Is the Security+ SY0-701 practice exam free?

Yes, all 12 Security+ SY0-701 practice exams on SecurityPlus Studio are completely free — no account, no credit card, no paywall. Access 1,080 questions instantly.

How many questions are on the CompTIA Security+ SY0-701 exam?

The CompTIA Security+ SY0-701 exam has a maximum of 90 questions including multiple-choice and performance-based questions (PBQs). The exam time limit is 90 minutes and the passing score is 750 out of 900.

What domains are covered in Security+ SY0-701?

Security+ SY0-701 covers 5 domains: General Security Concepts (12%), Threats, Vulnerabilities and Mitigations (22%), Security Architecture (18%), Security Operations (28%), and Security Program Management and Oversight (20%).

What is the passing score for Security+ SY0-701?

The passing score for CompTIA Security+ SY0-701 is 750 on a scale of 100-900. This is approximately 83%. You should target 80%+ on practice exams to ensure you pass the real exam.

How long should I study for Security+ SY0-701?

Most candidates need 4-12 weeks of study depending on their experience. IT professionals with networking background typically need 4-6 weeks. Beginners may need 8-12 weeks. Daily practice with our 12 full-length exams and domain study guides will maximize your score.

SSO Protocols Decoded: SAML vs. OAuth vs. OIDC

What You'll Learn

Authentication vs. Authorization — the foundational distinction

SAML's XML-based enterprise federation and when it applies

OAuth 2.0 delegated authorization for API integrations

OIDC — authentication built on top of OAuth for modern apps

10B+

'Sign in with Google' authentications monthly (OIDC)

90%

Fortune 500 firms use SAML for enterprise SSO

RFC 6749

The OAuth 2.0 standard specification

SAML handles Authentication AND Authorization. OIDC handles Authentication. OAuth handles Authorization. This one sentence is worth 3 exam points.

Authentication vs. Authorization: The Foundation

Authentication (AuthN) proves WHO you are. Authorization (AuthZ) determines WHAT you are allowed to do after identity is confirmed. These are separate processes — confusing them costs exam points.

Choosing the Right Protocol

SAML (Security Assertion Markup Language) is the enterprise standard using XML to pass assertions between an Identity Provider (IdP) and a Service Provider (SP). Primary Use: Corporate web-based SSO — Salesforce, ServiceNow, Workday via Okta or Azure AD. Format: XML (heavy, not mobile-friendly). Exam Keyword: 'XML-based authentication' or 'Enterprise web application SSO.' If you see these phrases, the answer is SAML.

OAuth 2.0 is NOT an authentication protocol. It is an authorization framework — it allows an app to access data from another app on behalf of a user without sharing passwords. Primary Use: 'Sign in with Google' — the app gets permission to 'Read your contacts.' Format: JSON Web Tokens (JWT) over HTTPS REST APIs. Critical Trap: Never say OAuth provides authentication. If identity verification is needed, the answer is OIDC, not OAuth.

OpenID Connect (OIDC) adds an identity layer on top of OAuth 2.0 using an ID Token (a JWT containing user identity claims). Primary Use: Modern web apps, SPAs, and mobile apps needing both authentication AND API access in one flow. Exam Keyword: 'Modern REST API authentication,' 'Mobile app SSO,' 'JSON-based identity.' Mobile app + REST API → OIDC.

RADIUS handles Authentication and Accounting for network-level access — VPN, Wi-Fi (802.1X), and network equipment. TACACS+ (Cisco's alternative) separates Authentication, Authorization, and Accounting into three distinct transactions, encrypting the entire packet — better for command-level auditing of network engineers. Exam Keyword: 'VPN authentication,' 'network equipment AAA' → RADIUS. 'Granular admin command accounting on routers' → TACACS+.

Protocol	Function	Format	Primary Use Case
SAML	AuthN & AuthZ	XML	Legacy & Enterprise web app SSO
OAuth 2.0	AuthZ only	JSON / REST API	Delegating access to third-party apps
OIDC	AuthN (identity layer on OAuth)	JSON / REST API	Modern web & mobile apps
RADIUS	AuthN & Accounting	UDP	VPN, 802.1X Wi-Fi, network AAA
TACACS+	AuthN, AuthZ & Accounting (separate)	TCP (encrypted)	Network device command-level auditing
Kerberos	AuthN (tickets)	Symmetric key (AS/TGS)	Internal Windows domain authentication

Real-World Scenario

A developer builds a SaaS app letting users 'Login with GitHub' and post to their GitHub repositories. The login identity portion uses OIDC (identity via GitHub's identity layer). The repository write permission uses OAuth 2.0 (delegated authorization to call the GitHub API). Both protocols work together in a single login flow.

Mobile app + REST API → OIDC. XML + enterprise web federation → SAML. Third-party API access without SSO → OAuth 2.0. VPN/Wi-Fi AAA → RADIUS. Router command auditing → TACACS+.

Key Takeaways

SAML = enterprise XML SSO. OAuth = delegated API authorization. OIDC = identity layer on OAuth.
OAuth 2.0 is NOT an authentication protocol — never select it when the scenario asks about proving identity.
RADIUS encrypts only the password. TACACS+ encrypts the entire packet — better for device admin auditing.
OIDC issues ID Token (who you are) + Access Token (what you can do) in a single OAuth flow.
Kerberos uses symmetric key tickets internally — the default Windows domain authentication protocol.

Next Steps

Read: Zero Trust Architecture Explained

Take Identity & Access Management Questions

Study IAM & SSO Flashcards

Ready to test your knowledge?

Take a free full-length practice exam with 90 questions and instant feedback.

Start Practice Exam

SSO Protocols Decoded: SAML vs. OAuth vs. OIDC

Authentication vs. Authorization: The Foundation

Choosing the Right Protocol

Ready to test your knowledge?

Related Articles

Incident Response: The PICERL Framework

Report Error