CompTIA SY0-701 Sample Questions with Explanations

These original sample questions are designed to help you check how the exam topics appear in decision-style prompts. They are not taken from the live exam.

Use these sample questions as a guided self-assessment for CompTIA Security+ (SY0-701) topics such as threats, vulnerabilities, controls, identity, architecture, operations, incident response, governance, risk, and compliance. The prompts emphasize choosing a practical control that reduces risk without breaking the environment.

Where these questions fit in the SY0-701 guide

The sample set below is part of the CompTIA SY0-701 guide path:

• CompTIA certification hub
• SY0-701 exam guide
• SY0-701 cheat sheet
• SY0-701 study plan
• SY0-701 FAQ
• SY0-701 resources
• SY0-701 glossary

SY0-701 security sample questions

Work through each prompt before opening the explanation. Security+ questions usually reward the control that fits the risk, preserves evidence, and respects least privilege.

Question 1

Topic: Phishing response

A user reports entering credentials into a suspicious login page. The user still has access to the account. What should the security team do first?

• A. Ignore the report unless money has been stolen.
• B. Reset the user’s credentials, revoke active sessions where possible, review account activity, and preserve evidence for investigation.
• C. Post the user’s password in the ticket for visibility.
• D. Disable logging to avoid storing sensitive data.

Best answer: B

Explanation: The account may be compromised. The response should contain the credential risk, check for misuse, and preserve evidence without exposing the password further.

Why the other choices are weaker:

• A delays containment.
• C creates another credential exposure.
• D destroys visibility needed for investigation.

What this tests: Applying incident-response judgment to a credential compromise scenario.

Related topics: Phishing; Credential compromise; Incident response; Evidence

Question 2

Topic: Least privilege control

A service account only needs to read files from one application folder. It currently has administrator permissions on the server. Which change best reduces risk?

• A. Share the administrator password with fewer people but keep the same permissions.
• B. Disable file auditing.
• C. Replace administrator permissions with narrowly scoped read access to the required folder.
• D. Give the service account interactive login rights for convenience.

Best answer: C

Explanation: Least privilege means the account receives only the access required for its task. Read access to the specific folder is a better fit than broad administrator rights.

Why the other choices are weaker:

• A leaves excessive privilege in place.
• B reduces visibility.
• D increases misuse risk for a non-human account.

What this tests: Applying least privilege to service accounts and file access.

Related topics: Least privilege; Service accounts; Access control; Risk reduction

Question 3

Topic: Control for lost laptops

A company is concerned that lost laptops could expose locally stored customer data. Which control most directly protects the data if a device is stolen while powered off?

• A. A longer desktop wallpaper message.
• B. Disabling screen lock timers.
• C. Using a faster Wi-Fi standard.
• D. Full-disk encryption with protected keys and enforced authentication.

Best answer: D

Explanation: Full-disk encryption protects data at rest when the device is lost or stolen, assuming keys and authentication are managed correctly.

Why the other choices are weaker:

• A does not protect stored data.
• B weakens endpoint protection.
• C affects wireless performance, not data-at-rest exposure.

What this tests: Matching a data-at-rest risk to the control that directly mitigates it.

Related topics: Encryption; Data at rest; Endpoint security; Lost device

Tech Exam Lexicon and IT Mastery are independent study tools. They are not affiliated with, endorsed by, or sponsored by the exam vendor.