CompTIA Security+ Practice Test of the Day 260506

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 3.3 (Compare and contrast concepts and strategies to protect data) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 260506

10 questions • Single best answer

Question 1

The CISO of a global e-commerce company expanding into the EU is told that customer data from EU member states must be stored and processed exclusively on EU-based servers. Which concept BEST describes this regulatory requirement?

A. Data classification B. Data sovereignty C. Geolocation tagging D. Data segmentation

Question 2

A threat model review reveals that sensitive financial data is encrypted at rest and in transit but is briefly exposed in plaintext in application memory during calculations. The team must classify this exposure. Which data state does this represent?

A. Data at rest B. Data in transit C. Data in use D. Data in motion

Question 3

A penetration tester testing a retail checkout flow observes that credit card numbers are immediately replaced by randomly generated surrogate values. Internal systems use the surrogate throughout processing while the original number is held in a secure external vault. Which technique is being used?

A. Encryption B. Hashing C. Tokenization D. Masking

Question 4

A security team provides developers with a copy of the production database for testing. Customer names show as 'XXXXX XXXXX', SSNs are replaced with sequential fake values, and balances are randomly offset. Developers cannot recover original values. The data retains its format and statistical patterns. Which technique was applied?

A. Tokenization B. Obfuscation C. Masking D. Encryption

Question 5

A law firm's security administrator is implementing a data classification policy. Attorney-client privileged case files must be accessible only to assigned legal teams and must never leave the firm's infrastructure. Which classification label is MOST appropriate for these files?

A. Private B. Sensitive C. Confidential D. Restricted

Question 6

A DBA auditing a legacy application finds passwords stored as fixed-length 64-character strings. The application processes an entered password and compares the result to the stored value, which cannot be reversed or decrypted. Which technique is being used to store passwords?

A. Symmetric encryption B. Tokenization C. Hashing D. Masking

Question 7

A legal team identifies a proprietary recommendation algorithm maintained as an internal secret for seven years, never patented, and protected entirely through NDAs and access controls. It is the company's primary competitive differentiator. How should this asset be classified?

A. Intellectual property B. Regulated data C. Trade secret D. Financial information

Question 8

A mobile app developer uses a tool that renames internal functions to meaningless strings, restructures logic, inserts dummy code paths, and scrambles string literals throughout the binary. The app functions identically but is extremely difficult to analyze after decompilation. Which technique was applied?

A. Masking B. Obfuscation C. Tokenization D. Segmentation

Question 9

A cloud architect must comply with new regulations requiring that subscriber data for residents of specific countries be stored and processed only on servers within those countries. Which concept drives this infrastructure requirement?

A. Data sovereignty declarations B. Permission restrictions C. Geographic restrictions D. Data segmentation

Question 10

An audit reveals all employees have read access to the full HR database, including salary data, performance reviews, and disciplinary records. The CISO wants access restructured so only HR and payroll staff can view sensitive fields. Which principle should guide this change?