Free CompTIA Security+ SY0-701 General Security Concepts Practice Test 2026 — CompTIA Security+ (SY0-701) Questions
This free CompTIA Security+ SY0-701 General Security Concepts practice test covers Sec+ Domain 1 (~12%) — general security concepts, including the CIA triad, AAA, security control types, zero trust, cryptography basics, PKI, and change management. Each question includes a detailed explanation aligned to the SY0-701 exam objectives — perfect for Security+ exam prep.
Key Topics in CompTIA Security+ SY0-701 General Security Concepts
- CIA Triad & AAA
- Security Controls (Technical/Physical/Managerial)
- Zero Trust Architecture
- Cryptography Basics (Symmetric/Asymmetric)
- PKI & Certificates
- Change Management
6 Free CompTIA Security+ SY0-701 General Security Concepts Practice Questions with Answers
Sample Question 1 — General Security Concepts
Your company experienced a data breach where sensitive customer information was exposed. The incident response team suspects an insider threat. Which initial step should be prioritized?
- A. Immediately terminate all suspected employees.
- B. Isolate affected systems and contain the breach. (Correct answer)
- C. Conduct a full forensic analysis of all company systems.
- D. Notify all affected customers and regulatory bodies.
Correct answer: B
Explanation: Containing the breach is the immediate priority to prevent further data loss. While the other options are necessary steps, they should be taken after containment. Terminating employees prematurely could destroy evidence. A full forensic analysis is time-consuming and should follow containment. Notification, while important, is also best done after containment to ensure accurate information. Generated by AI
Sample Question 2 — General Security Concepts
A new employee accidentally accessed a restricted folder containing sensitive financial data. What security control failed, and what should be implemented to prevent recurrence?
- A. Intrusion Detection System (IDS) failed; Implement a more robust IDS.
- B. Access Control Lists (ACLs) failed; Implement mandatory access control. (Correct answer)
- C. Data Loss Prevention (DLP) failed; Implement data encryption at rest and in transit.
- D. Firewall failed; Implement a next-generation firewall (NGFW).
Correct answer: B
Explanation: The employee accessed a restricted folder, indicating a failure of access control. Implementing mandatory access control (MAC) would enforce stricter access rules based on security labels, preventing unauthorized access. The other options address different security aspects not directly related to the scenario. Generated by AI
Sample Question 3 — General Security Concepts
Your organization is implementing a new BYOD policy. Which security concern requires the most attention?
- A. Employee dissatisfaction with restrictions.
- B. Increased IT support requests.
- C. Data loss and leakage from unmanaged devices. (Correct answer)
- D. Compatibility issues with various devices.
Correct answer: C
Explanation: The most significant risk associated with BYOD is data loss or leakage through unmanaged and potentially insecure personal devices. While the other options are concerns, data security is paramount. Generated by AI
Sample Question 4 — General Security Concepts
During a security audit, a vulnerability scanner detects a misconfigured web server exposing sensitive configuration files. Which security principle is most violated?
- A. Least privilege (Correct answer)
- B. Defense in depth
- C. Principle of least astonishment
- D. Data minimization
Correct answer: A
Explanation: Exposing configuration files violates the principle of least privilege; the web server has excessive permissions. Defense in depth is about multiple layers, while least astonishment refers to user expectations. Data minimization deals with data quantity, not permissions. Generated by AI
Sample Question 5 — General Security Concepts
Your company needs to comply with PCI DSS. Which security control is MOST critical for protecting cardholder data?
- A. Strong password policies
- B. Regular vulnerability scanning
- C. Data encryption both in transit and at rest (Correct answer)
- D. Intrusion detection systems (IDS)
Correct answer: C
Explanation: PCI DSS heavily emphasizes data encryption. While the other options are important, encryption directly addresses the protection of cardholder data in compliance with PCI DSS. Generated by AI
Sample Question 6 — General Security Concepts
You suspect a denial-of-service (DoS) attack targeting your web server. What is the FIRST action to take?
- A. Contact law enforcement.
- B. Analyze network traffic for malicious patterns. (Correct answer)
- C. Implement rate limiting to mitigate the attack.
- D. Shut down the web server to stop the attack.
Correct answer: B
Explanation: Before taking any action, you need to analyze network traffic to confirm the DoS attack and identify the source. Shutting down the server is drastic and should be a last resort. Rate limiting is a good mitigation strategy but should follow analysis. Contacting law enforcement is important but after initial response steps. Generated by AI
About the CompTIA Security+ SY0-701 / CompTIA Security+ (SY0-701) Exam
- Questions: Up to 90 (multiple choice + PBQs)
- Time: 90 minutes
- Passing score: 750 / 900
- Cost: $404 USD (voucher)
- Validity: 3 years (renew with CEUs or higher cert)
- Provider: CompTIA
- DoD 8570/8140: Approved for IAT II, IAM I, CSSP Analyst
Other CompTIA Security+ SY0-701 Practice Domains
Start the free CompTIA Security+ SY0-701 General Security Concepts practice test now | 10-question quick start | All CompTIA Security+ SY0-701 domains