Domain 4: Security Operations
CompTIA Security+ (SY0-701) · this domain is approximately 28.0% of the exam · 126 practice questions.
Security Operations is the largest domain on SY0-701, carrying approximately 28% of the exam weight. It covers the day-to-day activities of a security practitioner: log analysis, incident response procedures, identity and access management, endpoint hardening, and vulnerability remediation workflows. Questions in this domain often present realistic scenarios requiring candidates to choose the correct response action, tool, or configuration change given a specific operational situation.
Key concepts
access control aes authentication breach notification certificate authority certificate revocation cleartext protocols command and control compliance comptia security+ containment credential exposure cryptography data privacy digital certificates digital signatures encryption firewall https human factor identity verification ids incident response intrusion detection log management malware mfa network protocols network security network segmentation network sniffing network traffic analysis patch management penetration testing pki propagation regulatory requirements risk management security awareness security controls security fundamentals security monitoring security principles security+ siem social engineering symmetric encryption threat detection threat intelligence tls virus vs worm vulnerability management web security zero-day
Free practice questions
What is the purpose of an Intrusion Detection System (IDS)?
Free question · easy · full answer + explanation
What is a social engineering attack?
Free question · easy · full answer + explanation
What is the purpose of a Security Information and Event Management (SIEM) system?
Free question · easy · full answer + explanation
Which protocol is used to secure web traffic?
Free question · easy · full answer + explanation
A company wants to implement a public key infrastructure (PKI) solution. Which component is responsible for issuing and revoking digital certificates?
Free question · easy · full answer + explanation
A penetration tester uses a tool to capture and analyze unencrypted authentication traffic on a network. What vulnerability is being exploited?
Free question · medium · full answer + explanation
What is the primary purpose of a firewall?
Free question · easy · full answer + explanation
Which compliance regulation specifically requires organizations to report data breaches involving personal information of US residents?
Free question · medium · full answer + explanation
What is the primary difference between a virus and a worm?
Free question · easy · full answer + explanation
Practice all 126 questions in this domain
The full CompTIA Security+ (SY0-701) bank includes 117 more questions in this domain, each with a verified answer and a written explanation.
- What should you do immediately after discovering a security breach? Unlock answer & explanation →
- An organization wants to prevent unauthorized applications from running on company computers. Which approach should be implemented? Unlock answer & explanation →
- An IoT device manufacturer fails to provide security updates for their devices. What is the GREATEST risk? Unlock answer & explanation →