CompTIA Security+ Practice Test of the Day 260225

Question 1

Your organization processes credit card transactions and is preparing for its annual compliance review. A third-party Qualified Security Assessor (QSA) is scheduled to evaluate whether the organization meets PCI DSS requirements. The executive team wants assurance that the assessment is impartial and recognized by regulatory bodies and business partners. Which type of assessment is being conducted?

A. Internal compliance audit B. Self-assessment questionnaire (SAQ) C. Independent third-party audit D. Internal attestation review

Question 2

An analyst in a SOC observes that the organization’s internal audit committee has initiated a review of access control policies, privilege assignments, and change management documentation. The review is being conducted by employees who are not directly responsible for daily IT operations. The goal is to ensure internal policy adherence and prepare for a future regulatory examination. Which type of audit is being performed?

A. Regulatory examination B. External assessment C. Internal audit D. Offensive penetration test

Question 3

Your company hires a security firm to simulate a real-world attack without providing the firm with prior knowledge of the environment. The objective is to measure detection and response capabilities under realistic adversarial conditions. Executive leadership wants the engagement to closely mimic how an actual threat actor would behave. Which type of penetration testing approach is being used?

A. Known environment (white-box) testing B. Partially known environment (gray-box) testing C. Unknown environment (black-box) testing D. Defensive penetration testing

Question 4

A security administrator at a large enterprise is planning an assessment to evaluate both physical security controls and network defenses during a coordinated engagement. The red team will attempt physical badge cloning and tailgating, while also launching phishing campaigns and vulnerability exploitation attempts. The blue team will actively defend and respond during the exercise. Which type of assessment best describes this engagement?

A. Physical penetration test only B. Integrated penetration test C. Passive reconnaissance assessment D. Self-assessment compliance review

Question 5

Your organization is preparing for a regulatory examination by a national financial authority. The regulator will evaluate compliance with data protection laws, review audit logs, and assess adherence to mandated encryption standards. The organization has no control over the timing or scope of the engagement, and failure to comply could result in fines or sanctions. Which type of audit is being conducted?

A. Independent third-party audit B. Regulatory examination C. Internal compliance review D. Voluntary assessment

Question 6

An enterprise security team conducts an annual review in which department heads formally confirm that they are following established access control policies and data retention requirements. This confirmation is documented and presented to executive leadership as evidence of due diligence and oversight. Which concept best describes this activity?

A. Attestation B. Passive reconnaissance C. Offensive security testing D. Supply chain analysis

Question 7

Your company hires an external security firm to evaluate security controls, but provides limited network diagrams and basic system information in advance. The testers are expected to perform reconnaissance and exploitation attempts, but they are given partial visibility to simulate an insider threat scenario. Which type of penetration test is being performed?

A. Known environment (white-box) testing B. Unknown environment (black-box) testing C. Partially known environment (gray-box) testing D. Defensive simulation exercise

Question 8

A security administrator at a healthcare organization is coordinating a review of its disaster recovery documentation, incident response playbooks, and change management procedures. The purpose is to verify that documented controls align with regulatory requirements and internal governance standards. No live systems will be attacked or exploited during this engagement. Which type of assessment is MOST appropriate for this scenario?

A. Integrated penetration test B. Compliance audit C. Active reconnaissance engagement D. Physical red team exercise

Question 9

Your organization contracts a cloud service provider to host sensitive customer data. As part of the agreement, the legal team ensures that the contract includes a clause allowing your organization to review the provider’s security controls, request audit reports, and perform on-site inspections if necessary. This provision is critical to ensure ongoing assurance of the vendor’s security posture. Which concept is being implemented?

A. Service-level agreement (SLA) B. Right-to-audit clause C. Memorandum of understanding (MOU) D. Business impact analysis (BIA)

Question 10

An analyst in a SOC participates in a coordinated exercise where an external red team attempts to compromise systems while the internal blue team actively monitors alerts, responds to incidents, and documents remediation steps in real time. Executive leadership wants to evaluate both offensive capabilities and defensive response effectiveness during a single engagement. Which type of assessment best describes this scenario?

A. Defensive penetration test B. Passive reconnaissance engagement C. Integrated penetration test D. Internal self-assessment

CompTIA Security+ Practice Test of the Day 260225

ByThe Test Master

Related Post

CompTIA Security+ Practice Test of the Day 260410

CompTIA Security+ Practice Test of the Day 260409

CompTIA Security+ Practice Test of the Day 260408

Leave a Reply Cancel reply

You missed

CEH v13 Domain 3.3 Practice Test 002

CEH v13 Domain 3.2 Practice Test 002

CEH v13 Domain 3.1 Practice Test 002

CEH v13 Domain 2.3 Practice Test 002