Security+ Practice Tests

Practice Test 1
Practice Test 2
Practice Test 3
Practice Test 4
Practice Test 5
Practice Test 6
Practice Test 7

CompTIA Security+ Practice Test 2

This is the second of our free CompTIA Security+ practice tests. It includes 20 more multiple-choice questions to reinforce your knowledge of security concepts. Each question is followed by a detailed explanation of the correct answer to help strengthen your understanding as you prepare for the exam.

Time limit: 0

Quiz Summary

0 of 20 Questions completed

Questions:

Information

You have already completed the quiz before. Hence you can not start it again.

Quiz is loading…

You must sign in or sign up to start the quiz.

You must first complete the following:

Results

Test complete. Results are being recorded.

Results

0 of 20 Questions answered correctly

Your time:

Time has elapsed

You have reached 0 of 0 point(s), (0)

Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)

Categories

Not categorized 0%

Next Test Main Menu

Question 1 of 20

1. Question
Christina receives a text message on her phone from an unknown number stating that she has won a $700 gift card from a popular online store. The message includes a link asking her to click on it to claim her prize. Maria is unsure about the authenticity of the message. Which of the following is the BEST course of action for Christina?
- A. Click the link to check if the website looks genuine
- B. Forward the message to her friends to verify if they received a similar message
- C. Delete the message without clicking any links
- D. Respond to the sender asking for more details about the offer
Correct

Incorrect
Question 2 of 20

2. Question
Which solution enforces security policies using centralized monitoring through network devices or virtual appliances?
- A. Client-based security
- B. Agentless security
- C. Network-independent security
- D. Central point security
Correct

Incorrect
Question 3 of 20

3. Question
Samuel, an employee at a tech company, receives an instant message from a coworker named Barbara. The message contains a link and claims to showcase a hilarious video. However, Samuel knows Barbara is on vacation, so he suspects the message might not be from her. What type of threat is Samuel most likely encountering?
- A. Watering hole
- B. Man-in-the-middle
- C. IM spoofing
- D. Side-channel
Correct

Incorrect
Question 4 of 20

4. Question
Which Windows command displays all currently existing network connections via open and listening ports that are not establishing immediate connections?
- A. Netstat -a
- B. Netstat -all
- C. Netstat -i
- D. Netstat -e
Correct

Incorrect
Question 5 of 20

5. Question
Which race condition type refers to a change in state between the checking of the resource and its use that enables the attackers to exploit it to escalate privileges?
- A. Time-of-check (TOC)
- B. Time-of-use (TOU)
- C. Time-of-check and use (TOCU)
- D. Time-of-check to time-of-use (TOCTOU)
Correct

Incorrect
Question 6 of 20

6. Question
Which of the following are effective strategies for mitigating operating system-based vulnerabilities? (Select all that apply.)
- A. Using public channels for updates
- B. Implementing monitoring and logging systems
- C. Patch management schedules
- D. Verifying updates with postal signatures
- E. Educating users about the risk of updates from untrusted online sources
Correct

Incorrect
Question 7 of 20

7. Question
The security team has identified malicious cross-site scripting (XSS) stored on one of the leading web servers. You have been tasked with sanitizing user inputs and implementing a content security policy. Which mitigation strategy is suitable for this task?
- A. Input validation
- B. Firmware signatures validation
- C. Low-level controls
- D. Parameterized queries
Correct

Incorrect
Question 8 of 20

8. Question
The IT department of a large enterprise is performing a vulnerability assessment on its virtualized infrastructure. They encounter a potential threat where a user from within a VM can interact and possibly compromise the host system. What is this type of vulnerability commonly referred to as?
- A. VM cloning
- B. VM snapshotting
- C. VM escape
- D. VM migration
Correct

Incorrect
Question 9 of 20

9. Question
Which of the following two secure systems policies augment strong passwords and protect cloud data and systems, creating a failproof security strategy?
- A. Data retention policies
- B. Hardware security
- C. Multi-factor authentication (MFA)
- D. Virtualized systems
- E. Cloud data access policies
Correct

Incorrect
Question 10 of 20

10. Question
Your organization has recently contracted with another multi-national organization for IT management and support. Your organization’s CISO is concerned about the security risks associated with this new relationship. Which of the following is the primary security concern when utilizing managed service providers (MSPs) in a supply chain?
- A. Inflated costs due to the integration of new technologies
- B. Difficulty in executing consistent patch management
- C. Potential for unauthorized access to company resources
- D. Decreased morale of the IT staff due to outsourcing
Correct

Incorrect
Question 11 of 20

11. Question
Identify the malicious software name in the left column and match it to its malware type in the right column.
Sort elements
- Ransomware
- Worms
- Spyware
- Bloatware
- Keylogger
- Bad Rabbit
- CodeRed
- Chrysaor
- Samsung Pay and Pass
- Ardamax
Correct

Incorrect
Question 12 of 20

12. Question
Acme Engineering Corps is experiencing an attack that overwhelms the network protocols with more data than they can handle. The attacker sends small requests to the servers that reply with larger responses by spoofing a victim’s IP address. What type of network attack describes this situation?
- A. Reflected DDoS attacks
- B. Amplified DDoS attacks
- C. On-path attacks
- D. Spoofing attack
Correct

Incorrect
Question 13 of 20

13. Question
You are a network administrator in a company. You are configuring a mobile application server’s expiring authentication tokens and time-based restrictions. Which application attack type are these mitigation strategies related to?
- A. Buffer overflow attacks
- B. Injection attacks
- C. Directory traversal
- D. Replay attacks
Correct

Incorrect
Question 14 of 20

14. Question
Which cryptographic attack degrades the crypto algorithm from AES to RC4 or downgrades TLS 1.3 to 1.0?
- A. Downgrade attack
- B. Birthday attack
- C. Collision attack
- D. Crypto erase attack
Correct

Incorrect
Question 15 of 20

15. Question
During a security review meeting, the cybersecurity analyst noticed multiple failed login attempts for many different user accounts, each with a few commonly used passwords. Which type of attack does this scenario best describe?
- A. Dictionary attack
- B. Brute force attack
- C. Concurrent session attack
- D. Password spraying
Correct

Incorrect

Question 16 of 20

16. Question

Match the indicators in the left column to their probable attack type in the right column.

Sort elements

Blocked content
Out-of-cycle logging
Concurrent session usage
Missing logs
Impossible travel

Prevent access to malicious websites, files, or emails.
Unexpected logging activities outside normal patterns.
Multiple simultaneous sessions from a single user account.

Disappearance or alteration of access log files within a certain period

Correct

Incorrect

Question 17 of 20

17. Question
As a network analyst, you implement access control lists for the marketing and finance departments. You want to create an ACL filter based on the MAC addresses. Which network ACL should be used to create an ACL filter of MAC addresses?
- A. Layer 2
- B. Layer 3
- C. Layer 4
- D. Layer 1
Correct

Incorrect
Question 18 of 20

18. Question
A business analyst is setting up a health information system in a hospital. She wants to ensure that only IT staff access configurations and settings. Which principle is most effective for the hospital staff to access only what is necessary to do their jobs?
- A. Principle of access management
- B. Right and Put Access principle
- C. Least-privilege principle
- D. Most-privilege principle
Correct

Incorrect
Question 19 of 20

19. Question
A company wants to enforce strong password policies across all user accounts, requiring a mix of characters and frequent password changes. Which management tool can be used to implement this requirement all across the user accounts?
- A. Regular system updates
- B. Group policies
- C. Frequent emails
- D. A system message is sent to each workstation
Correct

Incorrect
Question 20 of 20

20. Question
How does an organization mitigate potential security risks associated with unused or obsolete systems without leaving any vulnerabilities that malicious actors might exploit?
- A. Structured configuration enforcement
- B. System hardening techniques
- C. Structured decommissioning process
- D. Removal of unnecessary software
Correct

Incorrect

Current
Correct
Incorrect

Next: Practice Test 3

Previous Next

Security+ Practice Tests

CompTIA Security+ Practice Test 2

Quiz Summary

Information

Results

Results

Categories

1. Question

2. Question

Which solution enforces security policies using centralized monitoring through network devices or virtual appliances?

3. Question

4. Question

Which Windows command displays all currently existing network connections via open and listening ports that are not establishing immediate connections?

5. Question

Which race condition type refers to a change in state between the checking of the resource and its use that enables the attackers to exploit it to escalate privileges?

6. Question

Which of the following are effective strategies for mitigating operating system-based vulnerabilities? (Select all that apply.)

7. Question

The security team has identified malicious cross-site scripting (XSS) stored on one of the leading web servers. You have been tasked with sanitizing user inputs and implementing a content security policy. Which mitigation strategy is suitable for this task?

8. Question

The IT department of a large enterprise is performing a vulnerability assessment on its virtualized infrastructure. They encounter a potential threat where a user from within a VM can interact and possibly compromise the host system. What is this type of vulnerability commonly referred to as?

9. Question

Which of the following two secure systems policies augment strong passwords and protect cloud data and systems, creating a failproof security strategy?

10. Question

11. Question

Identify the malicious software name in the left column and match it to its malware type in the right column.

Sort elements

12. Question

Acme Engineering Corps is experiencing an attack that overwhelms the network protocols with more data than they can handle. The attacker sends small requests to the servers that reply with larger responses by spoofing a victim’s IP address. What type of network attack describes this situation?

13. Question

You are a network administrator in a company. You are configuring a mobile application server’s expiring authentication tokens and time-based restrictions. Which application attack type are these mitigation strategies related to?

14. Question

Which cryptographic attack degrades the crypto algorithm from AES to RC4 or downgrades TLS 1.3 to 1.0?

15. Question

During a security review meeting, the cybersecurity analyst noticed multiple failed login attempts for many different user accounts, each with a few commonly used passwords. Which type of attack does this scenario best describe?

16. Question

Match the indicators in the left column to their probable attack type in the right column.

Sort elements

17. Question

As a network analyst, you implement access control lists for the marketing and finance departments. You want to create an ACL filter based on the MAC addresses. Which network ACL should be used to create an ACL filter of MAC addresses?

18. Question

A business analyst is setting up a health information system in a hospital. She wants to ensure that only IT staff access configurations and settings. Which principle is most effective for the hospital staff to access only what is necessary to do their jobs?

19. Question

A company wants to enforce strong password policies across all user accounts, requiring a mix of characters and frequent password changes. Which management tool can be used to implement this requirement all across the user accounts?

20. Question

How does an organization mitigate potential security risks associated with unused or obsolete systems without leaving any vulnerabilities that malicious actors might exploit?

Next: Practice Test 3