Try CompTIA Security+
Get a taste before you commit — no account needed. Then a free account unlocks 25 questions with readiness tracking, no card required.
Get full access to CompTIA Security+
All questions, timed exams, flashcards, PDF study guide download & progress tracking.
This course
$9.99
one-time
Monthly
$12.99
per month · all courses
Takes 30 seconds — create a free account, then straight to checkout. Already have an account? Sign in
CompTIA · Exam reference
About the CompTIA Security+ exam
The CompTIA Security+ (SY0-701) is the world's most recognised entry-level cybersecurity certification, trusted by employers, government agencies, and the US Department of Defense (DoD 8140 approved). It validates the core skills every security professional needs: identifying threats and vulnerabilities, securing hybrid environments, responding to incidents, and applying governance, risk, and compliance principles.The exam covers five domains: General Security Concepts, Threats Vulnerabilities and Mitigations, Security Architecture, Security Operations, and Security Program Management and Oversight. You'll face up to 90 questions (multiple choice plus performance-based) in 90 minutes, with a passing score of 750 out of 900.Security+ is the launchpad for SOC analyst, security engineer, and GRC roles, and it's the foundation for every advanced cert that follows.
10
Sample questions
90 min
Exam time limit
70%
Passing score
$392
Exam voucher
CompTIA Security+ (SY0-701) is the most widely held entry-level cybersecurity certification in the world, and the baseline standard for IT security roles across both the private sector and US federal government. It is approved under DoD 8570/8140, making it a mandatory requirement for many defence and government contractor positions. Security+ validates that you can assess the security posture of an enterprise environment, recommend and implement appropriate security solutions, monitor and secure hybrid environments, and respond to security incidents. The exam covers five domains: Security Program Management and Oversight; Security Operations; Security Architecture; Threats, Vulnerabilities, and Mitigations; and General Security Concepts. Security+ is vendor-neutral, meaning the skills it certifies apply across all technology platforms and cloud providers. It is the ideal next step after CompTIA Network+ or for IT professionals moving into a dedicated security role.
Exam Domains Covered
Exam Format & Details
The CompTIA Security+ exam (SY0-701) consists of a maximum of 90 questions, including multiple-choice and performance-based questions (PBQs). The time limit is 90 minutes. The passing score is 750 on a scale of 100–900. The exam is available at Pearson VUE test centres worldwide or via online proctoring. The exam voucher costs $392 USD. CompTIA recommends (but does not require) CompTIA Network+ certification and two years of IT experience with a security focus before sitting Security+. Results are available immediately for computer-based testing.
Why Practice Questions Matter
Security+ uses performance-based questions (PBQs) alongside multiple-choice, which means some questions require you to interact with simulated environments — configuring firewalls, analysing logs, or identifying vulnerabilities in a network diagram. You cannot pass Security+ through memorisation alone. Timed practice builds the fluency you need to move through scenario questions quickly and confidently. CertCrush questions are written to match the SY0-701 domain weighting, so your practice time targets the areas that actually appear on the exam.
Sample Practice Questions
The following questions are a preview of the type of syllabus-aligned questions you will practise in CertCrush. They reflect the format and reasoning style of the CompTIA Security+ exam — not actual exam content.
Q1.A banking web application lets a signed-in user change their account password by submitting a form. An attacker builds a malicious web page that, when opened by a victim who is currently authenticated to the bank in another tab, silently submits a password-change request to the bank on the victim's behalf — without the victim realising it. Which control would BEST prevent this cross-site request forgery (CSRF) attack?
- A.Input validation to sanitize the new password value submitted in the reset form
- B.Server-side request filtering to block requests from internal IP addresses
- C.Anti-CSRF tokens embedded in forms that tie each request to the user's authenticated session
- D.Rate limiting on the password reset endpoint to prevent rapid submission
Domain: Threats, Vulnerabilities, and Mitigations
Q2.A healthcare organization's security team conducts a penetration test specifically targeting the physical access controls at its data center, including attempting to tailgate employees through secure doors and testing whether security guards can be socially engineered. What type of testing is this?
- A.Unknown environment testing
- B.Red team social engineering
- C.Physical penetration testing
- D.Blue team defensive exercise
Domain: Security Program Management and Oversight
Q3.A penetration test reveals that developers have been testing applications using a copy of the live customer database containing real Social Security numbers. Which data security method should have been applied before creating the test copy?
- A.Masking
- B.Encryption
- C.Tokenization
- D.Hashing
Domain: Security Architecture
Q4.A security analyst reviews logs showing that a web application returned HTTP 500 errors immediately after unusual input strings were submitted. Which data source would provide the MOST useful information for investigating a possible injection attack?
- A.Network logs
- B.Firewall logs
- C.Application logs
- D.IPS logs
Domain: Security Operations
Q5.A pharmaceutical company shares clinical trial data with a research partner but replaces patient names and birth dates with realistic fictitious values. The partner receives structurally accurate but non-sensitive data. Which technique is being used?
- A.Tokenization
- B.Encryption
- C.Steganography
- D.Data masking
Domain: General Security Concepts
Frequently Asked Questions
What is included in the free CompTIA Security+ sample?
The free sample includes 10 syllabus-aligned practice questions, sample flashcards, and a preview chapter from the study guide. No account or payment is required to try the sample.
How many questions are in the full CompTIA Security+ course?
The full course includes a comprehensive question bank covering all exam domains. You can see the total question count on the CompTIA Security+ course page.
Are these official CompTIA exam questions?
No. CertCrush questions are independently written and syllabus-aligned — they mirror the format, difficulty, and reasoning style of the official exam. We are not affiliated with or endorsed by CompTIA.
Which domains does the CompTIA Security+ course cover?
The course covers 5 exam domains: Security Program Management and Oversight, Security Operations, Security Architecture, Threats, Vulnerabilities, and Mitigations, General Security Concepts.
Can I study on mobile?
Yes. CertCrush is fully responsive and works on phones, tablets, and desktops. The timed exam, flashcards, and study guide all work on mobile without installing an app.
What happens when I create an account?
Creating a free account lets you access full courses, track your weak areas by domain, and resume practice sessions across devices. No credit card is required to register.