SY0-701 · topic practice

General Security Concepts practice questions

General Security Concepts is the foundational domain of the CompTIA Security+ SY0-701 exam, covering the core principles that underpin all of cybersecurity. In plain English, this domain teaches you the 'why' behind security—why we need confidentiality, integrity, and availability (the CIA triad), how to manage risk, and what controls (like firewalls, encryption, or policies) actually do. It’s like learning the rules of the road before driving: you’ll understand threats, vulnerabilities, and the mindset to protect data and systems. This domain is critical for real-world IT, security, and cloud work because every security decision—from configuring a cloud bucket to responding to a breach—starts with these concepts. For example, when you set up AWS S3 permissions, you’re applying the principle of least privilege. When you patch a server, you’re reducing risk. Understanding these fundamentals helps you communicate with stakeholders, justify security spending, and avoid common mistakes that lead to data leaks. Employers expect you to think like a security professional, not just a technician. On the SY0-701 exam, this domain tests your ability to define and apply security concepts across scenarios. You’ll be asked to identify which control (deterrent, preventive, detective, corrective, compensating, directive) fits a given situation—like a security guard (deterrent) vs. an IDS (detective). You’ll also need to understand risk management terms (likelihood, impact, RPO, RTO), types of threats (malware, social engineering, supply chain), and the difference between vulnerability and threat. Expect multiple-choice questions that give a short scenario and ask for the best control or concept. To study this domain effectively, focus on memorizing the definitions and then applying them to practice questions. Start with the CIA triad and non-repudiation. Then learn the control types by creating mnemonics (e.g., 'Prevent, Detect, Correct'). Use flashcards for terms like 'vulnerability' vs. 'threat' vs. 'risk'. Finally, practice with scenario-based questions from CompTIA’s official study materials or a reputable test bank. Don’t just read—quiz yourself daily. This domain is 12% of the exam, so you need to master it, but it’s also the easiest to score high on if you practice.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: General Security Concepts

What the exam tests

What to know about General Security Concepts

General Security Concepts covers the foundational principles of cybersecurity, including the CIA triad, risk management, security controls, and threat types, which are tested through scenario-based questions on the SY0-701 exam.

Define and apply the CIA triad (confidentiality, integrity, availability) to scenarios like encrypting data at rest (confidentiality) or hashing files (integrity).

Identify and differentiate security control types: deterrent (e.g., warning signs), preventive (e.g., firewalls), detective (e.g., IDS), corrective (e.g., backups), compensating (e.g., alternative controls), and directive (e.g., policies).

Understand risk management concepts: risk = likelihood x impact, and terms like RPO (Recovery Point Objective) and RTO (Recovery Time Objective) in disaster recovery.

Recognize common threat actors and vectors: insider threats, APTs, ransomware, phishing, and supply chain attacks.

Apply the principle of least privilege and defense in depth to network or system design scenarios.

Differentiate between vulnerability, threat, and risk, and identify appropriate mitigation strategies.

Watch out for

Common General Security Concepts exam traps

  • Confusing preventive and detective controls: a firewall is preventive, but an IDS is detective; many candidates mix them up.
  • Misapplying the CIA triad: e.g., thinking encryption only provides integrity, when it primarily provides confidentiality.
  • Overlooking the difference between a vulnerability (a weakness) and a threat (something that exploits it); exam questions often test this distinction.
  • Assuming all compensating controls are temporary; they can be permanent if the primary control is too costly or complex.

Practice set

General Security Concepts questions

20 questions · select your answer, then reveal the explanation

A security engineer writes a script that computes SHA-256 hashes of critical server configuration files every night and sends an alert if any hash value has changed since the previous night. Which security goal is this control primarily designed to protect?

A financial institution updates its access control policy to require that two different system administrators must approve and execute any changes to the core transaction processing database. Which security principle is this practice primarily designed to enforce?

A security architect is designing the network security posture for a new branch office. The plan includes a next-generation firewall at the perimeter, an intrusion prevention system on the internal network, mandatory multi-factor authentication for all remote access, and quarterly security awareness training for employees. The architect explains that these controls are independent of each other so that a failure in any single control does not leave the entire network unprotected. Which security concept is the architect primarily implementing?

Question 4mediummultiple choice
Read the full NAT/PAT explanation →

A security analyst at a hospital is reviewing user permissions in the electronic health record (EHR) system. The analyst discovers that all nursing staff accounts are members of the 'Administrators' group, which grants full read and write access to all patient records, as well as the ability to modify system configuration settings. The nursing staff's job responsibilities only require viewing and updating records for patients currently assigned to them. Which security principle is most directly violated by this configuration?

A defense contractor is deploying a new document management system that will store classified military intelligence. The security policy requires that user access to each document is strictly determined by the document's classification label (e.g., Confidential, Secret, Top Secret) and the user's verified security clearance level. Furthermore, system administrators must not be able to change these access rules or grant themselves access to documents above their clearance. Which access control model is best suited for this requirement?

A security analyst is investigating a data integrity incident where an attacker exploited a vulnerability in a web application to alter customer account balance records in the database. The analyst identifies the exact records that were modified and restores those records from a verified read-only backup taken prior to the attack. Which security goal is the analyst primarily addressing by restoring the records from backup?

Question 7mediummultiple choice
Read the full NAT/PAT explanation →

A software vendor distributes critical security updates for its application through a public download website. The vendor wants to allow customers to verify that each update originated from the vendor and has not been modified in transit. Which of the following cryptographic techniques should the vendor apply to the update files before posting them for download?

Question 8mediummultiple choice
Read the full NAT/PAT explanation →

A financial institution is implementing a new policy for all remote access to its payment processing system. The system will generate a unique digital signature for each administrative action, and all actions will be recorded in a tamper-evident audit log that is replicated to an immutable storage location. The primary objective of this policy is to ensure that administrators who perform sensitive operations cannot later deny having executed them. Which security goal is this policy primarily intended to enforce?

A security auditor is reviewing the access controls for a payroll application. The auditor discovers that a single user, the payroll manager, has permissions to both create new employee records and then approve and process salary payments for those records. The company's security policy requires that no single individual should be able to execute both the creation and the approval of a payment for the same employee. Which of the following security principles is the company's policy attempting to enforce?

A security architect is designing a defense strategy for a database containing sensitive customer records. The architect implements a network firewall to restrict inbound traffic to only the application server, enforces file-level encryption for the database files, requires multi-factor authentication for all administrative access, and deploys a database activity monitoring system to alert on unusual queries. Which security principle is the architect primarily applying?

Question 11mediummultiple choice
Read the full NAT/PAT explanation →

A company is enhancing its network security posture. The security team deploys a system that passively monitors network traffic, analyzes packets for signs of malicious activity, and generates alerts when suspicious patterns are detected. This system does not actively block or modify any traffic. Which type of security control does this system BEST represent?

A company wants one document that tells employees what they are required to do when handling company systems and data. Which document type is the best fit?

Question 13easymultiple choice
Study the full AAA explanation →

After a user signs in, a file server checks whether they can edit a shared folder. Which AAA concept is being applied?

A legal team must send a confidential contract to a partner so only the intended recipient can read it, and the partner also needs assurance the file really came from your company. Which approach best meets both needs?

Which two statements describe authorization? Select two.

A restricted server room opens only with a badge, and an alarm sounds if the door is left open too long. Which control type is the alarm?

Question 17hardmultiple choice
Study the full AAA explanation →

Based on the exhibit, what should be implemented to reduce the blast radius if a backup server is compromised later?

Backup job configuration: algorithm=AES-256-GCM key_file=/opt/backup/key.bin rotation=disabled same_key_for_all_sites=true backup_media copied to an offsite vault each night

Exhibit

Backup job configuration:
algorithm=AES-256-GCM
key_file=/opt/backup/key.bin
rotation=disabled
same_key_for_all_sites=true
backup_media copied to an offsite vault each night

Based on the exhibit, what is the best fix so role changes are reflected promptly in the application?

Token and directory data:

09:10 Token issued for user jdoe groups=[Finance_Approver, Expense_Reviewer] auth_time=09:10 exp=17:10 09:15 HR updated directory: jdoe moved to Sales 11:00 The application still accepts the original token and allows expense approval 11:01 Identity provider logs show no token revocation event

Exhibit

09:10  Token issued for user jdoe
      groups=[Finance_Approver, Expense_Reviewer]
      auth_time=09:10
      exp=17:10
09:15  HR updated directory: jdoe moved to Sales
11:00  The application still accepts the original token and allows expense approval
11:01  Identity provider logs show no token revocation event

Based on the exhibit, which change best improves accountability while still allowing emergency access?

A finance team uses the following shared account on a jump host:

07:55:12 Account=FIN-ADMIN Action=ApproveInvoice Host=JUMP-02 IP=10.30.8.21 07:56:03 Account=FIN-ADMIN Action=ChangeVendorBank Host=JUMP-02 IP=10.30.8.21 07:57:44 Account=FIN-ADMIN Action=ExportReport Host=JUMP-02 IP=10.30.8.21

Note: FIN-ADMIN is used by three finance managers during after-hours support.

Exhibit

07:55:12  Account=FIN-ADMIN  Action=ApproveInvoice   Host=JUMP-02  IP=10.30.8.21
07:56:03  Account=FIN-ADMIN  Action=ChangeVendorBank Host=JUMP-02  IP=10.30.8.21
07:57:44  Account=FIN-ADMIN  Action=ExportReport     Host=JUMP-02  IP=10.30.8.21
Note: FIN-ADMIN is used by three finance managers during after-hours support.

Based on the exhibit, which additional control is the best fit to prevent employees from copying sensitive reports to removable media?

Exhibit

Current controls on finance laptops:
- Full-disk encryption enabled
- SIEM alerting on impossible-travel logins
- Weekly security awareness reminders
- USB ports left enabled for engineering and finance teams
Incident summary:
- Two finance users copied monthly revenue files to personal flash drives after downloading them
- Internet access and email must remain available for normal work

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused General Security Concepts sessions

Start a General Security Concepts only practice session

Every question in these sessions is drawn from the General Security Concepts domain — nothing else.

Related practice questions

Related SY0-701 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the SY0-701 exam test about General Security Concepts?
General Security Concepts covers the foundational principles of cybersecurity, including the CIA triad, risk management, security controls, and threat types, which are tested through scenario-based questions on the SY0-701 exam.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just General Security Concepts questions in a focused session?
Yes — the session launcher on this page draws every question from the General Security Concepts domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other SY0-701 topics?
Use the topic links above to move to related areas, or go back to the SY0-701 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the SY0-701 exam covers. They are not copied from any real exam or dump site.