CompTIA Security+ Practice Test of the Day 260310

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 2.5 (Explain the purpose of mitigation techniques used to secure the enterprise) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 260310

10 questions • Single best answer

Question 1

A security administrator at a mid-sized financial services firm is reviewing the results of a recent internal audit. The audit found that several legacy Windows servers are running outdated software with known vulnerabilities, but the business unit has rejected an immediate patching schedule due to application compatibility concerns. In the interim, the security team needs to implement a control that limits the blast radius if one of these servers is compromised. The servers currently share a flat network with workstations and other critical infrastructure. Which mitigation technique BEST addresses the risk posed by these unpatched legacy servers while the patching schedule is negotiated?

A. Deploy a host-based intrusion prevention system (HIPS) on each legacy server B. Place the legacy servers into isolated network segments separated from other critical assets C. Enable full-disk encryption on each legacy server to protect data at rest D. Apply application allow listing to prevent unauthorized code execution on the workstations

Question 2

A penetration tester has gained initial access to a workstation inside a corporate network and is attempting to escalate privileges. After running enumeration scripts, the tester discovers that many user accounts have been granted local administrator rights, several unused services are running, and default vendor passwords are still active on multiple network management interfaces. The organization's security team is tasked with hardening the environment based on the findings. Which combination of hardening techniques MOST directly addresses the vulnerabilities identified in this scenario?

A. Enable network-level authentication and deploy a centralized SIEM for log correlation B. Implement least privilege, disable unnecessary services, and change default passwords C. Deploy a web application firewall and enable encrypted communication between hosts D. Enforce multifactor authentication and conduct regular vulnerability scans

Question 3

An analyst in a SOC observes repeated alerts indicating that a single contractor account is successfully logging into a file server, accessing sensitive HR documents, and then logging out — all within a two-minute window, repeated every hour on the hour. The contractor's role should only require access to project management tools, and their contract ended 30 days ago. The SOC team suspects the account is being used maliciously. Which TWO mitigation techniques should be prioritized FIRST to contain this threat? (Select the answer option that correctly identifies the two BEST immediate actions.)

A. Patch the file server and encrypt all HR documents at rest B. Disable the contractor account and apply least privilege access controls C. Enable a honeypot to observe attacker behavior before taking action D. Block the account at the firewall level and perform a full vulnerability scan

Question 4

Your organization recently completed a risk assessment and identified that several internet-facing web servers are running software packages that are no longer needed for any business function. Additionally, the assessment found that a number of TCP ports that were opened during a previous project remain open and unmonitored. The CISO has directed the security team to reduce the external attack surface as a priority. Which mitigation approach BEST aligns with the CISO's directive?

A. Install endpoint detection and response (EDR) agents on all internet-facing servers B. Remove unnecessary software packages and disable unused open ports and protocols C. Implement a next-generation firewall (NGFW) in front of the web servers D. Enable file integrity monitoring on the web server operating systems

Question 5

A security engineer at a healthcare organization is deploying a new fleet of workstations that will process electronic protected health information (ePHI). Regulatory requirements mandate that the data must be unreadable if a device is lost or stolen. The engineer also needs to ensure that malware cannot execute from removable media, and that the operating system is protected against known vulnerabilities through regular patching. Which set of hardening techniques satisfies ALL three requirements?

A. Full-disk encryption, application allow listing, and a patch management program B. File-level encryption, host-based firewall, and antivirus installation C. Volume encryption, network segmentation, and disabling unused ports D. Database encryption, HIPS deployment, and configuration enforcement

Question 6

A systems administrator is responding to a security incident in which an attacker exploited a vulnerable web application and gained code execution on the underlying server. Forensic analysis reveals the attacker was able to move laterally to a database server containing customer PII because both systems shared the same network segment and communicated freely. During the post-incident review, the team is asked to recommend mitigations that would have limited the impact of this specific attack. Which mitigation technique would have been MOST effective at limiting the lateral movement described?

A. Encrypting the customer PII stored in the database using record-level encryption B. Deploying a vulnerability scanner to identify the web application flaw before exploitation C. Implementing network segmentation with access controls between the web and database tiers D. Installing endpoint protection software on the web server

Question 7

The CISO of a retail organization is concerned about the risk of an insider threat following a recent incident where a database administrator exported a large volume of customer payment records to a personal cloud storage account. After reviewing the incident, the security team recommends several mitigations. The CISO specifically wants controls that prevent employees from accessing data beyond what their job function requires and that detect or block future unauthorized data transfers. Which combination of mitigations BEST addresses both concerns?

A. Least privilege access controls and data loss prevention (DLP) B. Role-based access control and full-disk encryption on database servers C. Application allow listing and network segmentation around the database D. Encryption at the record level and a host-based intrusion prevention system (HIPS)

Question 8

A cloud security engineer at a SaaS company is reviewing the security posture of the organization's cloud infrastructure. During the review, it is discovered that several virtual machines have been deployed without following the organization's approved security baseline — they are missing endpoint protection, have local firewall rules disabled, and have not received patches in over six months. The engineer needs to recommend a systematic approach to prevent this from happening again. Which mitigation technique MOST directly addresses this ongoing configuration drift problem?

A. Implement continuous monitoring and alerting using a SIEM to detect future deviations B. Enforce configuration enforcement through automated baseline checks and remediation C. Require all VM deployments to go through an approval process documented in change management D. Deploy vulnerability scanners to scan all VMs weekly and report on missing patches

Question 9

An attacker has compromised a single endpoint within a corporate network after a user opened a malicious email attachment. Security logs show the malware is actively attempting to scan internal subnets, connect to other hosts on port 445, and enumerate shared drives. The incident response team has been notified and needs to immediately limit further spread of the infection while preserving forensic evidence on the compromised host. Which mitigation technique BEST achieves containment without destroying evidence?

A. Immediately reimage the compromised endpoint to a known-good baseline B. Apply network-level isolation to the compromised host by removing it from active network segments C. Enable full-disk encryption on the compromised host to prevent data exfiltration D. Deploy a patch for the exploited vulnerability to all endpoints on the network

Question 10

A governance, risk, and compliance (GRC) analyst at an enterprise organization is evaluating the security controls applied to a group of servers that process regulated financial data. The servers have reached end-of-life from the vendor, meaning security patches are no longer being released. The business unit has stated the servers cannot be replaced for at least 18 months due to budget constraints. The analyst must recommend mitigations that reduce risk in the absence of available patches. Which combination of techniques from the SY0-701 2.5 mitigation framework BEST reduces the risk of these end-of-life servers being exploited?

A. Deploy monitoring agents on the servers and implement a patch management SLA with the vendor B. Apply segmentation, implement compensating controls such as HIPS, and enforce strict access control lists C. Decommission the servers immediately and migrate workloads to a patched cloud environment D. Enable full-disk encryption and apply application allow listing only to the servers' client workstations

Desk Mat CTA Block

Tired of Googling acronyms while practicing/studying?
Keep them all under your keyboard.

📋 GET_THE_DESK_MAT

Take more CompTIA Security+ practice tests

CompTIA Security+ Practice Test of the Day 260310

ByThe Test Master

Related Post

CompTIA Security+ Practice Test of the Day 260410

CompTIA Security+ Practice Test of the Day 260409

CompTIA Security+ Practice Test of the Day 260408

Leave a Reply Cancel reply

You missed

CEH v13 Domain 7.1 Practice Test 002

CEH v13 Domain 6.1 Practice Test 002

CEH v13 Domain 5.3 Practice Test 002

CEH v13 Domain 5.2 Practice Test 002