Loading page
10 free CompTIA Security+ SY0-701 practice questions for Domain 1, General Security Concepts, which is about 12% of the exam. Each question has the correct answer and a clear explanation. No account or signup needed.
Last updated June 2026
Encrypting a sensitive file so that only authorized people can read its contents primarily protects which part of the CIA triad?
Correct answer: A. Confidentiality
Confidentiality means keeping information secret from unauthorized parties, which is exactly what encryption provides. Integrity is about preventing unauthorized changes, and availability is about access when needed.
A written policy that requires all employees to complete annual security awareness training is an example of which category of control?
Correct answer: B. Managerial
Managerial (administrative) controls are policies, procedures, and governance such as training requirements and risk assessments. Technical controls are enforced by technology, physical controls protect facilities, and operational controls are processes people perform.
A sign reading "Warning: 24-hour video surveillance" is posted at an entrance. Which control function does the sign itself perform?
Correct answer: A. Deterrent
A deterrent control discourages an attacker from acting. The sign does not detect or stop entry by itself; it simply discourages bad behavior. The camera that records would be detective.
A required patch cannot be installed right away, so the team temporarily adds strict firewall rules to limit exposure until it can. The firewall rules are acting as which type of control?
Correct answer: A. Compensating
A compensating control is an alternative measure used when the primary control is not feasible. The firewall rules compensate for the missing patch. They are not merely discouraging or detecting anything.
What does a digital certificate primarily bind together?
Correct answer: A. A public key and a verified identity
A digital certificate binds a public key to a verified identity, signed by a certificate authority so others can trust it. It does not store passwords or pair symmetric keys.
A system only allows logins when the device is physically connected inside the corporate office network. Which authentication factor is being used?
Correct answer: C. Somewhere you are
Location-based authentication is the "somewhere you are" factor. Something you know is a secret like a password, something you have is a token, and something you are is a biometric.
What is the primary purpose of a formal change management process?
Correct answer: A. To review, approve, test, and document changes so they do not cause outages or security gaps
Change management ensures changes are reviewed, approved, tested, and documented so they do not introduce instability or vulnerabilities. The other options describe encryption, antimalware, and disaster recovery.
Hiding a secret message inside an ordinary-looking image file so its very existence is concealed is an example of?
Correct answer: A. Steganography
Steganography conceals the existence of a message by embedding it within other data, such as an image. Hashing produces a fingerprint, tokenization substitutes a surrogate value, and key stretching strengthens keys derived from passwords.
A payment platform replaces each stored credit card number with a random surrogate value that has no mathematical relationship to the original. What is this technique?
Correct answer: A. Tokenization
Tokenization swaps sensitive data for a non-sensitive token with no algorithmic link to the original, so a stolen token is useless. Encryption is reversible with a key, and hashing is a one-way digest.
Which method lets two parties securely agree on a shared secret key over an untrusted network without ever transmitting the key itself?
Correct answer: A. Diffie-Hellman key exchange
Diffie-Hellman allows two parties to derive a shared secret over an open channel without sending the secret. SHA-256 is a hash, AES is symmetric encryption that needs a key already shared, and Base64 is encoding, not security.
SecPlus Mastery covers all five SY0-701 domains with over 1,000 practice questions, timed mock exams, and spaced review that targets your weak spots so you walk in ready.
Original practice questions aligned to the CompTIA Security+ SY0-701 objectives. CompTIA and Security+ are trademarks of CompTIA, used here for identification only.