CompTIA Security+ Practice Test: 25 Questions on Threats and Attacks

Anyone researching Security+ threats practice test eventually runs into the same question: what does Security+ actually demand? CompTIA's current Security+ exam is SY0-701, launched on November 7, 2023. It is a single-exam certification priced at $425, capped at maximum of 90 questions, timed at 90 minutes, and scored on a 100–900 scale with 750 required to pass. That concrete structure is why advice for other certs often breaks down here.

What does a good Security+ practice set need to do?

A useful practice set for Security+ has to mirror the exam's breadth and timing. CompTIA's current exam is SY0-701, with a maximum of 90 questions in 90 minutes, a passing score of 750 on a 100–900 scale, and PBQs appearing near the front of the exam experience for many candidates. That means a practice set should not only ask definitions. It should force you to identify the best control, the next incident-response step, the relevant port, the likely attack path, or the weak point in a trust chain.

CompTIA's official Security+ page lists these five SY0-701 domains and weights: General Security Concepts — 12%; Threats, Vulnerabilities, and Mitigations — 22%; Security Architecture — 18%; Security Operations — 28%; Security Program Management and Oversight — 20%. Those weights matter. Security Operations is 28%, so hardening, monitoring, vulnerability management, IAM operations, and incident response get more exam space than any other area.

Practice Questions

Question 1

Q: A spoofed email asking for password reset credentials is what?
Answer: Phishing
Why it matters on SY0-701: It is a message-based credential theft attack.

Question 2

Q: A fake help-desk phone call asking for an MFA code is what?
Answer: Vishing
Why it matters on SY0-701: Voice phishing occurs over a call.

Question 3

Q: Text-message lure with a fake package alert?
Answer: Smishing
Why it matters on SY0-701: SMS-based phishing is smishing.

Question 4

Q: Executive-targeted fraud email?
Answer: Whaling
Why it matters on SY0-701: Whaling targets senior leadership.

Question 5

Q: Using one password against many accounts?
Answer: Password spraying
Why it matters on SY0-701: The attacker rotates usernames to avoid lockout.

Question 6

Q: Trying many leaked username/password pairs?
Answer: Credential stuffing
Why it matters on SY0-701: Attackers reuse breached credentials.

Question 7

Q: Encrypts files for payment?
Answer: Ransomware
Why it matters on SY0-701: Availability is the main impact.

Question 8

Q: Self-replicating malware without user action?
Answer: Worm
Why it matters on SY0-701: Worms spread on their own.

Questions 9–25

Questions 9 through 25 continue covering the Threats, Vulnerabilities, and Mitigations domain at 22% of SY0-701. Topics include malware categories, vulnerability types, attack indicators, threat actor motivations, and mitigation strategies. Each question is paired with an explanation connecting the answer to exam-relevant logic.

How should you score yourself after a Security+ practice round?

Look for patterns, not a raw percentage alone. Missing one item about port 3389 is a memory gap. Missing five questions that all involve control selection, least privilege, or containment order points to a domain weakness.

Our CompTIA Security+ study guide covers all five SY0-701 domains with domain-weighted practice questions, a performance-based question walkthrough, a ports and protocols cheat sheet, and a 6-week study schedule built around the exam's actual content weighting. Available as an instant PDF download at securitypluscertprep.com/guide.

If you want to go further, SimpuTech's Security+ AI tutor can walk you through practice questions, explain threat scenarios in plain language, and build a personalized study plan around your weak domains. Try it at SimpuTech.com.