Welcome to today’s practice test!
Today’s practice test is based on subdomain 2.1 (Compare and contrast common threat actors and motivations) from the CompTIA Security+ SY0-701 objectives.
This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.
These questions are not official exam questions, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.
Click the button below to start today’s practice exam.
Results
#1. A security administrator at a multinational firm notices a persistent, stealthy intrusion attempting to exfiltrate sensitive R&D data. The attack is highly sophisticated and spans several weeks. Which threat actor is MOST likely responsible?
#2. An attacker compromises a company’s system and threatens to publish sensitive data unless a ransom is paid. What is the MOST likely motivation?
#3. A junior IT employee installs unauthorized cloud storage tools to make their job easier, unintentionally bypassing security policies. What type of threat actor is this?
#4. Which attribute BEST differentiates a nation-state threat actor from an unskilled attacker?
#5. What is the most likely motivation behind a distributed denial-of-service (DDoS) attack launched by a hacktivist group?
#6. Which characteristic is MOST indicative of organized crime?
#7. A government’s intelligence agency launches a cyberattack against a rival nation’s power grid. This is an example of:
#8. An attacker launches repeated brute-force attacks using a free tool. What describes this actor?
#9. An attacker impersonates a vendor to manipulate wire transfer details. What is the MOST likely actor and motivation?
#10. A security analyst identifies persistent brute-force login attempts originating from overseas IPs. The attacker uses varied usernames and longer time intervals between attempts. Which type of threat actor is most likely involved?
Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.
To view CompTIA Security+ practice tests on other days, click here.To view answers and explanations for today’s questions, expand the Answers accordion below.
Answers
| Number | Answer | Explanation |
|---|---|---|
| 1 | C | A nation-state is the most likely threat actor for a “persistent, stealthy intrusion attempting to exfiltrate sensitive R&D data” over “several weeks,” described as “highly sophisticated.” Nation-states possess the resources, time, and motivation (e.g., economic espionage, military advantage) to conduct such advanced persistent threats (APTs). Hacktivists are typically motivated by political or social causes, often aiming for public disruption or defacement rather than sophisticated, long-term, stealthy data exfiltration. Organized crime is primarily financially motivated, usually aiming for direct monetary gain (e.g., credit card data, ransomware). While sophisticated, their operations are typically geared towards faster monetization rather than long-term R&D exfiltration. An insider threat is someone with authorized access who misuses it. While they could exfiltrate data, the description emphasizes a “stealthy intrusion” spanning “several weeks” and being “highly sophisticated,” which points more to an external, well-resourced actor, even if an insider might eventually be coerced or compromised. |
| 2 | B | The scenario explicitly states a “ransom is paid” in exchange for not publishing data. This is a direct indicator of financial gain as the primary motivation, characteristic of ransomware and extortion attacks. Ethical concerns (hacktivism) typically involve exposing wrongdoing for social or political reasons, not demanding money for data. Espionage aims to steal data for intelligence purposes, not usually to publicly threaten publication for a ransom. While revenge can motivate some attacks, the demand for a “ransom” points to a clear financial objective, not just a desire for retribution. |
| 3 | B | Shadow IT refers to the use of IT systems, devices, software, and services without explicit organizational approval. The scenario describes a “junior IT employee install[ing] unauthorized cloud storage tools to make their job easier, unintentionally bypassing security policies,” which is a textbook definition of Shadow IT. Organized crime actors are external and primarily motivated by financial gain through malicious means (e.g., fraud, extortion). This does not fit an unintentional act by an internal employee. Hacktivists are typically external actors motivated by social or political causes, aiming for disruption or exposure. This does not fit the scenario. Nation-state actors are highly sophisticated, state-sponsored entities engaged in espionage, sabotage, or other strategic goals. This does not fit an unintentional act by a junior IT employee. |
| 4 | A | Persistence is a key differentiator. Nation-state threat actors are characterized by their ability to establish and maintain a long-term, stealthy presence within a target’s network (also known as Advanced Persistent Threats -or APTs) to achieve strategic goals. Unskilled attackers generally lack the sophistication, resources, and motivation for such sustained, covert operations. Unskilled attackers are more likely to rely on easily exploitable vulnerabilities like default credentials. Nation-state actors use far more sophisticated methods. Website defacement is a common tactic for unskilled attackers or hacktivists seeking attention, not typically for stealthy nation-state operations. Unskilled attackers and hacktivists often seek attention for their exploits. Nation-state actors, conversely, prioritize stealth and operational secrecy to avoid detection. |
| 5 | B | Hacktivist groups are primarily motivated by social, political, or ideological causes. A Distributed Denial-of-Service (DDoS) attack directly aligns with their goal of causing disruption or chaos to protest, embarrass, or silence an organization or government they oppose. Financial gain is the primary motivation for cybercriminals and organized crime, not typically hacktivists, who usually seek to advance a cause. Espionage involves stealing information for intelligence purposes. A DDoS attack focuses on availability, not confidentiality or data theft. Service optimization is a legitimate IT goal to improve performance or efficiency, which is the opposite of what a DDoS attack aims to achieve. |
| 6 | C | Organized crime groups in cyber warfare are overwhelmingly driven by financial gain. Their attacks, whether involving ransomware, credit card theft, identity theft, or business email compromise, ultimately aim to convert stolen data or compromised systems into money. The use of state resources (funding, intelligence, personnel) is a defining characteristic of nation-state threat actors, not organized crime. Organized crime, by its very nature, operates outside legal frameworks. This describes legitimate businesses or law-abiding entities. Attacks motivated by a desire for ideological or political change are characteristic of hacktivists, not organized crime. |
| 7 | C | A nation-state actor is a cyber threat actor that is sponsored by or directly affiliated with a government. Their attacks are typically highly sophisticated, well-resourced, and aimed at achieving strategic, political, or military objectives, such as disrupting a rival nation’s critical infrastructure like a power grid. An insider threat originates from within an organization (e.g., an employee), not from a rival government. Hacktivism is typically motivated by social or political causes and often involves public disruption or defacement. While political, it lacks the state sponsorship and strategic military objective of the scenario. Shadow IT refers to unauthorized technology use by employees within an organization to make their jobs easier, not government-sponsored cyber warfare. |
| 8 | D | An unskilled attacker (often called a “script kiddie”) typically uses readily available, often free, tools to launch simple, high-volume attacks like brute-force attacks, without deep technical understanding or sophistication. Nation-state actors are highly sophisticated, well-funded, and typically use advanced, custom tools for complex, stealthy, and persistent attacks, not simple brute-force attacks with free tools. Shadow IT refers to unauthorized technology used by internal employees for convenience; it’s a type of activity/risk, not an external attacker type. While hacktivists might use simple tools, their primary motivation is social or political change, and the scenario describes a method rather than a specific motivation. |
| 9 | D | Impersonating a vendor to manipulate wire transfer details is a classic tactic used in Business Email Compromise (BEC) or similar fraud schemes. These attacks are overwhelmingly carried out by organized crime groups whose motivation is financial gain. Nation-states typically engage in espionage for intelligence gathering or strategic advantage, not usually for direct financial manipulation of wire transfers. Hacktivists are motivated by social or political ideology and usually aim for disruption or exposure, not direct financial fraud. While an insider could manipulate wire transfers for revenge, the scenario describes impersonating a vendor, suggesting an external actor, and the goal is clearly financial, not just revenge. |
| 10 | B | The combination of originating from overseas IPs, varied usernames, and especially longer time intervals between attempts points strongly towards a sophisticated and patient attacker trying to avoid detection. These are hallmarks of Advanced Persistent Threats (APTs), which are frequently associated with nation-state actors seeking long-term access for espionage or other strategic goals. They have the resources and motivation for such stealthy, sustained efforts. Hacktivists often aim for disruption or public visibility, and while they can be persistent, the “longer time intervals” for stealthy access is less typical than for a nation-state. Script kiddies typically use readily available tools for quick, high-volume, and often noisy attacks, not subtle, long-interval brute-forcing to avoid detection. Insider threats originate from within the organization. The attacks “originating from overseas IPs” indicates an external source. |