CompTIA Security+ Practice Test of the Day 260521

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 4.6 (Given a scenario, implement and maintain identity and access management) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 260521

10 questions • Single best answer

Question 1

A cloud security architect at a healthcare startup is integrating a new SaaS application with the company's identity provider. Employees should authenticate once and access the SaaS app without re-entering credentials. Which protocol enables this identity federation?

A. LDAP B. SAML C. OAuth D. DKIM

Question 2

A user transfers from the sales department to finance. The help desk removes all sales-related permissions and grants appropriate finance access in a single coordinated workflow. Which IAM process does this describe?

A. Attestation B. Identity proofing C. Provisioning/de-provisioning D. Federation

Question 3

A new developer is granted read/write access to all production databases upon joining, even though their role only requires access to the development environment. Which access control principle has been violated?

A. Separation of duties B. Federation C. Least privilege D. Mandatory access control

Question 4

An employee logs into the corporate VPN using a username, password, and a time-based code from an authenticator app on their phone. The time-based code represents which authentication factor?

A. Something you know B. Something you are C. Something you have D. Somewhere you are

Question 5

A cloud platform grants access to sensitive datasets based on a user's department, current clearance level, and assigned project — all evaluated dynamically at the time of access. Which access control model does this describe?

A. Role-based access control (RBAC) B. Discretionary access control (DAC) C. Mandatory access control (MAC) D. Attribute-based access control (ABAC)

Question 6

A security administrator needs to query the corporate directory to authenticate users and retrieve group membership information for use in access decisions. Which protocol is specifically designed for directory service queries and authentication lookups?

A. SAML B. OAuth C. LDAP D. DMARC

Question 7

An organization's password policy enforces 8-character minimum length, uppercase, lowercase, numbers, and symbols — but allows users to reuse their previous two passwords. A security review flags this allowance as a significant weakness. Which password best practice is being violated?

A. Password length requirements B. Password complexity requirements C. Password reuse restriction D. Password expiration policy

Question 8

A systems administrator needs temporary elevated access to a production server for a one-time maintenance task. The PAM system grants admin rights only for the task duration and automatically revokes them when the window closes. Which PAM feature is being used?

A. Password vaulting B. Ephemeral credentials C. Just-in-time permissions D. Attestation

Question 9

A compliance manager runs a quarterly campaign in which all department heads review their team members' current access rights and certify whether each person should retain them. Which IAM process is being performed?

A. Identity proofing B. Attestation C. Federation D. Provisioning

Question 10

An organization wants to eliminate passwords entirely for its workforce. Employees will authenticate exclusively using fingerprint scans on company-issued devices. Which authentication approach and factor does this represent?

A. Passwordless authentication using something you know B. MFA using something you have C. Passwordless authentication using something you are D. SSO using somewhere you are