CompTIA Security+ Domain 4: Security Operations — Free Practice Questions

About this domain

Security Operations is where the day-to-day work of defending an enterprise actually happens, and on the SY0-701 exam it carries the most weight of any single area at 28% of your score. That makes Domain 4 the one section you cannot afford to coast through. Expect questions that put you in the analyst's chair: deploying a secure baseline to 200 fresh Windows workstations, deciding how to sanitize drives that held regulated data before they move to a test lab, or reading a CVSS v3.1 base score to decide which finding gets patched first.

The domain spans a wide and practical set of skills. You will hardening computing resources and mobile deployment models, asset management from acquisition through certified disposal, vulnerability management with CVE and CWE catalogs, and alerting and monitoring built on SIEM log aggregation, flow data, and agent versus agentless collection. It also folds in identity and access management — authentication factors, federation, SSO, and SAML — plus automation and orchestration through SOAR playbooks and CI/CD guardrails.

Incident response ties it together: knowing the process phases, respecting order of volatility when collecting evidence, and pulling firewall logs and other data sources to support an investigation. The questions below mirror that scenario-driven style so you build the judgment the exam rewards.

What Domain 4 covers

Apply secure baselines and hardening to computing and mobile resources
Implement asset management including disposal and data sanitization
Run vulnerability management activities with CVSS scoring and validation
Use monitoring and alerting tools such as SIEM, flow data, and DLP
Maintain identity and access management with federation, SSO, and MFA
Apply automation and orchestration including SOAR and CI/CD guardrails
Execute incident response phases and investigate with the right data sources

Domain 4 quick glossary

The terms that show up most on Domain 4 questions — one line each.

Secure baselineA known-good, hardened configuration enforced consistently across systems before they go live.

Data sanitizationSecurely wiping or destroying data on retired media so it cannot be recovered.

CVSSScoring framework whose base metrics (like Attack Vector) rank a vulnerability's severity for prioritization.

CVE vs CWECVE catalogs specific known vulnerabilities; CWE catalogs the underlying weakness types behind them.

SIEMA platform that aggregates and correlates logs from many sources to surface security alerts.

DLPData loss prevention controls that detect and block unauthorized exfiltration of sensitive data.

Federation / SSOTrust between identity providers (often via SAML) that lets one login grant access across multiple services.

SOARSecurity orchestration, automation, and response tooling that runs playbooks to handle alerts at machine speed.

Order of volatilityThe sequence for collecting evidence, capturing the most fleeting data (memory, cache) before stable storage.

Keep going

Practice the other domains, or go deeper with the full study materials.

Domain 1: General Security Concepts12% · CIA triad, controls, crypto Domain 2: Threats, Vulnerabilities & Mitigations22% · threat actors, malware, mitigations Domain 3: Security Architecture18% · architecture models, data protection Domain 5: Security Program Management & Oversight20% · governance, risk, compliance All Security++ practice testsFull sets · timed mocks