Welcome to today’s CompTIA Security+ practice test!
Today’s practice test is based on subdomain 2.5 (Explain the purpose of mitigation techniques used to secure the enterprise.) from the CompTIA Security+ SY0-701 objectives.
This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.
These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.
Click the button below to start today’s practice exam. To view answers and explanations for today’s questions, expand the Answers accordion.
Results
#1. A security administrator at a hospital notices that patient records are accessible by too many staff roles, including interns. To reduce risk, the administrator restricts access so only doctors and nurses directly involved in a case can open those records. Which mitigation technique is being applied?
#2. A financial company creates separate VLANs for its HR, finance, and IT departments. Firewalls are placed between VLANs to control communication. Which mitigation technique is primarily demonstrated?
#3. An organization enforces rules so that only signed, approved business applications can be executed on employee laptops. Which mitigation technique does this represent?
#4. An attacker attempts to pivot from a compromised workstation to a database server, but the firewall logs show that the workstation’s subnet cannot directly communicate with the database subnet. Which mitigation technique blocked the attack?
#5. A system administrator disables FTP, Telnet, and other unused services on all production servers. What mitigation technique is being applied?
#6. A company retires outdated servers after migrating to the cloud. Before disposal, the servers’ drives are wiped and destroyed. Which mitigation technique does this illustrate?
#7. A new worm outbreak is spreading rapidly. A security engineer ensures that all endpoints have the latest anti-malware signatures and verifies that endpoint protection software is active. Which mitigation technique is being applied?
#8. An IT manager configures firewalls on laptops to restrict inbound traffic when employees connect to public Wi-Fi. What mitigation technique does this represent?
#9. A developer deploys a test web application in a sandboxed environment that cannot connect to production systems. Which mitigation technique is this an example of?
#10. A SOC analyst detects unusual outbound traffic. Using SIEM alerts, they block the connection and trace it back to a compromised host. Which mitigation technique allowed the analyst to detect this?
Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.
To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.
Answers
| Number | Answer | Explanation |
|---|---|---|
| 1 | B | A security administrator at a hospital notices that patient records are accessible by too many staff roles, including interns. To reduce risk, the administrator restricts access so only doctors and nurses directly involved in a case can open those records. Which mitigation technique is being applied? A. Encryption (Incorrect): Encryption is the process of scrambling data to make it unreadable. While the records are likely encrypted, the action described is about managing who can access them, not the encryption itself. B. Least privilege (Correct): The administrator is applying the principle of least privilege. This is a core security concept that states users should be granted only the minimum level of access and permissions needed to perform their job functions. By restricting access to patient records to only those directly involved, the administrator is removing unnecessary privileges from other staff, such as interns. C. Isolation (Incorrect): Isolation is a network security technique that separates systems to prevent a compromise from spreading. The scenario describes access control within a system. D. Patching (Incorrect): Patching is the process of applying software updates to fix vulnerabilities. This is not related to controlling user access. |
| 2 | A | A financial company creates separate VLANs for its HR, finance, and IT departments. Firewalls are placed between VLANs to control communication. Which mitigation technique is primarily demonstrated? A. Segmentation (Correct): The company is using network segmentation. This mitigation technique involves dividing a large network into smaller, isolated sub-networks (in this case, using VLANs). Placing firewalls between these segments allows the company to control and monitor traffic, preventing a compromise in one department from spreading to others. B. Decommissioning (Incorrect): Decommissioning is the process of removing a system or asset from service. This is not related to the scenario. C. Application allow list (Incorrect): An application allow list is a security control that dictates which applications are permitted to run on a system. This is a host-based control, not a network-level control. D. Host-based firewall (Incorrect): A host-based firewall runs on an individual device. The scenario describes firewalls placed between different network segments, which is a network-level security control. |
| 3 | A | An organization enforces rules so that only signed, approved business applications can be executed on employee laptops. Which mitigation technique does this represent? A. Application allow list (Correct): An application allow list (or whitelist) is a security control that permits only a predefined set of trusted applications to run on a system. By enforcing this policy, the organization prevents unauthorized or malicious software from executing on employee laptops. B. Monitoring (Incorrect): Monitoring involves observing system activity. While it helps detect a breach after it has occurred, it does not prevent an unapproved application from running in the first place. C. Hardening (Incorrect): Hardening is the process of securing a system by reducing its attack surface and vulnerabilities. While an application allow list is a hardening technique, “application allow list” is the most specific and accurate term for the action described. D. Isolation (Incorrect): Isolation is a network security technique that separates systems to prevent a compromise from spreading. It is unrelated to controlling which applications can be run on a single host. |
| 4 | C | An attacker attempts to pivot from a compromised workstation to a database server, but the firewall logs show that the workstation’s subnet cannot directly communicate with the database subnet. Which mitigation technique blocked the attack? A. Encryption (Incorrect): Encryption scrambles data to protect it, but it would not prevent network communication between subnets. B. Monitoring (Incorrect): Monitoring involves observing network traffic. It would have detected the attack attempt but would not have actively blocked it. C. Segmentation (Correct): The mitigation technique that blocked the attack is network segmentation. This involves dividing a network into smaller, isolated subnets and using firewalls or other controls to restrict communication between them. The firewall policy prevented the attacker from pivoting from the less-secure workstation subnet to the more-secure database subnet. D. Least privilege (Incorrect): The principle of least privilege applies to user or process permissions on a system. It is not a network-level control that prevents inter-subnet communication. |
| 5 | C | A system administrator disables FTP, Telnet, and other unused services on all production servers. What mitigation technique is being applied? A. Patching (Incorrect): Patching is the process of applying software updates to fix vulnerabilities. It is not the same as disabling a service. B. Access control (Incorrect): Access control restricts who can use a service or resource. Disabling a service entirely is a broader measure than just access control. C. Hardening (Correct): The system administrator is applying hardening. This is the practice of securing a system by reducing its attack surface and mitigating vulnerabilities. Disabling unnecessary services like FTP and Telnet removes potential entry points that an attacker could exploit. D. Decommissioning (Incorrect): Decommissioning is the process of removing a system from service completely. The administrator is only disabling services, not the entire server. |
| 6 | A | A company retires outdated servers after migrating to the cloud. Before disposal, the servers’ drives are wiped and destroyed. Which mitigation technique does this illustrate? A. Decommissioning (Correct): The company is performing decommissioning. This is the formal process of securely removing a system, service, or asset from a production environment at the end of its lifecycle. Wiping and destroying the drives is a critical step in the decommissioning process to ensure no data is left behind. B. Patching (Incorrect): Patching is the process of applying software updates to fix vulnerabilities. This is not related to retiring old hardware. C. Monitoring (Incorrect): Monitoring involves observing system and network activity for suspicious behavior. This is an active security measure, not an end-of-life process. D. Isolation (Incorrect): Isolation is a network security technique that separates systems to prevent a compromise from spreading. This is not related to the retirement of hardware. |
| 7 | C | A new worm outbreak is spreading rapidly. A security engineer ensures that all endpoints have the latest anti-malware signatures and verifies that endpoint protection software is active. Which mitigation technique is being applied? A. Encryption (Incorrect): Encryption is the process of scrambling data to make it unreadable. It is not a direct measure for preventing malware from executing or spreading. B. Monitoring (Incorrect): Monitoring is the act of observing system activity. While monitoring would detect the worm, the actions described are preventative measures, not just observation. C. Hardening (Correct): The security engineer is performing hardening. Hardening is the practice of securing a system by reducing its attack surface and mitigating vulnerabilities. Ensuring that all endpoints have up-to-date and active anti-malware software is a fundamental step in hardening a system against malware infections like worms. D. Decommissioning (Incorrect): Decommissioning is the process of retiring a system at the end of its life cycle. It is not related to protecting a system from malware. |
| 8 | A | An IT manager configures firewalls on laptops to restrict inbound traffic when employees connect to public Wi-Fi. What mitigation technique does this represent? A. Host-based firewall (Correct): The IT manager is using a host-based firewall. This type of firewall is installed and runs directly on a single device, like a laptop, to control the network traffic flowing to and from that specific host. Configuring it to restrict inbound traffic is a common use case, especially on public networks. B. Isolation (Incorrect): Isolation separates entire networks or systems to contain a breach. The scenario describes a control on a single device. C. Segmentation (Incorrect): Segmentation is a network-level control that divides a network into isolated sub-networks. It is not a control on a single host. D. Monitoring (Incorrect): Monitoring is the act of observing activity for suspicious behavior. While the firewall’s logs would be monitored, the active mitigation technique is the firewall itself, which is a control, not just monitoring. |
| 9 | B | A developer deploys a test web application in a sandboxed environment that cannot connect to production systems. Which mitigation technique is this an example of? A. Segmentation (Incorrect): Segmentation divides a network into smaller segments. While it is a form of isolation, “isolation” is the more general and fitting term for a sandboxed environment. B. Isolation (Correct): The developer is using isolation. This mitigation technique separates a system or network from others to contain potential harm. A sandboxed environment is a form of isolation, designed to prevent a test application from causing damage to or gaining access to the live production environment. C. Decommissioning (Incorrect): Decommissioning is the process of retiring a system. This is unrelated to the deployment of a new test application. D. Access control (Incorrect): Access control restricts who can use a resource. While the sandboxed environment uses access controls, the fundamental security principle being applied to separate the environments is isolation. |
| 10 | A | A SOC analyst detects unusual outbound traffic. Using SIEM alerts, they block the connection and trace it back to a compromised host. Which mitigation technique allowed the analyst to detect this? A. Monitoring (Correct): The SOC analyst was able to detect the unusual activity through monitoring. This is the practice of continuously collecting and analyzing logs and network traffic to identify suspicious or malicious activity. A SIEM (Security Information and Event Management) system is a key tool used for this purpose, providing alerts that enabled the analyst to detect the threat. B. Isolation (Incorrect): Isolation separates systems or networks to contain a breach. It is a preventative control, not a detection technique. C. Least privilege (Incorrect): The principle of least privilege limits a user’s access to only what is necessary for their job. It is a preventative access control, not a detection method. D. Hardening (Incorrect): Hardening is the process of securing a system to reduce its attack surface and vulnerabilities. It is a preventative measure, not a detection technique. |