CompTIA Security+ Practice Test of the Day 260509

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 4.2 (Explain the security implications of proper hardware, software, and data asset management) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 260509

10 questions • Single best answer

Question 1

A county agency is sourcing laptops from three vendors. One offers lower prices but sources components from an unverified overseas manufacturer. The security team must evaluate this vendor before approval. What is the PRIMARY security concern with this vendor?

A. The hardware may not support the organization's required operating system version B. The lower price point indicates the vendor may not provide adequate warranty support C. Acquiring hardware from unverified sources introduces supply chain risks, including the possibility of hardware-level tampering or counterfeit components D. The overseas vendor may not accept the agency's standard purchase order terms

Question 2

A financial institution just deployed 300 new workstations. The IT governance team is updating the asset management system and must record a named owner for each device before deployment. Which outcome does assigning an asset owner PRIMARILY achieve?

A. It automatically initiates patch deployment workflows to the assigned device B. It determines the data classification level of information stored on the device C. It establishes a named party accountable for the asset's security, maintenance, and lifecycle decisions D. It grants the named owner local administrative privileges on the workstation

Question 3

A security team discovers unclassified files on shared network drives, including HR reviews, customer contracts, and regulated financial data. Management wants classification labels applied before enforcing access controls. What is the PRIMARY reason for classifying data assets?

A. To ensure data is stored on hardware that meets minimum performance benchmarks B. To assign appropriate protection controls, access restrictions, and handling procedures based on sensitivity level C. To determine which data sets are subject to backup and disaster recovery policies D. To identify which files must be archived to offline storage after 90 days

Question 4

During a security audit of a regional bank, the auditor finds several servers actively processing transactions that are not listed in the asset inventory. No one knows when they were provisioned or who owns them. What is the MOST significant security risk?

A. The servers may generate inaccurate transaction reports due to inconsistent configurations B. The bank may incur licensing fees from software installed on untracked systems C. Untracked assets are likely missing security patches and hardening configurations, and cannot be properly monitored or managed D. The bank's disaster recovery software will exclude these servers, violating its recovery time objective

Question 5

An enterprise security team has finished a physical hardware inventory. They now want to discover all installed software across endpoints to identify unauthorized and end-of-life applications. Which asset management activity BEST describes what the team is performing?

A. Vulnerability scanning B. Configuration baselining C. Asset enumeration D. Threat modeling

Question 6

A state agency is donating 150 decommissioned laptops to public schools. The spinning hard drives previously stored social security numbers and tax records. The drives will be reused. Which sanitization method is MOST appropriate?

A. Delete all files and reformat the drives using the Windows Disk Management utility B. Perform a multi-pass overwrite using NIST SP 800-88-compliant software C. Remove and physically shred the hard drives, then replace them with new drives before donation D. Apply full-disk encryption to the drives and hand them over to the schools with the keys

Question 7

A cybersecurity team is decommissioning servers whose SSDs stored encryption keys, credentials, and regulated PII. Per policy, media containing sensitive data that will not be reused must be permanently destroyed. Which disposal method is MOST appropriate?

A. Overwrite the SSDs using a DoD 5220.22-M multi-pass wipe B. Execute a secure erase command using the manufacturer's firmware-level tool C. Perform crypto-erasure by destroying the drive's encryption key D. Physically shred or incinerate the SSDs

Question 8

An organization decommissioned servers holding protected health information and hired a certified vendor to destroy the data. The compliance officer now needs formal documentation to satisfy a HIPAA audit. What document should the vendor provide?

A. A signed chain of custody form B. A decommissioning change request ticket C. A certificate of destruction D. An asset transfer agreement

Question 9

A healthcare organization must retain patient records for seven years per state law. The IT security team is implementing controls to enforce this across all storage systems. Which statement BEST explains why a formal data retention policy is a critical security control?

A. It prevents users from accidentally modifying archived patient records after they are stored B. It ensures all retained records are encrypted using a FIPS 140-2 validated algorithm for the duration of the retention period C. It defines how long data must be preserved and when it must be securely destroyed, reducing unnecessary data exposure and associated legal liability D. It requires that all retained data be stored on-premises to comply with healthcare data residency laws

Question 10

A security audit finds that 75 replaced workstations are sitting in a warehouse, still joined to the domain, containing unencrypted trade secrets, and never formally processed. The employees who used them left six months ago. Which asset lifecycle phase was MOST neglected?