CompTIA Security+ Practice Test of the Day 061125

Welcome to today’s practice test!

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

 

Results

QUIZ START

#1. A security administrator at a mid-sized company needs to ensure that unauthorized USB devices cannot be used to exfiltrate sensitive data from workstations. Which of the following security controls is BEST suited to achieve this goal?

A. Antivirus software

B. Application allow list

C. Data loss prevention (DLP)

D. Full-disk encryption

Previous

Next

#2. An analyst in a SOC observes an unusually high number of login attempts to a critical application from an overseas IP range during non-business hours. Which type of attack is MOST likely occurring?

A. DNS poisoning

B. On-path attack

C. Credential stuffing

D. Cross-site scripting

Previous

Next

#3. A security engineer is designing an enterprise VPN solution. Which protocol would BEST provide secure tunneling with encryption?

A. FTP

B. IPSec

C. ICMP

D. HTTP

Previous

Next

#4. A system administrator wants to apply hardening measures to newly deployed cloud-based Linux servers. Which action BEST supports this goal?

A. Enable default guest accounts

B. Install the latest operating system patches

C. Share administrative passwords via email

D. Disable file integrity monitoring

Previous

Next

#5. A vulnerability scan identifies outdated software versions on several servers. The administrator patches the systems and rescans to verify remediation. What process does this describe?

A. Segmentation

B. Hardening

C. Vulnerability management

D. Incident response

Previous

Next

#6. Which of the following cloud models places the MOST responsibility on the customer for security controls?

A. IaaS

B. PaaS

C. SaaS

D. DaaS

Previous

Next

#7. A risk management team is assessing the financial impact of a ransomware incident. Which metric should they calculate to estimate annualized financial loss?

A. MTTF

B. ALE

C. RPO

D. MTTR

Previous

Next

#8. A company implements a Just-in-Time privilege model for sensitive administrative functions. Which principle is the company MOST aligned with?

A. Least privilege

B. Zero trust

C. Segmentation

D. Failover

Previous

Next

#9. A penetration tester successfully compromises a network by exploiting a device that had outdated firmware. What type of vulnerability was exploited?

A. Zero-day

B. Legacy system

C. Hardware

D. Misconfiguration

Previous

Next

#10. A security administrator at a mid-sized company is evaluating solutions to protect stored passwords. Which technique should be used to ensure that even if the password database is exposed, attackers cannot easily recover the original passwords?

A) Symmetric encryption

B) Tokenization

C) Hashing with salting

D) Base64 encoding

Previous

Finish

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To view CompTIA Security+ practice tests on other days, click here.To view answers for today’s questions, expand the Answers accordion below.