CompTIA Security+ Practice Test of the Day 082025

By /

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 5.2 (Explain elements of the risk management process) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

Recommended read: Ultimate CompTIA Security+ Study Guide (2026)

CompTIA Security+ Practice Test of the Day 082025
10 questions • Single best answer
Question 1
A risk analyst calculates that a server has a 25% annual probability of failure and that each failure costs the organization $80,000 in lost revenue and recovery expenses. What is the annualized loss expectancy (ALE)?
    Question 2
    A startup aggressively accepts higher levels of cybersecurity risk in order to deploy features rapidly and capture market share before competitors, accepting that some vulnerabilities may remain unmitigated in pursuit of growth objectives. What risk appetite does this represent?
      Question 3
      A company purchases cyber liability insurance that covers breach notification costs, legal fees, regulatory fines, and forensic investigation expenses in the event of a data breach. What risk management strategy does this represent?
        Question 4
        A security team maintains a centralized document listing all identified risks, the risk owner for each, current control effectiveness, likelihood, impact rating, and the threshold at which each risk requires board-level escalation. What is this document called?
          Question 5
          A business impact analysis determines that the order management system must be restored and operational within 4 hours of a disruption to prevent unacceptable financial losses. What metric does this 4-hour requirement define?
            Question 6
            A risk assessment is triggered by the acquisition of a new company whose security posture is unknown. The assessment is not part of any scheduled review cycle — it was initiated specifically in response to this event. What type of risk assessment is this?
              Question 7
              A risk analyst ranks threats using a 'Low/Medium/High' matrix based on estimated likelihood and business impact — without assigning specific dollar values. What type of risk analysis is this?
                Question 8
                A hardware component has an average operational lifespan of 5 years before it fails. This figure is used when calculating the probability and timing of hardware failures for risk planning. What metric does this 5-year value represent?
                  Question 9
                  An organization decides not to migrate to a new public cloud platform because doing so would expose them to security risks they are not prepared to manage. They continue operating on-premises, avoiding the risk entirely by not pursuing the activity that creates it. What risk strategy is this?
                    Question 10
                    A BIA reveals that if the payment processing system is down for more than 2 hours, reconciliation becomes impossible and financial data integrity is compromised. Additionally, the organization can tolerate losing at most the last 30 minutes of transactions before reconciliation fails. Which metric defines the 30-minute data loss tolerance?
                      Answered: 0/10

                      Related Posts

                      Scroll to Top