Free CompTIA Security+ (SY0-701) practice test
Every question below is original, written against the SY0-701 exam objectives, and comes with a full explanation — no braindumps, no recycled question banks. CertBench holds 800+ Security+ questions across all five domains, weighted the way the real exam weights them.
Try the samples, then take the free 25-question diagnostic to get a readiness score that tells you exactly which domains need work.
What the exam covers
Sample questions
Pick an answer to see instant grading and the explanation — the same experience as the full bank of 842 questions.
1.An organization implements a system in which employees attempting to access the corporate VPN are evaluated against the following conditions before access is granted: their device must have a current antivirus signature file, the operating system must not have critical patches outstanding for more than 72 hours, and the connection must originate from a recognized country. Employees whose devices fail any condition are redirected to a remediation portal rather than granted VPN access. Which access control concept does this system implement?
2.A company uses OpenID Connect (OIDC) to allow users to log in to its application using their Google account. Which IAM function does OIDC provide in this scenario?
3.An organisation enforces a policy that each user account must only have the minimum permissions necessary to perform the user's assigned job duties and nothing more. Which principle does this policy implement?
4.A security engineer is hardening a Linux web server. They configure the web server process to run under a dedicated service account that has read access to web content directories, write access to log directories, and no other filesystem permissions. The account cannot execute system binaries outside the web server application, cannot access other users' home directories, and has no sudo privileges. If the web server process is compromised, the attacker operates within the constraints of this account. Which security principle does this configuration most directly implement, and what is its defensive value in a compromise scenario?
5.A security analyst is reviewing an embedded RTOS device used in a medical infusion pump. The device has no user interface and communicates only via a proprietary protocol over a local network. Which security control is MOST feasible to implement on this device?
6.An attacker sends an email with a PDF attachment that exploits a vulnerability in the PDF reader to execute malicious code. Which threat vector does this represent?
Find out if you'd pass today
Take the free 25-question diagnostic and get a readiness score with a domain-by-domain breakdown — then a daily study plan built from your actual weak spots.
Take the free diagnosticFrequently asked questions
How many questions are on the Security+ exam?
The SY0-701 exam has a maximum of 90 questions — a mix of multiple-choice and performance-based questions (PBQs) — in 90 minutes. Most candidates see fewer than 90 because PBQs count for more.
What score do I need to pass Security+?
You need 750 on a scale of 100–900. CompTIA doesn't publish a percentage, but 750/900 is commonly treated as roughly 83%, so aim to score consistently above that on practice exams before booking.
Are these real Security+ exam questions?
No — using leaked exam content (braindumps) violates CompTIA's policies and can void your certification. CertBench questions are original items written to cover the same SY0-701 objectives at exam-level difficulty, each with an explanation of why the right answer is right.
How should I use practice tests to prepare?
Take a diagnostic first to find your weak domains, drill those domains until they turn green, and use spaced repetition on every question you miss. Save full-length timed exams for the final two weeks. CertBench automates that sequence into a daily plan.