Welcome to today’s CompTIA Security+ practice test!
Today’s practice test is based on subdomain 2.5 (Explain the purpose of mitigation techniques used to secure the enterprise) from the CompTIA Security+ SY0-701 objectives.
This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.
These questions are not official exam questions, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.
Click the button below to start today’s practice exam. To view answers and explanations for today’s questions, expand the Answers accordion.
Results
#1. A security administrator needs to prevent malware from executing unauthorized applications on employee laptops. Which mitigation technique best addresses this requirement?
#2. An administrator isolates a newly infected workstation to prevent malware from spreading to other systems. Which mitigation technique is being applied?
#3. A company enforces policies ensuring employees only have permissions necessary to perform their specific job roles. Which principle does this demonstrate?
#4. During a system audit, administrators find default usernames and passwords still in use on several network switches. Which mitigation technique should be prioritized?
#5. A financial services firm wants to ensure customer data is unreadable if a laptop is stolen. Which mitigation technique should be implemented?
#6. A SOC analyst notices unusual outbound traffic from a single host and disables its network port to contain the threat. What mitigation technique does this demonstrate?
#7. Which mitigation technique helps ensure servers remain compliant with approved security settings?
#8. A network administrator deploys ACLs on routers to block unauthorized external access to internal servers. What security objective is primarily achieved?
#9. A company removes outdated, unused applications and disables unnecessary services on critical servers. What mitigation technique does this best represent?
#10. A data center separates its web servers, application servers, and database servers into different network zones. Which mitigation technique does this describe?
Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.
To view CompTIA Security+ practice tests on other days, click here.
Answers
| Number | Answer | Explanation |
|---|---|---|
| 1 | D | A security administrator needs to prevent malware from executing unauthorized applications on employee laptops. Which mitigation technique best addresses this requirement? A. Network segmentation (Incorrect): Network segmentation divides a network into smaller zones to contain a breach. It is an important security control but does not prevent malware from executing on an endpoint in the first place. It only limits its ability to spread. B. Encryption (Incorrect): Encryption is used to protect data at rest or in transit. While essential for data security, it does not prevent or control the execution of applications on a system. C. Host-based intrusion prevention system (HIPS) (Incorrect): A HIPS monitors for and can block malicious activity, but it often relies on signatures or behavioral analysis. An application allow list is a more proactive and definitive method for preventing the execution of any unauthorized application, known or unknown. D. Application allow list (Correct): An application allow list (or application whitelisting) is the most direct and effective technique to prevent malware from executing unauthorized applications. This security control only permits a pre-approved list of applications to run on an endpoint. By default, all other applications, including any malicious executables, are blocked from launching, directly addressing the core requirement. |
| 2 | B | An administrator isolates a newly infected workstation to prevent malware from spreading to other systems. Which mitigation technique is being applied? A. Patching (Incorrect): Patching is the process of applying updates to fix vulnerabilities. It is a preventative and remediation measure, but it is not the action of containing an active infection by disconnecting the host. B. Isolation (Correct): Isolation is a fundamental incident response technique where a compromised system is disconnected from the network to prevent a threat (like malware) from spreading to other systems. The question’s description, “isolates a newly infected workstation to prevent malware from spreading,” perfectly matches this definition. C. Decommissioning (Incorrect): Decommissioning means removing a system from service entirely. This may be a final step for a compromised system, but it is not the immediate mitigation technique used to contain the threat. D. Least privilege (Incorrect): Least privilege is a security principle that states a user or system should only have the minimum necessary permissions to perform its function. It is a preventative control and not an action for containing an active threat. |
| 3 | A | A company enforces policies ensuring employees only have permissions necessary to perform their specific job roles. Which principle does this demonstrate? A. Least privilege (Correct): The principle of least privilege dictates that a user, process, or system should be granted only the minimum level of access and permissions necessary to perform their assigned functions. The scenario, where employees are given “only permissions necessary to perform their specific job roles,” is a textbook example of this security principle in practice. B. Segmentation (Incorrect): Segmentation is the practice of dividing a network into smaller, isolated segments to limit the spread of an attack. It is a network control, not a principle for managing user permissions. C. Configuration enforcement (Incorrect): Configuration enforcement is the practice of ensuring that systems adhere to a specific, desired configuration. While it can be used to enforce the principle of least privilege, it is not the principle itself. D. Hardening (Incorrect): Hardening is the broad process of securing a system by reducing its attack surface. Least privilege is one specific component of a comprehensive hardening strategy. |
| 4 | C | During a system audit, administrators find default usernames and passwords still in use on several network switches. Which mitigation technique should be prioritized? A. Isolation (Incorrect): Isolation is a containment strategy used to quarantine a compromised system to prevent a threat from spreading. The presence of default passwords is a vulnerability, not an active breach that requires isolation. B. Host-based intrusion prevention system (HIPS) (Incorrect): HIPS operates on individual hosts (like servers or workstations). It is not a security control used for network switches. C. Hardening (Correct): Hardening is the broad process of securing a system by reducing its attack surface. The use of default usernames and passwords is a critical security weakness that attackers can easily exploit. The most important and prioritized mitigation technique is to harden the network switches by changing these default credentials, disabling unnecessary services, and configuring strong access controls. D. Application allow list (Incorrect): An application allow list (whitelisting) prevents unauthorized applications from running on a host. This is a host-based security control and is not applicable to network switches. |
| 5 | B | A financial services firm wants to ensure customer data is unreadable if a laptop is stolen. Which mitigation technique should be implemented? A. Segmentation (Incorrect): Network segmentation divides a network into smaller, isolated zones. This is a network-level control that would not protect data on a stolen device that is no longer connected to the network. B. Encryption (Correct): Encryption is the most effective mitigation technique for making data unreadable if a device is stolen. Implementing full disk encryption on a laptop scrambles all the data on the hard drive. Without the correct decryption key (usually tied to a user password or a hardware key), the data remains unreadable to anyone who steals the device. C. Application allow list (Incorrect): An application allow list (whitelisting) is a security control that prevents unauthorized applications from running on a system. It does not protect data from being read on a stolen device. D. Monitoring (Incorrect): Monitoring is the process of observing and logging activity. While essential for security, it is a detective control that would not prevent a thief from accessing unencrypted data on a stolen laptop. |
| 6 | D | A SOC analyst notices unusual outbound traffic from a single host and disables its network port to contain the threat. What mitigation technique does this demonstrate? A. Access control list (ACL) (Incorrect): An ACL is a set of rules used by a router or firewall to filter traffic. While an ACL could be used to block a specific host, disabling the network port is a more complete and direct action of isolation. The action itself is a form of isolation, not an ACL. B. Monitoring (Incorrect): Monitoring is the detective process of observing systems and networks for suspicious activity. The analyst performed monitoring to find the issue, but the mitigation technique they applied was isolation. C. Hardening (Incorrect): Hardening is the process of securing a system to prevent attacks in the first place. The scenario describes a response to an ongoing threat, not a preventative hardening step. D. Isolation (Correct): Isolation is the security technique of physically or logically separating a system from the rest of the network to contain a threat and prevent it from spreading. The action described—an analyst disabling a network port on a host to contain suspicious traffic—is a classic example of isolating a compromised or infected system. |
| 7 | A | Which mitigation technique helps ensure servers remain compliant with approved security settings? A. Configuration enforcement (Correct): Configuration enforcement is the practice of automatically ensuring that a system’s configuration adheres to a predefined, approved security baseline. This technique continuously checks servers and other devices for deviations from the standard security settings and remediates any changes, thereby directly addressing the need to ensure compliance with approved security settings over time. B. Segmentation (Incorrect): Segmentation is the practice of dividing a network into smaller, isolated segments to control traffic flow and contain attacks. It is a network-level control and does not ensure a server’s internal security settings remain compliant. C. Encryption (Incorrect): Encryption is the process of scrambling data to protect its confidentiality. While an essential part of security, it is not a technique for ensuring that a server’s security settings remain consistent and compliant. D. Application allow list (Incorrect): An application allow list is a specific type of security control that prevents unauthorized applications from running. While it is a security setting that would be enforced, it is not the overarching technique for ensuring all security settings remain compliant. |
| 8 | D | A network administrator deploys ACLs on routers to block unauthorized external access to internal servers. What security objective is primarily achieved? A. Data encryption (Incorrect): Data encryption is the process of scrambling data to protect its confidentiality. ACLs control network traffic flow but do not encrypt data. B. Least privilege (Incorrect): Least privilege is a principle that states a user or system should have the minimum permissions necessary to perform its function. While a good security practice, it is not the primary objective achieved by blocking network traffic with an ACL. C. Network segmentation (Incorrect): Network segmentation is the practice of dividing a network into smaller, isolated zones. While ACLs can be used to enforce segmentation between those zones, the action of blocking “unauthorized external access” is a more direct demonstration of the broader objective of access control. D. Access control (Correct): The deployment of ACLs (Access Control Lists) on routers is a classic method of access control. An ACL is a set of rules that regulates whether network traffic is permitted or denied access to a resource based on specific criteria. The primary objective is to enforce a policy that restricts who or what can access the internal servers, which is the definition of access control. |
| 9 | C | A company removes outdated, unused applications and disables unnecessary services on critical servers. What mitigation technique does this best represent? A. Monitoring (Incorrect): Monitoring is the detective process of observing systems for signs of an attack. The actions described are preventative, security-strengthening measures, not a monitoring activity. B. Isolation (Incorrect): Isolation is a containment strategy used to separate a compromised system from the network during an incident. The actions described are proactive, preventative steps taken before an incident occurs. C. Hardening (Correct): Hardening is the broad process of securing a system by reducing its attack surface. The actions described, such as removing outdated applications and disabling unnecessary services, are fundamental steps in hardening. These actions close potential entry points and eliminate vulnerabilities that could be exploited by an attacker, making the system more secure. D. Patching (Incorrect): Patching is the process of applying updates to fix known vulnerabilities in software. While a crucial security task, the actions described (removing unused software and disabling services) are distinct from patching and fall under the broader category of hardening. |
| 10 | A | A data center separates its web servers, application servers, and database servers into different network zones. Which mitigation technique does this describe? A. Segmentation (Correct): Segmentation is the practice of dividing a network into smaller, isolated subnets or zones. By placing different types of servers (web, application, database) into their own distinct network segments, the company is limiting the ability of an attacker to move from one type of server to another, thereby containing potential threats and reducing the overall attack surface. B. Least privilege (Incorrect): Least privilege is a security principle related to granting users and systems the minimum permissions required for their jobs. It is not a network-level technique. C. Application allow list (Incorrect): An application allow list is a security control that allows only approved applications to run on a host. It is not a network-level technique. D. Configuration enforcement (Incorrect): Configuration enforcement is the practice of ensuring systems adhere to a predefined configuration. While network segmentation is a type of configuration, “Segmentation” is the more specific and accurate term for the mitigation technique described. |