CompTIA Security+ SY0-701 Exam 2025
– Comprehensive Practice Test with
Actual Questions & Verified Correct
Answers
Domain 1: General Security Concepts (12%) – 11 Questions
1. Which security principle ensures that data is only accessible to authorized users?
a) Integrity
b) Confidentiality
c) Availability
d) Non-repudiation
Rationale: Confidentiality ensures that data is accessible only to authorized
individuals, typically through encryption or access controls. Integrity ensures data
accuracy, availability ensures data is accessible when needed, and non-repudiation
prevents denial of actions. This aligns with the CIA triad, a core security concept.
2. What is the primary purpose of implementing a Zero Trust architecture?
a) To eliminate the need for firewalls
b) To verify every user and device continuously
c) To allow unrestricted network access
d) To focus solely on perimeter security
Rationale: Zero Trust assumes no user or device is inherently trusted, requiring
continuous verification of identity and access, regardless of location. Firewalls are still
used, unrestricted access contradicts security principles, and Zero Trust moves beyond
perimeter-focused models.
3. Which type of control is a security guard stationed at a data center entrance?
a) Technical
b) Administrative
c) Physical
d) Corrective
, 2
Rationale: A security guard is a physical control, restricting physical access to
facilities. Technical controls involve software or hardware (e.g., firewalls), administrative
controls involve policies (e.g., training), and corrective controls address incidents post-
event.
4. What does the AAA framework stand for in cybersecurity?
a) Access, Audit, Authorization
b) Authentication, Authorization, Accounting
c) Analysis, Assessment, Accreditation
d) Availability, Adaptability, Assurance
Rationale: The AAA framework refers to Authentication (verifying identity),
Authorization (granting access rights), and Accounting (tracking actions). This
framework is critical for managing secure access to systems and monitoring user activity.
5. Which cryptographic concept ensures that a message cannot be altered without
detection?
a) Encryption
b) Key exchange
c) Hashing
d) Digital signature
Rationale: Hashing creates a fixed-length value (hash) unique to the input data,
detecting any alterations if the hash changes. Encryption protects confidentiality, key
exchange enables secure key sharing, and digital signatures ensure authenticity and non-
repudiation.
6. What is the primary benefit of using multifactor authentication (MFA)?
a) Reduces the need for encryption
b) Increases security by requiring multiple verification methods
c) Simplifies user access management
d) Eliminates the need for passwords
Rationale: MFA enhances security by requiring two or more verification factors
(e.g., password, token, biometric), making unauthorized access harder. It does not
eliminate passwords, simplify management, or reduce encryption needs.
, 3
7. Which security model assumes that all network traffic is untrusted by default?
a) Defense-in-Depth
b) Zero Trust
c) Perimeter Security
d) Least Privilege
Rationale: Zero Trust assumes all traffic, internal or external, is untrusted, requiring
continuous verification. Defense-in-Depth uses layered security, perimeter security
focuses on external boundaries, and least privilege restricts access to the minimum
necessary.
8. What is the purpose of a security policy in an organization?
a) To configure firewalls
b) To install antivirus software
c) To define acceptable security practices
d) To monitor network traffic
Rationale: A security policy outlines acceptable practices, rules, and procedures to
ensure organizational security. Firewalls, antivirus, and monitoring are technical
implementations, not the policy itself.
9. Which type of access control is based on user roles within an organization?
a) Discretionary Access Control (DAC)
b) Mandatory Access Control (MAC)
c) Role-Based Access Control (RBAC)
d) Attribute-Based Access Control (ABAC)
Rationale: RBAC assigns permissions based on user roles (e.g., admin, employee),
simplifying access management. DAC allows owners to set permissions, MAC uses
labels, and ABAC uses attributes like location or time.
10. What is the role of a cryptographic salt in password hashing?
a) Encrypts the password
b) Adds randomness to prevent precomputed attacks
c) Compresses the password for storage
d) Verifies user identity