CompTIA Security+ Practice Test of the Day 260603

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 1.4 (Explain the importance of change management processes and the impact to security) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 260603

10 questions • Single best answer

Question 1

A security engineer at a SaaS startup must protect data on laptops so that all contents become unreadable if a device is stolen. The solution should automatically protect every sector without user intervention per file. Which approach best meets this need?

A. Full-disk encryption B. File-level encryption C. Tokenization D. Data masking

Question 2

An analyst must store user passwords so that two identical passwords produce different stored values, defeating precomputed attack tables. The chosen method must add unique random data before processing each credential. Which technique should be applied?

A. Salting B. Key stretching C. Block cipher mode D. Digital signing

Question 3

A penetration tester finds that a company embeds confidential data inside image files to keep its presence hidden from observers. The goal was concealment rather than scrambling the contents. Which practice does this describe?

A. Steganography B. Symmetric encryption C. Hashing D. Certificate pinning

Question 4

A CISO at a financial institution wants a tamper-resistant appliance to generate and store encryption keys for high-volume transaction servers. The device must offload cryptographic operations and protect keys from extraction. Which component is most appropriate?

A. Hardware security module B. Trusted Platform Module C. Secure enclave D. Key escrow service

Question 5

An administrator needs clients to verify in real time whether a single presented certificate has been revoked, without downloading a full list. The method should query the issuer for one certificate's status. Which mechanism fits this requirement?

A. OCSP B. CRL C. CSR D. Self-signed certificate

Question 6

Your organization recently migrated to a cloud platform and needs a single credential to secure many subdomains under one domain name. Issuing a separate credential for each host is impractical. Which option satisfies this need?

A. Wildcard certificate B. Root certificate C. Code-signing certificate D. Self-signed certificate

Question 7

A developer must securely establish a shared symmetric secret over an untrusted network without ever transmitting that secret itself. The two parties need to derive the same value independently. Which method accomplishes this?

A. Diffie-Hellman key exchange B. AES in CBC mode C. SHA-256 hashing D. Tokenization

Question 8

A vendor wants recipients to confirm both that a software update truly came from the vendor and that it was not altered in transit. The vendor encrypts a digest with its private key and attaches it. Which cryptographic construct is being used?

A. Digital signature B. Symmetric key C. Salt D. Steganographic payload

Question 9

A security architect wants to slow attackers who attempt to brute-force stored credentials by making each guess computationally expensive. The technique repeatedly processes the input to increase its effective cost. Which approach should be implemented?

A. Key stretching B. Tokenization C. Data masking D. Certificate stapling

Question 10

An auditor reviews a cryptocurrency system that records transactions across a distributed, append-only ledger that all participants can verify. No single party controls the record, and entries cannot be altered retroactively. Which technology underpins this design?

A. Blockchain B. Public key infrastructure C. Hardware security module D. Key escrow

Tired of Googling acronyms while practicing/studying?
Keep them all under your keyboard.

📋 GET_THE_DESK_MAT

Take more CompTIA Security+ practice tests

CompTIA Security+ Practice Test of the Day 260603

Related Posts

Leave a Comment Cancel Reply