Welcome to today’s CompTIA Security+ practice test!
Today’s practice test is based on subdomain 4.7 (Explain the importance of automation and orchestration related to secure operations.) from the CompTIA Security+ SY0-701 objectives.
This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.
These questions are not official exam questions, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.
Click the button below to start today’s practice exam.
Results
#1. A SOC analyst notices that user provisioning and de-provisioning processes are taking too long, leading to security gaps when employees leave the company. The security team proposes using scripts and orchestration tools to automate these tasks. Which of the following is the PRIMARY security benefit of implementing this automation?
#2. A security administrator wants to automate firewall rule changes using an orchestration platform. What is the MAIN advantage of doing this?
#3. The security team integrates their SIEM with automated playbooks to isolate endpoints, block IP addresses, and create incident tickets automatically when threats are detected. Which of the following BEST describes this approach?
#4. A company automates its patch management process to run nightly across all servers. Which of the following is the MOST significant risk introduced by this automation?
#5. A security engineer automates the process of disabling access for employees who fail to complete mandatory security training. What is the PRIMARY security advantage of this automation?
#6. A SOC team uses scripts to automatically block IP addresses detected as malicious from threat intelligence feeds. Which BEST describes this security benefit?
#7. A financial institution uses automation to enforce encryption settings and disable insecure protocols across all endpoints. What is the PRIMARY reason for this automation?
#8. An analyst configures a SOAR playbook to isolate compromised endpoints, notify administrators, and trigger forensic data collection. Which advantage does this orchestration provide?
#9. A cloud operations team implements Infrastructure as Code (IaC) to automatically deploy secure network architectures. What is the PRIMARY benefit of this approach?
#10. A DevSecOps team integrates a security tool into their CI/CD pipeline to automatically block builds containing vulnerable dependencies. Which of the following BEST describes the security benefit of this automation?
Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.
To view CompTIA Security+ practice tests on other days, click here.To view answers and explanations for today’s questions, expand the Answers accordion below.
Answers
| Number | Answer | Explanation |
|---|---|---|
| 1 | D | A SOC analyst notices that user provisioning and de-provisioning processes are taking too long, leading to security gaps when employees leave the company. The security team proposes using scripts and orchestration tools to automate these tasks. Which of the following is the PRIMARY security benefit of implementing this automation? A. Eliminates the need for user access reviews: Automation improves the process of managing access, but it does not eliminate the need for periodic user access reviews. Reviews are still essential to verify that automated processes are working correctly, that policies are still appropriate, and that no unintended access has been granted over time. B. Allows all users administrative privileges for faster onboarding: This is a severe security risk and a violation of the principle of least privilege. Automation should be used to enforce correct and secure access, not to grant excessive privileges for the sake of speed. C. Reduces the need for multifactor authentication: Multifactor authentication (MFA) is a critical security control for verifying user identity at login. Automation of provisioning/de-provisioning processes and MFA address different aspects of identity and access management and are complementary, not mutually exclusive. Automation does not reduce the need for MFA. In fact, it often helps deploy MFA more consistently. D. Enforces consistent and timely account management The primary security benefit of automating user provisioning and de-provisioning is to ensure that accounts are created, modified, and disabled consistently and in a timely manner. This directly addresses the “security gaps when employees leave the company” by ensuring that access is revoked promptly, reducing the window of opportunity for unauthorized access by former employees or malicious actors. It also ensures consistent application of access policies during onboarding and role changes. |
| 2 | B | A security administrator wants to automate firewall rule changes using an orchestration platform. What is the MAIN advantage of doing this? A. Preventing zero-day malware infections: While a properly configured firewall can help mitigate known threats, automating its rule changes doesn’t directly prevent zero-day malware infections (which are previously unknown threats). That’s typically handled by advanced endpoint protection, sandboxing, and threat intelligence. B. Ensuring configuration consistency across all environments Automating firewall rule changes with an orchestration platform is primarily about standardization and consistency. Manual changes are prone to human error, leading to misconfigurations, inconsistencies between similar firewalls, and deviations from security policies. Automation ensures that changes are applied uniformly, correctly, and quickly across all relevant environments, maintaining a desired security posture. C. Detecting insider threats more effectively: Detecting insider threats usually involves User Behavior Analytics (UBA), SIEM correlation, and monitoring logs for unusual activity. Automating firewall changes is a preventative/management control, not primarily a detection control for insider threats. D. Eliminating all human intervention in incident response: While automation can significantly reduce human intervention in incident response (e.g., by automatically blocking malicious IPs), it rarely eliminates it entirely. Human analysts are still crucial for complex investigations, decision-making, and adapting to novel threats. |
| 3 | C | The security team integrates their SIEM with automated playbooks to isolate endpoints, block IP addresses, and create incident tickets automatically when threats are detected. Which of the following BEST describes this approach? A. Manual incident response: Manual incident response relies on human analysts performing each step individually. The scenario explicitly mentions “automated playbooks” and actions like “isolate endpoints, block IP addresses, and create incident tickets automatically,” which is the opposite of manual. B. Threat hunting: Threat hunting is a proactive security activity where analysts actively search for threats that have evaded existing security controls. While it might leverage some of the same tools, it’s a proactive search process, not a description of automated response to detected threats. C. Security Orchestration, Automation, and Response (SOAR) SOAR platforms are designed to help security operations teams manage and respond to security incidents more efficiently. They achieve this by: Orchestration: Connecting various security tools (like SIEM, firewalls, endpoint protection) to work together. Automation: Automating repetitive tasks (like blocking IPs, isolating endpoints, creating tickets). Response: Facilitating and streamlining the incident response process through automated playbooks. The scenario perfectly describes these capabilities: SIEM detects, and automated playbooks (orchestrated and automated response actions) are triggered. D. Behavior-based access control: Behavior-based access control (often part of UBA) grants or restricts access based on a user’s typical behavior patterns. It’s an access control mechanism, not a comprehensive incident response automation framework. |
| 4 | A | A company automates its patch management process to run nightly across all servers. Which of the following is the MOST significant risk introduced by this automation? A. Introduction of a single point of failure Automating patch management across all servers nightly using a centralized system or script introduces a single point of failure. If the automation tool itself, the configuration of the automation, or the patch source is compromised or misconfigured, it could potentially push bad patches, introduce vulnerabilities, or even cause outages across the entire server fleet simultaneously. This becomes a significant systemic risk. A. Reduced workforce efficiency: Automation typically increases workforce efficiency by freeing up IT staff from manual tasks, not reducing it. C. Increase in phishing attempts: Patch management automation is an internal IT process and has no direct causal link to an increase in external threats like phishing attempts. Phishing is a social engineering attack that preys on human users. D. Lack of vulnerability scanning: Automated patch management is a remediation step for vulnerabilities. While it’s crucial to scan for vulnerabilities before and after patching, the automation of patching itself doesn’t inherently introduce a lack of scanning. In fact, it’s often done in conjunction with regular scanning. The risk isn’t that scanning stops, but that a flawed automation impacts everything. |
| 5 | B | A security engineer automates the process of disabling access for employees who fail to complete mandatory security training. A. It eliminates the need for an HR department. Automation streamlines processes but does not eliminate the need for human departments like HR, which are responsible for the overall policy, communication, and management of employees. B. It ensures compliance enforcement is timely and consistent. Automating the disabling of access for non-compliant employees (those who fail training) ensures that security policies are applied immediately and uniformly. This eliminates delays and inconsistencies that can occur with manual processes, directly strengthening the organization’s security posture by enforcing compliance in a timely and consistent manner. C. It allows all users to maintain access during training. The automation is specifically designed to disable access for those who fail training, indicating a goal of restricting access, not maintaining it universally. D. It reduces endpoint detection and response alerts. This automation is related to access management and compliance, not directly to reducing alerts from Endpoint Detection and Response (EDR) systems, which focus on detecting malicious activity on endpoints. |
| 6 | A | A SOC team uses scripts to automatically block IP addresses detected as malicious from threat intelligence feeds. Which BEST describes this security benefit? A. Improving reaction time to emerging threats Automatically blocking malicious IP addresses based on threat intelligence allows the security team to respond to new and evolving threats almost instantaneously. This significantly reduces the time from detection to containment, minimizing the window of opportunity for attackers to cause damage. This direct, automated action is crucial for staying ahead of fast-moving threats. A. Reducing false positives in detection: This automation improves response to detected threats (malicious IPs from threat intelligence). It doesn’t reduce false positives in the detection phase itself. False positives are addressed by tuning detection rules, whitelisting, etc. C. Increasing phishing awareness among employees: Phishing awareness is a result of security training and campaigns, not automated IP blocking. This is an entirely different security domain. D. Eliminating the need for incident response plans: While automation streamlines and speeds up parts of the incident response process, it does not eliminate the need for comprehensive incident response plans. Humans are still required for complex investigations, decision-making, communication, and handling scenarios that cannot be automated. The plan provides the framework for all actions, automated or manual. |
| 7 | C | A financial institution uses automation to enforce encryption settings and disable insecure protocols across all endpoints. What is the PRIMARY reason for this automation? A. Increase user experience: While some security measures can indirectly improve user experience (e.g., by preventing breaches), enforcing encryption and disabling insecure protocols is primarily about security, not user convenience. It might even slightly decrease user convenience in some cases if it restricts older, less secure applications. B. Reduce technical debt: Technical debt refers to the implied cost of future rework caused by choosing an easy but limited solution now instead of using a better approach that would take longer. While automation can contribute to better system hygiene, directly enforcing configurations isn’t primarily about reducing existing technical debt. Rahter, it’s about preventing new security misconfigurations. C. Enforce baseline security configurations The primary reason for automating the enforcement of encryption settings and disabling insecure protocols is to ensure that all endpoints consistently adhere to a predefined baseline security configuration. This prevents misconfigurations, reduces the attack surface, and maintains a strong security posture across the entire environment, which is especially critical in a financial institution with strict compliance requirements. D. Eliminate phishing attempts: Phishing attempts are social engineering attacks that primarily target human users through deceptive emails or websites. Enforcing encryption settings and disabling insecure protocols on endpoints helps protect against network-based attacks and data compromise once a system is accessed, but it does not eliminate the attempts themselves. |
| 8 | D | An analyst configures a SOAR playbook to isolate compromised endpoints, notify administrators, and trigger forensic data collection. Which advantage does this orchestration provide? A. It reduces the number of required SOC analysts to zero. While SOAR significantly improves efficiency and allows analysts to handle more incidents, it does not eliminate the need for human analysts. Human intelligence is still required for complex investigations, decision-making, adapting to novel threats, and refining playbooks. B. It provides nonrepudiation of forensic logs. Nonrepudiation (ensuring that a sender cannot deny having sent a message) is a property often achieved through digital signatures and robust logging. While SOAR can help ensure logs are collected reliably and securely, its primary advantage is the automation and coordination of response actions, not solely providing nonrepudiation of logs. Nonrepudiation is a broader security goal, often achieved through various mechanisms, not just SOAR. C. It eliminates all network attacks. SOAR is a response tool; it automates actions after a threat is detected. It does not prevent or eliminate attacks from occurring in the first place. D. It ensures coordinated, repeatable incident response actions. SOAR (Security Orchestration, Automation, and Response) playbooks are designed to automate and streamline incident response processes. By defining specific steps (isolate, notify, collect forensic data), they ensure that responses are executed consistently, in the correct order, and without human error or delay. This makes incident response actions coordinated and highly repeatable, which is crucial for efficiency and effectiveness, especially during high-stress incidents. |
| 9 | B | A cloud operations team implements Infrastructure as Code (IaC) to automatically deploy secure network architectures. What is the PRIMARY benefit of this approach? A. Allows for manual review of all configurations before deployment: While IaC enables better review processes (because configurations are in code), it doesn’t inherently force manual review. In fact, one of its benefits is automating deployments without continuous manual intervention after the code has been reviewed and approved. B. Ensures consistent and repeatable secure deployments Infrastructure as Code (IaC) defines infrastructure (like network architectures) using code. This means the deployment process is automated, repeatable, and version-controlled. The primary benefit for security is that it ensures every deployment of the network architecture (or any infrastructure) is consistent and adheres to the predefined secure configuration. This significantly reduces human error, misconfigurations, and configuration drift, leading to a more reliable and secure environment every time. C. Improves phishing detection: IaC is about infrastructure deployment and configuration. It has no direct impact on detecting phishing attempts, which are social engineering attacks targeting users. D. Eliminates insider threats: While IaC can improve security by enforcing consistent configurations and reducing the need for manual access to production environments, it does not “eliminate” insider threats. A malicious insider could still tamper with the IaC code itself, or exploit other vulnerabilities. It’s a significant mitigation, but not an elimination. |
| 10 | A | A DevSecOps team integrates a security tool into their CI/CD pipeline to automatically block builds containing vulnerable dependencies. Which of the following BEST describes the security benefit of this automation? A. It prevents vulnerable code from reaching production environments. Integrating security tools (like Software Composition Analysis – SCA) into the CI/CD pipeline to block builds with vulnerable dependencies means that known security risks are identified and stopped early in the development lifecycle. This directly prevents code containing these vulnerabilities from progressing through the pipeline and ultimately being deployed to production, significantly reducing the attack surface. A. It guarantees 100% secure software deployments. No single security tool or automation can guarantee 100% security. New vulnerabilities are discovered constantly (zero-days), and other types of flaws (logical errors, design flaws) might not be caught by dependency scanning. This is an overstatement. C. It eliminates the need for manual code review. Automated tools are highly effective for detecting known vulnerabilities and common patterns, but they don’t replace the need for manual code review, especially for identifying logical flaws, complex business logic issues, or unique security vulnerabilities that require human insight and understanding of the application’s context. D. It reduces dependency on threat intelligence feeds. This automation often relies on threat intelligence feeds (or vulnerability databases like NVD) to identify known vulnerable dependencies. It doesn’t reduce the dependency but rather leverages it more effectively by automating its application. |