Loading…
The SY0-701 exam tests knowledge. The interview tests judgment. Here are the Security+ interview questions that actually come up in entry-level and mid-level security roles.
CompTIA Security+ (SY0-701) proves you understand security concepts. Hiring managers use the interview to find out if you can apply them. The questions below come up in SOC Analyst, Security Engineer, and IT Security Administrator interviews where Security+ is listed as a requirement or preference.
"What's the difference between a vulnerability, a threat, and a risk?"
Vulnerability: a weakness in a system. Threat: a potential cause of an incident (actor + vector). Risk: the probability that a threat will exploit a vulnerability multiplied by the impact. "Unpatched Apache server" = vulnerability. "Ransomware group targeting Apache" = threat. "Likelihood × Impact" = risk. This framing shows you understand risk management, not just security controls.
"Walk me through what happens when a user reports a phishing email."
Strong answer: user submits via report button or email. Tier 1 analyst reviews headers (Reply-To, sending IP, SPF/DKIM/DMARC pass/fail), checks URL against threat intel feeds, checks if any users clicked. If confirmed phishing: quarantine similar emails in Exchange/Defender, block sending domain, check if credentials were entered via MFA logs, update alert rules. Document in ticketing system. Brief users if widespread.
"Explain the CIA triad and give one real-world example of each."
Confidentiality: encryption protects patient data at rest (AES-256) and in transit (TLS 1.3). Integrity: file hashing (SHA-256) verifies a downloaded software installer wasn't tampered with. Availability: redundant power, load balancing, and backups ensure the EHR system stays accessible during hardware failure.
"What's the difference between symmetric and asymmetric encryption?"
Symmetric: same key encrypts and decrypts (AES, 3DES). Fast, good for bulk data. Key exchange problem: how do you share the key securely? Asymmetric: public/private key pair (RSA, ECC). Public key encrypts, private key decrypts. Slower. Used for key exchange and digital signatures. In practice: TLS uses asymmetric to negotiate a session key, then symmetric (AES-GCM) for the data transfer.
"What is a SOC and what does Tier 1 do?"
Security Operations Centre monitors and responds to security events. Tier 1 analysts triage alerts, investigate low/medium severity incidents, close false positives, escalate true positives to Tier 2. Tools: SIEM (Splunk, Sentinel, QRadar), EDR (Defender for Endpoint, CrowdStrike), ticketing (ServiceNow). Tier 1 is first responder — speed matters more than depth.
"How does multi-factor authentication work and why does it matter?"
MFA requires two or more factors: something you know (password), something you have (authenticator app, hardware token), something you are (biometric). Matters because password breaches are common — MFA stops credential stuffing attacks even when the password is compromised. Microsoft reports MFA blocks 99.9% of account compromise attacks.
"What's the MITRE ATT&CK framework?"
A knowledge base of adversary tactics and techniques based on real-world observations. Organised into 14 tactics (the "why": Initial Access, Execution, Persistence, Privilege Escalation, etc.) and techniques (the "how": Phishing, PowerShell, DLL Sideloading, etc.). SOC teams use it to map detections to the kill chain and identify coverage gaps. Defenders use it to prioritise controls.
"What is zero trust and how does it differ from traditional perimeter security?"
Traditional: trust everything inside the network perimeter, block everything outside. Zero trust: "never trust, always verify" — every access request is authenticated, authorised, and encrypted regardless of location. Core principles: verify explicitly (use all available signals), least-privilege access, assume breach. Implementation: Conditional Access, MFA, device compliance checks, micro-segmentation, no implicit trust for on-premises resources.
These questions are just the start. Use the Security+ course on InterviUni to study SY0-701 domains, then practise with the SOC Analyst or Cybersecurity mock interview to test your answers under realistic conditions.
Practice AI mock interviews, check your ATS score, or start a cert course — free.