CompTIA Security+ Practice Questions & Quiz

40 questions / 10 random questions

security concepts threats and vulnerabilities secure architecture operations risk and governance
Try a 10-question CompTIA Security+ quiz

Random questions, instant feedback, and review for missed questions.

Start quiz →

View recommended CompTIA Security+ resources →

Included topics (40 questions)

Q1

Which CIA-triad element ensures that only authorized users can read customer data?

Answer: Confidentiality

Confidentiality limits information disclosure to authorized entities.

Q2

What is commonly used to verify that a file has not changed?

Answer: Compare it with a trusted hash

A cryptographic hash can detect content changes and support integrity verification.

Q3

What does authentication using a password plus a security key provide?

Answer: Multi-factor authentication using different factor types

A password is knowledge and a security key is possession, so the combination is MFA.

Q4

Why is symmetric encryption commonly used for bulk data encryption?

Answer: It is generally faster than asymmetric encryption

Symmetric encryption is fast, but its shared key must be distributed and stored securely.

Q5

What is most important before changing a production firewall rule?

Answer: Prepare impact analysis, approval, testing, and rollback

Managed change evaluates security and availability impact and enables recovery from failure.

Q6

What is a targeted message impersonating an executive to request an urgent transfer?

Answer: Business Email Compromise

BEC impersonates trusted executives or partners to induce payment or data disclosure.

Q7

Which malware encrypts files and demands payment for recovery?

Answer: Ransomware

Ransomware defenses include offline backups, patching, restricted privileges, detection, and response exercises.

Q8

Input such as ' OR 1=1 -- appears in a web request. Which attack is likely?

Answer: SQL injection

Parameterized queries and validation prevent input from being interpreted as SQL syntax.

Q9

Which web vulnerability causes attacker-controlled script to run in a user's browser?

Answer: Cross-Site Scripting

XSS is mitigated with output encoding, safe templates, and defenses such as CSP.

Q10

Which attack floods a service with traffic from many sources?

Answer: Distributed Denial of Service

DDoS exhausts resources with distributed traffic and reduces availability.

Q11

What is a previously unknown or unpatched vulnerability exploited before a fix is available commonly called?

Answer: A zero-day vulnerability

Defense against zero-days relies on layered controls such as behavioral detection, segmentation, and least privilege.

Q12

Which attack tries credentials leaked from one service against other services?

Answer: Credential stuffing

Credential stuffing automates reuse of leaked credentials; MFA and unique passwords reduce risk.

Q13

What attack category compromises a legitimate vendor update to distribute malware?

Answer: A software supply-chain attack

Signature verification, SBOMs, dependency pinning, and vendor assessment reduce supply-chain risk.

Q14

Which control helps detect insecure server configuration before production?

Answer: Configuration scanning against a secure baseline

Baseline comparison and policy as code can detect drift and unsafe settings early.

Q15

Which statement reflects a core Zero Trust principle?

Answer: Do not trust location alone; verify continuously and grant least privilege

Zero Trust emphasizes explicit verification, least privilege, and assuming breach.

Q16

Which design limits lateral movement from a compromised endpoint to critical servers?

Answer: Network segmentation with strict access controls

Segmentation separates trust boundaries and limits blast radius and lateral movement.

Q17

What is a common architecture for separating a public web server from an internal database?

Answer: Place the web tier in a DMZ and the database in an internal segment

Tier separation and narrowly allowed ports reduce impact if the public system is compromised.

Q18

Which combination protects both data at rest and data in transit?

Answer: Storage encryption and TLS

Data at rest and in transit require different controls; Base64 is not encryption.

Q19

What is the security objective of deploying a service across multiple regions?

Answer: Improved resilience and availability

Separating failure domains improves tolerance of a regional outage.

Q20

What does an RPO of four hours mean?

Answer: Up to about four hours of data loss is acceptable

RPO expresses acceptable data loss; RTO expresses target recovery time.

Q21

What is a primary role of a SIEM?

Answer: Aggregate and correlate logs to support alerts and investigations

A SIEM centrally analyzes events and provides context for detection, triage, and investigation.

Q22

What does EDR primarily provide on endpoints?

Answer: Behavior monitoring, detection, investigation, and response such as isolation

EDR collects endpoint telemetry and supports detection and response to suspicious activity.

Q23

What is appropriate after a scanner reports a critical vulnerability?

Answer: Validate asset context, exposure, and exploitability; remediate by priority and rescan

Risk-based vulnerability management cycles through validation, prioritization, remediation, and verification.

Q24

What should be done whenever possible before an emergency patch?

Answer: Assess impact, prepare backup or rollback, record approval, and monitor afterward

Even emergencies need streamlined change control and recovery preparation to limit secondary failures.

Q25

What is the highest-priority action for a departing employee's account?

Answer: Disable access at the approved offboarding time and recover credentials or assets

A joiner-mover-leaver process synchronizes access lifecycle with HR events.

Q26

Which practice is appropriate for privileged accounts?

Answer: Separate them from daily accounts and use MFA, PAM, and session recording

Privileged use should be limited, approved, recorded, and separated from ordinary activity.

Q27

What is important early in incident response before containment?

Answer: Triage scope and impact, preserve evidence, and establish communications

Early response preserves situational awareness, evidence chain, and coordination for containment decisions.

Q28

Why isolate a compromised endpoint from the network?

Answer: Limit lateral movement and external communication while preserving the system for investigation

Isolation is containment; eradication and recovery are separate phases.

Q29

Why record a hash when acquiring a forensic image?

Answer: To verify evidence integrity after acquisition

Matching acquisition and analysis hashes demonstrates that evidence has not changed.

Q30

What is a common goal of SOAR?

Answer: Automate repeatable alert enrichment and response workflows

SOAR automates repeatable playbooks so analysts can focus on higher-value decisions.

Q31

Why is asset inventory important to security operations?

Answer: It identifies owners, criticality, software, and patch state for response scope

Without knowing what exists, patching, monitoring, and incident scoping cannot be managed well.

Q32

How should inconsistent timestamps across security logs be addressed?

Answer: Synchronize time using authenticated NTP or equivalent and standardize time zones

Accurate time is essential for event correlation, timelines, and evidentiary value.

Q33

What is the basic formula for annualized loss expectancy?

Answer: SLE × ARO

ALE estimates annual loss by multiplying single loss expectancy by annualized rate of occurrence.

Q34

Which is an example of transferring risk?

Answer: Purchase cyber insurance

Insurance transfers part of financial impact, but does not eliminate all responsibility or loss.

Q35

What should be understood early in a third-party vendor assessment?

Answer: Data handled, access scope, subcontractors, controls, and incident-notification duties

Understanding data flows, access, and contractual duties enables inherent and residual risk assessment.

Q36

Which statement correctly relates policy, standards, and procedures?

Answer: Policy sets direction, standards set mandatory criteria, and procedures give steps

The hierarchy translates governance direction into enforceable criteria and executable steps.

Q37

What is a primary responsibility of a data owner?

Answer: Determine data classification and access requirements

The owner approves classification, use, and protection requirements based on business value and risk.

Q38

What is the purpose of a tabletop exercise?

Answer: Discuss a scenario to find gaps in roles, decisions, communications, and procedures

A tabletop exercise tests response plans and coordination with low operational risk.

Q39

What is an appropriate improvement after a phishing simulation?

Answer: Analyze results and use them for non-punitive targeted education and better reporting

Awareness programs should improve behavior and early reporting through measured, continuous improvement.

Q40

What should a security exception include?

Answer: Business justification, risk owner, compensating controls, expiry, and review

Exceptions transparently accept or mitigate risk and need expiry and reassessment to avoid becoming permanent.

certdrill.dev is an independent, unofficial learning site and is not affiliated with LPI Japan, IPA, AWS, Microsoft Azure, or any exam provider. Questions and explanations are original content.