CompTIA Security+ Practice Test of the Day 260628

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 1.1 (Compare and contrast various types of security controls) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 260628

10 questions • Single best answer

Question 1

A university cannot immediately patch a legacy system, so the IT director isolates it on a restricted VLAN with tight monitoring as a temporary substitute. This alternative reduces risk until a permanent fix exists. Which control type is this?

A. Preventive B. Compensating C. Corrective D. Detective

Question 2

A retailer installs visible warning signs and bright lighting in its parking lot to discourage would-be intruders. The measures aim to make attackers reconsider rather than physically stop entry. Which control type is described?

A. Deterrent B. Preventive C. Physical D. Directive

Question 3

A bank deploys log analysis and intrusion alerts that notify analysts after suspicious activity occurs. These tools identify incidents but do not block them. Which control type is this?

A. Preventive B. Corrective C. Detective D. Deterrent

Question 4

Following a ransomware infection, a company restores systems from backups and applies fixes to return to normal operations. The action takes place after the event to reduce its impact. Which control type is this?

A. Detective B. Compensating C. Preventive D. Corrective

Question 5

An organization establishes risk assessments, security policies, and a formal acceptable-use document to guide its program. These are administrative measures rather than hardware or software. Which control category do they fall under?

A. Technical B. Managerial C. Operational D. Physical

Question 6

A firm configures firewalls, encryption, and access control lists enforced by systems to protect data. These safeguards are implemented through systems and software rather than people or processes. Which control category is this?

A. Operational B. Managerial C. Technical D. Physical

Question 7

A company relies on staff performing daily backup verification, security guard rounds, and user awareness sessions carried out by people. These day-to-day human-driven activities support the security program. Which control category is described?

A. Operational B. Technical C. Managerial D. Directive

Question 8

A data center uses fencing, badge readers, mantraps, and locked server cages to restrict who can reach equipment. These tangible barriers protect facilities and hardware. Which control category is this?

A. Technical B. Operational C. Preventive D. Physical

Question 9

A compliance team issues a policy instructing employees to encrypt all sensitive files before emailing them externally. The control works by formally requiring a specific behavior. Which control type is this?

A. Directive B. Deterrent C. Detective D. Compensating

Question 10

A SaaS provider enforces multifactor authentication and least-privilege access so unauthorized users are stopped before they reach data. The intent is to block incidents from happening at all. Which control type is this?