CompTIA Security+ Practice Test of the Day 260218

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on subdomain 4.6 (Given a scenario, implement and maintain identity and access management.) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 260218

10 questions • Single best answer

Question 1

A cloud administrator requires temporary elevated access to a production environment for a 2-hour maintenance window. The PAM system grants the elevated role for exactly that window and automatically revokes it when the timer expires. What PAM capability does this describe?

A. Password vaulting B. Ephemeral credentials C. Just-in-time permissions D. Role-based access control

Question 2

A global company wants employees to use their corporate credentials to access Salesforce, Workday, and ServiceNow without re-entering their password for each application. A central identity provider issues authentication tokens accepted by all three platforms. What technology enables this?

A. LDAP directory synchronization B. RADIUS authentication C. Single sign-on (SSO) using SAML D. Multifactor authentication (MFA)

Question 3

When a new employee joins the organization, the HR system triggers automatic creation of their Active Directory account, assignment to the correct security groups, email provisioning, and VPN access configuration. When they resign, the same system disables all access within minutes of HR updating the record. What IAM process is described?

A. Identity proofing B. Federation C. Attestation D. Provisioning and de-provisioning

Question 4

A bank requires new customers to photograph their government-issued ID and take a selfie before activating an online account. The system uses biometric matching to confirm the selfie matches the ID photo. What IAM concept does this describe?

A. Multifactor authentication B. Identity proofing C. Attestation D. Federation

Question 5

A government network's operating system automatically determines a user's access to classified files based on the user's clearance level and the file's classification label. Users cannot modify permissions on files they own. What access control model is in use?

A. Discretionary access control (DAC) B. Role-based access control (RBAC) C. Mandatory access control (MAC) D. Attribute-based access control (ABAC)

Question 6

An access control system grants development lab access only to users in the 'Dev' role, only during weekday business hours, and only from company-managed devices. All three conditions must be true simultaneously. What access control model BEST describes this policy?

A. Role-based access control B. Rule-based access control C. Mandatory access control D. Attribute-based access control (ABAC)

Question 7

An employee logs in to their corporate laptop with a password and then approves a push notification on their smartphone before access is granted. What type of authentication does this illustrate?

A. Single-factor authentication using two methods B. Passwordless authentication with biometric backup C. Multifactor authentication combining knowledge and possession factors D. Federation between two identity providers

Question 8

A privileged access management system stores all administrator account passwords in an encrypted vault. When an admin needs to access a server, they check out the credential from the vault, use it for their session, and the system automatically rotates the password afterward. What PAM capability is this?

A. Just-in-time permissions B. Ephemeral credentials C. Password vaulting D. Identity federation

Question 9

A security policy requires all user accounts to have passwords of at least 16 characters, use a combination of uppercase, lowercase, numbers, and symbols, and prohibit reuse of the last 24 passwords. Which password best practices are being enforced?

A. Expiration, age, and passwordless fallback B. Length, complexity, and reuse restrictions C. Complexity, expiration, and biometric backup D. Length, age, and manager approval

Question 10

A company gives each system administrator a separate privileged account used exclusively for administrative tasks, distinct from their standard user account used for daily work like email and browsing. Which IAM principle does this implement?

A. Just-in-time permissions B. Federation C. Least privilege through account separation D. Mandatory access control

Take more CompTIA Security+ practice tests

CompTIA Security+ Practice Test of the Day 260218

Related Posts