CompTIA Security+ Practice Questions: Threats, Attacks & Vulnerabilities

25 free, exam-style CompTIA Security+ (SY0-701) practice questions covering Threats, Attacks & Vulnerabilities. Each question shows the correct answer and a clear explanation. Ready for the real thing? Take the full timed quiz below.

🚀 Take the full CompTIA Security+ quiz 📘 CompTIA Security+ study guide

Q1. Which of the following BEST describes a zero-day vulnerability?

Explanation: A zero-day vulnerability is one that is unknown to the vendor and has no available patch when it's being exploited. Learn more.

Q2. What type of attack involves inserting malicious code into a legitimate website?

Explanation: XSS attacks involve injecting client-side scripts into web pages viewed by other users. Learn more.

Q3. Which type of malware replicates itself across networks?

Explanation: Worms are self-replicating malware that spread across networks without user interaction. Learn more.

Q4. What type of attack intercepts communication between two parties?

Explanation: MITM attacks secretly relay and possibly alter communications between parties who believe they're directly communicating. Learn more.

Q5. What is the PRIMARY risk of social engineering?

Explanation: Social engineering bypasses technical controls by exploiting human psychology. Learn more.

Q6. Which protocol is vulnerable to VLAN hopping attacks?

Explanation: Dynamic Trunking Protocol (DTP) can be exploited to gain unauthorized VLAN access. Learn more.

Q7. What is the PRIMARY risk of an evil twin access point?

Explanation: Evil twins mimic legitimate WiFi networks to intercept user communications. Learn more.

Q8. Which type of attack floods a network with ICMP echo requests?

Explanation: Smurf attacks use amplified ICMP traffic directed at broadcast addresses. Learn more.

Q9. Which type of malware displays unwanted advertising?

Explanation: Adware automatically displays or downloads advertisements. Learn more.

Q10. Which type of attack exploits session management weaknesses?

Explanation: Session hijacking steals valid session tokens to impersonate users. Learn more.

Q11. Which type of attack intercepts and alters communication between two parties?

Explanation: Man-in-the-browser attacks modify web transactions within the browser. Learn more.

Q12. Which type of attack floods a target with SYN packets?

Explanation: SYN floods exhaust connection resources by leaving half-open connections. Learn more.

Q13. Which type of attack exploits cryptographic weaknesses in SSL/TLS?

Explanation: POODLE exploits SSL 3.0 fallback to decrypt secure communications. Learn more.

Q14. Which type of attack exploits buffer overflow vulnerabilities?

Explanation: Stack smashing overwrites memory to alter program execution. Learn more.

Q15. Which type of attack exploits race conditions?

Explanation: Time-of-check to time-of-use (TOCTOU) attacks exploit timing vulnerabilities. Learn more.

Q16. A security analyst is reviewing logs and notices a large number of failed login attempts from various IP addresses targeting a single administrative account. This activity is MOST indicative of which type of attack?

Explanation: A brute-force attack involves systematically trying all possible credential combinations (often passwords) until the correct one is found. Numerous failed logins from multiple sources against one account is a classic sign. Learn more.

Q17. Which of the following BEST describes a watering hole attack?

Explanation: In a watering hole attack, the attacker compromises a legitimate website that is popular among a target group. When members of the target group visit the site, their computers are infected with malware. Learn more.

Q18. Which of the following is a common technique used by attackers to escalate privileges on a compromised system?

Explanation: Attackers often gain initial low-privilege access and then exploit known vulnerabilities in the operating system or applications (that haven't been patched) to gain higher levels of access, such as administrator or root. Learn more.

Q19. Which of the following BEST describes a pharming attack?

Explanation: Pharming is a cyberattack intended to redirect a website's traffic to another, fake site, typically by modifying DNS records or the victim's hosts file. This can lead to users unknowingly entering credentials on a malicious site. Learn more.

Q20. Which of the following is a key characteristic of an Advanced Persistent Threat (APT)?

Explanation: APTs are characterized by their advanced techniques, stealth, persistence over long periods, and often have specific objectives like espionage or strategic disruption, frequently backed by significant resources. Learn more.

Q21. Which type of social engineering attack involves an attacker impersonating a senior executive to pressure an employee into making an unauthorized transaction?

Explanation: Whaling is a specific type of phishing attack that targets high-profile individuals within an organization, such as executives or C-level staff, often with the goal of financial fraud or sensitive data theft. Learn more.

Q22. An attacker gains access to a user's session cookie and uses it to impersonate the user on a web application. This is an example of what type of attack?

Explanation: Session hijacking (or cookie hijacking) involves an attacker stealing a valid session token (often stored in a cookie) to gain unauthorized access to a user's session with a web application. Learn more.

Q23. Which attack involves trying a small number of common passwords against a large number of different user accounts to avoid account lockout?

Explanation: Password spraying targets many accounts with a few passwords to bypass lockout thresholds, unlike brute force which targets one account with many passwords. Learn more.

Q24. Which type of social engineering attack uses Artificial Intelligence (AI) to create realistic audio or video impersonations of executives to authorize fraudulent transfers?

Explanation: Deepfakes use machine learning and AI to generate synthetic media (audio or video) that convincingly mimics real people, often used in sophisticated social engineering campaigns. Learn more.

Q25. Which supply chain risk involves an attacker intercepting hardware during shipment to install a backdoor or modify components?

Explanation: Interdiction is a supply chain attack where hardware or software is intercepted and tampered with before it reaches the end user. Learn more.

More CompTIA Security+ practice topics