CompTIA Security+ Practice Test of the Day 060525

Welcome to today’s practice test!

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

 

Results

QUIZ START

#1. A security administrator at a hybrid enterprise identifies unusual outbound traffic from a segment of the internal network. Further analysis shows that the traffic is encrypted and being sent to an external IP over port 443. The behavior began after a user downloaded a freeware application from an unverified source. What type of malware is MOST likely involved?

A. Worm

B. Rootkit

C. Remote Access Trojan (RAT)

D. Logic bomb

Previous

Next

#2. An administrator is implementing a new solution where users can log in once and access multiple systems across different domains without re-entering credentials. Which technology BEST supports this approach?

A. SAML

B. LDAP

C. RADIUS

D. MFA

Previous

Next

#3. An analyst in a SOC notices that multiple endpoints show evidence of privilege escalation via scheduled tasks. Further, the same endpoints are communicating with a known C2 server. Which of the following should be performed FIRST?

A. Reimage all affected machines

B. Update endpoint detection signatures

C. Isolate the affected machines from the network

D. Block outbound traffic at the firewall

Previous

Next

#4. A cloud provider is responsible for physical security, virtualization layer protection, and infrastructure uptime. The customer handles OS patches and access controls. Which cloud model is being used?

A. SaaS

B. PaaS

C. IaaS

D. Hybrid

Previous

Next

#5. An attacker used a vulnerability in an unpatched web server to gain shell access. The compromise occurred due to missed updates and weak input validation. Which phase of incident response should address this long-term?

A. Eradication

B. Containment

C. Recovery

D. Lessons Learned

Previous

Next

#6. Which of the following provides forward secrecy during session encryption?

A. RSA

B. AES

C. ECDHE

D. SHA-256

Previous

Next

#7. A network administrator wants to identify devices on the network, their OS versions, and open ports. Which tool is BEST for this task?

A. Wireshark

B. NetFlow analyzer

C. Nmap

D. SIEM

Previous

Next

#8. A security engineer implements a honeypot in the DMZ. What type of control is this?

A. Detective

B. Preventive

C. Corrective

D. Compensating

Previous

Next

#9. Scenario: A security administrator must harden a Linux system used in the DMZ. Select THREE of the following that should be included:

Select all that apply:

A. Enable Telnet

B. Disable root SSH login

C. Apply latest patches

D. Use weak password policy

E. Install host-based firewall

F. Share system logs publicly

Previous

Next

#10. A healthcare organization stores patient data in a US-based cloud. Which law requires strict controls over this data?

A. GDPR

B. SOX

C. HIPAA

D. PCI DSS

Previous

Finish

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To view CompTIA Security+ practice tests on other days, click here.

To view answers for today’s questions, expand the Answers accordion below.