CompTIA Security+ Practice Test of the Day 260218

Question 1

A security administrator at a mid-sized company is responsible for onboarding new employees in a hybrid cloud environment that includes on-premises Active Directory and multiple SaaS platforms. The organization has experienced delays in disabling accounts when employees leave, resulting in several dormant accounts remaining active for weeks. Leadership wants to reduce the risk of unauthorized access due to orphaned accounts while improving operational efficiency. Which of the following is the BEST solution to address this issue?

A. Implement manual quarterly account reviews by department managers B. Integrate HR systems with IAM for automated provisioning and de-provisioning C. Enforce password expiration every 30 days for all users D. Apply discretionary access control (DAC) across all systems

Question 2

An analyst in a SOC observes repeated authentication attempts against a cloud-hosted finance application. The organization recently implemented multifactor authentication (MFA) using time-based one-time passwords (TOTP). However, executives are concerned about phishing attacks that may bypass current MFA methods through real-time proxy attacks. Which of the following MFA implementations would BEST reduce the risk of phishing-based credential interception?

A. SMS-based one-time passcodes B. Email-based verification codes C. FIDO2-compliant hardware security keys D. Knowledge-based authentication questions

Question 3

Your organization is implementing access controls for a highly regulated healthcare system that stores sensitive patient records. Access decisions must be enforced based on data classification labels, user clearance levels, and predefined security policies. Individual users must not be able to override these access decisions. Which access control model BEST meets these requirements?

A. Discretionary access control (DAC) B. Role-based access control (RBAC) C. Mandatory access control (MAC) D. Rule-based access control

Question 4

A security administrator at a global enterprise is implementing single sign-on (SSO) between an internal identity provider (IdP) and several third-party SaaS providers. The solution must support browser-based authentication and securely transmit authorization assertions between the IdP and service providers using XML. Which of the following technologies should the administrator implement?

A. LDAP B. OAuth 2.0 C. SAML D. RADIUS

Question 5

Your company is adopting a zero trust architecture and wants to ensure that access to internal applications is granted dynamically based on user attributes such as department, device compliance status, geographic location, and risk score from a user behavior analytics system. The organization does not want access decisions to rely solely on static job titles. Which of the following access control models BEST meets these requirements?

A. Role-based access control (RBAC) B. Mandatory access control (MAC) C. Attribute-based access control (ABAC) D. Discretionary access control (DAC)

Question 6

A security administrator at a financial services firm needs to grant database administrators elevated privileges to production systems, but only for short maintenance windows. Leadership wants to eliminate standing administrative privileges and reduce the risk of credential abuse. Which of the following solutions BEST addresses this requirement?

A. Implement just-in-time (JIT) permissions through a privileged access management (PAM) system B. Assign permanent administrative roles with mandatory access control (MAC) C. Enforce password complexity and 15-character minimums for administrator accounts D. Enable single sign-on (SSO) for all administrative accounts

Question 7

An organization is implementing password policies for remote employees who authenticate to both on-premises and cloud-based resources. Security leadership wants to reduce the risk of password reuse across systems while also minimizing user frustration and help desk calls. Which of the following is the BEST recommendation?

A. Enforce password changes every 15 days B. Implement a company-approved password manager and encourage long passphrases C. Disable multifactor authentication to simplify authentication workflows D. Require complex passwords with at least one special character but limit length to 8 characters

Question 8

An attacker is attempting to access an enterprise VPN by using credentials obtained from a previous data breach. The organization has implemented multifactor authentication requiring something you know and something you have. The attacker successfully enters the correct password but cannot complete the authentication process because they do not possess the required authentication factor. Which of the following factors is MOST likely preventing the attacker from gaining access?

A. A fingerprint scan stored in the identity provider B. A time-based one-time password generated by a mobile authenticator app C. A security question regarding the user’s first employer D. A PIN associated with the user’s password

Question 9

A security administrator at a mid-sized company is configuring access to a shared file server. The organization wants department managers to control access to files they own, allowing them to grant or revoke permissions for their teams without involving the IT department. However, executive leadership understands this model may introduce certain risks. Which of the following access control models is being implemented?

A. Mandatory access control (MAC) B. Role-based access control (RBAC) C. Discretionary access control (DAC) D. Attribute-based access control (ABAC)

Question 10

Your organization is federating identity services with a third-party partner to allow employees to access the partner’s web-based application using their corporate credentials. The solution must allow authentication to occur at your organization’s identity provider while enabling the partner to trust the authentication assertion without storing user passwords. Which of the following concepts is being implemented?

A. Attestation B. Federation C. Identity proofing D. Time-of-day restrictions

CompTIA Security+ Practice Test of the Day 260218

ByThe Test Master

Related Post

CompTIA Security+ Practice Test of the Day 260410

CompTIA Security+ Practice Test of the Day 260409

CompTIA Security+ Practice Test of the Day 260408

You missed

CEH v13 Domain 7.1 Practice Test 002

CEH v13 Domain 6.1 Practice Test 002

CEH v13 Domain 5.3 Practice Test 002

CEH v13 Domain 5.2 Practice Test 002