Welcome to today’s practice test!
This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.
These questions are not official exam questions, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.
Click the button below to start today’s practice exam.
Results
#1. A security administrator at a mid-sized company needs to securely connect remote employees to internal resources over public networks. Which of the following technologies should be implemented?
#2. An organization implements a control that ensures users only access the resources necessary for their roles. Which principle is being enforced?
#3. An analyst needs to ensure the integrity of a file transferred over the internet. Which of the following methods will BEST provide assurance of file integrity?
#4. A systems administrator is reviewing firewall rules. Which of the following should be implemented to ensure only necessary traffic is permitted?
#5. An analyst finds that an unauthorized device is connecting to the corporate Wi-Fi. Which of the following would BEST prevent this in the future?
#6. A company’s disaster recovery plan includes RTO and RPO objectives. What does RTO refer to?
#7. Which of the following BEST mitigates privilege escalation attacks?
#8. An attacker installs malicious code that activates only when a specific file is opened. What type of malware is this?
#9. A developer embeds a call to eval() in a web app to process user inputs. What vulnerability does this introduce?
#10. A company uses MDM to enforce security policies on mobile devices. What risk does this control primarily mitigate?
Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.
To view CompTIA Security+ practice tests on other days, click here.To view answers and explanations for today’s questions, expand the Answers accordion below.
Answers
| Number | Answer | Explanation |
|---|---|---|
| 1 | B | VPN (Virtual Private Network) provides secure, encrypted communication over untrusted networks. VLAN is used for network segmentation, not remote access. NAT translates IP addresses but does not provide secure remote access. SDN relates to network management, not end-user secure connectivity. |
| 2 | D | Least privilege restricts access to the minimal level necessary to perform a job. Separation of duties spreads responsibilities. Need to know is related, but more specific. It focuses on access to sensitive information within the broader concept of least privilege. DAC allows users to control access to their resources. |
| 3 | C | Hashing creates a unique value based on file contents; any change alters the hash, which would then indicate that the file integrity has been compromised. Symmetric encryption protects confidentiality. Asymmetric encryption by itself also protects data confidentiality, not integrity. Tokenization replaces data, not verify it. |
| 4 | A | Implicit deny blocks all traffic unless explicitly allowed. Allow all literally allows all traffic, so it’s insecure. Block FTP is too specific. It only applies to FTP. Stateful inspection tracks connections but doesn’t enforce deny-by-default. |
| 5 | A | MAC filtering restricts network access to known devices. SSID broadcast reveals the network. Signal strength reduction is not reliable. Threats nearby can still gain access. Captive portals only control access after a connection has been established at the network layer. |
| 6 | B | RTO is the target time to restore business operations. A describes threat detection. C is RPO. D is MTBF. |
| 7 | B | Enforcing least privilege ensures users and processes only have the minimum permissions necessary to perform their tasks. This limits the potential impact if an account is compromised, reducing opportunities for attackers to escalate privileges and gain broader access to systems or data. Antivirus helps detect malware, not access control. VPN protects transmission, not user roles. Segmentation contains movement but doesn’t manage account privilege. |
| 8 | B | Logic bombs execute under specific conditions, like file access. Trojan masquerades as legitimate files. Rootkit hides malware presence. Worm self-replicates. |
| 9 | A | eval() can execute arbitrary code from user input, leading to RCE. SQL injection targets databases. XSS affects browsers via script injection. Insecure deserialization deals with object tampering, not direct code execution. |
| 10 | C | MDM enables remote wipe and device tracking, which are effective against device theft. Insider threat may require behavioral analysis tools. Malware infection and phishing emails are better handled by endpoint protection and awareness training. |