CompTIA Security+ SY0-701 Practice Test 2026 – 30 Advanced Questions
Complete this advanced practice test to boost your score.
Question 1: A penetration tester gains access using stolen credentials without exploiting any vulnerability. This technique is called:
Credential stuffing uses stolen credential lists to gain access — no vulnerability exploitation required.
Question 2: Which cryptographic algorithm provides BOTH encryption and message authentication?
AES-GCM (Galois/Counter Mode) provides authenticated encryption — both confidentiality AND integrity in a single operation.
Question 3: An attacker intercepts and alters communications between two parties who believe they are communicating directly. This is called:
Man-in-the-Middle (MitM) attacks intercept and potentially modify data between communicating parties.
Question 4: Which authentication factor represents ‘something you are’?
Biometrics (fingerprint, iris, face) represent ‘something you are’ — the inherence factor in authentication.
Question 5: A company wants to ensure data cannot be recovered after hard drive disposal. The MOST secure method is:
Degaussing (magnetic erasure) and physical destruction are the most secure methods — deleted files and formatting can be recovered.
Question 6: Which protocol provides SECURE remote administration of network devices?
SSH (Secure Shell) encrypts remote administration traffic. Telnet transmits in plaintext and should never be used for remote admin.
Question 7: An organisation implements a policy requiring all emails to be digitally signed. This PRIMARILY addresses which security goal?
Digital signatures verify the sender and ensure message integrity — also providing non-repudiation (sender cannot deny sending it).
Question 8: What type of malware disguises itself as legitimate software but contains hidden malicious functions?
Trojan horses appear legitimate but carry hidden malicious payloads — named after the Greek mythological wooden horse.
Question 9: A company suffers a DDoS attack. Which control MOST directly mitigates this threat?
CDNs with rate limiting absorb and distribute attack traffic across multiple nodes — the most direct DDoS mitigation technique.
Question 10: Which of the following BEST describes a zero-day vulnerability?
Zero-day = no patch exists because the vendor is unaware or has had zero days to respond. Extremely dangerous exploits.
Question 11: An analyst finds that an attacker moved from a compromised workstation to a domain controller without triggering alerts. This describes:
Lateral movement is the technique of moving through a network after initial access — using the workstation as a stepping stone to the DC.
Question 12: Which framework provides a globally recognized approach to incident response with phases: Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned?
The SANS Institute’s PICERL model is the classic IR framework: Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned.
Question 13: What does PKI (Public Key Infrastructure) primarily manage?
PKI manages the lifecycle of digital certificates and the asymmetric key pairs used for secure communications and identity verification.
Question 14: Which type of attack exploits improperly validated database queries?
SQL Injection inserts malicious SQL code into input fields that are then executed by the database — caused by lack of input validation.
Question 15: A website allows user-supplied input to be executed in other users’ browsers. This is called:
XSS injects malicious scripts into web pages viewed by other users — the script runs in their browser context.
Question 16: Which network security device inspects traffic at the Application Layer (Layer 7) of the OSI model?
NGFWs and WAFs perform Deep Packet Inspection at Layer 7, understanding application-layer protocols and content.
Question 17: What is the PRIMARY purpose of a Security Information and Event Management (SIEM) system?
SIEM centrally collects and correlates security events from across an environment to detect threats that individual tools might miss.
Question 18: An organisation uses a VPN for remote access but a user’s device is compromised. Which Zero Trust principle helps limit the impact?
Zero Trust = never trust, always verify. Least privilege limits what a compromised device can access even after authentication.
Question 19: Which encryption algorithm is considered QUANTUM-RESISTANT and is being standardized by NIST in 2024-2026?
NIST selected CRYSTALS-Kyber (now ML-KEM) as a post-quantum encryption standard — RSA and ECC are vulnerable to quantum attacks.
Question 20: A user receives an email appearing to be from their CEO asking for an urgent wire transfer. This is MOST likely:
Whaling/BEC specifically targets executives or impersonates executives to authorize financial transfers — a major financial threat.
Question 21: What does ‘defense in depth’ mean in cybersecurity architecture?
Defense in depth = layered security (physical, network, host, application, data) so attackers must defeat multiple controls.
Question 22: An attacker captures authentication tokens and replays them later. The BEST protection against this is:
Nonces (one-time values) and timestamps ensure authentication tokens expire quickly and cannot be replayed.
Question 23: Which principle states that users should only have the MINIMUM permissions necessary to perform their job?
Least privilege is the principle of granting only the access minimally required — reduces attack surface from compromised accounts.
Question 24: What is a honeyPOT in network security?
A honeypot is a deliberately vulnerable decoy system that lures attackers away from real assets and allows security teams to study attack methods.
Question 25: A security team detects unusual outbound traffic patterns at 3AM. This is MOST consistent with:
Unusual outbound traffic at off-hours is a classic indicator of data exfiltration or malware communicating with a C2 server.
Question 26: Which GDPR principle requires personal data to be kept only as long as necessary?
GDPR’s ‘storage limitation’ principle requires data to be retained only as long as needed for the stated purpose.
Question 27: An attacker gains domain administrator rights by exploiting a misconfigured service account with excessive privileges. This is:
Exploiting weak permissions to gain higher-level access = privilege escalation. The attacker elevated their rights within the system.
Question 28: What does MFA (Multi-Factor Authentication) MOST effectively protect against?
MFA’s primary strength is ensuring a stolen password alone is insufficient — a second factor (biometric, OTP) is still required.
Question 29: Which cloud security model places the MOST security responsibility on the customer?
In IaaS (Infrastructure as a Service), the customer manages OS, middleware, apps, and data — the cloud provider only secures hardware/hypervisor.
Question 30: A company is evaluating cybersecurity vendors. Which standard certifies an organisation’s information security management system (ISMS)?
ISO/IEC 27001 is the international standard for ISMS certification. SOC 2 is an audit report, not a certification standard.
