Security+ (SY0-701)

Prepare for Security+ (SY0-701) with CompTIA practice questions covering 36 topics. Part of CompTIA Security+ — build your knowledge and track your progress with TIA Prep.

Questions: 105
Topics: 36
Access: Premium

What’s in it.

36 topics

Topic 01
Security Controls Categories
Coming soon
Topic 02
Basic Cryptography Concepts
Coming soon
Topic 03
PKI and Certificate Management
Coming soon
Topic 04
Authentication Methods
Coming soon
Topic 05
Authentication Protocols
30 questions
Topic 06
Malware Types and Indicators
30 questions
Topic 07
Social Engineering Techniques
Coming soon
Topic 08
Application Vulnerabilities
Coming soon
Topic 09
Network Attacks
Coming soon
Topic 10
Password Attacks
Coming soon
Topic 11
Threat Intelligence and Indicators of Compromise
Coming soon
Topic 12
Vulnerability Scanning and Assessment
Coming soon
Topic 13
Penetration Testing Concepts
Coming soon
Topic 14
Cloud Security Architecture
Coming soon
Topic 15
Network Security Architecture
Coming soon
Topic 16
Secure Network Design
Coming soon
Topic 17
Infrastructure Security
Coming soon
Topic 18
Data Protection Architecture
Coming soon
Topic 19
Resilience and Redundancy
Coming soon
Topic 20
Embedded and Specialised System Security
Coming soon
Topic 21
Identity and Access Management (IAM)
Coming soon
Topic 22
Endpoint Security
Coming soon
Topic 23
Monitoring and Logging
Coming soon
Topic 24
Incident Response
Coming soon
Topic 25
Digital Forensics
Coming soon
Topic 26
Vulnerability Management
Coming soon
Topic 27
Security Automation and Orchestration
Coming soon
Topic 28
Firewall and Network Security Tools
Coming soon
Topic 29
Cryptographic Implementation
Coming soon
Topic 30
Risk Management
Coming soon
Topic 31
Compliance Frameworks and Regulations
Coming soon
Topic 32
Data Privacy and Governance
45 questions
Topic 33
Security Policies and Procedures
Coming soon
Topic 34
Third-Party Risk and Supply Chain Security
Coming soon
Topic 35
Security Awareness Training
Coming soon
Topic 36
Business Continuity and Disaster Recovery
Coming soon

Sample questions

3 of many

A few questions from this unit, with the answer and a full explanation. The complete bank is available when you start practising.

An individual requests that an organisation delete all personal data held about them. Which GDPR right are they exercising?
- Right of access
- Right to erasure
  Correct answer
- Right to object
- Right to data portability
Explanation
The right to erasure, commonly known as the 'right to be forgotten,' is established in GDPR Article 17. It allows data subjects to request the deletion of their personal data in specific circumstances, such as when the data is no longer necessary for the original purpose or when consent is withdrawn. The key takeaway is that the right to erasure is the GDPR mechanism for requesting deletion of personal data.
What is the default port for unencrypted LDAP traffic?
- 389
  Correct answer
- 3268
- 88
- 445
Explanation
LDAP (Lightweight Directory Access Protocol) uses port 389 by default for unencrypted directory queries and bind operations. For encrypted LDAP over TLS (LDAPS), port 636 is used. The Global Catalog service, which enables forest-wide directory searches in Active Directory, uses port 3268 for unencrypted traffic and 3269 for encrypted traffic. The Security+ exam tests these port associations frequently, as they are relevant to firewall rules and identifying whether directory traffic is protected in transit.
A threat actor obtains the KRBTGT account hash from a domain controller and uses it to forge Ticket Granting Tickets granting unlimited domain access. What is this attack called?
- Golden Ticket attack
  Correct answer
- Pass-the-Hash attack
- Silver Ticket attack
- Pass-the-Ticket attack
Explanation
A Golden Ticket attack involves forging a Ticket Granting Ticket by using the KRBTGT account's password hash. Because TGTs are encrypted with the KRBTGT key, a forged TGT appears valid to all domain services. This grants the attacker effective domain administrator access for as long as the KRBTGT hash remains unchanged. Remediation requires rotating the KRBTGT password twice in quick succession to invalidate all outstanding tickets. This distinguishes it from a Silver Ticket, which targets individual service accounts rather than the KRBTGT key.

Security+ (SY0-701)

Security Controls Categories

Basic Cryptography Concepts

PKI and Certificate Management

Authentication Methods

Authentication Protocols

Malware Types and Indicators

Social Engineering Techniques

Application Vulnerabilities

Network Attacks

Password Attacks

Threat Intelligence and Indicators of Compromise

Vulnerability Scanning and Assessment

Penetration Testing Concepts

Cloud Security Architecture

Network Security Architecture

Secure Network Design

Infrastructure Security

Data Protection Architecture

Resilience and Redundancy

Embedded and Specialised System Security

Identity and Access Management (IAM)

Endpoint Security

Monitoring and Logging

Incident Response

Digital Forensics

Vulnerability Management

Security Automation and Orchestration

Firewall and Network Security Tools

Cryptographic Implementation

Risk Management

Compliance Frameworks and Regulations

Data Privacy and Governance

Security Policies and Procedures

Third-Party Risk and Supply Chain Security

Security Awareness Training

Business Continuity and Disaster Recovery