Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Certifications›SY0-701›Cheat Sheet

Exam reference guide

SY0-701 Cheat Sheet

A concise reference covering every SY0-701 exam domain — blueprint weights, must-know concepts, common exam traps, and quick-answer summaries. Use this to review the day before your exam or to build your study roadmap.

Practice Test →

SY0-701 Exam Blueprint — At a Glance

#DomainWeightQuestionsPractice
1.0

General Security Concepts

General Security Concepts covers the foundational principles of cybersecurity, including the CIA triad, risk management, security controls, and threat types, which are tested through scenario-based questions on the SY0-701 exam.

12%164Practice →
2.0

Threats, Vulnerabilities, and Mitigations

Threats, Vulnerabilities & Mitigations covers the identification of various attack types (e.g., phishing, ransomware), the weaknesses they exploit (vulnerabilities like unpatched software), and the controls (mitigations) to prevent or reduce damage, such as firewalls, encryption, and security policies.

22%265Practice →
3.0

Security Architecture

Security Architecture on the SY0-701 exam covers how to design and implement secure networks, systems, and applications using principles like defense in depth, segmentation, and least privilege.

18%221Practice →
4.0

Security Operations

Security Operations tests your ability to detect, respond to, and recover from real-world security incidents. On the SY0-701 exam it covers incident response (NIST SP 800-61), vulnerability management, SIEM log analysis, data protection, and change management. It is worth 28% of your score — the highest-weighted domain.

28%291Practice →
5.0

Security Program Management and Oversight

Security Program Management & Oversight covers the governance, risk management, compliance, and business continuity aspects of cybersecurity—how to plan, implement, and improve an organization's security program.

—211Practice →
Total80%1,152

Domain Quick Reference

1.0General Security Concepts

General Security Concepts covers the foundational principles of cybersecurity, including the CIA triad, risk management, security controls, and threat types, which are tested through scenario-based questions on the SY0-701 exam.

12%

Key concepts

  • ✓Define and apply the CIA triad (confidentiality, integrity, availability) to scenarios like encrypting data at rest (confidentiality) or hashing files (integrity).
  • ✓Identify and differentiate security control types: deterrent (e.g., warning signs), preventive (e.g., firewalls), detective (e.g., IDS), corrective (e.g., backups), compensating (e.g., alternative controls), and directive (e.g., policies).
  • ✓Understand risk management concepts: risk = likelihood x impact, and terms like RPO (Recovery Point Objective) and RTO (Recovery Time Objective) in disaster recovery.
  • ✓Recognize common threat actors and vectors: insider threats, APTs, ransomware, phishing, and supply chain attacks.
  • ✓Apply the principle of least privilege and defense in depth to network or system design scenarios.
  • ✓Differentiate between vulnerability, threat, and risk, and identify appropriate mitigation strategies.

Watch out for

  • ⚠Confusing preventive and detective controls: a firewall is preventive, but an IDS is detective; many candidates mix them up.
  • ⚠Misapplying the CIA triad: e.g., thinking encryption only provides integrity, when it primarily provides confidentiality.
  • ⚠Overlooking the difference between a vulnerability (a weakness) and a threat (something that exploits it); exam questions often test this distinction.
  • ⚠Assuming all compensating controls are temporary; they can be permanent if the primary control is too costly or complex.

2.0Threats, Vulnerabilities, and Mitigations

Threats, Vulnerabilities & Mitigations covers the identification of various attack types (e.g., phishing, ransomware), the weaknesses they exploit (vulnerabilities like unpatched software), and the controls (mitigations) to prevent or reduce damage, such as firewalls, encryption, and security policies.

22%

Key concepts

  • ✓Identifying and differentiating between types of social engineering attacks (e.g., spear phishing, vishing, tailgating)
  • ✓Understanding vulnerability scanning tools and interpreting scan results (e.g., Nessus, OpenVAS)
  • ✓Applying mitigation techniques for common network attacks (e.g., DDoS mitigation using rate limiting or anycast)
  • ✓Recognizing indicators of compromise (IoCs) for malware infections (e.g., unusual outbound traffic, registry changes)
  • ✓Selecting appropriate security controls for application vulnerabilities (e.g., input validation to prevent SQL injection)
  • ✓Analyzing attack vectors in cloud environments (e.g., misconfigured S3 buckets, compromised API keys)

Watch out for

  • ⚠Confusing vulnerability scanning with penetration testing—scans identify weaknesses, tests exploit them to verify risk.
  • ⚠Assuming all encryption is equally effective—trap questions may ask about weak algorithms like WEP or outdated TLS versions.
  • ⚠Mixing up mitigation strategies for different attack types—e.g., using antivirus for a DDoS attack instead of traffic filtering.
  • ⚠Overlooking physical security controls—questions might present a technical threat that is best mitigated by a lock or badge reader.

3.0Security Architecture

Security Architecture on the SY0-701 exam covers how to design and implement secure networks, systems, and applications using principles like defense in depth, segmentation, and least privilege.

18%

Key concepts

  • ✓Secure network architecture design (e.g., DMZ, VLANs, VPNs)
  • ✓Secure system design (e.g., trusted platform module, secure boot)
  • ✓Cloud and virtualization security (e.g., shared responsibility, hypervisor security)
  • ✓Secure application development (e.g., input validation, secure coding)
  • ✓Selection and configuration of security controls (e.g., firewalls, IDS/IPS, DLP)
  • ✓Identity and access management architecture (e.g., SSO, MFA, federation)

Watch out for

  • ⚠Confusing encryption in transit (TLS) with encryption at rest (AES-256)
  • ⚠Thinking a firewall is sufficient to protect a network; forgetting defense in depth
  • ⚠Assuming cloud security is entirely the provider's responsibility (shared responsibility model)
  • ⚠Mixing up secure network segmentation (VLANs) with physical separation (air gaps)

4.0Security Operations

Security Operations tests your ability to detect, respond to, and recover from real-world security incidents. On the SY0-701 exam it covers incident response (NIST SP 800-61), vulnerability management, SIEM log analysis, data protection, and change management. It is worth 28% of your score — the highest-weighted domain.

28%

Key concepts

  • ✓Incident response lifecycle — Preparation, Detection & Analysis, Containment, Eradication & Recovery, Post-Incident Activity (NIST SP 800-61). Know the exact order cold.
  • ✓Vulnerability management — scan types, CVSS severity scoring, patch prioritisation, and the critical difference between a vulnerability scan and a penetration test.
  • ✓Security monitoring — SIEM log correlation, IDS vs IPS placement and behaviour, alert triage, and separating true positives from false positives.
  • ✓Identity and access management operations — enforcing MFA, detecting privilege escalation, account lockout policies, and least-privilege principles.
  • ✓Data protection — encryption at rest vs in transit, DLP tool placement, data classification schemes, and secure data disposal methods.
  • ✓Disaster recovery and business continuity — RTO vs RPO definitions, full/incremental/differential backup strategies, and failover testing.

Watch out for

  • ⚠Containment comes before Eradication in incident response — reversing these two phases is the most common mistake on this domain.
  • ⚠A vulnerability scan identifies weaknesses; a penetration test actively exploits them. The exam expects you to know which is appropriate and when.
  • ⚠RTO is how fast you restore service; RPO is how much data loss you can tolerate. Mixing these up costs marks on scenario questions.
  • ⚠Not every SIEM alert is a real threat — the exam tests alert triage. Recognising false positives is a distinct skill from detecting real incidents.
  • ⚠IDS alerts and logs; IPS blocks. Placement also differs — IDS can be passive/out-of-band, IPS must be inline. Confusing them is a guaranteed wrong answer.

5.0Security Program Management and Oversight

Security Program Management & Oversight covers the governance, risk management, compliance, and business continuity aspects of cybersecurity—how to plan, implement, and improve an organization's security program.

Key concepts

  • ✓Security governance principles: policies, standards, procedures, and guidelines
  • ✓Risk management process: identification, assessment, analysis, and treatment of risks
  • ✓Compliance with laws and regulations: GDPR, HIPAA, PCI DSS, SOX, etc.
  • ✓Business continuity and disaster recovery: BCP, DRP, RTO, RPO, and testing
  • ✓Security awareness and training: phishing simulations, role-based training, and metrics
  • ✓Third-party risk management: vendor assessments, SLAs, and due diligence

Watch out for

  • ⚠Confusing policy vs. procedure: a policy is high-level intent, a procedure is step-by-step; exam may ask which document defines 'acceptable use' (policy) vs. 'how to reset a password' (procedure)
  • ⚠Mixing up risk treatment options: avoid (eliminate activity), transfer (buy insurance), mitigate (add controls), accept (acknowledge risk); candidates often pick 'mitigate' when 'avoid' is correct for a high-risk scenario
  • ⚠Forgetting that compliance is not the same as security: a company can be compliant with a regulation but still have poor security; exam may present a scenario where a compliant organization is breached and ask what's missing (e.g., risk assessment beyond compliance)
  • ⚠Misinterpreting RTO vs. RPO: RTO is time to restore service, RPO is acceptable data loss; exam might describe a backup strategy and ask which metric it satisfies

Exam Day Reminders

  • →Read every question stem fully — look for qualifiers like 'MOST likely,' 'BEST,' or 'EXCEPT.'
  • →Flag uncertain questions and come back — don't waste time on one question.
  • →Eliminate obviously wrong options first, then choose between remaining ones.
  • →Trust your first instinct unless you have a specific reason to change.
  • →For SY0-701, scenarios typically have one clearly best answer — look for the option that matches the specific constraints in the question.

More SY0-701 resources

30-Day Study PlanPractice TestExam ObjectivesWhy Candidates Fail