CompTIA Security+ Domain 1: General Security Concepts — Free Practice Questions

About this domain

Every other Security+ domain assumes you already speak the language of security, and General Security Concepts — 12% of the SY0-701 exam — is where that fluency is tested. You are expected to compare security control categories and types — technical, managerial, operational, and physical, paired with preventive, deterrent, detective, corrective, compensating, and directive functions — and to recognize where each fits a scenario. An access control vestibule, for instance, is a physical preventive control, while a warning banner is directive.

The cryptography questions here stay conceptual rather than mathematical. You should be able to explain how a digital signature provides integrity and non-repudiation by signing a hash with a private key, why ephemeral keys give you perfect forward secrecy, where a SAN certificate differs from a wildcard, and how key storage hardware such as a TPM or HSM protects private keys. Certificate revocation through CRLs and OCSP also appears.

Zero trust gets real weight: know the split between the control plane and the data plane, and what a policy enforcement point actually does inline with a session. Round it out with the three A's of AAA — authentication, authorization, and accounting — change management steps like impact analysis and backout plans, and deception tools such as honeypots and honeytokens. The practice questions below mirror these objectives directly.

What Domain 1 covers

Compare security control categories (technical, managerial, operational, physical) and types (preventive, detective, corrective, compensating, directive)
Explain fundamental concepts: AAA, zero trust control and data planes, deception and disruption, physical security
Describe zero trust components including the policy enforcement point and policy decision point
Use appropriate cryptographic solutions: digital signatures, hashing, salting, asymmetric encryption
Apply certificate concepts: SAN vs wildcard, revocation (CRL/OCSP), ephemeral keys and perfect forward secrecy
Identify key storage hardware such as TPM and HSM for protecting private keys
Walk through change management processes including impact analysis, approval, and backout planning

Domain 1 quick glossary

The terms that show up most on Domain 1 questions — one line each.

Security control typeThe function a control performs — preventive, deterrent, detective, corrective, compensating, or directive.

Non-repudiationAssurance that a signer cannot later deny an action, provided by a digital signature over a hash.

Zero trustA model that verifies every request explicitly, never trusting based on network location alone.

Policy enforcement pointThe inline zero trust component that allows, denies, or terminates a session per the decision it receives.

AAAAuthentication, authorization, and accounting — verifying identity, granting access, and logging activity.

Perfect forward secrecyA property where ephemeral session keys prevent past traffic from being decrypted if a long-term key leaks.

HoneytokenA planted fake credential or file whose use signals that an intruder is present.

Impact analysisA change management step assessing the effect, risk, and rollback needs of a proposed change before approval.

Keep going

Practice the other domains, or go deeper with the full study materials.

Domain 2: Threats, Vulnerabilities & Mitigations22% · threat actors, malware, mitigations Domain 3: Security Architecture18% · architecture models, data protection Domain 4: Security Operations28% · incident response, monitoring, IAM Domain 5: Security Program Management & Oversight20% · governance, risk, compliance All Security++ practice testsFull sets · timed mocks