CompTIA Security+ Practice Test of the Day 260305

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 2.1 (Compare and contrast common threat actors and motivations.) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 260305

10 questions • Single best answer

Question 1

A nation-state threat actor has been conducting a long-term, covert operation targeting a foreign government's defense contractor. The attackers have maintained persistent access to internal systems for over 18 months without detection, slowly exfiltrating sensitive project blueprints. Analysts reviewing the intrusion note the use of custom-written malware, zero-day exploits, and highly sophisticated evasion techniques that suggest significant financial backing. Based on this profile, which combination of attributes BEST describes this threat actor?

A. External, low sophistication, financially motivated B. Internal, high sophistication, ideologically motivated C. External, high sophistication, well-funded, espionage motivated D. External, moderate sophistication, hacktivist motivated

Question 2

Your organization's threat intelligence team is briefing leadership on a recent wave of attacks against critical infrastructure providers in the financial sector. The attackers are believed to be affiliated with a foreign government and have demonstrated the ability to develop proprietary exploits, operate undetected for months, and coordinate simultaneous attacks across multiple targets. The CISO asks the analyst to classify the threat actor type and describe their likely primary motivation. Which response is MOST accurate?

A. Organized crime; financial gain B. Nation-state; espionage or service disruption C. Hacktivist; philosophical/political beliefs D. Unskilled attacker; disruption/chaos

Question 3

A disgruntled employee at a financial institution recently had their access privileges reduced following a performance review. Two weeks later, the security team detects that several sensitive client records were accessed using the employee's credentials outside of normal business hours, and a large archive was created in a rarely used network share. The employee denies involvement, claiming their credentials were stolen. Which threat actor category does this scenario MOST likely represent, and what is the probable primary motivation?

A. Nation-state actor; espionage B. Organized crime; financial gain C. Insider threat; revenge or data exfiltration D. Shadow IT; accidental exposure

Question 4

A penetration tester reviewing a recent threat report notes that a group has been defacing government websites, leaking internal communications, and publishing manifestos condemning environmental policies. The group openly identifies itself online and claims its actions are intended to raise awareness for climate issues. The attacks lack technical sophistication but generate significant media attention. Which threat actor type BEST describes this group, and which attribute is MOST consistent with their profile?

A. Nation-state; external, well-funded, espionage-motivated B. Organized crime; external, financially motivated C. Hacktivist; external, ideologically/politically motivated D. Insider threat; internal, revenge-motivated

Question 5

An analyst is reviewing threat intelligence feeds and comes across a report describing a group that used off-the-shelf hacking tools available for free download, attempted SQL injection against several e-commerce sites using publicly documented techniques, and caused minimal damage before being blocked by basic WAF rules. The group left taunting messages on social media claiming to have 'hacked' major corporations. Which threat actor classification BEST fits this group, and which attribute is the strongest indicator?

A. Nation-state; high sophistication B. Organized crime; moderate sophistication, financial motivation C. Unskilled attacker; low sophistication, reliance on existing tools D. Hacktivist; moderate sophistication, ideological motivation

Question 6

The security operations center at a healthcare company receives an alert that an external attacker has gained access to a physician's workstation and is querying the organization's patient database. Forensic analysis reveals the attacker installed a keylogger to capture the physician's credentials, then used those credentials to download bulk patient records including diagnoses, insurance details, and Social Security numbers. No ransom demand has been made. Based on the data targeted and the attack method, what is the MOST likely motivation of this threat actor?

A. Service disruption B. Philosophical/political beliefs C. Data exfiltration for financial gain D. Revenge

Question 7

An intelligence report indicates that a well-organized criminal syndicate has been operating a ransomware-as-a-service (RaaS) platform, recruiting affiliates to deploy their ransomware in exchange for a share of the extortion proceeds. Victims have included hospitals, schools, and municipal governments across several countries. The group is believed to operate out of a region where cybercrime prosecution is rare. Which threat actor type BEST describes this syndicate, and which motivation is MOST applicable?

A. Nation-state; espionage B. Organized crime; financial gain C. Hacktivist; disruption/chaos D. Insider threat; blackmail

Question 8

During an incident response engagement, a forensics team discovers that an employee in the accounting department had been transferring small amounts of data to a personal cloud storage account over a period of eight months. The data included financial forecasts, merger and acquisition plans, and executive compensation details. The employee had no external accomplices and had not yet attempted to sell the data. This activity was only discovered when the employee submitted a resignation letter. Which threat actor type does this represent, and which motivation is MOST consistent with the behavior pattern?

A. Organized crime; financial gain B. Shadow IT; accidental data exposure C. Insider threat; data exfiltration D. Nation-state; espionage

Question 9

A threat analyst is studying a group that has been operating for several years without any known financial gain or ideological messaging. The group has targeted defense supply chain vendors, telecommunications providers, and satellite communication firms across multiple allied nations. Their tooling is custom-developed, shows evidence of extensive testing before deployment, and has never been publicly attributed to any criminal marketplace. The group's infrastructure is rotated frequently and shows signs of significant operational security discipline. Which threat actor type and attribute set BEST describes this group?

A. Organized crime; external, moderate sophistication, financially motivated B. Hacktivist; external, low-to-moderate sophistication, politically motivated C. Nation-state; external, high sophistication, well-resourced, espionage/war motivated D. Unskilled attacker; external, low sophistication, disruption motivated

Question 10

The CISO of a mid-sized energy company receives a report indicating that an employee in the IT department has been installing unauthorized software on operational technology (OT) systems, accessing network segments outside the scope of their job role, and recently attempted to look up the personal home addresses of two senior executives using the company's HR system. No data has been stolen yet, and the employee's performance reviews have been unremarkable. Which threat actor classification applies here, and which potential motivations should the CISO be MOST concerned about?

A. Unskilled attacker; disruption/chaos B. Insider threat; revenge or potential blackmail C. Hacktivist; philosophical/political beliefs D. Shadow IT; accidental unauthorized access