CompTIA Security+ Practice Test of the Day 080325

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 2.3 (Explain various types of vulnerabilities) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 080325

10 questions • Single best answer

Question 1

A hospital's MRI machines run a proprietary OS that the vendor no longer supports and for which no security patches are available. A vulnerability scanner identifies multiple critical CVEs affecting the OS. Which vulnerability category BEST describes this risk?

A. Misconfiguration B. Zero-day C. Hardware — End-of-life D. Cryptographic

Question 2

A cloud provider decommissions a virtual machine and reallocates its underlying storage to a new tenant. An attacker who controls the new VM is able to recover fragments of the previous tenant's data from the storage volume. Which virtualization vulnerability is described?

A. VM escape B. Resource reuse C. Misconfiguration D. Memory injection

Question 3

A widely used open-source logging library is found to contain a critical remote code execution vulnerability. Organizations using software that depends on this library are exposed, even if their own code is secure. Which vulnerability category BEST describes the risk to these organizations?

A. Zero-day B. Supply chain C. Misconfiguration D. OS-based

Question 4

A security team discovers that a web application is using MD5 to hash sensitive user data for storage. An attacker who obtains the database can use rainbow tables to reverse the hashes and recover original values. Which vulnerability category does the use of MD5 represent?

A. Misconfiguration B. SQL injection C. Cryptographic D. Memory injection

Question 5

An Android user installs a fitness app downloaded from a third-party website rather than the Google Play Store. Unknown to the user, the app contains spyware that exfiltrates contacts, messages, and location data. Which mobile device vulnerability does this scenario represent?

A. Jailbreaking B. Resource reuse C. Side loading D. Firmware vulnerability

Question 6

A software update pushed by a vendor is found to contain a backdoor that allows remote access. The update passed the vendor's internal testing but the build system had been compromised months earlier. Which vulnerability type does this represent?

A. Zero-day B. Malicious update C. Misconfiguration D. OS-based

Question 7

A system administrator notices that a Windows server is missing months of security patches. An attacker has already exploited a publicly known kernel privilege escalation vulnerability to gain SYSTEM-level access. Which vulnerability category does the unpatched kernel flaw represent?

A. Misconfiguration B. Hardware — Firmware C. OS-based D. Supply chain

Question 8

A penetration tester discovers that a web application appends user-supplied input directly to file paths when serving documents. By entering '../../etc/passwd' as input, the tester retrieves the server's password file. Which web application vulnerability is described?

A. SQL injection B. Cross-site scripting C. Buffer overflow D. Directory traversal

Question 9

A cloud security team finds that a developer granted their EC2 instance an IAM role with administrator privileges, when the instance only needs to read from one S3 bucket. A compromise of the EC2 instance would give an attacker full AWS account access. Which vulnerability type BEST describes this risk?

A. Supply chain B. Zero-day C. Cloud-specific — Misconfiguration D. Cryptographic

Question 10

A security researcher finds that two different inputs produce the same MD5 hash output. An attacker uses this to substitute a malicious file for a legitimate one while maintaining the same hash value, bypassing integrity checks. Which cryptographic vulnerability is described?

A. Downgrade attack B. Birthday attack C. Collision D. Key stretching failure

Tired of Googling acronyms while practicing/studying?
Keep them all under your keyboard.

📋 GET_THE_DESK_MAT

Take more CompTIA Security+ practice tests

CompTIA Security+ Practice Test of the Day 080325

Related Posts

Leave a Comment Cancel Reply