ExamworthyExamworthy
Open the appStart free
SY0-701 practice questionsFull study guide
Examworthyexamworthy.com

CompTIA Security+ (SY0-701) cheat sheet

CompTIA

Exam version 2023Reviewed 2026-06-03

Free to share. Examworthy is not affiliated with or endorsed by CompTIA; SY0-701 and related marks belong to their respective owners.

At a glance

Maximum of 90 questions
Questions
90 min
Time allowed
750 / 900
Pass mark
$425
Cost (USD)

Format: Multiple choice and performance-based, at Pearson VUE testing center or online proctored

Domain weight map

Heaviest first - spend your time here
Security Operations28% · 83 Q
Threats, Vulnerabilities, and Mitigations22% · 65 Q
Security Program Management and Oversight20% · 60 Q
Security Architecture18% · 54 Q
General Security Concepts12% · 36 Q

How this exam thinks

SY0-701 rewards recognising the best control or response in a messy scenario, not reciting definitions, so train judgement on worked questions, not flashcards alone.

Spot the trap

Tempting wrong answers, and why they fail

Tempting but wrong

A quick format from the OS installer wipes the disk well enough to defeat forensic recovery before donation.

Why it fails

A quick format only rewrites filesystem metadata and leaves the underlying sectors intact, so commodity recovery tools can restore the manifests and payroll files. It appears to wipe the disk but does not satisfy the forensic non-recoverability requirement.

Security Operations

Tempting but wrong

Long dwell time inside a utility network must indicate an organised cybercrime gang preparing a ransomware extortion demand.

Why it fails

Utilities are common ransomware targets, but the long dwell time, lack of disruption, and theft of engineering diagrams point to espionage rather than financially motivated extortion.

Threats, Vulnerabilities, and Mitigations

Tempting but wrong

Will a board-approved information security policy fix inconsistent responder behaviour during ransomware events?

Why it fails

No. A policy expresses managerial intent and accountability at a high level; it does not prescribe the ordered operational steps responders need, which is exactly the gap an incident review surfaces when teams handle an outbreak inconsistently.

Security Program Management and Oversight

Tempting but wrong

Do containers isolate microservices from peers by default, removing the need for network segmentation?

Why it fails

No. Container runtimes share a host kernel and a flat pod network unless deliberate network policies, service meshes, or namespaces enforce segmentation. Assuming default isolation is a common misconception that leaves east-west traffic wide open.

Security Architecture

Tempting but wrong

If authorised clinicians cannot see records during an outage, is that a confidentiality failure?

Why it fails

No. Confidentiality concerns unauthorised disclosure, not denial of access to authorised users. A read outage may also affect confidentiality if data was exfiltrated, but a four-hour inability to reach charts is fundamentally an availability problem.

General Security Concepts

Tempting but wrong

Physically shredding each drive is the best way to prepare working laptops for charity donation.

Why it fails

Shredding destroys the data beyond forensic recovery but also removes the storage that makes the laptops functional, so the charity would receive incomplete units. The requirement is to keep the chassis in working order, which this approach breaks.

Security Operations

Tempting but wrong

Any employee action that places customer data outside the organisation's perimeter should be classified as a malicious insider exfiltrating records to harm the employer.

Why it fails

Tempting because data left the perimeter, but the marketing team's intent was operational efficiency rather than sabotage, which distinguishes shadow IT from a malicious insider.

Threats, Vulnerabilities, and Mitigations

Tempting but wrong

Does referencing an industry standard such as ISO/IEC 27035 give responders the ordered actions they need at 02:00?

Why it fails

No. A standard sets the criteria a programme should meet and is tempting because it carries authority, but it stops short of the ordered ransomware-specific actions a responder follows on shift. Standards define what good looks like; procedures define the executed steps.

Security Program Management and Oversight

Key terms

secure baselineshardening targetsmobile solutionswireless securityapplication securityacquisition/procurementasset inventoryownershipsecure disposaldata sanitizationvulnerability scanningpenetration testingCVSSremediationresponsible disclosureSIEM

Exam-day rules

  • Read the last line of the question first. It tells you what is actually being asked, so you can scan the scenario for the answer instead of memorising every detail.
  • Choose the best option, not merely a correct one. Several answers are often valid security measures; the exam wants the one that fits the scenario as written.
  • Treat the performance-based questions with care but do not let them trap you. They open the exam and take longest; if one stalls you, flag it and return so it does not eat the marks waiting later.
  • Distrust absolutes. Options that say always, never, or block everything are usually wrong, because real security is proportionate to risk.
  • When two answers look right, pick the one that follows process: contain before eradicate, least privilege, change management, the measured response over the extreme.

Revision schedule

  1. Day 1
    Map the blueprint and book a date
  2. Week 1
    Lock the vocabulary (Domain 1)
  3. Weeks 1 to 3
    Go deep on threats and operations (Domains 2 and 4)
  4. Weeks 3 to 4
    Cover architecture and governance (Domains 3 and 5)
  5. Week 4
    Rehearse the performance-based questions

Practise SY0-701 free

Every question has a worked explanation and a per-distractor rationale. No sign-up.

576 audited flashcards in this deck.

Practise SY0-701 free
Examworthy - CompTIA Security+ (SY0-701) cheat sheet. Free to share.examworthy.com