Sample CompTIA Security+ exam questions and answers

The CompTIA Security+ exam covers a wide swath of topics, from threats to compliance to architecture. Test what you know about malware with these sample test questions.

The vendor-neutral CompTIA Security+ certification is an ideal first step for those starting down a cybersecurity career path. From newcomers fresh out of college to professionals looking for a career change, those pursuing Security+ will emerge with a wealth of cybersecurity knowledge, as well as a certification that illustrates they are ready for their first foray into security.

The certification is geared toward systems administrators, security administrators, security specialists, security engineers, network administrators, junior IT auditors, penetration testers and security consultants.

The exam covers five broad domains:

  1. Attacks, Threats and Vulnerabilities (24% of the exam)
  2. Architecture and Design (21%)
  3. Implementation (25%)
  4. Operations and Incident Response (16%)
  5. Governance, Risk and Compliance (14%)

Test-takers have 90 minutes to complete the $370 exam composed of up to 90 multiple-choice and performance-based questions. A passing grade of 750 or higher is required, based on a scale of 100-900. The test can be taken in person at a Pearson VUE testing center or online via the Pearson VUE online testing service.

Now in version SY0-601 -- SY0-501 will retire on July 31, 2021 -- the exam has no formal prerequisites, though CompTIA Network+ and experience in IT administration with some cybersecurity knowledge are recommended.

Before taking the test, use the following CompTIA Security+ exam questions to test your knowledge of malicious code. Excerpted from Chapter 3 of CompTIA Security+ Study Guide Exam SY0-601, Eighth Edition, written by Mike Chapple and David Seidl and published by Wiley, these questions are representative of those on the exam.

Good luck!

CompTIA Security+ Study Guide Exam SY0-601 cover image

More on CompTIA Security+ Study Guide

Learn about this title from publisher Wiley.

Read a Q&A with the authors, where they chat about pre- and post-exam activities, as well as studying best practices.

About the authors

Mike ChappleMike Chapple

Mike Chapple, Ph.D., CISSP, Security+, is author of the best-selling CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide (Sybex, 2021) and CISSP (ISC)2 Official Practice Tests (Sybex, 2021). He is an information security professional with two decades of experience in higher education, private sector and government.

Chapple currently serves as a teaching professor in the IT, analytics and operations department at the University of Notre Dame's Mendoza College of Business, where he teaches undergraduate and graduate courses on cybersecurity, data management and business analytics.

Before returning to Notre Dame, Chapple served as executive vice president and CIO of the Brand Institute, a Miami-based marketing consultancy. He also spent four years in the information security research group at the National Security Agency and served as an active duty intelligence officer in the U.S. Air Force.

Chapple is technical editor for Information Security and has written more than 25 books. He earned both his bachelor's and doctoral degrees from Notre Dame in computer science and engineering. Chapple also holds a master's degree in computer science from the University of Idaho and a master's degree in business administration from Auburn University. He holds the Cybersecurity Analyst+ (CySA+), Security+, Certified Information Security Manager, Certified Cloud Security Professional and CISSP certifications.

Learn more about Chapple and his other security certification materials at his website,

David SeidlDavid Seidl

David Seidl is vice president of IT and CIO at Miami University. During his IT career, he has served in a variety of technical and information security roles, including serving as the senior director for campus technology services at the University of Notre Dame, where he co-led Notre Dame's move to the cloud and oversaw cloud operations, ERP, databases, identity management and a broad range of other technologies and services. He also served as Notre Dame's director of information security and led Notre Dame's information security program. He has taught information security and networking undergraduate courses as an instructor for Notre Dame's Mendoza College of Business and has written books on security certifications and cyber warfare, including co-authoring CISSP (ISC)2 Official Practice Tests (Sybex 2021), as well as the previous editions of both this book and the companion CompTIA CySA+ Practice Tests: Exam CS0-001.

Seidl holds a bachelor's degree in communication technology and a master's degree in information security from Eastern Michigan University, as well as CISSP, CySA+, PenTest+, GIAC Penetration Tester and GIAC Certified Incident Handler certifications.

Dig Deeper on Careers and certifications

Enterprise Desktop
  • Understanding how GPOs and Intune interact

    Group Policy and Microsoft Intune are both mature device management technologies with enterprise use cases. IT should know how to...

  • Comparing MSI vs. MSIX

    While MSI was the preferred method for distributing enterprise applications for decades, the MSIX format promises to improve upon...

  • How to install MSIX and msixbundle

    IT admins should know that one of the simplest ways to deploy Windows applications across a fleet of managed desktops is with an ...

Cloud Computing