CompTIA Security+ Practice Test of the Day 260312

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 3.1 (Compare and contrast security implications of different architecture models) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 260312

10 questions • Single best answer

Question 1

Your organization recently migrated a portion of its infrastructure to a public cloud provider while retaining sensitive financial processing systems on-premises. The CTO is concerned about defining which party is responsible for patching the hypervisor layer and securing the physical data center facilities. The security team has been asked to produce documentation clarifying these obligations before the next audit cycle. Which concept BEST describes the framework that defines security duties between the cloud customer and the cloud provider?

A. Service-level agreement (SLA) B. Shared responsibility matrix C. Memorandum of understanding (MOU) D. Data sovereignty policy

Question 2

A security architect at a manufacturing company is evaluating how to deploy a new control system for the factory floor. The system must operate in real time, tolerate no latency from external network dependencies, and cannot be patched remotely due to operational continuity requirements. The architect notes that this system also runs a specialized operating system that is not a general-purpose OS. Which type of architecture does this scenario BEST describe?

A. Serverless computing B. Containerized microservices C. Real-time operating system (RTOS) on embedded hardware D. Software-defined networking (SDN)

Question 3

A penetration tester conducting an assessment for a utility company discovers that the SCADA systems controlling water treatment equipment are connected to the corporate IT network through a single firewall. There is no logical or physical separation between the operational technology (OT) environment and standard business systems. The tester flags this finding as a critical architectural risk. Which security architecture principle is MOST directly being violated in this environment?

A. High availability through load balancing B. Physical isolation via air-gapping or logical segmentation of ICS/SCADA systems C. Containerization of workloads to limit blast radius D. Infrastructure as code (IaC) version control

Question 4

The CISO of a healthcare organization is evaluating architectural options for a new patient records platform. The development team has proposed building the application as a collection of loosely coupled, independently deployable services, each responsible for a single business function such as scheduling, billing, and clinical notes. The CISO wants to understand the security implications of this approach before approving it. Which architecture model is the development team proposing, and what is a PRIMARY security consideration associated with it?

A. Monolithic architecture; the primary concern is that a single vulnerability can compromise the entire application B. Microservices architecture; the primary concern is an expanded attack surface due to numerous inter-service API communication channels C. Serverless architecture; the primary concern is that the cloud provider controls all underlying infrastructure patching D. Virtualization; the primary concern is VM escape allowing a guest OS to access the host hypervisor

Question 5

An analyst in a SOC observes that a critical e-commerce application is hosted entirely on a single cloud provider's infrastructure in one geographic region. Following a brief outage caused by a provider-side networking event, the CISO directs the team to redesign the architecture to prevent a single provider failure from causing total application unavailability. The redesign must also account for differing regulatory requirements in the regions where the company operates. Which architectural approach BEST addresses both the resilience and compliance concerns raised?

A. Implementing a software-defined wide area network (SD-WAN) to reroute traffic during outages B. Deploying a multi-cloud system with geographic dispersion across providers subject to relevant data sovereignty requirements C. Migrating the entire application to an on-premises data center to eliminate dependence on cloud providers D. Enabling auto-scaling within the existing single cloud provider to increase capacity during incidents

Question 6

A security architect is reviewing the infrastructure of a startup that has built its entire back-end platform using functions that execute only when triggered by events such as API calls or database changes. The company does not manage any servers, and the cloud provider automatically allocates and deallocates compute resources. The architect notes that patching the underlying execution environment is entirely outside the company's control. Which architecture model does this BEST represent, and which security consideration from objective 3.1 is MOST relevant?

A. Containerization; the primary concern is that containers share a kernel with the host OS B. Serverless computing; the primary concern is the inability to patch the underlying infrastructure C. Infrastructure as code (IaC); the primary concern is that misconfigurations in templates can propagate at scale D. Virtualization; the primary concern is resource reuse between virtual machines

Question 7

A security administrator at a mid-sized company is designing a new network architecture. She wants to ensure that if the primary firewall fails, all traffic is dropped and no unauthorized access is permitted until the device is restored. A colleague suggests the opposite approach — allowing traffic to continue flowing freely upon device failure to maintain business continuity. Which terms BEST describe these two failure approaches, respectively, and which is considered more secure?

A. Fail-open and fail-closed; fail-open is more secure because it maintains availability B. Fail-closed and fail-open; fail-closed is more secure because it denies all traffic when the control is unavailable C. Active-passive and active-active; active-passive is more secure because only one device handles traffic at a time D. Inline and tap/monitor; inline is more secure because it can actively block traffic

Question 8

An engineer is deploying IoT environmental sensors across a large hospital campus to monitor temperature, humidity, and air quality in critical areas such as operating rooms and server closets. These devices run lightweight, vendor-supplied firmware that cannot be updated by the hospital's IT staff and communicate over the hospital's main wireless network alongside clinical workstations and administrative computers. Which TWO architectural risks from objective 3.1 BEST apply to this deployment? (Choose the answer that captures both risks.)

A. VM escape vulnerability and resource reuse between guests B. Inability to patch embedded firmware and insufficient network segmentation creating a flattened attack surface C. Infrastructure as code misconfiguration and serverless compute exposure D. Data sovereignty violations and geolocation-based access control failures

Question 9

A network engineer is tasked with redesigning the WAN connectivity for a company with 40 branch offices. The current architecture relies on expensive MPLS circuits with static routing, and the IT team struggles to make real-time policy changes in response to threat intelligence. The CISO wants a solution that allows centralized policy management, can route traffic intelligently based on application type and real-time network conditions, and reduces dependence on fixed-circuit providers. Which architecture model BEST meets these requirements?

A. A hub-and-spoke VPN topology with IPSec tunnels terminating at a central data center B. Software-defined wide area network (SD-WAN) C. A dedicated MPLS circuit upgrade with increased bandwidth at each branch D. Deploying a jump server at each branch location to centralize remote access

Question 10

The CISO of a financial institution is evaluating the security implications of adopting a decentralized architecture for a new trading platform. Under this model, processing and data storage would be distributed across multiple regional nodes with no single controlling authority, in contrast to the current centralized mainframe environment. The security team must brief the board on the trade-offs. Which statement MOST accurately reflects a security consideration when comparing centralized versus decentralized architectures as described in objective 3.1?

A. Decentralized architectures are always more secure because they eliminate a single point of failure for attackers to target B. Centralized architectures simplify security policy enforcement and monitoring, while decentralized architectures increase resilience but expand the attack surface and complicate consistent policy application C. Centralized architectures are inherently less secure because all data is stored in one location, making encryption unnecessary D. Decentralized architectures reduce compliance complexity because data sovereignty rules apply only to centralized systems

Desk Mat CTA Block

Tired of Googling acronyms while practicing/studying?
Keep them all under your keyboard.

📋 GET_THE_DESK_MAT

Take more CompTIA Security+ practice tests

CompTIA Security+ Practice Test of the Day 260312

ByThe Test Master

Related Post

CompTIA Security+ Practice Test of the Day 260410

CompTIA Security+ Practice Test of the Day 260409

CompTIA Security+ Practice Test of the Day 260408

Leave a Reply Cancel reply

You missed

CEH v13 Domain 7.1 Practice Test 002

CEH v13 Domain 6.1 Practice Test 002

CEH v13 Domain 5.3 Practice Test 002

CEH v13 Domain 5.2 Practice Test 002