CompTIA Security+ Practice Test of the Day 061325

Welcome to today’s practice test!

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

 

Results

QUIZ START

#1. A security administrator at a mid-sized company is implementing MFA for a critical business application. The users will access it from multiple locations, including travel abroad. Which factor would be the LEAST reliable in this scenario?

A. Security token

B. Biometric fingerprint

C. SMS-based code

D. Hardware key

Previous

Next

#2. An attacker is attempting to gain unauthorized access by repeatedly submitting different password combinations against a public-facing web portal. Which type of attack is most likely occurring?

A. Replay attack

B. Brute force attack

C. Session hijacking

D. On-path attack

Previous

Next

#3. A company uses third-party developers to build a web application. What should the security team request to verify that sensitive data is properly protected at rest?

A. Network diagrams

B. Change request forms

C. Encryption implementation documentation

D. Penetration test report

Previous

Next

#4. A security administrator at a mid-sized company needs to ensure that users accessing a sensitive internal web application are strongly verified and cannot reuse old credentials. The administrator wants to enforce authentication based on possession of a cryptographic token.

A) Password complexity policy

B) Certificate-based authentication

C) Single sign-on (SSO)

D) Lightweight Directory Access Protocol (LDAP)

Previous

Next

#5. An attacker is attempting to trick employees into revealing login credentials through fake corporate login pages delivered via email. Which type of attack is this?

A) Pretexting

B) Vishing

C) Phishing

D) Watering hole attack

Previous

Next

#6. You are asked to harden a Linux server. Select all the appropriate actions from the following list:

Select all that apply:

A) Install and configure SELinux

B) Enable unused ports

C) Implement input validation in web applications

D) Apply latest patches

E) Allow root SSH access

F) Configure host-based firewall

Previous

Next

#7. An analyst in a SOC observes that several internal systems are generating traffic to known malicious IPs, bypassing the company’s traditional firewall. What is the MOST likely cause?

A) Phishing

B) Insider threat

C) Malware using an encrypted tunnel

D) Misconfigured access control list (ACL)

Previous

Next

#8. A cloud architect is designing a secure hybrid cloud solution. To manage differences in responsibilities between the cloud provider and the company, what should be referenced?

A) Memorandum of Understanding (MOU)

B) Shared Responsibility Matrix

C) Security Information and Event Management (SIEM)

D) Infrastructure as Code (IaC)

Previous

Next

#9. A security administrator needs to securely transmit log files between sites over the internet. Which protocol would be BEST to use?

A) Telnet

B) HTTP

C) TLS

D) FTP

Previous

Next

#10. You must improve resilience for a business-critical application hosted in your data center. Choose the BEST two solutions:

Select all that apply:

A) Implement clustering

B) Use single network path

C) Enable journaling for application logs

D) Deploy on a single server

E) Geographic dispersion

Previous

Finish

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To view CompTIA Security+ practice tests on other days, click here.To view answers for today’s questions, expand the Answers accordion below.