CompTIA Security+ Practice Test of the Day 260701

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 1.4 (Explain the importance of using appropriate cryptographic solutions) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 260701

10 questions • Single best answer

Question 1

A hospital encrypts laptops so stolen devices reveal nothing readable. Security wants the entire drive, including the operating system and swap space, protected automatically at boot. Which approach meets this requirement?

A. File-level encryption B. Full-disk encryption C. Database encryption D. Record-level encryption

Question 2

A bank must securely distribute a shared session key between two servers over an untrusted link. Analysts want both sides to derive the same secret without transmitting it in the clear. Which mechanism enables this?

A. Key exchange B. Key escrow C. Key stretching D. Key length

Question 3

A government agency needs to confirm both the integrity and the origin of a signed firmware update. Recipients must verify the developer created it and that nobody altered it. Which cryptographic feature provides both assurances?

A. Symmetric encryption B. Tokenization C. Digital signature D. Salting

Question 4

A retailer wants to store account passwords so identical passwords produce different stored values, defeating precomputed attack tables. The security team adds a unique random value to each password before hashing. What is this technique called?

A. Key stretching B. Obfuscation C. Steganography D. Salting

Question 5

A cloud provider needs tamper-resistant hardware to generate, store, and manage encryption keys at scale for many customer applications. The device must offload cryptographic operations from servers. Which component best fits this need?

A. Hardware security module B. Trusted Platform Module C. Secure enclave D. Root of trust

Question 6

An analyst must verify in real time whether a presented certificate has been revoked before allowing a TLS session. The team prefers a lightweight query that avoids downloading large lists. Which solution should they use?

A. Certificate revocation list B. Certificate signing request C. Online Certificate Status Protocol D. Self-signed certificate

Question 7

A fintech firm wants to replace stored credit card numbers with non-sensitive substitute values mapped in a secure vault. The substitutes carry no mathematical relationship to the originals. Which technique is described?

A. Hashing B. Tokenization C. Data masking D. Key escrow

Question 8

A software company must obtain a trusted certificate for its public web server. Administrators generate a request containing the server's public key and identity details to send to a certificate authority. What is this request called?

A. Certificate revocation list B. Key escrow request C. Certificate signing request D. Online Certificate Status Protocol

Question 9

A managed security provider wants to secure a single certificate that protects many subdomains under one domain, such as mail, vpn, and portal. Issuing separate certificates for each is impractical. Which certificate type fits?

A. Wildcard certificate B. Self-signed certificate C. Root certificate D. Third-party certificate

Question 10

A critical infrastructure operator wants to slow brute-force attacks against stored credentials. The team applies repeated iterations to make each password hash computation deliberately slow and resource-intensive. Which technique achieves this goal?