CompTIA Security+ Practice Test of the Day 260629

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 1.2 (Summarize fundamental security concepts) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 260629

10 questions • Single best answer

Question 1

A security operations team at a regional bank deploys a fake server with simulated vulnerabilities to lure attackers away from production. The system records intruder techniques while exposing no genuine data. What is this defensive asset called?

A. Honeynet B. Honeypot C. Honeyfile D. Sandbox

Question 2

A hospital applies cryptographic hashing to patient records so any unauthorized modification is immediately detectable. Administrators want assurance that medical data remains accurate and unaltered in storage and transit. Which principle does this primarily support?

A. Confidentiality B. Availability C. Non-repudiation D. Integrity

Question 3

An e-commerce company requires customers to digitally sign purchase agreements so they cannot later deny authorizing a transaction. The legal team needs proof of origin that holds up in disputes. Which security concept does this provide?

A. Non-repudiation B. Authentication C. Accounting D. Confidentiality

Question 4

A managed security provider configures systems to log every user action, including login times, commands executed, and resources accessed. Auditors need a complete record that attributes events to specific identities. Which element of AAA does this represent?

A. Authorization B. Authentication C. Accounting D. Auditing

Question 5

A government agency adopting Zero Trust deploys a gateway that grants or blocks each connection based on decisions passed from the control plane. This component resides in the data plane and acts on every request. What is this component called?

A. Policy Engine B. Policy Administrator C. Policy Decision Point D. Policy Enforcement Point

Question 6

A SaaS provider implementing Zero Trust requires extra verification when a user logs in from an unusual location or unrecognized device. Authentication strength adjusts dynamically based on contextual risk signals. Which Zero Trust concept is being applied?

A. Threat scope reduction B. Adaptive identity C. Implicit trust zones D. Policy-driven access control

Question 7

A risk management team compares the organization's current security posture against the requirements of an industry framework. They document the differences to build a remediation roadmap toward full compliance. Which process are they performing?

A. Gap analysis B. Risk assessment C. Penetration test D. Business impact analysis

Question 8

A data center installs a two-door entry where the first door must close and lock before the second opens, permitting only one person through at a time. The goal is to stop tailgating into secure areas. What is this control?

A. Bollard B. Fencing C. Access control vestibule D. Video surveillance

Question 9

A power utility installs reinforced short vertical posts in front of its control building to stop vehicles from ramming the entrance. Pedestrians can still walk freely between them. Which physical security control is this?

A. Fencing B. Lighting C. Access control vestibule D. Bollards

Question 10

A threat hunting team plants fake credentials in a database that serve no legitimate purpose, so any attempt to use them signals an intrusion. No real account is tied to these decoy values. What are these called?