CompTIA Security+ Practice Test of the Day 260222

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on subdomain 5.2 (Explain elements of the risk management process.) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 260222

10 questions • Single best answer

Question 1

Your organization is expanding into a new geographic market and deploying a cloud-based customer portal to support international clients. A security analyst is tasked with calculating potential financial losses if the portal becomes unavailable due to a DDoS attack. The analyst determines that a single outage would cost $75,000 in lost revenue and reputational mitigation costs. Historical data suggests this type of outage could occur twice per year. Which of the following represents the correct Annualized Loss Expectancy (ALE)?

A. $150,000 B. $75,000 C. $37,500 D. $225,000

Question 2

A security manager at a healthcare company is conducting a risk assessment for systems containing regulated patient data. During executive discussions, leadership states they are willing to accept moderate operational risk in order to accelerate growth but are not willing to tolerate risks that could result in regulatory fines or legal action. Which of the following BEST describes this scenario?

A. Risk threshold B. Risk appetite C. Risk register D. Risk mitigation

Question 3

An analyst in a SOC identifies a legacy internal application that is vulnerable to exploitation. The system cannot be patched due to vendor limitations, and replacing it would disrupt core business operations. Management decides to isolate the system on a segmented network and implement strict firewall rules to reduce exposure while continuing to use it. Which risk management strategy is being applied?

A. Risk avoidance B. Risk transfer C. Risk mitigation D. Risk acceptance

Question 4

Your company is performing a Business Impact Analysis (BIA) for its e-commerce infrastructure. During interviews, stakeholders state that the payment processing platform must be restored within four hours of an outage, and no more than 30 minutes of transaction data can be lost. Which combination of metrics is being defined?

A. MTTR and MTBF B. RTO and RPO C. SLE and ALE D. ARO and exposure factor

Question 5

A security administrator at a mid-sized financial company is performing a qualitative risk analysis for a newly identified phishing threat targeting executives. The analyst rates the likelihood as “High” and the potential business impact as “Medium” based on reputational damage and possible credential compromise. No specific dollar amounts are calculated during this evaluation. Which of the following BEST describes the type of risk analysis being performed?

A. Quantitative analysis B. Exposure factor analysis C. Qualitative analysis D. Annualized loss expectancy calculation

Question 6

Your organization maintains a centralized document that lists identified risks, assigned risk owners, key risk indicators, and current mitigation status. During quarterly governance meetings, leadership reviews this document to determine whether any risks exceed established tolerance levels. Which of the following is being described?

A. Risk register B. Business impact analysis C. Risk appetite statement D. Gap analysis

Question 7

An analyst in a SOC identifies a potential vulnerability in a third-party SaaS platform used for HR functions. After analysis, leadership determines that the financial impact would be minimal, and the cost to implement compensating controls exceeds the potential loss. Management formally documents the decision and continues operations without additional safeguards. Which risk management strategy is being applied?

A. Risk avoidance B. Risk acceptance C. Risk transfer D. Risk mitigation

Question 8

Your company is evaluating the probability of a ransomware incident affecting its manufacturing systems. Historical industry reports indicate a 10% annual likelihood of occurrence. The estimated financial damage per incident is $500,000. The company calculates potential annual exposure to prioritize funding for security controls. Which value represents the Annualized Rate of Occurrence (ARO)?

A. 0.10 B. $500,000 C. $50,000 D. 10

Question 9

An analyst in a SOC is conducting a quantitative risk analysis for a data center power failure scenario. The total asset value of the affected systems is estimated at $2,000,000. The analyst determines that a prolonged outage would result in approximately 40% loss of asset value due to downtime, contractual penalties, and recovery expenses. Which of the following represents the Exposure Factor (EF) in this scenario?

A. $800,000 B. 0.40 C. $2,000,000 D. 40 incidents per year

Question 10

Your organization is reviewing its enterprise risk posture after a series of minor security incidents. Leadership requests a recurring risk assessment process that continuously evaluates new threats, emerging vulnerabilities, and changes in business operations rather than relying solely on annual reviews. Which type of risk assessment approach is being requested?

A. One-time assessment B. Ad hoc assessment C. Continuous assessment D. Post-incident assessment

Take more CompTIA Security+ practice tests

CompTIA Security+ Practice Test of the Day 260222

Related Posts