CompTIA Security+ Practice Test of the Day 260323

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 4.6 (Given a scenario, implement and maintain identity and access management) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 260323

10 questions • Single best answer

Question 1

A human resources manager notifies the IT security team that a database administrator with access to sensitive financial records has been terminated. The administrator had accounts across fifteen different systems, including cloud platforms, on-premises databases, a VPN, and several third-party SaaS applications. The security team must take immediate action to prevent unauthorized access, and the organization has an IAM platform integrated with their HR system. Which process, if properly implemented, would MOST efficiently and comprehensively address this situation?

A. Manual account review and deletion across all systems performed by a security analyst B. Automated de-provisioning triggered by the HR system's termination workflow C. Resetting the administrator's password across all connected systems immediately D. Applying time-of-day restrictions to the terminated employee's accounts

Question 2

Your organization has recently deployed a cloud-based HR portal, a project management tool, and a customer relationship management (CRM) system, each requiring separate logins. Help desk tickets related to forgotten passwords have increased by 40% since the rollout. The CISO wants to implement a solution that allows employees to authenticate once using their existing Active Directory credentials and access all three applications, while enabling cloud vendors to verify user identities without storing corporate passwords. Which technology BEST meets these requirements?

A. RADIUS authentication integrated with Active Directory B. LDAP directory synchronization to each cloud vendor C. SAML-based single sign-on with Active Directory as the identity provider D. OAuth 2.0 authorization delegated from the corporate network

Question 3

A financial institution is upgrading its authentication mechanisms for remote employees accessing the corporate network. The security team wants to implement multifactor authentication using at least two distinct factor categories. Currently, employees enter a username and a PIN, and management has approved adding a hardware-based second factor. A penetration tester reviewing the current proposed solution notes that both a PIN and a password still represent only a single factor category. Which combination of factors would BEST satisfy the multifactor authentication requirement by using two distinct factor categories with a hardware-based component?

A. A username combined with a complex password of at least 16 characters B. A PIN combined with a one-time password (OTP) delivered via SMS to the employee's phone C. A password combined with a FIDO2 hardware security key D. A fingerprint scan combined with a retina scan for biometric verification

Question 4

A large healthcare organization employs over 3,000 staff across clinical, billing, IT, and administrative departments. The security team must design an access control model for the organization's electronic health records (EHR) system. The chosen model must assign access permissions based on job function rather than individual user discretion, scale efficiently across departments, and allow the HR system to automatically provision appropriate permissions when a new employee's job title is assigned. Which access control model BEST meets all of these requirements?

A. Discretionary access control (DAC) B. Mandatory access control (MAC) C. Role-based access control (RBAC) D. Attribute-based access control (ABAC)

Question 5

A cloud security architect at a financial services company is reviewing privileged access policies for cloud infrastructure administrators. An audit found that administrators have standing elevated privileges to production cloud resources at all times, which was flagged as a critical risk. The audit recommends a solution that grants elevated permissions only when needed, for a defined duration, with a formal approval step before access is granted — effectively eliminating persistent privileged access while preserving operational efficiency. Which privileged access management (PAM) feature BEST addresses this recommendation?

A. Password vaulting with automatic credential rotation B. Ephemeral credentials issued programmatically to service accounts C. Just-in-time permissions with time-bound, approval-gated access D. Enforcing least privilege across all administrator accounts permanently

Question 6

Two regional banks are merging their operations and must enable employees from each organization to access shared resources hosted in both environments. Each bank maintains its own identity provider (IdP) and does not want to consolidate into a single shared directory — both want to retain full control of their own user accounts and authentication processes. Employees of Bank A must be able to access Bank B's applications without being issued separate Bank B credentials. Which IAM concept BEST describes the solution that should be implemented?

A. Directory synchronization between both organizations' Active Directory environments B. Identity federation using a standards-based trust relationship between both identity providers C. Single sign-on configured within a single unified domain spanning both organizations D. Implementing identical multifactor authentication policies across both environments

Question 7

An enterprise security team implementing a zero trust architecture wants to ensure that only corporate-managed, compliant devices can access internal applications. The solution must verify that devices connecting to the network meet specific security posture requirements — such as an updated operating system, an active EDR agent, and enabled full-disk encryption — before granting access, and must re-verify compliance continuously throughout the session. A cloud security engineer recommends implementing device attestation as part of the authentication flow. Which statement BEST describes what device attestation accomplishes in this context?

A. It encrypts the communication channel between the endpoint device and the application server B. It verifies that the device is in a known, trusted, and compliant state before and during access C. It issues a digital certificate to the device that uniquely identifies it on the corporate network D. It replaces user credentials with device identity to enable passwordless authentication

Question 8

A security consultant is reviewing the password policy for a mid-sized technology company. The current policy requires password changes every 30 days, a minimum of 8 characters, and a mix of uppercase, lowercase, numbers, and special characters. Help desk password reset requests account for 35% of all IT tickets, and an internal audit found that employees frequently cycle through nearly identical passwords to satisfy the rotation requirement. The consultant wants to recommend changes aligned with current NIST SP 800-63B guidance on password best practices. Which recommendation BEST aligns with current NIST guidance?

A. Increase mandatory rotation frequency to every 15 days and enforce a 12-character minimum length B. Eliminate mandatory periodic password rotation unless a breach is detected, and increase the minimum password length C. Add mandatory complexity rules requiring at least three special characters and extend rotation to every 45 days D. Require unique passwords for every system from memory and eliminate the use of password managers

Question 9

A development team is building a mobile application that allows users to log in using their existing Google or Facebook accounts, and then grants the application limited access to their profile data — such as name and email address — from those platforms. The team wants to implement a standard that allows users to authorize the app to read their data without sharing their Google or Facebook credentials directly with the mobile app. The team is debating between SAML and OAuth 2.0 for this use case. Which choice is MOST appropriate and why?

A. SAML, because it is optimized for mobile applications and supports token-based cross-platform authorization B. OAuth 2.0, because it is an authorization framework that allows applications to access resources on behalf of a user without sharing the user's credentials C. SAML, because it provides the strongest identity federation standard and is preferred for all SSO and authorization implementations D. OAuth 2.0, because it is a complete authentication and authorization standard that eliminates the need for any separate identity layer

Question 10

A government agency manages a classified document system storing records at multiple sensitivity levels. The agency needs an access control model capable of evaluating multiple criteria simultaneously before granting access — including the user's security clearance level, department affiliation, currently assigned project, time of day, and the classification level of the requested document. A single user may legitimately need different access across documents depending on their active project each day, and access must automatically be denied if any required condition is not satisfied. Which access control model BEST supports this level of fine-grained, multi-attribute policy enforcement?

A. Role-based access control (RBAC) B. Discretionary access control (DAC) C. Mandatory access control (MAC) D. Attribute-based access control (ABAC)

Desk Mat CTA Block

Tired of Googling acronyms while practicing/studying?
Keep them all under your keyboard.

📋 GET_THE_DESK_MAT

Take more CompTIA Security+ practice tests

CompTIA Security+ Practice Test of the Day 260323

ByThe Test Master

Related Post

CompTIA Security+ Practice Test of the Day 260410

CompTIA Security+ Practice Test of the Day 260409

CompTIA Security+ Practice Test of the Day 260408

Leave a Reply Cancel reply

You missed

CEH v13 Domain 3.3 Practice Test 002

CEH v13 Domain 3.2 Practice Test 002

CEH v13 Domain 3.1 Practice Test 002

CEH v13 Domain 2.3 Practice Test 002