CompTIA Security+ Practice Test of the Day 260504

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 3.1 (Compare and contrast security implications of different architecture models) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 260504

10 questions • Single best answer

Question 1

A cloud architect deploying workloads on an IaaS platform needs to determine which party is responsible for patching guest operating systems on virtual machines. Which concept formally defines this breakdown of security responsibilities between the provider and the customer?

A. Risk transference B. Shared responsibility matrix C. Hybrid consideration D. Centralized management

Question 2

A DevOps team uses templated scripts to provision all cloud environments. A security auditor finds a single misconfiguration in the template is being replicated uniformly across every deployment. Which infrastructure concept creates this specific risk of consistent misconfiguration at scale?

A. Microservices B. Serverless C. Infrastructure as code (IaC) D. Containerization

Question 3

A development team migrates a payment processing function to a platform where the provider manages all infrastructure including the OS and runtime, and the team only deploys code. The security team has no visibility into patching the execution environment. Which cloud model introduces this trade-off?

A. Serverless B. Containerization C. On-premises D. Infrastructure as code (IaC)

Question 4

An organization decomposes a monolithic web application into dozens of small, independently deployable services that communicate over APIs, and a security engineer flags that each inter-service call is now a potential attack vector if not authenticated. Which architecture model introduces this specific API security concern?

A. Air-gapped network B. Microservices C. Serverless D. Virtualization

Question 5

A national energy company's OT security team requires that industrial control systems managing power generation have absolutely no electronic connection to corporate IT networks or the internet. Even indirect connectivity through firewalls is prohibited by policy. Which network infrastructure concept describes this isolation model?

A. Logical segmentation B. Software-defined networking (SDN) C. Air-gapped D. Virtual private network (VPN)

Question 6

A DevSecOps team packages an application and its runtime dependencies into portable units that run consistently across environments, but a security engineer notes all units on a host share the underlying OS kernel. Which architecture model is described, and what is its MOST significant security implication?

A. Virtualization — a compromised guest OS can directly affect the hypervisor B. Serverless — the provider's runtime environment becomes a shared attack surface C. Containerization — a kernel-level exploit could affect all containers on the host D. Infrastructure as code — a template misconfiguration replicates across all instances

Question 7

A hospital deploys hundreds of network-connected infusion pumps, patient monitors, and imaging devices across its facilities, and a security assessment reveals that most devices run outdated firmware with no update mechanism and use default credentials. Which architecture category introduces these specific security challenges?

A. Microservices B. Internet of Things (IoT) C. Software-defined networking (SDN) D. Serverless

Question 8

A water treatment facility uses a supervisory control system to manage chemical dosing from a central workstation running proprietary vendor software. A security assessment finds that availability requirements conflict with applying patches that require downtime. Which architecture type BEST describes this scenario?

A. Internet of Things (IoT) B. Containerization C. ICS/SCADA D. Serverless

Question 9

A network engineer at a large cloud provider needs to programmatically manage routing policies, access rules, and virtual network configurations across thousands of nodes from a centralized controller, and a security architect flags that the controller itself is a high-value target. Which network infrastructure concept is being used?

A. Air-gapped network B. Physical isolation C. Logical segmentation D. Software-defined networking (SDN)

Question 10

A manufacturing plant runs real-time operating systems on programmable logic controllers that manage assembly-line timing and safety interlocks, and the vendor no longer provides firmware updates; the systems also cannot be taken offline without halting production. Which architecture consideration BEST captures the ongoing security risk?