Welcome to today’s practice test!
Today’s practice test is based on subdomain 2.3 (Explain various types of vulnerabilities) from the CompTIA Security+ SY0-701 objectives.
This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.
These questions are not official exam questions, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.
Click the button below to start today’s practice exam.
Results
#1. A security administrator at a healthcare organization discovers that an internal web application allows the use of user-supplied input in SQL queries without proper sanitization. What type of vulnerability does this represent?
#2. An attacker exploits a flaw in a multi-threaded banking application where the same record is accessed simultaneously by multiple transactions. What type of vulnerability is this?
#3. A user installs an application from a third-party source not vetted by the official app store. Which vulnerability has likely been introduced?
#4. A virtual machine is able to access the host system’s memory and processes. What vulnerability is being exploited?
#5. A system allows a user to submit input data that overflows the allocated memory space, leading to a crash or code execution. This is an example of a:
#6. An attacker takes advantage of firmware that is no longer supported by the vendor and hasn’t received updates. This is an example of what type of vulnerability?
#7. Which of the following best describes the impact of allowing unsigned firmware updates on critical hardware?
#8. A company discovers that outdated cipher suites are enabled on its public-facing application server. This primarily represents what type of vulnerability?
#9. What makes virtualization environments particularly susceptible to resource reuse vulnerabilities?
#10. A researcher finds that a driver allows unsigned code to run at kernel level. What is the most serious consequence of this vulnerability?
Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.
To view CompTIA Security+ practice tests on other days, click here.To view answers and explanations for today’s questions, expand the Answers accordion below.
Answers
| Number | Answer | Explanation |
|---|---|---|
| 1 | C | A security administrator at a healthcare organization discovers that an internal web application allows the use of user-supplied input in SQL queries without proper sanitization. What type of vulnerability does this represent? A. Cross-site scripting (XSS): Cross-site scripting (XSS) involves injecting malicious client-side scripts (like JavaScript) into web pages viewed by other users. While also related to improper input validation, it targets client-side execution, not direct database queries. B. Buffer overflow: A buffer overflow occurs when a program attempts to write more data into a fixed-size memory buffer than it can hold, potentially leading to arbitrary code execution or crashes. It’s a memory management vulnerability, unrelated to SQL query manipulation. C. Structured Query Language injection (SQLi): When a web application uses user-supplied input directly within SQL queries without proper sanitization, it creates a SQL injection (SQLi) vulnerability. This allows an attacker to insert malicious SQL code into the input, which the database then executes, potentially leading to unauthorized data access, modification, or deletion. D. Race condition: A race condition occurs when the output of a system depends on the sequence or timing of uncontrollable events, leading to unexpected behavior, often in concurrent programming. This is not directly related to unsanitized input in SQL queries. |
| 2 | B | An attacker exploits a flaw in a multi-threaded banking application where the same record is accessed simultaneously by multiple transactions. What type of vulnerability is this? A. Buffer overflow: A buffer overflow involves writing too much data into a memory buffer, overflowing its boundaries. It’s a memory corruption vulnerability, not directly related to simultaneous access in multi-threaded applications. B. Race condition: A race condition occurs in multi-threaded or concurrent applications when the outcome depends on the sequence or timing of operations. If multiple transactions access and modify the same record simultaneously without proper synchronization, the final state of the record can be unpredictable and exploited by an attacker (e.g., to withdraw more money than available). C. SQL injection: SQL injection involves inserting malicious SQL code into an application’s input fields. It’s a vulnerability related to improper input validation, not concurrent access issues. D. Side loading: Side loading refers to installing applications from unofficial sources, typically on mobile devices. It’s an application distribution and installation method, not a flaw in multi-threaded software logic. |
| 3 | C | A user installs an application from a third-party source not vetted by the official app store. Which vulnerability has likely been introduced? A. Jailbreaking: Jailbreaking (or rooting) is the process of removing software restrictions imposed by the device manufacturer. While sideloading is often enabled by jailbreaking or specific device settings, sideloading itself is the act of installing from a third-party source, not the act of jailbreaking the device. B. Zero-day: A zero-day is a vulnerability that is unknown to the software vendor and has no patch available. While a sideloaded app could contain or exploit a zero-day, sideloading itself is the method of delivery, not the zero-day vulnerability itself. C. Side loading: Side loading is the act of installing an application onto a device from a source other than the official app store. This introduces a vulnerability because these apps bypass the security vetting processes of official stores and may contain malware or other malicious code. D. Cross-site scripting: Cross-site scripting (XSS) is a web application vulnerability that allows attackers to inject malicious client-side scripts into web pages viewed by other users. It’s unrelated to installing applications directly on a device. |
| 4 | B | A virtual machine is able to access the host system’s memory and processes. What vulnerability is being exploited? A. VM sprawl: VM sprawl refers to the uncontrolled proliferation of virtual machines within an organization, leading to management and security challenges. It’s a management issue, not a vulnerability that allows a VM to access the host. B. VM escape: A VM escape is a serious vulnerability where an attacker or malicious software running inside a virtual machine (guest OS) is able to break out of the virtual machine’s isolation and gain unauthorized access or control over the underlying hypervisor (host system) or other virtual machines running on that host. This is precisely what “access the host system’s memory and processes” describes. C. Container drift: Container drift refers to changes made to a running container that differ from its original image, leading to inconsistencies and potential security issues. This is specific to containers, not virtual machines, and is about changes within the container, not breaking out to the host. D. Resource exhaustion: Resource exhaustion attacks aim to consume all available resources (CPU, memory, disk space) to cause a denial of service. While a VM could be used for this, the core vulnerability described is the ability to access the host’s resources, not just exhaust them. |
| 5 | B | A system allows a user to submit input data that overflows the allocated memory space, leading to a crash or code execution. This is an example of a: A. Cross-site scripting: Cross-site scripting (XSS) is a web application vulnerability that allows attackers to inject malicious client-side scripts into web pages viewed by other users. It’s about client-side code execution in a browser context, not memory overflow. B. Buffer overflow: A buffer overflow occurs when a program attempts to write more data into a fixed-size memory buffer than it was designed to hold. This excess data “overflows” into adjacent memory locations, which can lead to system crashes, unpredictable behavior, or an attacker being able to execute arbitrary code. C. Time-of-check to time-of-use: Time-of-check to time-of-use (TOCTOU or race condition) is a vulnerability that arises when a program’s access to a resource is dependent on the timing of multiple events, allowing an attacker to change the resource between the check and the use. This involves timing, not memory boundaries. D. Rootkit: A rootkit is a type of malicious software designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer. It’s a type of malware, not a description of the memory overflow vulnerability. |
| 6 | D | An attacker takes advantage of firmware that is no longer supported by the vendor and hasn’t received updates. This is an example of what type of vulnerability? A. Zero-day: A zero-day vulnerability is a flaw that is unknown to the vendor and has no patch available at the time of exploitation. While an EOL system might contain unpatched zero-days, the overarching condition described (lack of vendor support/updates) defines it as EOL, not necessarily a zero-day. B. Misconfiguration: Misconfiguration refers to security flaws due to incorrect settings. While an EOL system might also have misconfigurations, the primary vulnerability described is the lack of vendor support and updates, which is independent of how it’s configured. C. Time-of-use: Time-of-use (TOU) or time-of-check to time-of-use (TOCTOU) is a type of race condition vulnerability where a system’s state changes between a security check and the actual use of a resource. This is a specific type of flaw, not a general category for unsupported software. D. End-of-life: When firmware (or any software or hardware) is “no longer supported by the vendor and hasn’t received updates,” it means it has reached its end-of-life (EOL) status. EOL products are inherently vulnerable because new security flaws discovered in them will not be patched. |
| 7 | C | Which of the following best describes the impact of allowing unsigned firmware updates on critical hardware? A. It enables buffer overflow via software patching.: Buffer overflows are specific vulnerabilities within software code. Allowing unsigned firmware undermines the integrity and trustworthiness of the code running on the critical hardware itself, which is a more fundamental and broader impact than simply enabling a single software vulnerability like a buffer overflow. B. It permits privilege escalation through file permissions.: Privilege escalation through file permissions typically refers to operating system or application-level vulnerabilities where incorrect permissions allow a user to gain higher access. Unsigned firmware updates operate at a much lower, more fundamental hardware level. C. It introduces a hardware-level supply chain vulnerability.: Allowing unsigned firmware updates means that the critical hardware cannot verify the authenticity or integrity of the update package. An attacker could provide a malicious, unsigned firmware update, which, once installed, would grant them deep control over the hardware, bypassing higher-level software controls. This creates a weakness in the supply chain (the source of the firmware) at the hardware level. D. It causes improper input validation at the OS level.: Improper input validation is a common software vulnerability, usually occurring at the application or operating system level. Allowing unsigned firmware impacts the trust in the hardware itself, not just input validation. |
| 8 | A | A company discovers that outdated cipher suites are enabled on its public-facing application server. This primarily represents what type of vulnerability? A. Cryptographic vulnerability: Outdated cipher suites are inherently weak or have known flaws in their cryptographic algorithms or protocols. Their continued use directly exposes the system to cryptographic vulnerabilities, as the encryption and secure communication they are meant to provide can be easily broken or bypassed by attackers. B. Configuration drift: Configuration drift refers to unauthorized or unintended changes to a system’s configuration over time, deviating from a baseline. While enabling outdated cipher suites could be a result of configuration drift (if they were supposed to be disabled), the primary type of vulnerability introduced by the cipher suites themselves is cryptographic. C. Cloud-specific vulnerability: This scenario describes a general cryptographic weakness. While the server might be in the cloud, the vulnerability (outdated cipher suites) is not exclusive to cloud environments. It can exist on any server. D. Application-layer misconfiguration: While the cipher suites are configured on an application server, and it is a type of misconfiguration, “Cryptographic vulnerability” is a more specific and accurate classification of the nature of the weakness introduced by using outdated cipher suites. |
| 9 | D | What makes virtualization environments particularly susceptible to resource reuse vulnerabilities? A. Unpatched hypervisors: While unpatched hypervisors are a significant risk, leading to various vulnerabilities (like VM escapes), this doesn’t specifically explain the susceptibility to resource reuse. It’s a failure to fix a vulnerability, not the underlying mechanism that makes resource reuse possible. B. Shared storage infrastructure: Shared storage is common in virtualization, and securing data on it is important. However, this primarily relates to data at rest on the storage medium itself, not the dynamic reuse of compute resources (memory, CPU) or the specific problem of lingering data after a VM’s operational lifespan on those resources. D. Absence of endpoint detection: Endpoint detection refers to monitoring and responding to threats on individual virtual machines or physical machines. While important for overall security, its absence doesn’t explain the fundamental susceptibility of virtualization to resource reuse vulnerabilities. D. Improper VM teardown procedures: Virtualization environments often reuse underlying physical resources (memory, disk blocks, CPU caches) for different virtual machines. If a VM’s resources are not properly sanitized or “zeroed out” when the VM is shut down, deleted, or migrated (improper teardown), residual data can be left behind. A subsequent VM or even the hypervisor could then be allocated these “dirty” resources, potentially leading to a resource reuse vulnerability where sensitive data from the previous VM is exposed. |
| 10 | C | A researcher finds that a driver allows unsigned code to run at kernel level. What is the most serious consequence of this vulnerability? A. It allows DLL injection: DLL injection typically involves injecting code into user-mode processes. While a kernel-level compromise could facilitate DLL injection, the direct and more severe consequence of unsigned code running at kernel level is the complete control offered by privilege escalation. B. It permits logic bombs: A logic bomb is malicious code that lies dormant until triggered. While an attacker could install a logic bomb using kernel-level access, “permits logic bombs” is not the most serious or direct consequence of being able to run any unsigned code at that level. Privilege escalation grants the capability to do much more. C. It enables privilege escalation: Allowing unsigned code to run at the kernel level means an attacker can execute arbitrary code with the highest possible privileges on the system. This directly leads to privilege escalation, where an attacker gains full control over the operating system, bypassing all security controls. This is the most serious consequence because it grants total compromise. D. It causes buffer overflow: A buffer overflow is a specific type of memory corruption vulnerability. While the unsigned kernel code might contain or exploit a buffer overflow, the ability to run unsigned code at kernel level is a much broader and more critical vulnerability that enables many attack types, with privilege escalation being the overarching outcome. |