Security+ Practice Tests
CompTIA Security+ Practice Test 5
Continue your exam prep with our fifth Security Plus practice test. This set of 20 questions reinforces key security concepts and helps you identify topics that may need further review. Use it as a study tool to strengthen your understanding and build confidence for the real exam.
Time limit: 0
Quiz Summary
0 of 20 Questions completed
Questions:
Information
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading…
You must sign in or sign up to start the quiz.
You must first complete the following:
Results
Test complete. Results are being recorded.
Results
0 of 20 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Categories
- Not categorized 0%
-
Question 1 of 20
1. Question
Which significant concern can become challenging when implementing monitoring software for an extensive and complex infrastructure with various resources and huge datasets strewn across multiple campuses?
CorrectIncorrect -
Question 2 of 20
2. Question
How does advanced user behavior analytics (UBA) analyze various variables, such as login times and types of files accessed, to continually adapt and incorporate new data and refine its understanding of normal user behavior over time?
CorrectIncorrect -
Question 3 of 20
3. Question
Arrange the steps of the DMARC process in the correct order by dragging the boxed text into its correct place.
-
SPF check
-
DMARC policy retrieval
-
Reporting
-
DKIM check
-
Policy Enforcement
View Answers:
CorrectIncorrect -
-
Question 4 of 20
4. Question
Which granular form of web filtering allows or denies specific elements or content types within a website rather than blocking the entire website, and how does it perform this security function?
CorrectIncorrect -
Question 5 of 20
5. Question
An organization has tasked its cybersecurity analyst with creating an additional layer of security by isolating sensitive systems from direct exposure to the external network. The analyst should also manage the traffic between the external and internal networks by reinforcing the security posture and mitigating risks. Which specific network segment should be implemented?
CorrectIncorrect -
Question 6 of 20
6. Question
You are implementing an ACL in a firewall configuration. Which of the following commands is a legitimate example of the implicit deny rule included at the end of every ACL?
CorrectIncorrect -
Question 7 of 20
7. Question
How does the SNMPv3 authentication protocol called HMAC-MD5 help prevent unauthorized devices from sending false alerts to the management system?
CorrectIncorrect -
Question 8 of 20
8. Question
Which of the following is NOT a metric related to Security Content Automation Protocol (SCAP) specifications?
CorrectIncorrect -
Question 9 of 20
9. Question
Which processes form a feedback loop of detection, validation, and tuning in the alert response and remediation realm, serving as a learning process?
CorrectIncorrect -
Question 10 of 20
10. Question
How can syslog-ng and rsyslog, combined with a SIEM system, allow for real-time security alerting and rapid response while providing a unified view for monitoring the landscape and reacting promptly to potential threats?
CorrectIncorrect -
Question 11 of 20
11. Question
Which disposal method removes data from a storage device entirely so that the data cannot be recovered when re-used even with advanced data recovery tools?
CorrectIncorrect -
Question 12 of 20
12. Question
Which log aggregation method routes logs from different servers into separate files or databases, making segregating issues by the server easier?
CorrectIncorrect -
Question 13 of 20
13. Question
Which validation of remediation controls ensures that the vulnerabilities are addressed adequately and the defining steps are taken to mitigate all possible risks?
CorrectIncorrect -
Question 14 of 20
14. Question
Which of the three core groups of the Common Vulnerability Scoring System (CVSS) focuses on the attributes of a vulnerability that may change over time, including exploit code maturity and remediation level?
CorrectIncorrect -
Question 15 of 20
15. Question
In the realm of risk tolerance, which risk transference method serves as a financial cushion against potential data loss or theft that can be covered with institutional policies?
CorrectIncorrect -
Question 16 of 20
16. Question
An asset management company initiates a planned process of identifying its most valuable and sensitive assets, such as client financial records, proprietary trading algorithms, and trading data insights. These assets are given the highest level of protection. Which risk tolerance step is being executed in this scenario?
CorrectIncorrect -
Question 17 of 20
17. Question
To estimate the exposure factor (EF) percentage, which formula calculates the single loss expectancy (SLE)?
CorrectIncorrect -
Question 18 of 20
18. Question
During the penetration testing process, which step addresses the impact of an attack, such as what data an attacker could access or whether they can escalate privileges and move laterally within the network?
CorrectIncorrect -
Question 19 of 20
19. Question
An online financial transaction company relies heavily on various software applications for transactions, customer data storage, and inter-departmental communications. Which methods should be followed to find vulnerabilities in the applications? (Choose two.)
CorrectIncorrect -
Question 20 of 20
20. Question
You have been tasked with destroying some SSDs and a few hard drives. The requirement is to destroy the hard drives so that the data on the drives cannot be recovered even by advanced data recovery tools. Which of the following methods can achieve the objective while being completely environmentally safe?
CorrectIncorrect
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- Current
- Correct
- Incorrect