CompTIA Security+ Practice Test of the Day 260217

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on subdomain 4.5 (Given a scenario, modify enterprise capabilities to enhance security.) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 260217

10 questions • Single best answer

Question 1

Attackers sent phishing emails appearing to originate from the organization's own domain to its clients. The sending server's IP was not listed as an authorized sender for the domain. Which email security control, if implemented, would have authorized only approved mail servers to send on behalf of the domain?

A. DMARC policy enforcement B. DKIM signing C. SPF record D. TLS encryption

Question 2

A compromised workstation attempts to connect to a known malware command-and-control domain. The connection is blocked because the DNS resolver refuses to resolve the malicious domain name. Which security control prevented this communication?

A. Web content filtering with URL scanning B. DNS filtering C. IPS signature blocking D. EDR behavioral detection

Question 3

A security team wants to receive immediate alerts if any critical system files on Linux servers — such as /etc/passwd, /etc/shadow, or kernel modules — are modified. Which security capability should they implement?

A. User behavior analytics B. Network access control C. SELinux mandatory access control D. File integrity monitoring

Question 4

A healthcare organization requires that all devices connecting to the corporate network have current antivirus definitions, a compliant OS patch level, and an active firewall. Devices failing any check are placed in a remediation VLAN. Which security capability enforces this policy?

A. Endpoint detection and response (EDR) B. Network access control (NAC) C. Web application firewall (WAF) D. DLP

Question 5

An email passes SPF checks and DKIM signature verification successfully. However, the visible From address displays 'ceo@company.com' while the authenticated sending domain is 'company-support.net.' The email is rejected because the authenticated domain does not match the From header. Which email security control detected this misalignment?

A. SPF B. DKIM C. TLS D. DMARC

Question 6

A security team deploys software that establishes behavioral baselines for each user and alerts when significant deviations occur — such as an employee accessing 10,000 files in one hour at 3 AM when their normal pattern is 50 files during business hours. What security capability is this?

A. File integrity monitoring B. Network access control C. User behavior analytics D. DLP

Question 7

A Linux system administrator applies SELinux policies to the web server, ensuring the Apache process can only read files in /var/www/html and cannot write to system configuration files or spawn shell processes — even if Apache is compromised. What access control capability does SELinux provide?

A. Discretionary access control based on file ownership B. Role-based access control managed through Group Policy C. Mandatory access control through kernel-enforced security policies D. Rule-based access control enforced by the network firewall

Question 8

A company deploys a web filtering solution that blocks access to websites categorized as gambling, adult content, and streaming video. Employees attempting to visit these sites receive a block page. Which web filtering capability is being applied?

A. URL scanning B. Reputation-based filtering C. Agent-based filtering D. Content categorization

Question 9

A security analyst uses the EDR platform to review what happened on a compromised workstation over the past 45 days — viewing process creation events, parent-child process relationships, network connections, and registry modifications made by a suspicious executable. What EDR capability is being used?

A. Network access control enforcement B. Real-time packet capture and analysis C. Historical telemetry collection for threat hunting and investigation D. DNS filtering and domain reputation lookup

Question 10

A security administrator configures the corporate firewall to block all inbound traffic on port 23 (Telnet) and only allow port 22 (SSH) for remote administration. The corresponding service configurations are updated to use SSH exclusively. What enterprise security enhancement is being implemented?

A. Web application firewall rule update B. Implementation of secure protocols through port and protocol selection C. DNS filtering for administrative traffic D. User behavior analytics baseline update

Take more CompTIA Security+ practice tests

CompTIA Security+ Practice Test of the Day 260217

Related Posts