Skip to content

CompTIA Practice Tests
A+ Practice Tests
Security+ Practice Tests
Network+ Practice Tests

CompTIA Security+ Practice Test 1

Time limit: 0

Quiz Summary

0 of 20 Questions completed

Questions:

Information

You have already completed the quiz before. Hence you can not start it again.

Quiz is loading…

You must sign in or sign up to start the quiz.

You must first complete the following:

Results

Test complete. Results are being recorded.

Results

0 of 20 Questions answered correctly

Your time:

Time has elapsed

You have reached 0 of 0 point(s), (0)

Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)

Categories

Not categorized 0%

Next Test Main Menu

Question 1 of 20

1. Question
Which category of security controls are the maintenance and incident response part of?
- A. Managerial
- B. Technical
- C. Operational
- D. Physical
Correct

Incorrect
Question 2 of 20

2. Question
You have been directed to place fire extinguishers in the server room. Which control type is being used?
- A.Compensating control
- B. Detective control
- C.Deterrent control
- D. Corrective control
Correct

Incorrect
Question 3 of 20

3. Question
Using publicly-verifiable digital signatures is an example of which of the following legal concepts in data manipulation?
- A.Time-assisted logins
- B.Sending track messages
- C.Non-repudiation
- D.Confidentiality, integrity, and availability (CIA)
Correct

Incorrect
Question 4 of 20

4. Question
You want to implement security controls on systems that store databases. The predefined policy should identify the user role, type of data requested, and device security status. Which security policy is most likely to address these points?
- A.Adaptive identity
- B.Access control
- C.Threat reduction
- D.Password policy
Correct

Incorrect
Question 5 of 20

5. Question
You want to secure access to the sensitive mail server room, which is only accessed by an administrator who enters the room in the morning and comes out in the afternoon. Apart from using retina scanners to open the doors to the server room, which of the following cost-effective solutions can identify an intruder before they can access the scanners to open the door?
- A.A vestibule
- B.A room bollard
- C.Infrared sensors
- D.Pressure sensors
Correct

Incorrect
Question 6 of 20

6. Question
After detecting unauthorized activities in the network, a cybersecurity analyst decides to embed specific values in the database that serve no purpose other than monitoring unauthorized access. These values are designed to raise alerts if intruders access them. What are these specific values commonly referred to as?
- A.Honey tokens
- B. Honeypots
- C.Security flags
- D.Audit trails
Correct

Incorrect
Question 7 of 20

7. Question
You want to understand how company resources and time management affect successful outcomes. Which of the following is not part of an impact analysis study?
- A. Assess the potential effects of changes on a company’s security landscape.
- B.Identify potential security risks or issues to a system.
- C.Analyze how to allocate resources to ensure desired results effectively.
- D.Evaluate potential consequences or effects of a technology-related decision in a cybersecurity landscape.
Correct

Incorrect
Question 8 of 20

8. Question
A problem occurred in the delivery of essential components for a popular product. Which stakeholders should be involved to identify and mitigate the effects caused by the disruption in the supply chain? (Choose two.)
- A. Retailers
- B. Senior Purchase Manager
- C.IT staffing and management
- D.Product distributors
- E.Chief Stock Officer
Correct

Incorrect
Question 9 of 20

9. Question
Which input validation is hard to implement and maintain and easy for attackers to bypass?
- A.Allowlist
- B.Blocklist
- C.Software-based firewall
- D.Hardware-based firewall
Correct

Incorrect
Question 10 of 20

10. Question
You want to encrypt highly confidential files on three hard drives. Which of the following encryption types can encrypt a volume that spans multiple hard drives?
- A. Full disk encryption
- B.File encryption
- C.Multiple drive encryption
- D.Volume encryption
Correct

Incorrect
Question 11 of 20

11. Question
While browsing a forum, a padlock icon appears next to the URL in the browser’s URL field. What kind of certificate is being used?
- A.Private key certificate
- B.Public key certificate
- C.Web key certificate
- D.Forum-based certificate
Correct

Incorrect
Question 12 of 20

12. Question
You want an alternate Certificate Revocation List (CRL) that is less complex and contains less information than CRL. Security is not an issue. Which entity is most suitable to replace CRL?
- A.OWASP revocation list (ORL)
- B.Self-signed certificate
- C.Online Certificate Status Protocol (OCSP)
- D.Offline Certificate Status Protocol (OCSP)
Correct

Incorrect
Question 13 of 20

13. Question
How does salting help defend against precomputed attacks while protecting the stored passwords?
- A.Creating a large-sized hash table
- B.Encrypting the password
- C.Creating a small-sized hash table
- D.Making similar salted hash instances for the same password
Correct

Incorrect
Question 14 of 20

14. Question
SHA-1 takes in the data in blocks of 512 bits only. How often will the hash function run if the message is precisely 512 bits long?
- A.Runs twice
- B.Runs three times
- C.Runs only once
- D.Runs 512 times
Correct

Incorrect
Question 15 of 20

15. Question
Which threat actors are known for launching advanced persistent threats against governments using open and covert sources of intelligence?
- A.Script kiddies
- B.Hacktivists
- C.Nation-state actors
- D.Insider moles
Correct

Incorrect
Question 16 of 20

16. Question
A religious forum was hacked and defaced. The landing page was changed to a simple HTML page with an obnoxious message. After a few minutes, a massive DoS attack was directed towards another popular website with religious content. What might be the purported motivation behind these attacks?
- A.Holy activism
- B.Bragging rights
- C.Monetary motivation
- D.State-run activism
Correct

Incorrect
Question 17 of 20

17. Question
A hacking attack occurred on a server containing susceptible data. The data was then transferred. The hard drive was reformatted to delete the entire dataset from the source server. An email containing threats and a ransom demand was sent to the company’s CIO. What could be the motivation behind this attack?
- A.Espionage
- B.Service disruption
- C.Revenge
- D.Blackmail
Correct

Incorrect
Question 18 of 20

18. Question
A government institution experienced a cyber intrusion where its communication platforms were breached. The intruders were not interested in extracting sensitive data or causing disruptions but were observed silently monitoring diplomatic communications for an extended time. What was the likely motivation of the attackers?
- A. To gain financial benefits from insider trading
- B. Espionage to understand and anticipate diplomatic moves
- C. Disgruntlement of an internal employee
- D. An attempt to expand their cybercriminal network
Correct

Incorrect
Question 19 of 20

19. Question
Your credit card company sends an SMS stating that you must correct your records by logging in to your account, but when you click the link in the SMS and enter your credentials, there is no account to log into. What kind of attack have you experienced?
- A. Man-in-the-middle attack
- B. Phishing
- C. Smishing
- D. DoS attack
Correct

Incorrect
Question 20 of 20

20. Question
The security team is tasked with assessing risks linked to the supply chain. Which of the following is the most concerning risk when sourcing components from multiple vendors?
- A. Difficulty in tracking product warranty details from multiple vendors
- B. Increased product assembly time due to varied vendor delivery timelines
- C. Potential for introduction of insecure or compromised components
- D. The need for multiple purchase orders leads to increased paperwork
Correct

Incorrect

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

Current
Correct
Incorrect

About Us
Contact Us
Privacy Policy

CompTIA® is a registered trademark of the Computing Technology Industry Association, Inc. This website is not endorsed, affiliated, or approved by CompTIA Inc.

Quiz Summary

Information

Results

Results

Categories

1. Question

Which category of security controls are the maintenance and incident response part of?

2. Question

You have been directed to place fire extinguishers in the server room. Which control type is being used?

3. Question

Using publicly-verifiable digital signatures is an example of which of the following legal concepts in data manipulation?

4. Question

You want to implement security controls on systems that store databases. The predefined policy should identify the user role, type of data requested, and device security status. Which security policy is most likely to address these points?

5. Question

6. Question

7. Question

You want to understand how company resources and time management affect successful outcomes. Which of the following is not part of an impact analysis study?

8. Question

A problem occurred in the delivery of essential components for a popular product. Which stakeholders should be involved to identify and mitigate the effects caused by the disruption in the supply chain? (Choose two.)

9. Question

Which input validation is hard to implement and maintain and easy for attackers to bypass?

10. Question

You want to encrypt highly confidential files on three hard drives. Which of the following encryption types can encrypt a volume that spans multiple hard drives?

11. Question

While browsing a forum, a padlock icon appears next to the URL in the browser’s URL field. What kind of certificate is being used?

12. Question

You want an alternate Certificate Revocation List (CRL) that is less complex and contains less information than CRL. Security is not an issue. Which entity is most suitable to replace CRL?

13. Question

How does salting help defend against precomputed attacks while protecting the stored passwords?

14. Question

SHA-1 takes in the data in blocks of 512 bits only. How often will the hash function run if the message is precisely 512 bits long?

15. Question

Which threat actors are known for launching advanced persistent threats against governments using open and covert sources of intelligence?

16. Question

A religious forum was hacked and defaced. The landing page was changed to a simple HTML page with an obnoxious message. After a few minutes, a massive DoS attack was directed towards another popular website with religious content. What might be the purported motivation behind these attacks?

17. Question

18. Question

19. Question

Your credit card company sends an SMS stating that you must correct your records by logging in to your account, but when you click the link in the SMS and enter your credentials, there is no account to log into. What kind of attack have you experienced?

20. Question

The security team is tasked with assessing risks linked to the supply chain. Which of the following is the most concerning risk when sourcing components from multiple vendors?