CompTIA Security+ Practice Test of the Day 260302

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on subdomain 1.2 (Summarize fundamental security concepts.) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 260302

10 questions • Single best answer

Question 1

A security architect is redesigning access controls for a large financial institution following a series of internal data breaches. The organization wants to ensure that no user or system is implicitly trusted based solely on their network location, and that every access request is evaluated dynamically based on identity, device health, and context. The architect proposes a model where access decisions are made continuously and can be revoked at any time if risk conditions change. Which Zero Trust component is primarily responsible for making and enforcing those dynamic access decisions?

A. Policy Enforcement Point (PEP) B. Policy Administrator C. Policy Engine D. Implicit Trust Zone

Question 2

An analyst in a SOC observes that an employee's credentials are being used to authenticate to the corporate VPN simultaneously from an IP address in Chicago and another in Tokyo, just four minutes apart. No travel has been approved for this employee, and their workstation is currently active on the internal network. The analyst suspects account compromise and needs to identify which fundamental security indicator best describes this activity. Which term most accurately describes what the analyst is observing?

A. Concurrent session usage B. Impossible travel C. Out-of-cycle logging D. Resource consumption anomaly

Question 3

Your organization recently deployed a series of decoy systems across its internal network segment to detect lateral movement by potential attackers who have already breached the perimeter. These systems are intentionally made to appear as legitimate servers containing sensitive data, and any interaction with them triggers an immediate alert to the SOC. The decoy systems have no legitimate business function and no real users should ever access them. Which deception technology is best described by this deployment?

A. Honeytoken B. Honeyfile C. Honeynet D. Honeypot

Question 4

A penetration tester discovers that a web application at a financial services firm is vulnerable to an attack where malicious input is submitted through a form field and executed by the backend database. The tester is able to extract customer records, modify account balances, and even drop entire tables using carefully crafted input strings. The development team is reviewing the vulnerability report and needs to classify this finding correctly. Which vulnerability type does this most accurately represent?

A. Cross-site scripting (XSS) B. Buffer overflow C. SQL injection (SQLi) D. Directory traversal

Question 5

A security administrator at a mid-sized healthcare company is implementing an access control model for a new electronic health records (EHR) system. The organization requires that access decisions be driven entirely by predefined organizational rules and classification labels assigned to both the data and the users — individual resource owners must not be able to grant or modify permissions on their own. Which access control model best meets this requirement?

A. Discretionary Access Control (DAC) B. Role-based Access Control (RBAC) C. Mandatory Access Control (MAC) D. Attribute-based Access Control (ABAC)

Question 6

The CISO of a retail organization is reviewing authentication practices after a series of account takeover incidents affecting customer accounts. The attackers are found to have used credential stuffing attacks, leveraging username and password pairs stolen from unrelated third-party breaches. The CISO wants to implement an additional authentication layer that ensures a stolen password alone is never sufficient to access an account. An employee suggests using a time-based one-time password (TOTP) delivered to users' registered mobile devices. Which MFA factor category does a TOTP represent?

A. Something you are B. Something you know C. Somewhere you are D. Something you have

Question 7

A security engineer is hardening a new server deployment and wants to ensure that the server's firmware and boot process have not been tampered with between manufacturing and deployment. The engineer also wants the server to attest its configuration state to a remote management system each time it boots, confirming that no unauthorized changes have been made to its software stack. Which hardware-based security technology is best suited for this requirement?

A. Hardware Security Module (HSM) B. Secure Enclave C. Trusted Platform Module (TPM) D. Key Management System (KMS)

Question 8

An organization stores customer credit card numbers in its database. To comply with PCI DSS, the security team implements a process where the actual credit card numbers are replaced in the database with randomly generated surrogate values. The real card numbers are stored separately in a secure vault system, and the mapping between surrogate values and real numbers is maintained by that vault. Business systems use only the surrogate values during normal operations. Which data protection technique is being described?

A. Data masking B. Encryption C. Tokenization D. Hashing

Question 9

A university IT team discovers that a threat actor has created a website at the URL 'univer5ity-portal.edu' that closely mimics the university's official student login page. Students receive phishing emails directing them to this fake site, where their credentials are harvested. The IT team wants to correctly categorize this attack technique in their incident report. Which social engineering technique most precisely describes the creation of the fraudulent domain name?

A. Pretexting B. Brand impersonation C. Typosquatting D. Watering hole attack

Question 10

A financial institution's security team is deploying a Zero Trust architecture and needs to ensure that access to internal applications adjusts dynamically based on continuous risk signals — such as whether the user's device recently failed a compliance scan, whether they are logging in from an unusual location, or whether their behavior deviates from their established baseline. This adaptive evaluation must happen on every access request, not just at initial login. Which Zero Trust Control Plane concept best describes this continuous, context-aware evaluation process?