CompTIA Security+ 701 Practice Test 1

In the context of Zero Trust, what is the role of the Policy Engine?

A. To enforce the security policies
B. To manage policies
C. To create implicit trust zones
D. To define the security policies

Which of the following is an example of a directive control?

A. Access control vestibule
B. Incident response plan
C. Security policy
D. Firewall

Which of the following is a physical security control?

A. Security policy
B. Incident response plan
C. Access badge
D. Firewall

Which of the following best describes the ‘A’ in the AAA model?

A. Authorization
B. Adaptive identity
C. Accounting
D. Authentication

What type of security control is a security guard?

A. Deterrent
B. Operational
C. Technical
D. Managerial

What is the main goal of authentication in the context of security?

A. To grant or deny access to resources
B. To discourage potential attackers
C. To provide proof of the origin of data
D. To verify the identity of a user or system

Which of the following is an example of a detective control?

A. Firewall
B. Access badge
C. Security policy
D. Video surveillance

Which of the following is NOT a component of physical security?

A. Bollards
B. Policy Engine
C. Access control vestibule
D. Lighting

What is the purpose of an approval process in change management?

A. To ensure that the proposed change is reviewed and authorized by the appropriate stakeholders.
B. To update the diagrams and policies/procedures.
C. To identify the dependencies of the change.
D. To schedule a specific time frame for performing the change.

Which of the following is NOT a level of encryption?

A. Full-disk
B. Tokenization
C. Volume
D. Record

What is the significance of a backout plan in the change management process?

A. To identify the dependencies of the change.
B. To update the diagrams and policies/procedures.
C. To define the steps to revert to the original state if the change is unsuccessful.
D. To ensure that the change is reviewed and authorized by the appropriate stakeholders.

What is the primary purpose of a Hardware Security Module (HSM)?

A. To replace sensitive data with non-sensitive placeholders.
B. To securely generate, store, and manage cryptographic keys.
C. To check the revocation status of digital certificates in real-time.
D. To hide data within other data.

What is the purpose of data masking in cryptographic solutions?

A. To verify the integrity and authenticity of a digital message or document.
B. To protect sensitive data by replacing it with fake or pseudonymous data.
C. To establish a chain of trust to verify unknown public keys.
D. To increase the computational effort required to brute force a password.

What is the purpose of a root of trust in cryptographic solutions?

A. To hide data within other data.
B. To securely store a copy of cryptographic keys.
C. To check the revocation status of digital certificates in real-time.
D. To establish a trusted starting point for the cryptographic operations of a system.

Which of the following is a characteristic of symmetric encryption?

A. It replaces sensitive data with non-sensitive placeholders.
B. The same key is used for both encryption and decryption.
C. It uses a pair of keys: a public key and a private key.
D. It is used to verify the integrity and authenticity of a digital message or document.

What best describes the motivations of a threat actor involved in causing chaos within an organization for personal vendetta?

A. Ethical
B. Revenge
C. Financial gain
D. Espionage

An attacker is using a malicious USB drive to compromise a target computer when plugged in. Which of the following best describes this type of attack vector?

A. Email
B. Removable device
C. Phishing
D. Voice call

If an attacker is attempting to compromise an organization’s network by taking advantage of open wireless networks, which of the following best describes the attack surface?

A. Removable device
B. Bluetooth
C. Wired
D. Wireless

An attacker sends a text message to a user, urging them to click on a malicious link. This type of attack is known as:

A. Smishing
B. Business email compromise
C. Vishing
D. Phishing

A threat actor that operates on behalf of a government to steal information from other countries is best described as:

A. Hacktivist
B. Organized crime
C. Shadow IT
D. Nation-state

When an attacker tricks an employee into revealing their password by pretending to be from the IT department, this tactic is called:

A. Misinformation
B. Impersonation
C. Brand impersonation
D. Pretexting

An attacker registers a domain that looks visually similar to a legitimate domain by using characters from other scripts or slight misspellings. This kind of deception is known as:

A. Watering hole
B. Phishing
C. Pretexting
D. Punycode

Which of the following best describes the concept of “microservices” in the context of architecture models?

A. Designing an application as a collection of loosely coupled, independently deployable services.
B. Dividing an application into tiny pieces where each piece is a separate OS.
C. Multiple physical servers combined to create a large compute cluster.
D. Offloading server management to cloud providers.

Which consideration involves understanding the potential dangers when a security solution stops working and defaults to a state where all traffic is allowed?

A. Cost-effectiveness
B. Responsiveness
C. Scalability
D. Fail-open

For which of the following scenarios would the use of a Jump Server be most appropriate?

A. To balance the load between multiple web servers.
B. To provide a controlled means of accessing another network segment.
C. To cache web content for faster access.
D. To scan incoming network traffic for malicious patterns.

What does “containerization” primarily provide for application deployment?

A. An isolated environment to run and manage applications consistently across different stages.
B. A physical server environment to host applications.
C. Splitting applications into smaller services that can be developed independently.
D. Encrypting application data during transit.

In terms of security architecture, why might an organization prefer a decentralized approach?

A. To make it easier to apply patches across the network.
B. To reduce the risk of a single point of failure and distribute resources.
C. To decrease the cost of deploying multiple data centers.
D. To ensure all data is stored in a single, central database.

Which protocol is primarily associated with port security and allows for network access control at the Data Link Layer?

A. IPSec
B. TLS
C. 802.1X
D. SD-WAN

A network appliance that inspects traffic at both the transport and application layers, and can make decisions based on both is known as:

A. Web application firewall (WAF)
B. Unified threat management (UTM)
C. Intrusion detection system (IDS)
D. Next-generation firewall (NGFW)

If a company wants to ensure secure communications over a public network between its headquarters and branch offices, which technology should it primarily consider?

A. Proxy server
B. Intrusion prevention system (IPS)
C. Load balancer
D. Virtual private network (VPN)

Why might a company employ a software-defined wide area network (SD-WAN)?

A. To distribute incoming web traffic across multiple servers.
B. To achieve more efficient and flexible network traffic routing between multiple locations.
C. To create isolated application environments.
D. To ensure data at rest encryption in databases.

When deploying IoT devices in an organization, what is a critical initial step to enhance security?

A. Hardening the device configurations.
B. Assigning them public IP addresses.
C. Using the same password for all devices for uniformity.
D. Regularly rebooting the devices.

When managing mobile devices in a large organization, which solution allows centralized management, including software distribution and remote wipes?

A. Mobile Device Management (MDM).
B. Sandboxing.
C. Secure cookies.
D. Site surveys.

An organization is concerned about the security of its wireless networks. What is the primary function of AAA in this context?

A. Authenticating and authorizing users, and accounting for their actions.
B. Assigning IP addresses to wireless clients.
C. Auditing all network traffic.
D. Allocating bandwidth to devices.

Which approach involves creating an isolated environment within a system to run and test suspicious programs without affecting the primary system?

A. Static code analysis.
B. Heat maps.
C. Mobile device management (MDM).
D. Sandboxing.

In the process of data asset management, why is proper classification crucial?

A. To ensure the maximum storage capacity is utilized.
B. To determine the software compatibility.
C. To assess the age of the data.
D. To apply appropriate security controls based on sensitivity.

Why might an organization subscribe to an open-source intelligence (OSINT) threat feed?

A. To gather information about potential threats from public sources.
B. To conduct static code analysis.
C. To source proprietary software for internal use.
D. To assess employee performance.

What role does the Common Vulnerability Enumeration (CVE) play in vulnerability management?

A. It scores the severity of vulnerabilities.
B. It offers insurance against potential breaches.
C. It provides a standardized identifier for a known vulnerability.
D. It provides patches for vulnerabilities.

After a vulnerability has been addressed, what action should be taken to ensure its effective mitigation?

A. Change the system’s IP address.
B. Decommission the system.
C. Subscribe to a threat feed.
D. Re-scan the system.

An organization has a limited budget and cannot address all the known vulnerabilities immediately. What should they use to determine which vulnerabilities to tackle first?

A. Date of vulnerability discovery.
B. Number of users using the software.
C. Risk assessment and vulnerability severity scores.
D. Alphabetical order of software names.

Given an organization is looking for ways to detect unauthorized changes to system files. Which tool should they prioritize implementing?

A. DNS filtering
B. Vulnerability scanners
C. Security Content Automation Protocol (SCAP)
D. File integrity monitoring

When trying to streamline the access to a cloud application from the company’s internal application, which authentication mechanism would be best to use?

A. Multi-factor Authentication
B. Security Assertions Markup Language (SAML)
C. Federation
D. File integrity Monitoring

Which of the following solutions is most suitable for ensuring that outbound emails from an organization are genuinely from that organization and not spoofed?

A. Web filter
B. Multifactor authentication
C. Firewall rules
D. DomainKeys Identified Mail (DKIM)

In a distributed company environment, to centralize the collection and analysis of log data from various sources, which tool should be primarily utilized?

A. Web filter
B. SNMP traps
C. NetFlow
D. Security information and event management (SIEM)

Which of the following is a primary reason to use agents in security tools?

A. To enable Just-in-time permissions
B. To reduce network latency
C. To gather detailed data from endpoints
D. To scan URLs

Given an organization wants to enforce a policy where users can only access certain applications during their working hours. Which type of access control is this?

A. Role-based access control
B. Attribute-based access control
C. Discretionary access control
D. Time-of-day restrictions

What’s the primary purpose of implementing Universal Resource Locator (URL) scanning in an organization?

A. To log user activities
B. To detect and block malicious URLs
C. To facilitate single sign-on
D. To enforce password policies

In terms of password best practices, why is password reuse discouraged?

A. It strengthens password security.
B. It simplifies password management for users.
C. If one account is compromised, other accounts are at risk.
D. It ensures password complexity.

Which solution primarily focuses on analyzing the behavior patterns of users in a network to detect potential security threats?

A. User behavior analytics
B. Vulnerability scanners
C. Data loss prevention (DLP)
D. Antivirus

Which term refers to built-in checks that ensure an automated process doesn’t deviate too far from its intended purpose, potentially causing harm?

A. Continuous integration and testing
B. Ticket creation
C. Guard rails
D. User provisioning

During an incident response, which phase primarily focuses on bringing systems back to operational status?

A. Analysis
B. Eradication
C. Containment
D. Recovery

In the context of automation, what is the primary advantage of having standardized infrastructure configurations?

A. Continuous integration and testing
B. Enforcing baselines
C. Reaction time
D. Employee retention

An organization’s security team is collecting detailed network traffic packets for analysis following a potential security incident. What are they performing?

A. E-discovery
B. Analysis of application logs
C. Reviewing IPS/IDS logs
D. Packet captures

If an organization wants to ensure the preservation of electronic data to potentially serve as evidence in a future lawsuit, which action would they likely implement?

A. Legal hold
B. Threat hunting
C. Root cause analysis
D. Chain of custody

Automation’s ability to handle a larger operational load without needing proportionate resource increases helps in:

A. Scaling in a secure manner
B. Minimizing technical debt
C. Continuous integration and testing
D. Reducing complexity

In a security incident involving a compromised application, which log type would offer the most granular insight into the application’s behavior?

A. OS-specific security logs
B. Metadata
C. Firewall logs
D. Application logs

Which of the following is NOT typically an advantage of automation in security operations?

A. Reaction time
B. Workforce multiplier
C. Efficiency/time saving
D. Ongoing supportability

Which of the following governance structures is characterized by a single central authority making security decisions for an organization?

A. Boards
B. Centralized
C. Committees
D. Government entities

A vendor is subjected to a simulated cyber-attack to evaluate their security posture. What method is being used?

A. Supply chain analysis
B. Penetration testing
C. Due diligence
D. Vendor monitoring

Before entering into an agreement with a third-party vendor, a company wants to ensure that specific service expectations and metrics are defined. Which document should they use?

A. Non-disclosure agreement (NDA)
B. Memorandum of agreement (MOA)
C. Service-level agreement (SLA)
D. Business partners agreement (BPA)

Which process primarily focuses on defining how IT system changes should be proposed, reviewed, and implemented?

A. Change management
B. Disaster recovery
C. Incident response
D. Onboarding/offboarding

An organization’s decision to implement multi-factor authentication (MFA) after identifying potential authentication vulnerabilities is an example of which risk management strategy?

A. Transfer
B. Avoid
C. Accept
D. Mitigate

Which of the following focuses on the continuous refinement and updating of security policies, standards, and procedures to ensure they remain effective and relevant?

A. Monitoring and revision
B. Playbooks
C. Business continuity
D. Incident response

An organization decides not to do business in a country due to the high risk of data breaches and cyber threats. This is an example of which risk management strategy?

A. Transfer
B. Avoid
C. Accept
D. Mitigate

When dealing with third-party risk assessments, what document outlines the right to inspect or review a vendor’s practices and procedures?

A. Work order (WO)/statement of work (SOW)
B. Business partners agreement (BPA)
C. Service-level agreement (SLA)
D. Right-to-audit clause

When a company actively keeps track of its data assets, ensuring every piece of data is accounted for and properly classified, this process is best known as:

A. Data inventory
B. Data retention
C. Data monitoring
D. Data categorization

Which type of audit involves an organization evaluating its own systems and procedures without external influence?

A. Internal audit
B. Compliance audit
C. Independent third-party audit
D. Regulatory audit

An organization has been fined for failing to protect user data adequately. This is an example of:

A. Privacy implications
B. Consequences of non-compliance
C. Reputational damage
D. Contractual impacts

A business conducts a test where they intentionally leave USB drives in the parking lot to see if employees will pick them up and plug them into company computers. This test is primarily to raise awareness about:

A. Password management
B. Social engineering
C. Phishing
D. Insider threats

If a company wants to verify they are adhering to regional data protection laws, which type of assessment would they likely undergo?

A. Internal audit
B. Regulatory examination
C. Attestation
D. Self-assessment

To best protect against threats originating from employees — either maliciously or unintentionally — an organization should invest in training focused on:

A. Insider threats
B. External examinations
C. Data inventory
D. Penetration testing

A company undergoes a process where an independent entity verifies its adherence to industry standards. This process is best described as:

A. Attestation
B. Self-assessment
C. Independent third-party audit
D. Internal audit