Welcome to today’s practice test!
This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.
These questions are not official exam questions, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.
Click the button below to start today’s practice exam.
Results
#1. A security administrator at a mid-sized company wants to ensure email messages are not altered in transit. Which of the following provides this assurance?
#2. A security administrator at a mid-sized company is implementing multifactor authentication. Which of the following would best represent “something you are”?
#3. An attacker is exploiting a web application by entering scripts into a form field. The script executes when other users view the page. What type of attack is this?
#4. An analyst in a SOC observes a spike in network traffic originating from multiple external IPs targeting a web server. The traffic is overwhelming the system, causing service outages. What is the MOST likely attack type?
#5. A security administrator wants to reduce the risk caused by credential reuse across cloud services. Which of the following would BEST meet this goal?
#6. A company needs to ensure that data stored in their cloud infrastructure remains confidential if the storage medium is physically stolen. What should be implemented?
#7. An employee receives a phone call from someone claiming to be from IT support requesting their login credentials to resolve a system issue. What type of attack is occurring?
#8. Which of the following provides real-time network traffic inspection and can prevent malicious activity by dropping harmful packets?
#9. A new vulnerability is reported for an outdated piece of software used in production. There is no patch available yet. What is the BEST mitigation strategy in the interim?
#10. A developer is using static code analysis to review an application. What is the PRIMARY advantage of this method?
Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.
To view CompTIA Security+ practice tests on other days, click here.To view answers and explanations for today’s questions, expand the Answers accordion below.
Answers
| Number | Answer | Explanation |
|---|---|---|
| 1 | D | HMAC (Hashed Message Authentication Code) ensures both integrity and authenticity. SHA-256 is a hash function but doesn’t authenticate. AES and RSA are for encryption. |
| 2 | C | Fingerprints represent biometric data, which falls under “something you are.” Passwords = “something you know”, smart cards = “something you have”, and one-time codes can also be “something you have.” |
| 3 | B | Cross-site scripting (XSS) allows attackers to inject malicious scripts that execute in the browsers of users viewing the page. It differs from SQL or command injection, which target back-end processing. |
| 4 | C | A Distributed Denial-of-Service (DDoS) attack floods a target with excessive traffic from multiple sources to disrupt availability. |
| 5 | C | SSO with MFA boosts security by requiring multiple authentication factors (e.g., password + TOTP) and reducing the number of passwords users need, lowering the risk of password reuse across services. |
| 6 | D | Full-disk encryption ensures that stolen drives cannot be read without the proper decryption key. ACLs help enforce data confidentiality while the operating system is running by enforcing access, but they do not protect data confidentiality if the storage medium is physically stolen.The other options don’t preserve data confidentiality. |
| 7 | A | Only voice phishing (vishing) uses phone calls to trick users into revealing sensitive information. |
| 8 | C | Intrusion Prevention Systems (IPS) monitor network traffic AND can actively block malicious packets, unlike IDS which is passive. A SIEM only analyzes and correlates security logs, while a firewall (except NGFWs that have IPS functionality) filters traffic based on rules but doesn’t inspect for deep threats like an IPS. |
| 9 | B | Network segmentation can isolate vulnerable systems to limit exposure while awaiting a patch. |
| 10 | B | Static code analysis inspects source code without running it, allowing early detection of security flaws. |