CompTIA Security+ Practice Test of the Day 260529

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 5.5 (Explain types and purposes of audits and assessments) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 260529

10 questions • Single best answer

Question 1

A penetration tester begins an engagement by collecting OSINT through search engines, public DNS records, and the target's social media without interacting with the company's infrastructure. Which technique is being used?

A. Active reconnaissance B. Passive reconnaissance C. Offensive testing D. Integrated assessment

Question 2

A publicly traded retailer's board establishes a subcommittee responsible for overseeing the integrity of financial controls and supervising the external auditor's work. Which internal audit construct does this describe?

A. Audit committee B. Self-assessment C. Compliance review D. Attestation

Question 3

Before an upcoming external review, a security manager at a logistics company directs each department to complete a quarterly questionnaire rating their own adherence to access control policy. What is this activity called?

A. Independent audit B. Examination C. Self-assessment D. Attestation

Question 4

An internal team at a hospital periodically reviews whether the organization continues to meet HIPAA's Security Rule requirements and documents gaps for management remediation. Which type of internal activity is this?

A. Audit committee B. Compliance audit C. Attestation D. Examination

Question 5

A SaaS company's CISO signs a formal statement asserting that specified security controls are designed and operating effectively, to be provided alongside an auditor's report to customers. What is this declaration called?

A. Self-assessment B. Examination C. Attestation D. Regulatory audit

Question 6

To satisfy enterprise customers, a cloud provider engages an external CPA firm with no commercial relationship to conduct a SOC 2 Type II review. Which audit category best fits this engagement?

A. Self-assessment B. Independent third-party audit C. Audit committee review D. Regulatory examination

Question 7

State banking regulators arrive on-site at a credit union to formally evaluate the institution's compliance with GLBA Safeguards Rule requirements. Which type of external review is being performed?

A. Attestation B. Independent third-party audit C. Examination D. Self-assessment

Question 8

A red team is contracted to attempt entry to a corporate data center by tailgating staff, picking locks, and cloning badges. Which penetration testing type is being performed?

A. Offensive B. Defensive C. Physical D. Integrated

Question 9

During an engagement, the offensive team shares discovered vulnerabilities in real time with the defenders so they can immediately tune detections, and both sides collaborate throughout. Which penetration testing approach is this?

A. Offensive B. Defensive C. Integrated D. Known environment

Question 10

A penetration tester is engaged to simulate an external attacker. The client provides only the organization's name and instructs the tester to enumerate everything from public sources onward. Which engagement type is this?