General Security Concepts Practice Test

12-question drill on the General Security Concepts domain of the Security+ exam. Answer explanations included on every item.

12Questions
Practice 2Variant
CompTIAAdministering body
750 / 900Passing standard

Welcome to the General Security Concepts practice page for the CompTIA Security+ (SY0-701) exam. This drill is published by ExamEdge Prep against the official CompTIA blueprint and covers the General Security Concepts knowledge area in detail.

The exam runs 90 questions / 90 min and requires 750 / 900 to pass. Most candidates report needing 60–120 hours of focused review across the entire blueprint; this page contributes roughly five to seven percent of that prep time. Working the General Security Concepts objectives in isolation is the proven approach used by veteran tutors — Security+ questions in this knowledge area mix recognition (definitions, components, classifications) with applied scenarios that require you to weigh competing options under realistic time pressure. If you are pairing this drill with a textbook or LMS, log your incorrect answers in a single-row spreadsheet so the patterns surface after two or three sittings.

What’s tested in General Security Concepts

The General Security Concepts domain on the Security+ carries one of the heaviest weightings on the published blueprint. Expect to see questions that test (1) terminology and core definitions, (2) procedural sequencing — what to do first, second, and last in a multi-step process — and (3) judgment calls where two answer choices look defensible but only one is the best answer for the role being tested. The CompTIA emphasizes scenario-based items that simulate the day-to-day decisions of a credentialed practitioner; rote memorization will not be enough above the cut score.

Common pitfalls candidates fall into on this section include misreading qualifiers ("always," "never," "first," "primarily"), assuming generic best practice instead of the practice the exam blueprint specifically endorses, and burning time on items they should flag and return to. The questions on this page have been written with those traps embedded so you can see them coming on test day.

How to use this General Security Concepts practice set

Work each question without looking at the explanation. Mark the items you are unsure of even when you guess correctly — those are the high-leverage ones to study. After submitting, review every explanation, even on the items you got right; the rationale often introduces an exam-relevant nuance that will appear on a future drill in this series. Then move on to the next variant in the General Security Concepts sequence and repeat with a 24-hour gap so spaced repetition can do its work.

The investment to credential, including the Security+ exam fee, is non-trivial. Most candidates spend $404 USD plus study materials, application fees, fingerprinting, background checks, and the opportunity cost of study time. A retake doubles the financial cost and adds 30–90 days of delay before you can sit again. The honest payoff for thirty extra hours of high-quality drill is a first-attempt pass; this page is a piece of that thirty hours.

Recommended next steps

After completing this practice variant, move to a different domain on the same exam to build breadth, then return to General Security Concepts the following day for retention. The full exam outline for the Security+ credential is published by CompTIA; you can download the candidate handbook directly from the agency. ExamEdge Prep tracks the published outline and updates these drills whenever the blueprint changes — typically every 36 months for IT certifications and every five to seven years for state licensing exams.

Practice the General Security Concepts domain

Question 1 of 10
Which principle assigns each user only the privileges required to do their job?
Question 2 of 10
Which property of a hash function makes it suitable for verifying data integrity?
Question 3 of 10
Which frame of reference describes a control implemented to remediate a known vulnerability after a breach?
Question 4 of 10
Which control category is BEST represented by encryption of data at rest?
Question 5 of 10
Which document is a high-level statement of management intent regarding security?
Question 6 of 10
Defense in depth is BEST described as:
Question 7 of 10
Which framework is published by NIST to organize cybersecurity activities into Identify, Protect, Detect, Respond and Recover?
Question 8 of 10
Which model evaluates security by ensuring confidentiality, integrity and availability?
Question 9 of 10
Which deployment of MFA is MOST resistant to phishing attacks?
Question 10 of 10
Which authentication factor combination implements something you have + something you are?
Back to Security+