Exam SY0-701 Questions And Correct

CompTIA Security+ Certification Practice Exam (SY0-701) Questions And Correct Answers (Verified Answers) Plus Rationales 2026 Q&A | Instant Download Pdf

• Which of the following best defines the CIA triad?
• Control, Integrity, Accuracy
• Confidentiality, Integrity, Availability
• Compliance, Inspection, Authorization
• Communication, Identification, Assessment

The CIA triad represents the three main objectives of information

security: ensuring data confidentiality, maintaining integrity, and

ensuring availability.

• Which of the following is an example of multifactor authentication?
• Password and PIN
• Username and password
• Smart card and fingerprint
• Password and password hint 1 / 4

Multifactor authentication requires two or more factors from

different categories: something you know, have, or are.

• Which protocol is used to secure web traffic?

A. HTTP

B. HTTPS

C. FTP

D. SNMP

HTTPS encrypts HTTP traffic using TLS, ensuring secure communication over the web.

• Which of the following attacks involves sending unsolicited bulk

email?

• Spam
• Phishing
• Spoofing
• Sniffing

Spam is the mass sending of unsolicited emails, often for advertising or phishing purposes.

• Which of the following best describes a zero-day attack?
• Attack after patch release
• Attack exploiting a vulnerability before it’s patched
• Attack using old exploits
• Attack using social engineering 2 / 4

Zero-day attacks exploit unknown or unpatched vulnerabilities, giving defenders zero days to prepare.

• Which encryption algorithm is symmetric?

A. RSA

B. ECC

C. AES

D. DSA

AES (Advanced Encryption Standard) is a symmetric encryption algorithm using the same key for encryption and decryption.

• What is the main purpose of a digital signature?
• Encrypt data
• Ensure availability
• Verify integrity and authenticity
• Provide anonymity

Digital signatures confirm that data has not been altered and verify the sender’s identity.

• Which of the following is an example of a social engineering attack?
• SQL injection
• Phishing email
• DoS attack
• Buffer overflow

Phishing uses psychological manipulation to trick users into revealing sensitive information. 3 / 4

• What is the purpose of a VPN?
• Speed up internet traffic
• Secure data over public networks
• Prevent malware
• Block social media

VPNs encrypt traffic to protect confidentiality over untrusted networks.

• Which of the following is considered a physical security control?
• Firewall
• Antivirus
• Security guard
• Encryption

Physical controls protect hardware and personnel, such as locks or guards.

• What does IDS stand for?
• Internal Defense System
• Intrusion Detection System
• Internet Detection Software
• Internal Data Security

An IDS monitors network traffic for suspicious activity and alerts administrators.

• Which type of malware encrypts files and demands payment?
• Worm
• / 4