CompTIA Security+ Practice Test of the Day 082625

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 5.5 (Explain types and purposes of audits and assessments) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 082625

10 questions • Single best answer

Question 1

A penetration testing team attempts to access a company's server room by tailgating through badge-controlled doors, posing as HVAC technicians, and trying to plug a rogue device into an internal network port in a utility closet. What type of penetration test is this?

A. Offensive penetration testing B. Unknown environment testing C. Physical penetration testing D. Active reconnaissance

Question 2

A penetration tester is given zero information about the target organization's network topology, IP ranges, or systems. She must discover all necessary information herself using public sources and direct probing before attempting exploitation. What type of penetration testing environment is this?

A. Known environment B. Partially known environment C. Unknown environment D. Integrated testing

Question 3

Before attempting any active exploitation, a penetration tester searches LinkedIn for employee names and roles, uses WHOIS to identify domain registration details, checks Shodan for internet-exposed services, and reviews published job postings for technology stack clues — without sending any packets to the target. What type of reconnaissance is this?

A. Active reconnaissance B. Network enumeration C. Social engineering D. Passive reconnaissance

Question 4

A bank's internal audit team reviews IT security controls, evaluates adherence to the information security policy, tests access control configurations, and reports findings with remediation recommendations to the audit committee. What type of audit is this?

A. External regulatory examination B. Independent third-party audit C. Internal compliance audit D. Penetration test

Question 5

A financial institution is examined by federal bank examiners who spend two weeks reviewing cybersecurity policies, testing incident response procedures, interviewing IT staff, and issuing formal findings that the institution must remediate within specified timeframes. What type of assessment is this?

A. Internal self-assessment B. Independent third-party audit C. Regulatory examination D. Integrated penetration test

Question 6

A red team conducts simulated attacks against an organization while the blue team monitors, detects, and responds — without advance knowledge of when or where attacks will occur. After the exercise, both teams debrief together. What type of penetration testing is this?

A. Known environment testing B. Physical penetration testing C. Integrated penetration testing D. Unknown environment testing

Question 7

A penetration tester calls the IT help desk posing as a new employee who forgot their credentials, sends targeted phishing emails to finance staff, and attempts to access an executive's calendar through a spoofed internal email. What reconnaissance and exploitation phase does this represent?

A. Passive reconnaissance B. Active reconnaissance C. Post-exploitation D. Lateral movement

Question 8

A retail company hires a nationally recognized cybersecurity firm with no prior relationship with the company to evaluate whether its e-commerce platform meets PCI DSS requirements and to provide an independent opinion on overall security maturity. What type of assessment is this?

A. Internal compliance audit B. Regulatory examination C. Self-assessment D. Independent third-party audit

Question 9

A penetration tester is given full network documentation, including network diagrams, system inventory, and IP address ranges, before beginning the engagement. The goal is to test control depth and resilience with maximum efficiency. What type of testing environment is this?

A. Unknown environment B. Partially known environment C. Known environment D. Integrated environment

Question 10

A company requires all business units to complete an annual security self-assessment questionnaire evaluating adherence to the information security policy, access control practices, and incident response readiness. Results are submitted to the central security team for review. What type of assessment is this?

A. External regulatory examination B. Independent third-party audit C. Attestation only D. Internal self-assessment

CompTIA Security+ Practice Test of the Day 082625

Related Posts

Leave a Comment Cancel Reply