CompTIA Security+ Practice Test of the Day 072225

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 4.1 (Given a scenario, apply common security techniques to computing resources) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 072225

10 questions • Single best answer

Question 1

A systems administrator is deploying a new fleet of Windows workstations and wants every machine to start from the same known-good security configuration before it is issued to users. She defines a set of required settings in a policy document, then pushes those settings to each workstation via an automated tool. Which step in the secure baseline process does this BEST represent?

A. Maintain B. Establish C. Deploy D. Harden

Question 2

An oil company's refinery uses programmable logic controllers to manage pressure valves. A security engineer is tasked with reducing the attack surface on these systems. Which hardening consideration is MOST unique to this environment compared to hardening a standard enterprise workstation?

A. Disabling unused network ports B. Applying vendor-approved firmware updates only C. The systems cannot tolerate downtime or standard patching cycles D. Using host-based firewalls

Question 3

Employees at a consulting firm are permitted to access corporate email and internal applications from their personal smartphones. The IT team enrolls each personal device in a management platform that can enforce a PIN policy and remotely wipe corporate data. Which mobile deployment model does this describe?

A. COPE B. CYOD C. BYOD D. MDM-only

Question 4

A wireless network engineer is planning a new office deployment and walks through the building with a laptop, recording signal strength and coverage at each location. The results are then plotted on a floor plan to identify dead zones and areas of interference before access points are mounted. Which installation process is this?

A. Heat map generation B. Site survey C. RF spectrum analysis D. Channel planning

Question 5

A developer submits code for an internal web application that accepts user input and constructs database queries using that input directly. During a security review, a tester finds she can alter the query logic by entering a single quote followed by SQL keywords. Which application security control would have MOST directly prevented this vulnerability?

A. Secure cookies B. Code signing C. Static code analysis D. Input validation

Question 6

A software vendor digitally signs each application installer with its private key before distributing it. When a user downloads and runs the installer, the operating system checks the signature against the vendor's public certificate. Which application security goal does this MOST directly support?

A. Input validation B. Sandboxing C. Code signing D. Static code analysis

Question 7

A security analyst configures a wireless network to require that all clients authenticate using individual certificates issued from an internal CA rather than a shared passphrase. The authentication requests are processed by a central server that validates credentials before granting network access. Which wireless security component is performing the credential validation?

A. WPA3 B. AAA/RADIUS C. Certificate authority D. EAP-TLS

Question 8

A security engineer wants to test an unknown executable flagged by threat intelligence without risking harm to the corporate network. She runs it in an isolated environment where it has no access to production systems, network shares, or real user data. Which technique is being used?

A. Code signing B. Static code analysis C. Sandboxing D. Air gapping

Question 9

A network administrator notices that IoT-based HVAC sensors in a corporate office are running outdated firmware and have open Telnet ports enabled by default. The devices use a real-time operating system and the vendor no longer releases updates. Which hardening action is MOST appropriate given these constraints?

A. Apply the latest firmware update from a third-party source B. Enable WPA3 on the HVAC controllers C. Segment the devices onto an isolated network and block Telnet D. Replace the RTOS with a general-purpose operating system

Question 10

A mobile device management administrator reviews usage logs and finds that a corporate-issued phone has had its bootloader unlocked, allowing the owner to install an unauthorized operating system. This condition bypasses the MDM enrollment profile and removes corporate security controls. Which hardening concern does this BEST represent?