Loading page
10 free CompTIA Security+ SY0-701 practice questions for Domain 4, Security Operations, which is about 28% of the exam. Each question has the correct answer and a clear explanation. No account or signup needed.
Last updated June 2026
Which platform automates and orchestrates repetitive security tasks across many tools using predefined playbooks to speed up response?
Correct answer: A. SOAR
SOAR (Security Orchestration, Automation, and Response) runs playbooks to automate and coordinate responses across tools. An IDS detects intrusions, DLP prevents data loss, and a VPN encrypts connections.
Running a suspicious email attachment in an isolated, instrumented environment to safely watch what it does is known as?
Correct answer: A. Sandboxing
Sandboxing detonates and observes suspicious code in isolation so it cannot harm production. Hashing fingerprints a file, tunneling encapsulates traffic, and hardening reduces a system attack surface.
Which endpoint solution continuously monitors devices for malicious behavior and can isolate a host and roll back changes during an incident?
Correct answer: A. EDR
EDR (Endpoint Detection and Response) provides continuous monitoring, investigation, and response actions like host isolation. Traditional signature antivirus only blocks known files and lacks that response capability.
Which technology lets a user authenticate once and then access many different applications without logging in again to each one?
Correct answer: A. Single sign-on (SSO)
SSO authenticates a user once and grants access to multiple services. Multifactor authentication adds factors to a single login, a password vault stores credentials, and NAC controls device admission.
Which standard lets a user authenticate with the identity provider of one organization and then access a web application at a different organization?
Correct answer: A. SAML (federation)
SAML enables federated identity, letting one organization trust the identity provider of another for single sign-on across domains. RADIUS centralizes network access authentication, WPA3 secures Wi-Fi, and IPsec secures IP traffic.
Which solution vaults and rotates administrator credentials and grants just-in-time elevated access with full session monitoring?
Correct answer: A. Privileged access management (PAM)
PAM controls, vaults, rotates, and monitors privileged (administrator) accounts and grants temporary elevation. SSO handles everyday authentication, a SIEM analyzes logs, and a load balancer distributes traffic.
Which activity uses automated tools to identify and report known weaknesses on systems without actually exploiting them?
Correct answer: A. Vulnerability scan
A vulnerability scan automatically detects and reports known flaws but does not exploit them. A penetration test goes further and actively exploits weaknesses to prove impact.
A vulnerability scanner flags a weakness on a server, but investigation shows the flaw does not actually exist there. This result is a?
Correct answer: A. False positive
A false positive is an alert for something that is not really a problem. A false negative is a real issue that went undetected, and a true positive is a correctly identified real issue.
Permitting only a pre-approved set of applications to run on endpoints and blocking everything else is best described as?
Correct answer: A. Application allow listing
Allow listing (whitelisting) permits only approved applications and denies all others by default, which is very restrictive but strong. Block listing only denies known-bad items and allows the rest.
A decoy system is deliberately exposed with fake data to attract attackers so their methods can be studied. What is this called?
Correct answer: A. Honeypot
A honeypot is a decoy designed to lure and observe attackers. A jump server and a bastion host are hardened administrative gateways, and a proxy mediates client requests.
SecPlus Mastery covers all five SY0-701 domains with over 1,000 practice questions, timed mock exams, and spaced review that targets your weak spots so you walk in ready.
Original practice questions aligned to the CompTIA Security+ SY0-701 objectives. CompTIA and Security+ are trademarks of CompTIA, used here for identification only.