Security+ Practice Tests
CompTIA Security+ Practice Test 1
This is the first of our free CompTIA Security+ practice tests. It introduces you to essential cybersecurity concepts, including threats, vulnerabilities, risk management, and security controls. Use the results to measure your current readiness while highlighting the areas that may need more review.
Time limit: 0
Quiz Summary
0 of 20 Questions completed
Questions:
Information
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading…
You must sign in or sign up to start the quiz.
You must first complete the following:
Results
Test complete. Results are being recorded.
Results
0 of 20 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Categories
- Not categorized 0%
-
Question 1 of 20
1. Question
Which category of security controls are the maintenance and incident response part of?
CorrectIncorrect -
Question 2 of 20
2. Question
You have been directed to place fire extinguishers in the server room. Which control type is being used?
CorrectIncorrect -
Question 3 of 20
3. Question
Using publicly-verifiable digital signatures is an example of which of the following legal concepts in data manipulation?
CorrectIncorrect -
Question 4 of 20
4. Question
You want to implement security controls on systems that store databases. The predefined policy should identify the user role, type of data requested, and device security status. Which security policy is most likely to address these points?
CorrectIncorrect -
Question 5 of 20
5. Question
You want to secure access to the sensitive mail server room, which is only accessed by an administrator who enters the room in the morning and comes out in the afternoon. Apart from using retina scanners to open the doors to the server room, which of the following cost-effective solutions can identify an intruder before they can access the scanners to open the door?
CorrectIncorrect -
Question 6 of 20
6. Question
After detecting unauthorized activities in the network, a cybersecurity analyst decides to embed specific values in the database that serve no purpose other than monitoring unauthorized access. These values are designed to raise alerts if intruders access them. What are these specific values commonly referred to as?
CorrectIncorrect -
Question 7 of 20
7. Question
You want to understand how company resources and time management affect successful outcomes. Which of the following is not part of an impact analysis study?
CorrectIncorrect -
Question 8 of 20
8. Question
A problem occurred in the delivery of essential components for a popular product. Which stakeholders should be involved to identify and mitigate the effects caused by the disruption in the supply chain? (Choose two.)
CorrectIncorrect -
Question 9 of 20
9. Question
Which input validation is hard to implement and maintain and easy for attackers to bypass?
CorrectIncorrect -
Question 10 of 20
10. Question
You want to encrypt highly confidential files on three hard drives. Which of the following encryption types can encrypt a volume that spans multiple hard drives?
CorrectIncorrect -
Question 11 of 20
11. Question
While browsing a forum, a padlock icon appears next to the URL in the browser’s URL field. What kind of certificate is being used?
CorrectIncorrect -
Question 12 of 20
12. Question
You want an alternate Certificate Revocation List (CRL) that is less complex and contains less information than CRL. Security is not an issue. Which entity is most suitable to replace CRL?
CorrectIncorrect -
Question 13 of 20
13. Question
How does salting help defend against precomputed attacks while protecting the stored passwords?
CorrectIncorrect -
Question 14 of 20
14. Question
SHA-1 takes in the data in blocks of 512 bits only. How often will the hash function run if the message is precisely 512 bits long?
CorrectIncorrect -
Question 15 of 20
15. Question
Which threat actors are known for launching advanced persistent threats against governments using open and covert sources of intelligence?
CorrectIncorrect -
Question 16 of 20
16. Question
A religious forum was hacked and defaced. The landing page was changed to a simple HTML page with an obnoxious message. After a few minutes, a massive DoS attack was directed towards another popular website with religious content. What might be the purported motivation behind these attacks?
CorrectIncorrect -
Question 17 of 20
17. Question
A hacking attack occurred on a server containing susceptible data. The data was then transferred. The hard drive was reformatted to delete the entire dataset from the source server. An email containing threats and a ransom demand was sent to the company’s CIO. What could be the motivation behind this attack?
CorrectIncorrect -
Question 18 of 20
18. Question
A government institution experienced a cyber intrusion where its communication platforms were breached. The intruders were not interested in extracting sensitive data or causing disruptions but were observed silently monitoring diplomatic communications for an extended time. What was the likely motivation of the attackers?
CorrectIncorrect -
Question 19 of 20
19. Question
Your credit card company sends an SMS stating that you must correct your records by logging in to your account, but when you click the link in the SMS and enter your credentials, there is no account to log into. What kind of attack have you experienced?
CorrectIncorrect -
Question 20 of 20
20. Question
The security team is tasked with assessing risks linked to the supply chain. Which of the following is the most concerning risk when sourcing components from multiple vendors?
CorrectIncorrect
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- Current
- Correct
- Incorrect