CompTIA Security+ Practice Test of the Day 260427

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 1.3 (Explain the importance of change management processes and the impact to security) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 260427

10 questions • Single best answer

Question 1

The IT director of a regional healthcare network is reviewing the organization's change management procedures after a software update deployed to production servers caused an unexpected authentication failure for multiple clinical applications. The update was applied directly by a junior administrator without any documented review or sign-off from senior staff or a change review board. The security team is asked to identify which change management control was bypassed that would most likely have caught this issue before deployment. Which change management process was MOST directly absent in this scenario?

A. Backout plan B. Maintenance window C. Approval process D. Version control

Question 2

A systems engineer at a manufacturing company is preparing to deploy a major firmware update to industrial control systems on the production floor. The change management team requires that all high-risk changes include a documented procedure for restoring systems to their previous state if the update causes unexpected failures. After the update is applied, production sensors begin reporting erroneous data and the team successfully restores the previous firmware within the same maintenance window. Which change management component allowed the team to quickly recover from the failed update?

A. Standard operating procedure B. Backout plan C. Impact analysis D. Approval process

Question 3

A security engineer at a financial institution is coordinating a critical patch deployment for a vulnerability in the bank's online transaction processing system. The change management board approves the patch but specifies it must be applied only during a scheduled four-hour period on Saturday night when customer activity is lowest and support staff are on standby. Two days later, a developer proposes applying the patch at noon on a Wednesday to meet an internal compliance deadline. Which change management concept does the developer's proposal violate?

A. Ownership B. Standard operating procedure C. Maintenance window D. Backout plan

Question 4

A security administrator is hardening a fleet of employee workstations after several incidents in which users installed unapproved third-party applications that later introduced malware into the network. The organization's new policy permits only IT-vetted and pre-approved software executables to run on endpoints — all other executables are automatically blocked regardless of their source or the user's intent. Which technical change management control has the administrator implemented?

A. Deny list B. Allow list C. Restricted activities control D. Dependency mapping

Question 5

A change advisory board (CAB) at a university is evaluating a proposal to replace the legacy authentication platform used across all campus applications. Several board members note that the authentication system interfaces with the student information system, library access controls, and dormitory entry management. The board requests that the change submitter provide a formal assessment of how the proposed change could affect each connected system and what the consequences would be if those dependencies fail during the transition. Which change management artifact is the CAB requesting?

A. Backout plan B. Stakeholder identification C. Impact analysis D. Standard operating procedure

Question 6

A development team at a software company pushes an update to their customer-facing web application late on a Friday afternoon. Over the weekend, a critical bug is discovered that causes the application to crash for users with non-English locale settings. The incident response team needs to immediately identify exactly what code changed in this release compared to the previous version and restore the application to its last known-good state. Which change management and development control would MOST directly enable both rapid identification of the change and a successful rollback?

A. Maintenance window B. Version control C. Backout plan D. Approval process

Question 7

A network administrator is planning to decommission an aging DNS resolver that has been in service for over a decade at a large enterprise. During the pre-change review, the administrator discovers that multiple internally developed applications hardcode the IP address of this specific DNS server in their configuration files and will fail to resolve hostnames if the resolver is taken offline without updating those applications first. Which technical implication of change management does this scenario BEST illustrate?

A. Restricted activities B. Legacy applications C. Dependencies D. Service restart

Question 8

A cloud operations team at a retail company regularly rotates SSL/TLS certificates for its customer-facing HTTPS services. Over the past year, three separate rotation events caused brief outages because different engineers performed the process in slightly different ways — one forgot to restart the web server process, another applied the certificate to the wrong virtual host. The security manager wants to eliminate these inconsistencies and ensure the rotation is performed correctly every time, regardless of which engineer executes it. Which change management control would BEST address this requirement?

A. Impact analysis B. Standard operating procedure C. Approval process D. Maintenance window

Question 9

A network engineer at an enterprise company completes a significant infrastructure change that adds a new segmented VLAN for IoT devices and modifies firewall rules to allow specific traffic flows between network zones. The change is tested, verified, and the change ticket is closed. Three weeks later, a different engineer consulting the network documentation makes a routing decision based on the pre-change architecture, resulting in a misconfiguration that inadvertently exposes IoT devices to internal servers. Which post-change activity was neglected after the change was completed?

A. Version control B. Updating diagrams C. Backout plan documentation D. Stakeholder notification

Question 10

A change management coordinator at a government agency is reviewing a proposed operating system upgrade across all agency workstations. During the pre-change review, the team identifies a mission-critical case management application last updated in 2009 that has not been tested against the new OS version and is no longer supported by the original vendor. The team is concerned that applying the upgrade would render the application non-functional with no supported remediation path, potentially halting agency operations. Which technical implication of change management does this scenario specifically highlight?