CompTIA Security+ Practice Test of the Day 052225

Welcome to today’s practice test!

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

 

Results

QUIZ START

#1. A security administrator at a mid-sized company notices a spike in outbound traffic from an internal server. Upon inspection, they find the server is communicating with an unfamiliar external IP address using non-standard ports. What type of malware is most likely responsible?

Ransomware

Keylogger

Remote Access Trojan (RAT)

Rootkit

Previous

Next

#2. An attacker is attempting to gain unauthorized access to a network by pretending to be a trusted device using a spoofed MAC address. What security feature best mitigates this threat?

VLAN hopping

MAC filtering

Port Security

ARP poisoning detection

Previous

Next

#3. An analyst in a SOC observes multiple login attempts to a cloud-hosted service from IP addresses in several countries within a short time span. What is the BEST description of this activity?

Credential stuffing

Impossible travel

Insider threat

Privilege escalation

Previous

Next

#4. A cloud-based application requires that data be encrypted in such a way that even the service provider cannot decrypt it. Which solution should be implemented?

TLS encryption

Tokenization

Client-side encryption

Symmetric encryption

Previous

Next

#5. A security administrator wants to ensure that users are only able to access files necessary for their roles and nothing more. Which access control model best enforces this?

Mandatory Access Control (MAC)

Discretionary Access Control (DAC)

Role-Based Access Control (RBAC)

Attribute-Based Access Control (ABAC)

Previous

Next

#6. During a penetration test, a tester exploits a vulnerability where a script accepts user input and executes it on the server without validation. What attack has occurred?

Cross-site scripting (XSS)

Command injection

SQL injection

Directory traversal

Previous

Next

#7. Which of the following is a deterrent security control?

CCTV camera signage

Firewalls

Antivirus software

Backup generators

Previous

Next

#8. A developer uses a cryptographic algorithm that outputs the same result for the same input but does not allow reverse calculation of the original data. What is the developer using?

Encryption

Tokenization

Obfuscation

Hashing

Previous

Next

#9. An organization wants to ensure that if a datacenter becomes unavailable, operations can resume quickly with minimal data loss. Which two metrics should they prioritize?

MTTR and ALE

RTO and RPO

SLE and ARO

MTTF and MTBF

Previous

Next

#10. An attacker intercepts traffic between a user’s browser and a website, impersonating the site to harvest credentials. What type of attack is this?

SQL injection

DNS spoofing

On-path attack

Buffer overflow

Previous

Finish

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To view CompTIA Security+ practice tests on other days, click here.

To view answers for today’s questions, expand the Answers accordion below.