2025 CompTIA Security+ SY0-701
Practice Test – 150 Authentic
Questions with 100% Verified
Answers & In-Depth Rationales | A+
Graded
Exam Questions
Domain 1: General Security Concepts (Questions 1–25)
1. Which security principle ensures that data is only accessible to authorized users?
A. Integrity
B. Confidentiality
C. Availability
D. Non-repudiation
Correct Answer: Confidentiality
Rationale: Confidentiality prevents unauthorized access to data, ensuring only authorized users
can view sensitive information. Integrity ensures data accuracy, availability ensures access when
needed, and non-repudiation prevents denial of actions.
2. An organization implements a policy requiring continuous verification of user identities.
Which security model is this?
A. Defense-in-depth
B. Zero Trust
C. Least privilege
D. Separation of duties
Correct Answer: Zero Trust
Rationale: Zero Trust assumes no trust and requires continuous verification of identities and
permissions, reducing the risk of unauthorized access.
3. Which authentication factor is based on a user’s physical characteristics?
A. Something you know
B. Something you are
C. Something you have
D. Something you do
Correct Answer: Something you are
, 2
Rationale: Biometric authentication (e.g., fingerprint or retina scan) is “something you are,”
distinct from passwords (know), tokens (have), or behaviors (do).
4. Which security control is designed to stop an attack before it occurs?
A. Detective
B. Preventive
C. Corrective
D. Compensating
Correct Answer: Preventive
Rationale: Preventive controls, like firewalls or access controls, stop attacks before they happen.
Detective controls identify attacks, corrective controls fix damage, and compensating controls
provide alternatives.
5. A company uses multifactor authentication (MFA) requiring a password and a smartphone app
code. Which factors are combined?
A. Something you know and something you are
B. Something you know and something you have
C. Something you have and something you do
D. Something you are and something you do
Correct Answer: Something you know and something you have
Rationale: A password is “something you know,” and a smartphone app code is “something you
have,” making this a valid MFA combination.
6. Which concept ensures that a user cannot deny performing an action?
A. Confidentiality
B. Integrity
C. Non-repudiation
D. Availability
Correct Answer: Non-repudiation
Rationale: Non-repudiation uses mechanisms like digital signatures to ensure users cannot deny
their actions, supporting accountability.
7. Which access control model assigns permissions based on a user’s job function?
A. Discretionary Access Control (DAC)
B. Role-Based Access Control (RBAC)
C. Mandatory Access Control (MAC)
D. Attribute-Based Access Control (ABAC)
Correct Answer: Role-Based Access Control (RBAC)
Rationale: RBAC assigns permissions based on roles, aligning access with job functions, unlike
DAC (owner-based), MAC (security labels), or ABAC (attributes).
8. An organization splits critical tasks between two employees to prevent fraud. Which principle
is applied?
A. Least privilege
B. Separation of duties
C. Defense-in-depth
, 3
D. Zero Trust
Correct Answer: Separation of duties
Rationale: Separation of duties divides tasks to prevent a single user from completing critical
processes, reducing fraud risk.
9. Which security control monitors network traffic for suspicious activity?
A. Intrusion Detection System (IDS)
B. Firewall
C. Antivirus
D. Data Loss Prevention (DLP)
Correct Answer: Intrusion Detection System (IDS)
Rationale: An IDS monitors traffic for anomalies, alerting on suspicious activity. Firewalls
block traffic, antivirus scans for malware, and DLP prevents data leaks.
10. Which risk response strategy involves purchasing insurance to cover potential losses?
A. Mitigate
B. Avoid
C. Transfer
D. Accept
Correct Answer: Transfer
Rationale: Transfer shifts risk to a third party, like an insurer, while mitigate reduces risk, avoid
eliminates it, and accept acknowledges it.
11. A company uses a cloud access security broker (CASB) to enforce policies. Which
environment is this most relevant for?
A. On-premises
B. Cloud-based
C. Physical security
D. Endpoint devices
Correct Answer: Cloud-based
Rationale: CASBs enforce security policies for cloud applications, ensuring data protection in
cloud environments.
12. Which metric measures the maximum acceptable downtime for a system?
A. Recovery Point Objective (RPO)
B. Recovery Time Objective (RTO)
C. Annualized Loss Expectancy (ALE)
D. Single Loss Expectancy (SLE)
Correct Answer: Recovery Time Objective (RTO)
Rationale: RTO defines the maximum downtime a system can tolerate, while RPO measures
data loss, ALE estimates yearly risk cost, and SLE estimates single incident cost.
13. Which security concept uses multiple layers of controls to protect assets?
A. Zero Trust
B. Defense-in-depth
C. Least privilege