Free · No account needed · No credit card

Security+ SY0-701 Practice Test

1,152 questions with instant explanations, domain breakdown, and wrong-answer analysis. Built for the real exam.

Instant feedback after each answer
Full explanations included
Domain score breakdown
Real exam: 90 min
Pass mark: 750%

Sample questions with explanations

This is exactly what you see during practice — question, options, and a full explanation after you answer.

Q1General Security Conceptsmedium
Full explanation →

A security engineer writes a script that computes SHA-256 hashes of critical server configuration files every night and sends an alert if any hash value has changed since the previous night. Which security goal is this control primarily designed to protect?

AConfidentiality
IntegrityCorrect
CAvailability
DAuthentication

The script computes SHA-256 hashes of configuration files and compares them nightly to detect any unauthorized or accidental changes. This directly protects the integrity of the files by ensuring they have not been modified, which is the core security goal of integrity. Confident…Read full explanation

Q2Threats, Vulnerabilities, and Mitigationsmedium
Full explanation →

A security analyst is reviewing web server logs from an e-commerce application. The logs show repeated requests containing URLs with appended strings such as: `' OR '1'='1' --` and `'; DROP TABLE Users; --`. The application returned HTTP 200 responses with unexpected data in several instances. Which type of attack is most likely being attempted?

SQL injectionCorrect
BLDAP injection
CCommand injection
DCross-site scripting (XSS)

The repeated requests contain classic SQL injection payloads, such as `' OR '1'='1' --` (used to bypass authentication or extract data) and `'; DROP TABLE Users; --` (used to delete database tables). The HTTP 200 responses with unexpected data confirm that the application is vuln…Read full explanation

Q3Security Architecturemedium
Full explanation →

A company is redesigning its network to host a public-facing web application that accesses a confidential database. The security team needs to minimize the risk of a direct attack against the database server while still allowing the web server to retrieve and update data. Which network architecture best achieves this objective?

APlace both the web server and the database server in the same DMZ segment and rely on host-based firewalls for protection.
Place the web server in the DMZ and the database server on the internal network. Configure the firewall to allow inbound traffic from the web server to the database server on the required port only.Correct
CConnect both servers to a single internal VLAN and use a reverse proxy to forward external traffic to the web server.
DUse a site-to-site VPN to connect the web server and database server, and place both behind a single NAT gateway.

Option B is correct because it implements a tiered network architecture where the web server resides in the DMZ (a semi-trusted zone) and the database server is placed on the internal network, isolated from direct internet access. The firewall is configured with a stateful rule t…Read full explanation

Untimed Practice

Answer at your own pace. Explanation and domain tag shown immediately after each answer.

Timed Practice

Countdown timer starts immediately. Results and domain scores shown at the end — just like the real exam.

Why practice here?

Full explanations on every question

Not just the right answer — you get exactly why each wrong option is wrong, so you learn the concept, not the answer.

Domain score breakdown

After each session see your score by exam domain so you know exactly where to focus study time.

100% free, forever

No subscription, no trial, no email wall. Start a session in under 10 seconds.

Exam-style questions

Scenario-based, precise wording, realistic distractors — written to match what you actually see on exam day.

← All SY0-701 questionsSY0-701 exam guideStudy guidePractice by domain