
C. Availability
D. Non-Repudiation
Explanation: Non-repudiation provides proof of the origin and integrity of data,
preventing an entity from denying they were the source of the information. Digital
signatures are a key technology for achieving this.
9. A company policy requires employees to change their passwords every 90
days. This is an example of what type of control?
A. Technical
B. Managerial
C. Physical
D. Compensating
Explanation: This is a policy-based control, which falls under the category of
managerial (or administrative) controls. These are the rules and procedures set by
management to guide the organization.
10. A security guard at a building entrance is primarily what type of control?
A. Technical
B. Corrective
C. Physical
D. Detective
