CompTIA Security+ Practice Questions: More Practice Questions

50 free, exam-style CompTIA Security+ (SY0-701) practice questions covering More Practice Questions. Each question shows the correct answer and a clear explanation. Ready for the real thing? Take the full timed quiz below.

🚀 Take the full CompTIA Security+ quiz 📘 CompTIA Security+ study guide

Q1. Which authentication protocol uses tickets and is resistant to replay attacks?

Explanation: Kerberos uses time-stamped tickets to prevent credential reuse. Learn more.

Q2. Which concept requires users to receive only the permissions needed for their role?

Explanation: Least privilege reduces risk by limiting access rights to what is necessary. Learn more.

Q3. Which authentication method uses a physical key that supports phishing-resistant public key cryptography?

Explanation: FIDO2 security keys use public key cryptography and are resistant to many phishing attacks. Learn more.

Q4. Which control provides temporary elevated access only for approved tasks?

Explanation: Just-in-time access reduces standing privileges by granting elevation only when needed. Learn more.

Q5. What type of attack involves inserting malicious code into a legitimate website?

Explanation: XSS attacks inject client-side scripts into web pages viewed by other users. Learn more.

Q6. What type of attack intercepts communication between two parties?

Explanation: MITM attacks secretly relay and potentially alter communications. Learn more.

Q7. A user approves a push notification they did not initiate. What attack might this indicate?

Explanation: MFA fatigue attacks repeatedly send prompts hoping the user approves one by mistake. Learn more.

Q8. Which attack attempts to capture cookies by forcing a victim browser to send unauthorized requests?

Explanation: Cross-site request forgery tricks an authenticated browser into submitting unwanted requests. Learn more.

Q9. Which control would BEST mitigate tailgating attacks?

Explanation: Mantraps prevent unauthorized physical entry via dual-door systems with authentication. Learn more.

Q10. Which physical security control prevents electromagnetic eavesdropping on network cabling?

Explanation: TEMPEST standards govern shielding against compromising emanations. Learn more.

Q11. Which physical security control prevents two people from entering a secure area on one authentication?

Explanation: A mantrap uses two controlled doors or similar controls to reduce tailgating and piggybacking. Learn more.

Q12. Which type of control is a bollard outside a building entrance?

Explanation: Bollards physically prevent vehicles from reaching protected areas. Learn more.

Q13. Which data protection method replaces sensitive values with non-sensitive substitutes stored in a mapping system?

Explanation: Tokenization substitutes sensitive data with tokens while preserving a secure mapping to the original values. Learn more.

Q14. Which data state is protected by TLS during a web session?

Explanation: TLS protects data as it moves across the network between client and server. Learn more.

Q15. Which data classification is usually the most restrictive?

Explanation: Restricted data generally requires the strongest handling controls because disclosure could cause significant harm. Learn more.

Q16. Which security control monitors and blocks unauthorized sensitive data transfers?

Explanation: Data Loss Prevention tools monitor and restrict sensitive data movement. Learn more.

Q17. Which authentication factor is 'something you are'?

Explanation: Biometrics (e.g., fingerprints) represent inherence factors. Learn more.

Q18. Which biometric factor has the highest false acceptance rate (FAR) among common authentication methods?

Explanation: Facial recognition systems are more susceptible to false positives compared to iris/fingerprint scans. Learn more.

Q19. Which authentication protocol uses challenge-response with non-repeating values?

Explanation: Challenge-Handshake Authentication Protocol (CHAP) prevents replay attacks with unique challenges. Learn more.

Q20. What is the PRIMARY risk of using WEP for wireless security?

Explanation: WEP's RC4 encryption can be cracked in minutes using tools like Aircrack-ng. Learn more.

Q21. Which wireless security protocol is rendered ineffective due to its vulnerability to offline dictionary attacks?

Explanation: Wi-Fi Protected Setup (WPS) PINs can be brute-forced in hours using tools like Reaver. Learn more.

Q22. Which type of malware replicates itself across networks?

Explanation: Worms self-propagate without user interaction by exploiting network vulnerabilities. Learn more.

Q23. Which type of malware remains dormant until specific conditions are met?

Explanation: Logic bombs activate upon predefined triggers like dates or system events. Learn more.

Q24. What is the PRIMARY purpose of a disaster recovery plan?

Explanation: DR plans outline procedures to recover IT systems post-disaster. Learn more.

Q25. Which disaster recovery site configuration has all systems pre-installed but requires data restoration?

Explanation: Warm sites balance cost and recovery time with preconfigured hardware but need data sync. Learn more.

Q26. Which cloud deployment model shares infrastructure between organizations with similar compliance requirements?

Explanation: Community clouds serve multiple entities with shared regulatory needs (e.g., healthcare organizations under HIPAA). Learn more.

Q27. Which cloud service model provides development platforms without managing underlying infrastructure?

Explanation: Platform-as-a-Service (PaaS) offers runtime environments for app development. Learn more.

Q28. Which Windows feature prevents pass-the-hash attacks by isolating credential processes?

Explanation: Credential Guard uses virtualization-based security to protect NTLM/LSA secrets. Learn more.

Q29. Which Windows log contains events related to user authentication attempts?

Explanation: Event ID 4624 (success) and 4625 (failure) track logon attempts in the Security log. Learn more.

Q30. What is the PRIMARY purpose of a honeypot?

Explanation: Honeypots lure attackers to study their techniques without risking production systems. Learn more.

Q31. Which document outlines rules for acceptable use of company resources?

Explanation: An Acceptable Use Policy (AUP) defines permitted and prohibited activities. Learn more.

Q32. Which principle ensures users have only the access needed for their job?

Explanation: Least privilege minimizes attack surfaces by restricting unnecessary permissions. Learn more.

Q33. Which control would BEST protect against ransomware?

Explanation: Immutable offline backups allow recovery without paying ransom. Learn more.

Q34. What does SIEM stand for?

Explanation: SIEM systems aggregate and analyze logs for threat detection. Learn more.

Q35. Which regulation protects healthcare information in the US?

Explanation: HIPAA sets standards for protecting sensitive patient health information. Learn more.

Q36. What is the PRIMARY purpose of a digital certificate?

Explanation: Digital certificates bind public keys to identities via CA signatures. Learn more.

Q37. Which port is typically used for secure web browsing?

Explanation: HTTPS uses TCP port 443 for encrypted web traffic. Learn more.

Q38. What is the PRIMARY risk of social engineering?

Explanation: Social engineering manipulates humans into bypassing security controls. Learn more.

Q39. Which backup type only copies changed data since the last full backup?

Explanation: Incremental backups save only new/changed files since the last backup of any type. Learn more.

Q40. What is the PRIMARY purpose of an IRP (Incident Response Plan)?

Explanation: IRPs define roles, procedures, and communication during security incidents. Learn more.

Q41. Which attack vector specifically targets vulnerabilities in web applications by injecting database queries?

Explanation: SQL injection manipulates database queries through unfiltered user input. Learn more.

Q42. During a penetration test, which tool would most likely be used to identify live hosts on a network?

Explanation: Nmap performs host discovery through ICMP, TCP, or ARP ping sweeps. Learn more.

Q43. Which cryptographic attack exploits predictable IVs in WEP encryption?

Explanation: The Fluhrer-Mantin-Shamir (FMS) attack recovers WEP keys by analyzing weak initialization vectors. Learn more.

Q44. Which protocol should replace SNMPv2 for secure network device monitoring?

Explanation: SNMPv3 adds encryption and authentication missing in earlier versions. Learn more.

Q45. Which Linux command displays active network connections and listening ports?

Explanation: netstat -tulpn shows TCP/UDP connections and associated processes. Learn more.

Q46. Which RAID configuration provides both striping and dual parity fault tolerance?

Explanation: RAID 6 can withstand two simultaneous disk failures using two parity blocks. Learn more.

Q47. Which protocol secures VoIP communications through SRTP and ZRTP?

Explanation: Secure Real-time Transport Protocol (SRTP) encrypts voice/video streams. Learn more.

Q48. Which tool intercepts and logs network traffic for analysis?

Explanation: Wireshark captures packets in promiscuous mode for protocol analysis. Learn more.

Q49. Which control type is a security awareness training program?

Explanation: Training is an administrative control because it uses policy and process to influence user behavior. Learn more.

Q50. Which vulnerability management action should happen after remediation?

Explanation: Validation confirms that remediation was successful and did not leave the vulnerability exploitable. Learn more.

More CompTIA Security+ practice topics