CompTIA Security+ Practice Test of the Day 260520

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 4.5 (Given a scenario, modify enterprise capabilities to enhance security) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 260520

10 questions • Single best answer

Question 1

A network administrator at a retail company is configuring the perimeter firewall to isolate public-facing web servers from the internal corporate LAN. Which firewall architecture creates an intermediate zone specifically designed to host publicly accessible services while protecting internal systems?

A. Access control list B. Screened subnet C. IDS/IPS signature rule D. Centralized proxy

Question 2

An IDS/IPS is detecting the original strain of malware but missing newer variants that slightly alter their code on each infection. Which improvement should the analyst implement to detect these evasive variants?

A. Update IDS/IPS signatures to include patterns matching the new variants B. Switch to a stateful firewall inspection mode C. Implement URL scanning on the web filter D. Deploy a centralized proxy to inspect outbound traffic

Question 3

A security engineer needs to block entire categories of websites — such as gambling and adult content — while allowing legitimate business browsing. The web filter must classify sites by subject matter rather than individual URLs. Which web filter capability enables this?

A. DNS filtering B. Content categorization C. Reputation-based blocking D. Agent-based filtering

Question 4

A legitimate vendor website is blocked by the organization's web filter because the site was briefly compromised last month. The malware has since been removed, but the site's historical threat association still triggers a block. Which web filter mechanism is causing this?

A. URL scanning B. Block rules C. Reputation-based filtering D. Content categorization

Question 5

A Windows systems administrator must enforce consistent password policies, account lockout settings, and software restrictions across all domain-joined workstations without configuring each machine individually. Which OS security feature enables centralized enforcement of these settings?

A. SELinux B. Group Policy C. Network access control (NAC) D. Endpoint detection and response (EDR)

Question 6

A security audit reveals that internal services are communicating over Telnet, transmitting credentials in plaintext. The team decides to replace Telnet with a secure alternative using encrypted transport on the appropriate port. Which capability does this represent?

A. File integrity monitoring B. DNS filtering for internal services C. Implementation of secure protocols via protocol and port selection D. IDS/IPS signature enforcement

Question 7

A CISO discovers attackers are spoofing the company's domain in phishing emails. The organization wants a standard that lets them define a policy instructing receiving mail servers to reject, quarantine, or allow unauthenticated emails — and receive aggregate reports on authentication results. Which email security standard provides this?

A. SPF B. DKIM C. DMARC D. SMTP over TLS

Question 8

An email administrator wants receiving servers to verify that email content was not modified in transit and that the message originated from an authorized sender, using a cryptographic signature in the email header. Which email authentication method accomplishes this?

A. SPF B. DMARC C. DKIM D. Centralized email gateway

Question 9

A security team wants to automatically detect unauthorized modifications to critical web server configuration files and binaries that could indicate a compromise or unauthorized change. Which security control is BEST suited for this requirement?

A. Network access control (NAC) B. Data loss prevention (DLP) C. File integrity monitoring D. User behavior analytics

Question 10

An organization needs to detect fileless malware that evades traditional antivirus, continuously monitor behavioral activity across all endpoints, correlate threats across devices, and enable rapid containment and investigation. Which solution BEST meets these requirements?