CompTIA Security+ Practice Test of the Day 072825

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 4.6 (Given a scenario, implement and maintain identity and access management) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 072825

10 questions • Single best answer

Question 1

A company federates its identity system with a partner organization so that employees of the partner can access a shared project portal using their own corporate credentials without creating a separate account. Which IAM concept enables this?

A. Attestation B. Identity proofing C. Federation D. Provisioning

Question 2

A privileged access management system grants a network engineer time-limited administrative credentials to a production router for a 30-minute maintenance window. When the window expires, the credentials are automatically revoked and can never be reused. Which PAM capability does this describe?

A. Password vaulting B. Just-in-time permissions C. Ephemeral credentials D. Least privilege

Question 3

An access control system grants a user access to a resource based on a combination of her department, job title, current location, and the sensitivity classification of the data being requested, rather than relying solely on group membership. Which access control model is this?

A. Role-based access control (RBAC) B. Rule-based access control C. Mandatory access control (MAC) D. Attribute-based access control (ABAC)

Question 4

A user logs into the company's identity provider using her username and password, then is redirected to a cloud HR application. The application accepts a digitally signed assertion from the identity provider confirming her identity and role without requiring a separate login. Which SSO protocol is being used?

A. LDAP B. OAuth C. SAML D. RADIUS

Question 5

A manager is required every 90 days to review the list of access rights held by each member of her team and confirm that each person's permissions are still appropriate for their current role. Any unnecessary permissions are flagged for removal. Which IAM process is this?

A. Provisioning B. Identity proofing C. Attestation D. De-provisioning

Question 6

A government agency enforces an access model where the system automatically assigns and controls access to classified files based on security labels attached to both the user's clearance and the file's classification level. Users cannot grant others access to files even if they own them. Which access control model does this describe?

A. Discretionary access control (DAC) B. Role-based access control (RBAC) C. Mandatory access control (MAC) D. Attribute-based access control (ABAC)

Question 7

A user authenticates to a VPN by inserting a hardware device into her laptop's USB port that generates a cryptographic response to a server challenge. She does not enter a PIN or password. Which MFA factor category does the hardware device represent?

A. Something you know B. Something you are C. Somewhere you are D. Something you have

Question 8

A user can log into any application in the company's ecosystem using only one set of credentials authenticated once per session. She does not re-enter her password when switching between email, the HR portal, and the finance system. Which IAM capability is this?

A. Federation B. Single sign-on (SSO) C. MFA D. Interoperability

Question 9

A sysadmin with broad system rights leaves the company. The IT team disables her account within one hour of her departure, removes her from all privileged groups, and revokes her remote access certificates. Which IAM lifecycle process was performed?

A. Attestation B. Provisioning C. Identity proofing D. De-provisioning

Question 10

An organization requires employees to use a password manager application that generates complex random passwords for each system, stores them in an encrypted vault, and autofills them at login. Individual users never see or know the actual passwords. Which password security goal does this MOST directly support?

A. Password expiration compliance B. Preventing password reuse across systems C. Satisfying complexity requirements D. Enabling passwordless authentication

Tired of Googling acronyms while practicing/studying?
Keep them all under your keyboard.

📋 GET_THE_DESK_MAT

Take more CompTIA Security+ practice tests

CompTIA Security+ Practice Test of the Day 072825

Related Posts

Leave a Comment Cancel Reply