CompTIA Security+ Practice Test of the Day 061925

Welcome to today’s practice test!

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

 

Results

QUIZ START

#1. A security administrator at a financial firm is reviewing logs from a web server and notices repeated requests to the same endpoint with different SQL statements in the URL parameters. The administrator suspects an attack is underway. Which of the following is the MOST likely attack type?

A. Cross-site scripting

B. SQL injection

C. Command injection

D. Session hijacking

Previous

Next

#2. An attacker is attempting to gain access to a cloud-based system by using previously leaked user credentials across multiple services. Which of the following BEST describes this type of attack?

A. Credential stuffing

B. Dictionary attack

C. Brute-force attack

D. Pass-the-hash attack

Previous

Next

#3. An analyst in a SOC observes a large number of failed login attempts to an internal database server, all originating from the same external IP address. What is the MOST appropriate immediate response?

A. Patch the database server

B. Disable all remote connections

C. Block the IP at the perimeter firewall

D. Notify end users to reset passwords

Previous

Next

#4. A network administrator wants to restrict wireless access to only company-issued devices using digital certificates. Which of the following should be implemented?

A. WPA2-PSK

B. MAC address filtering

C. 802.1X with EAP-TLS

D. WPA3-Personal

Previous

Next

#5. A cloud-based CRM system experienced a security breach through a third-party plugin with a known vulnerability. The plugin was developed by a vendor that wasn’t thoroughly vetted. Which security process failed in this scenario?

A. Data loss prevention

B. Patch management

C. Third-party risk management

D. Configuration management

Previous

Next

#6. An attacker uses a rogue Wi-Fi access point that mimics the name of a legitimate network to trick users into connecting. Which of the following attacks is being conducted?

A. Evil twin

B. Wardriving

C. Deauthentication

D. Man-in-the-middle

Previous

Next

#7. A user reports their computer is behaving unusually. The SOC team finds a keylogger and remote access Trojan installed. The malware was introduced via a malicious email attachment. What type of attack vector was used?

A. Fileless attack

B. Social engineering

C. Supply chain attack

D. Insider threat

Previous

Next

#8. A system administrator needs to implement a solution to centrally manage and enforce mobile device security policies across the organization. Which of the following is the BEST tool for this?

A. SIEM

B. VPN

C. MDM

D. DLP

Previous

Next

#9. A company’s business continuity plan requires that systems be operational within two hours of a disruption, and no more than 15 minutes of data can be lost. What are the respective RTO and RPO values?

A. RTO: 15 min, RPO: 2 hrs

B. RTO: 2 hrs, RPO: 15 min

C. RTO: 15 hrs, RPO: 2 min

D. RTO: 2 min, RPO: 15 hrs

Previous

Next

#10. An enterprise is deploying an SD-WAN solution to improve connectivity and security across branch offices. Which of the following features does SD-WAN MOST LIKELY provide?

A. Static routing and manual encryption

B. Centralized management and dynamic routing

C. DNS filtering and local firewalling

D. Token-based multifactor authentication

Previous

Finish

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To view CompTIA Security+ practice tests on other days, click here.To view answers for today’s questions, expand the Answers accordion below.