CompTIA Security+ Practice Test of the Day 070525

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 3.3 (Compare and contrast concepts and strategies to protect data) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 070525

10 questions • Single best answer

Question 1

A database administrator enables full-disk encryption on a SQL server. When the server is powered off, the database files stored on the physical drives cannot be read without the decryption key. Which data state is being protected?

A. Data in use B. Data in transit C. Data in process D. Data at rest

Question 2

A financial application enforces TLS 1.3 for all API calls transmitting account numbers and balances between the mobile app and the bank's backend servers. Which data state does this control protect?

A. Data at rest B. Data in transit C. Data in use D. Data archived

Question 3

A memory forensics tool captures RAM contents from a running system and extracts plaintext credit card numbers that were decrypted in memory during transaction processing. Which data state was exposed?

A. Data at rest B. Data in transit C. Data in use D. Data archived

Question 4

A healthcare organization classifies patient medical records, Social Security numbers, and health insurance information as a regulated data type requiring special legal protections and mandatory breach notification. Which data type BEST describes this information?

A. Trade secret B. Intellectual property C. Human-readable data D. Regulated data

Question 5

A payment processor replaces stored credit card numbers with randomly generated tokens. The tokens are meaningless outside the tokenization system and cannot be reversed without access to the secure token vault. Which data protection method is described?

A. Hashing B. Masking C. Tokenization D. Obfuscation

Question 6

A CRM application displays customer SSNs as '***-**-6789' in the user interface, substituting all but the last four digits with asterisks to prevent agents from viewing the full number while still enabling identity verification. Which data protection method is described?

A. Encryption B. Tokenization C. Masking D. Hashing

Question 7

An organization's data classification policy designates internal strategic plans and acquisition targets as confidential — accessible only to executives and authorized personnel, with strict controls on distribution and storage. Which data classification label is described?

A. Public B. Confidential C. Restricted D. Private

Question 8

A law firm stores client contracts and case strategy documents in a jurisdiction where the firm is incorporated and prohibited from moving them to servers in other countries, even for cloud backup purposes. Which data governance concept restricts where this data can be stored?

A. Data classification B. Data sovereignty C. Permission restrictions D. Geolocation

Question 9

A developer's application logs contain full plaintext SQL queries including embedded customer email addresses. The security team transforms these logs so that email addresses are replaced with scrambled values that reveal no usable information, while preserving overall log structure for debugging. Which data protection method was applied?

A. Tokenization B. Masking C. Hashing D. Obfuscation

Question 10

A cloud storage policy enforces that HR documents containing employee salary data are accessible only to the HR team and payroll system service account — with all other users, including IT administrators, explicitly denied. Which data protection method does this represent?