Domain 2: Threats, Vulnerabilities, and Mitigations

CompTIA Security+ (SY0-701) · this domain is approximately 22.0% of the exam · 99 practice questions.

Threats, Vulnerabilities, and Mitigations accounts for approximately 22% of the SY0-701 exam and is one of its heaviest-weighted domains. It covers how threat actors operate, the tactics they use (including social engineering, malware types, and application exploits), and how organizations identify and remediate weaknesses through vulnerability scanning and threat intelligence. Exam questions frequently ask candidates to select the correct mitigation for a described attack scenario, requiring both recognition of attack patterns and knowledge of defensive countermeasures.

Key concepts

access control authentication breach notification certificate authority compliance comptia security+ containment data privacy digital certificates digital signatures dmz encryption governance https identity verification incident response iso 27001 malware mfa network security network segmentation network traffic analysis nist csf non-repudiation patch management penetration testing pki risk management security awareness security controls security fundamentals security monitoring security principles security+ social engineering threat detection threat intelligence tls vulnerability management web security web server security zero-day

Free practice questions

An organization must ensure that employees cannot deny they authorized a transaction. Which security principle is being addressed?

Free question · easy · full answer + explanation

A security team discovers that attackers have compromised a web server and are using it to distribute malware to customers. What is the FIRST action that should be taken?

Free question · medium · full answer + explanation

Which of the following best describes a zero-day vulnerability?

Free question · easy · full answer + explanation

Practice all 99 questions in this domain

The full CompTIA Security+ (SY0-701) bank includes 96 more questions in this domain, each with a verified answer and a written explanation.

Which type of deception technology mimics production systems to detect and track attackers? Unlock answer & explanation →
Which of the following is NOT a SASE component? Unlock answer & explanation →
What is the primary difference between e-discovery and traditional document review in legal cases? Unlock answer & explanation →

Practice CompTIA Security+ (SY0-701) Questions Free