CompTIA Security+ Practice Test of the Day 260504

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 3.1 (Compare and contrast security implications of different architecture models) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 260504

10 questions • Single best answer

Question 1

A cloud architect at a global e-commerce company is deploying workloads on an IaaS platform and needs to determine which party is responsible for patching the guest operating systems on virtual machines. The cloud provider's documentation describes a division of duties between the provider and the customer. Which concept formally defines this breakdown of security responsibilities?

A. Risk transference B. Shared responsibility matrix C. Hybrid consideration D. Centralized management

Question 2

A DevOps team at a fintech company uses templated scripts to automatically provision and configure cloud environments for every new deployment. A security auditor finds that a single misconfiguration in the template is being replicated uniformly across all environments. Which architecture concept creates this specific risk of consistent misconfiguration at scale?

A. Microservices B. Serverless C. Infrastructure as code (IaC) D. Containerization

Question 3

A development team migrates a payment processing function to a platform where the cloud provider manages all underlying infrastructure including the OS and runtime, and the team only deploys code. The security team notes they have no visibility into or control over patching the execution environment. Which architecture model introduces this security trade-off?

A. Serverless B. Containerization C. On-premises D. Infrastructure as code (IaC)

Question 4

An organization decomposes a monolithic web application into dozens of small, independently deployable services that communicate over APIs, and a security engineer flags that each inter-service call is now a potential attack vector if not authenticated. Which architecture model introduces this specific API security concern?

A. Air-gapped network B. Microservices C. Serverless D. Virtualization

Question 5

A national energy company's OT security team requires that industrial control systems managing power generation have absolutely no electronic connection to corporate IT networks or the internet. Even indirect connectivity through firewalls is prohibited by policy. Which network infrastructure concept describes this isolation model?

A. Logical segmentation B. Software-defined networking (SDN) C. Air-gapped D. Virtual private network (VPN)

Question 6

A DevSecOps team packages a web application and its runtime dependencies into a portable unit that runs consistently across dev, staging, and production environments, but a security engineer notes that all units on a host share the underlying OS kernel. Which architecture model is described, and what is the MOST significant security implication of the shared kernel?

A. Virtualization — a compromised guest OS can directly affect the hypervisor B. Serverless — the provider's runtime environment becomes a shared attack surface C. Containerization — a kernel-level exploit could affect all containers on the host D. Infrastructure as code — a template misconfiguration replicates across all instances

Question 7

A hospital deploys hundreds of network-connected infusion pumps, patient monitors, and imaging devices across its facilities, and a security assessment reveals that most devices run outdated firmware with no update mechanism and use default credentials. Which architecture category introduces these specific security challenges?

A. Microservices B. Internet of Things (IoT) C. Software-defined networking (SDN) D. Serverless

Question 8

A water treatment facility uses a supervisory control system to monitor and manage chemical dosing and filtration processes from a central workstation running proprietary vendor software, and a security assessment finds that the availability requirements conflict with applying patches that need downtime. Which architecture type is BEST described in this scenario?

A. Internet of Things (IoT) B. Containerization C. ICS/SCADA D. Serverless

Question 9

A network engineer at a large cloud provider needs to programmatically manage routing policies, access rules, and virtual network configurations across thousands of nodes from a centralized controller, and a security architect flags that the controller itself is a high-value target. Which network infrastructure concept is being used?

A. Air-gapped network B. Physical isolation C. Logical segmentation D. Software-defined networking (SDN)

Question 10

A manufacturing plant runs real-time operating systems on programmable logic controllers that manage assembly-line timing and safety interlocks, and the vendor no longer provides firmware updates; the systems also cannot be taken offline without halting production. Which architecture consideration BEST captures the ongoing security risk?