Welcome to today’s CompTIA Security+ practice test!
Today’s practice test is based on subdomain 2.1 (Compare and contrast common threat actors and motivations) from the CompTIA Security+ SY0-701 objectives.
This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.
These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.
Click the button below to start today’s practice exam. To view answers and explanations for today’s questions, expand the Answers accordion.
Results
#1. A government agency notices that attackers are attempting to compromise election systems. The attacks use sophisticated malware and appear coordinated across multiple regions. Which type of threat actor is most likely responsible?
#2. An IT contractor uses unauthorized administrator access to steal payroll data before leaving the company. Which type of threat actor does this represent?
#3. A criminal group launches ransomware against a hospital system, demanding Bitcoin for file recovery. What is their most likely motivation?
#4. A group of activists publishes confidential emails from an oil company to highlight environmental concerns. Which motivation best fits this scenario?
#5. An employee secretly installs personal cloud storage to make file sharing easier but bypasses company controls in the process. What does this represent?
#6. A small group of attackers launches website defacements with anti-government slogans. The attack required minimal technical knowledge. Which actor type does this best represent?
#7. A disgruntled contractor purposely introduces logic bombs into payroll software after being terminated. Which motivation most likely explains this?
#8. A foreign government launches cyberattacks to steal intellectual property from U.S.-based pharmaceutical companies. What motivation does this attack best represent?
#9. A group of students runs automated scans using pre-built scripts they downloaded online. They lack deep understanding of how the tools work but manage to crash a school’s website. Which actor type does this represent?
#10. A cybercrime group infiltrates a bank’s systems, stealing customer PII, then offers to sell the data back to the bank to avoid exposure. Which motivation best describes this?
Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.
To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.
Answers
| Number | Answer | Explanation |
|---|---|---|
| 1 | B | A government agency notices that attackers are attempting to compromise election systems. The attacks use sophisticated malware and appear coordinated across multiple regions. Which type of threat actor is most likely responsible? A. Hacktivist (Incorrect): Hacktivists are motivated by political causes but typically lack the resources and high-level skills to carry out such a complex, large-scale, and coordinated attack with sophisticated malware. B. Nation-state (Correct): A nation-state is a government-sponsored threat actor. These groups are the most likely to be responsible for a highly sophisticated, coordinated, and multi-regional attack on election systems. They have vast funding, a large number of skilled personnel, and a geopolitical motivation to destabilize or influence another country’s democratic process. C. Insider threat (Incorrect): An insider threat is an attack carried out by a current or former employee. While their actions can be destructive, they typically do not have the global reach or coordinated, multi-regional capabilities described. D. Unskilled attacker (Incorrect): An unskilled attacker (or script kiddie) uses pre-made tools and lacks the expertise to develop or deploy the sophisticated malware and coordinated operations described in the scenario. |
| 2 | A | An IT contractor uses unauthorized administrator access to steal payroll data before leaving the company. Which type of threat actor does this represent? A. Insider threat (Correct): An insider threat is a security risk from a person who has or had authorized access to an organization’s systems and data. The IT contractor had a professional relationship with the company and used their access for malicious purposes, fitting the definition perfectly. B. Organized crime (Incorrect): Organized crime actors are typically external, financially motivated groups. While an insider could be recruited by them, the actor’s immediate classification based on their relationship with the company is that of an insider. C. Hacktivist (Incorrect): Hacktivists are motivated by political or social causes, not personal financial gain from stealing payroll data. D. Nation-state (Incorrect): Nation-state actors are government-sponsored groups with motives of espionage or geopolitical influence, which are distinct from the theft of payroll data by a contractor. |
| 3 | A | A criminal group launches ransomware against a hospital system, demanding Bitcoin for file recovery. What is their most likely motivation? A. Financial gain (Correct): The most likely motivation for a criminal group launching a ransomware attack and demanding cryptocurrency is financial gain. Ransomware is a form of digital extortion where attackers hold data hostage and demand a ransom, typically in a hard-to-trace currency like Bitcoin, for its release. B. Revenge (Incorrect): Revenge is typically a personal motivation for an attacker, often an individual with a grudge. A criminal group’s objective is usually purely monetary. C. Ethical beliefs (Incorrect): This motivation is associated with hacktivists, who perform attacks to advance a political or social cause. A demand for money is not aligned with ethical or social beliefs. D. Espionage (Incorrect): Espionage is the act of stealing secret information for intelligence purposes. While the attackers may exfiltrate data, the primary objective of a ransomware attack is to get paid, not to gain secrets. |
| 4 | D | A group of activists publishes confidential emails from an oil company to highlight environmental concerns. Which motivation best fits this scenario? A. Service disruption (Incorrect): While activists can cause service disruption (e.g., through a DDoS attack), the primary action described in this scenario is a data leak, not an interruption of service. B. Ethical (Incorrect): While the activists may believe their actions are ethically justified, “Political/Philosophical beliefs” is a more precise and encompassing term for the core motivation behind activism and hacktivism. C. Espionage (Incorrect): Espionage is the act of stealing secret information for intelligence purposes, often for a nation-state or a competitor. The motivation in this scenario is public exposure for a cause, not secret intelligence gathering. D. Political/Philosophical beliefs (Correct): This motivation is a direct fit for hacktivist groups. Their actions, such as leaking confidential documents from an oil company, are driven by their core beliefs about environmentalism and social change. They believe these actions are justified to advance their cause. |
| 5 | B | An employee secretly installs personal cloud storage to make file sharing easier but bypasses company controls in the process. What does this represent? A. Insider threat (Incorrect): While the employee is an insider, “insider threat” typically implies a malicious intent to harm the organization. The primary motivation in this scenario is convenience, not malice. B. Shadow IT (Correct): Shadow IT is the use of IT systems, devices, software, and services without explicit organizational approval. The employee’s action of installing personal cloud storage to bypass company controls for a business function is a perfect example of this. While it may not be malicious, it introduces significant security risks. C. Hacktivism (Incorrect): Hacktivism is motivated by political or social beliefs, which is not the case here. D. Organized crime (Incorrect): Organized crime is a criminal enterprise motivated by financial gain, which does not fit the scenario of an employee seeking an easier way to share files. |
| 6 | D | A small group of attackers launches website defacements with anti-government slogans. The attack required minimal technical knowledge. Which actor type does this best represent? A. Unskilled attacker (Incorrect): While the attackers may have minimal technical skill, this option only describes their capability, not their motivation. “Hacktivist” is a more specific and accurate term that captures both the skill level and the political motive. B. Insider threat (Incorrect): An insider threat comes from within the organization. The scenario describes an attack on a website from an external actor. C. Nation-state (Incorrect): A nation-state actor is a government-sponsored group with a high level of technical skill and resources. This is contrary to the “minimal technical knowledge” described in the scenario. D. Hacktivist (Correct): A hacktivist is a person or group that launches cyber attacks for political or social reasons. The use of anti-government slogans and website defacements, which often require minimal technical skill, are classic tactics of hacktivism. |
| 7 | B | A disgruntled contractor purposely introduces logic bombs into payroll software after being terminated. Which motivation most likely explains this? A. Espionage (Incorrect): Espionage is the act of stealing secret information for intelligence purposes. A logic bomb is designed to cause damage or disruption, not to steal data for secrets. B. Revenge (Correct): The motivation is most likely revenge. The contractor is described as “disgruntled” and the destructive action was taken after being “terminated.” This is a classic example of an insider threat acting maliciously to retaliate against a company. C. War (Incorrect): The term “war” in this context refers to large-scale, state-sponsored conflict. The action described is a personal, malicious act by an individual. D. Financial gain (Incorrect): The purpose of a logic bomb is to cause harm or disruption, not to directly make money. An attack for financial gain would typically be ransomware or data theft for sale. |
| 8 | A | A foreign government launches cyberattacks to steal intellectual property from U.S.-based pharmaceutical companies. What motivation does this attack best represent? A. Espionage (Correct): The motivation is espionage. A foreign government stealing intellectual property from another country’s businesses is an act of cyber espionage. The goal is to obtain confidential and secret information, such as research, trade secrets, or technology, to gain a strategic or economic advantage. B. Ethical (Incorrect): This motivation is associated with hacktivism, where actions are driven by political or social beliefs. Stealing corporate secrets for a government is not driven by ethical concerns. C. Service disruption (Incorrect): The goal of the attack is to steal data, not to disrupt or deny service. The primary motivation is to exfiltrate information, not to cause an outage. D. Revenge (Incorrect): Revenge is a personal motivation for retaliation. The scenario describes a strategic action by a government, not a personal one. |
| 9 | C | A group of students runs automated scans using pre-built scripts they downloaded online. They lack deep understanding of how the tools work but manage to crash a school’s website. Which actor type does this represent? A. Nation-state (Incorrect): A nation-state actor is a government-sponsored group with a very high level of skill, resources, and geopolitical motives. This is a complete mismatch for a group of students using pre-built tools. B. Hacktivist (Incorrect): A hacktivist is motivated by political or social beliefs. The scenario does not provide a political or social motive for the students’ actions, only a lack of skill and the use of downloaded scripts. C. Script kiddies (unskilled attackers) (Correct): A script kiddie is a term for an individual or group who uses pre-built scripts and tools to launch attacks without a deep understanding of how they work. The students’ actions fit this description perfectly due to their reliance on pre-built scripts and their lack of technical knowledge. D. Insider threat (Incorrect): An insider threat has internal, authorized access to a system. The students’ actions were an external attack on the school’s website. |
| 10 | A | A cybercrime group infiltrates a bank’s systems, stealing customer PII, then offers to sell the data back to the bank to avoid exposure. Which motivation best describes this? A. Blackmail (Correct): This action is best described as blackmail, which is a form of extortion. The cybercrime group is demanding payment from the bank in exchange for not publicly exposing the stolen, sensitive customer data. B. Ethical (Incorrect): Ethical motivation is associated with hacktivism, where actions are driven by social or political beliefs, not financial gain. C. Espionage (Incorrect): Espionage is the act of stealing secret information for intelligence purposes, not for demanding payment from the victim. D. War (Incorrect): The term “war” in this context refers to large-scale, state-sponsored conflict. The action described is a targeted criminal act for financial gain. |