CompTIA Security+ Practice Test of the Day 072725

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 4.5 (Given a scenario, modify enterprise capabilities to enhance security) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 072725

10 questions • Single best answer

Question 1

A domain owner publishes a DNS record that lists the IP addresses of all mail servers authorized to send email on its behalf. A receiving mail server checks this record and rejects a message from an unlisted IP. Which email security mechanism does this describe?

A. DKIM B. DMARC C. SPF D. Secure gateway

Question 2

A security engineer configures an email security policy specifying that when both SPF and DKIM checks fail for a message claiming to come from the company's domain, receiving servers should reject the message outright and send a report back to the domain owner. Which mechanism defines this policy and reporting behavior?

A. SPF B. DKIM C. DMARC D. Secure gateway filtering

Question 3

A corporate network uses a zone between the internet-facing router and the internal firewall to host public-facing web and mail servers. This zone allows external users to reach those servers while preventing direct access to the internal network. What is this network zone called?

A. VLAN B. Screened subnet C. Honeynet D. Trusted zone

Question 4

An IPS device is configured to inspect inbound traffic and compare each packet against a database of known attack patterns. When a match is found, the connection is dropped. An attacker crafts a variant of a known exploit with slightly altered byte sequences to evade detection. Which IPS limitation does this exploit?

A. Stateful inspection failure B. Reliance on signatures C. Lack of trend analysis D. Agentless deployment gap

Question 5

A web filter is configured to block requests to websites categorized as gambling and streaming video during business hours. An employee visits a newly registered site not yet in any category database, and the request is allowed by default. Which web filtering feature, if enabled, would have prevented access to uncategorized sites?

A. Agent-based filtering B. Reputation-based blocking C. URL scanning D. Block rules for uncategorized content

Question 6

A security administrator configures a Group Policy Object that enforces a minimum password length, disables USB storage on all workstations, and restricts access to the Windows Registry editor for standard users. Which enterprise security capability is being modified?

A. SELinux B. NAC C. EDR D. Group Policy

Question 7

A security team deploys a solution that monitors all outbound DNS queries and blocks resolution of domains associated with known malware command-and-control infrastructure, botnet controllers, and phishing sites. Which enterprise security capability does this represent?

A. Email gateway B. Web filter C. DNS filtering D. IDS/IPS

Question 8

An endpoint security platform on each workstation continuously monitors process behavior, detects anomalous patterns that suggest a fileless attack, and automatically terminates the malicious process and collects forensic artifacts for analyst review. Which security tool category does this describe?

A. DLP B. NAC C. EDR/XDR D. SIEM

Question 9

A security administrator monitors a critical Windows file server and receives an alert whenever a file in a protected directory is modified, created, or deleted outside of approved maintenance windows. Which monitoring control generates these alerts?

A. DLP B. User behavior analytics C. File integrity monitoring D. SCAP scanning

Question 10

An employee's account sends a single email to 800 internal recipients at 2:47 AM, a behavior the account has never exhibited in three years of employment. A security platform flags the activity and temporarily locks the account pending analyst review. Which enterprise security capability detected this?