CompTIA Security+ SY0-701 - Free Practice Quiz

Question 1 of 60

A security analyst reviews a web application penetration test report and finds that user input in the search field is reflected in the HTTP response without encoding, allowing script injection. Which vulnerability does this represent?

A SQL injection B Reflected Cross-Site Scripting (XSS) C Server-side request forgery (SSRF) D XML injection

1 / 60

Question 2 of 60

An organization discovers its employees are using unauthorized personal cloud storage services to share work files. Which security risk does this PRIMARILY introduce?

A Increased network bandwidth consumption B Shadow IT creating data loss and compliance risks beyond organizational visibility and control C Slower access to files compared to approved storage D Risk of employees spending too much time on personal projects

2 / 60

Question 3 of 60

Which vulnerability in web applications occurs when user-supplied data is incorporated into database queries without proper validation, potentially allowing attackers to view, modify, or delete database contents?

A Cross-site scripting (XSS) B SQL injection C Path traversal D Command injection

3 / 60

Question 4 of 60

Which Security+ SY0-701 attack involves embedding malicious scripts into web pages viewed by other users, allowing attackers to steal session cookies or redirect victims to malicious sites?

A SQL injection B Cross-Site Scripting (XSS) C CSRF D Clickjacking

4 / 60

Question 5 of 60

An organization's endpoint detection and response (EDR) tool alerts that PowerShell is spawning cmd.exe as a child process, which then invokes certutil.exe to download a file from the internet. Which attack technique does this MOST likely represent?

A SQL injection B Living-off-the-land (LotL) attack using built-in Windows tools C Ransomware encryption phase D Buffer overflow exploit

5 / 60

Question 6 of 60

A security analyst is performing a threat hunt and identifies a process injecting shellcode into explorer.exe to hide its presence in memory. Which defense evasion technique does this represent?

A SQL injection B Process injection / process hollowing C DNS tunneling D Rootkit installation

6 / 60

Question 7 of 60

A security architect recommends implementing Network Access Control (NAC). Which primary capability does NAC provide that a standard firewall cannot?

A Deep packet inspection of application-layer traffic B Verifying endpoint compliance (patch level, antivirus status, configuration) before granting network access C Intrusion prevention and signature-based threat blocking D Blocking external DDoS attacks

7 / 60

Question 8 of 60

A security engineer wants to ensure that if the primary data center suffers a catastrophic failure, operations can continue at an alternate site within 2 hours. Which recovery strategy BEST meets a 2-hour RTO?

A Cold site recovery B Hot site with real-time data replication and automated failover C Warm site with pre-configured systems D Tape backup restoration

8 / 60

Question 9 of 60

Which Security+ SY0-701 concept involves logging, reviewing, and correlating security events from multiple sources to detect threats and support incident response?

A Patch management B Security Information and Event Management (SIEM) C Network Access Control (NAC) D Endpoint Detection and Response (EDR)

9 / 60

Question 10 of 60

Which Security+ SY0-701 concept defines the right of individuals to control information about themselves, including what is collected, how it is used, and who can access it?

A Confidentiality B Privacy C Integrity D Accountability

10 / 60

Question 11 of 60

Which Security+ SY0-701 concept describes an attacker obtaining a legitimate user's session cookie to impersonate them without needing their credentials?

A Brute-force attack B Session hijacking C Privilege escalation D Credential stuffing

11 / 60

Question 12 of 60

Which Security+ SY0-701 attack embeds malicious code in a legitimate software package distributed through official channels, compromising users who download and install the tampered software?

A Watering hole attack B Supply chain attack (software supply chain compromise) C Rootkit installation D Malvertising

12 / 60

Question 13 of 60

A security engineer implements 802.1X port-based authentication on all network switches. Which primary attack does this DIRECTLY mitigate?

A Man-in-the-middle attacks on encrypted sessions B Unauthorized devices connecting to the wired network C SQL injection attacks on network-connected applications D ARP spoofing between authenticated devices

13 / 60

Question 14 of 60

Which Security+ SY0-701 attack technique manipulates ARP (Address Resolution Protocol) tables to associate the attacker's MAC address with a legitimate IP address, enabling traffic interception?

A DNS cache poisoning B ARP poisoning / ARP spoofing C MAC flooding D VLAN hopping

14 / 60

Question 15 of 60

An organization implements a BYOD policy allowing employees to use personal smartphones for work email. Which security control MOST effectively protects corporate data on personal devices?

A Requiring personal devices to use the corporate VPN B Implementing a Mobile Device Management (MDM) solution that containerizes corporate applications C Restricting email access to corporate-issued devices only D Enabling remote wipe of the entire personal device

15 / 60

Question 16 of 60

Which Security+ SY0-701 network architecture concept places an intermediary server between clients and backend servers, forwarding requests on behalf of clients and providing load balancing and caching?

A Reverse proxy B Direct access gateway C Forward proxy D Load balancer only

16 / 60

Question 17 of 60

Which type of cloud service model provides customers with virtualized computing resources â€” including virtual machines, storage, and networking â€” over the internet?

A Infrastructure as a Service (IaaS) B Software as a Service (SaaS) C Platform as a Service (PaaS) D Function as a Service (FaaS)

17 / 60

Question 18 of 60

An organization uses asymmetric encryption to secure email. A user wants to send an encrypted email to a colleague. Which key does the sender use to encrypt the message?

A Recipient's public key B Sender's private key C Shared symmetric key D Recipient's private key

18 / 60

Question 19 of 60

Which type of threat intelligence describes the specific tools, techniques, and procedures used by a known threat actor group?

A Adversary TTPs (Tactics, Techniques, and Procedures) B Vulnerability disclosure C Threat feed D Indicator of compromise (IoC)

19 / 60

Question 20 of 60

According to Security+ SY0-701, which federal U.S. law specifically protects personally identifiable health information and imposes security requirements on healthcare providers and their business associates?

A HIPAA (Health Insurance Portability and Accountability Act) B SOX C FERPA D GLBA

20 / 60

Question 21 of 60

A forensic examiner creates a bit-by-bit copy of a hard drive before analyzing it. The hash of the original drive and the forensic copy match. Which security property does this hash verification confirm?

A Integrity of the forensic copy B Confidentiality of the evidence C Authentication of the examiner's identity D Non-repudiation of evidence collection

21 / 60

Question 22 of 60

Which Security+ SY0-701 hardening practice removes factory-default credentials and replaces them with strong, unique passwords before deploying devices?

A Changing default credentials / eliminating default accounts B Enabling automatic updates C Disabling unused ports D Configuring logging

22 / 60

Question 23 of 60

A company encrypts its backups before storing them offsite. This PRIMARILY protects against which threat?

A Unauthorized disclosure of backup data if physical media is lost or stolen B Ransomware encrypting the backups C Accidental deletion of backup files D Backup corruption during transfer

23 / 60

Question 24 of 60

An organization wants to assess whether its security controls are effective against the current threat landscape without conducting a full penetration test. Which security assessment activity BEST meets this goal?

A Purple team exercise testing detection rules against known ATT&CK techniques B Tabletop exercise simulating an incident scenario C Vulnerability scan of all internet-facing assets D Annual security audit

24 / 60

Question 25 of 60

According to Security+ SY0-701, which attack exploits a trust relationship between websites by sending forged requests that appear to originate from an authenticated user's browser?

A Cross-Site Request Forgery (CSRF) B Cross-Site Scripting (XSS) C Clickjacking D Session hijacking

25 / 60

Question 26 of 60

During an incident response, a security team determines that an attacker maintained persistent access to a network for 11 months before detection. Which security metric does this represent?

A Dwell time / mean time to detect (MTTD) B Mean time to recover (MTTR) C Recovery Point Objective (RPO) D Recovery Time Objective (RTO)

26 / 60

Question 27 of 60

Which Security+ SY0-701 concept describes a trusted authority that issues, manages, and revokes digital certificates?

A Certificate Authority (CA) B Certificate Revocation List (CRL) C Online Certificate Status Protocol (OCSP) D Registration Authority (RA)

27 / 60

Question 28 of 60

Which Security+ SY0-701 concept describes encrypting data before it is written to disk, ensuring it remains protected from unauthorized access even if the physical media is removed?

A Encryption at rest B Tokenization C Data masking D Encryption in transit

28 / 60

Question 29 of 60

Which principle requires that security systems fail to a state that denies access rather than granting it when an error occurs?

A Fail secure / fail safe B Fail open C Defense in depth D Least privilege

29 / 60

Question 30 of 60

Which type of social engineering attack sends fraudulent messages via SMS text message to trick recipients into clicking malicious links?

A Smishing (SMS phishing) B Vishing C Spear phishing D Pharming

30 / 60

Question 31 of 60

An attacker uses previously breached username/password combinations from one website to attempt logins at multiple other websites, exploiting password reuse. Which attack type is this?

A Brute-force attack B Dictionary attack C Spraying attack D Credential stuffing

31 / 60

Question 32 of 60

A security administrator configures role-based access control so that database administrators can manage database schemas but cannot read sensitive customer data, while customer service agents can read customer data but cannot modify schemas. Which security principle does this BEST demonstrate?

A Defense in depth B Separation of duties C Mandatory Access Control D Least privilege through RBAC creating separation between functions

32 / 60

Question 33 of 60

An organization deploys a network-based intrusion prevention system (IPS) inline on its internet connection. Which deployment concern is MOST critical?

A The IPS will not detect encrypted traffic B The IPS increases available bandwidth C The IPS cannot be updated with new signatures D The IPS creates a single point of failure that could disrupt internet connectivity if it malfunctions

33 / 60

Question 34 of 60

A company deploys an application that separates the development, testing, and production environments. Developers can only access development; code moves to production after testing and approval. Which security practice does this describe?

A Zero Trust Architecture B Defense in depth C Least privilege only D Separation of environments / change management pipeline

34 / 60

Question 35 of 60

A security administrator discovers that an employee's workstation is communicating with an external IP address on TCP port 4444 at regular intervals. Which type of malware activity does this MOST likely indicate?

A Adware generating ad traffic B Ransomware exfiltrating encrypted files C Virus spreading to network shares D Remote access trojan (RAT) with command-and-control beaconing

35 / 60

Question 36 of 60

An organization's employees frequently email sensitive customer data to personal accounts to work from home. Which security control directly addresses this data governance risk?

A Blocking access to personal email on corporate devices using URL filtering B Requiring VPN for all remote work C Enforcing full disk encryption on all laptops D Implementing network-based DLP to detect and block sensitive data in outbound emails

36 / 60

Question 37 of 60

Which type of penetration test provides the tester with no prior knowledge about the target environment, simulating an external attacker with no insider information?

A White-box test B Red team exercise C Gray-box test D Black-box test

37 / 60

Question 38 of 60

Which technique allows attackers to extract password hashes from a Windows system's memory without requiring the plaintext password, then use those hashes to authenticate to other systems?

A Credential stuffing B Brute-force attack C Dictionary attack D Pass-the-hash (PtH) attack

38 / 60

Question 39 of 60

Which Security+ SY0-701 regulation specifically governs the privacy and security of student educational records in U.S. educational institutions?

A HIPAA B SOX C GLBA D FERPA (Family Educational Rights and Privacy Act)

39 / 60

Question 40 of 60

Which type of certificate is used to authenticate a user or device to a network, commonly used in 802.1X wireless authentication?

A Code signing certificate B TLS server certificate C Root CA certificate D Client certificate

40 / 60

Question 41 of 60

An organization's web application allows users to access files using URL parameters such as /view?file=report.pdf. An attacker successfully retrieves /etc/passwd by requesting /view?file=../../../../etc/passwd. Which vulnerability does this represent?

A SQL injection B Server-side request forgery C Cross-site scripting D Directory traversal / path traversal

41 / 60

Question 42 of 60

According to Security+ SY0-701, which type of assessment simulates a real attack using the same TTPs as advanced threat actors to test an organization's detection and response capabilities?

A Penetration test B Vulnerability scan C Tabletop exercise D Red team / purple team assessment

42 / 60

Question 43 of 60

Which type of log analysis technique identifies security events by comparing observed activity against known attack patterns stored in a signature database?

A Anomaly-based detection B Behavioral analysis C Heuristic analysis D Signature-based detection

43 / 60

Question 44 of 60

Which Security+ SY0-701 vulnerability management concept prioritizes which vulnerabilities to remediate first based on their exploitability, asset criticality, and business impact?

A Vulnerability enumeration B Patch classification C Compliance scanning D Risk-based vulnerability prioritization

44 / 60

Question 45 of 60

According to Security+ SY0-701, which tool performs automated scanning of networks to identify active hosts, open ports, and running services?

A Wireshark B Burp Suite C Metasploit D Nmap

45 / 60

Question 46 of 60

Which wireless attack involves an attacker creating a rogue access point with the same SSID as a legitimate network to capture network credentials and traffic?

A Wardriving B Deauthentication attack C Evil twin attack D Bluejacking

46 / 60

Question 47 of 60

An organization implements a policy requiring all remote access connections to use a VPN with split tunneling disabled. Which security benefit does disabling split tunneling provide?

A Faster internet access for remote workers B Reduced VPN server load C All remote worker traffic passes through the corporate security stack, enabling inspection and filtering of all internet traffic D Allowing local network printing while connected to VPN

47 / 60

Question 48 of 60

A security analyst observes that a compromised system is connecting to an external IP address every 5 minutes. Blocking that IP at the firewall stops the connections temporarily, but new connections to different IPs begin within hours. Which defense MOST effectively addresses this dynamic C2 pattern?

A Blocking all outbound traffic B Updating firewall IP blocklists more frequently C DNS sinkholing combined with behavioral egress filtering D Increasing antivirus signature update frequency

48 / 60

Question 49 of 60

A security administrator wants to detect configuration drift on production servers â€” changes to files, services, or settings that deviate from the approved baseline. Which tool category BEST supports this requirement?

A Vulnerability scanner B Antivirus solution C Security configuration management (SCM) / file integrity monitoring D Network performance monitor

49 / 60

Question 50 of 60

Which encryption algorithm is classified as a symmetric key block cipher and is the current U.S. federal standard for encrypting sensitive unclassified information?

A Diffie-Hellman B RSA C AES (Advanced Encryption Standard) D SHA-256

50 / 60

Question 51 of 60

Which Security+ SY0-701 technique stores a transformed version of a password that cannot be reversed, with the addition of a unique random value to prevent precomputed hash table attacks?

A Symmetric encryption B Asymmetric encryption C Salted hashing D Key derivation

51 / 60

Question 52 of 60

According to Security+ SY0-701, which assessment methodology involves systematically interviewing staff, reviewing documentation, and testing controls against a specific security framework or standard?

A Penetration testing B Vulnerability scanning C Compliance audit / security audit D Red team exercise

52 / 60

Question 53 of 60

Which Security+ SY0-701 concept describes an attacker sending emails appearing to come from the CEO to a finance employee, directing them to wire transfer funds to an attacker-controlled account?

A Vishing B Spear phishing C Business Email Compromise (BEC) / whaling D Smishing

53 / 60

Question 54 of 60

A security team discovers that a developer hard-coded database credentials directly in the application's source code, which is stored in a public GitHub repository. Which remediation step is MOST CRITICAL first?

A Notify all application users B Delete the GitHub repository C Immediately rotate all exposed credentials, remove them from source code, scan git history for additional secrets, and implement a secrets management solution D Enable 2FA on the developer's GitHub account

54 / 60

Question 55 of 60

A security team discovers that an employee accessed payroll records outside their job role and exported them to a personal USB drive. Which control would have been MOST effective in preventing the data exfiltration?

A Multi-factor authentication for payroll system access B Stronger password requirements C DLP policy blocking unauthorized USB transfers combined with least privilege access to payroll data D Network segmentation

55 / 60

Question 56 of 60

Which Security+ SY0-701 network protocol provides secure, authenticated, and encrypted file transfer, operating over SSH on TCP port 22?

A FTPS B FTP C SFTP (SSH File Transfer Protocol) D SCP

56 / 60

Question 57 of 60

An analyst discovers that an attacker modified the hosts file on a workstation to redirect the corporate banking website to a malicious lookalike site. Which attack technique does this represent?

A DNS cache poisoning B BGP hijacking C DNS hijacking via hosts file manipulation D ARP spoofing

57 / 60

Question 58 of 60

Which Security+ SY0-701 concept describes a network architecture that assumes no user or device should be trusted by default, regardless of network location?

A Perimeter security model B Defense in depth C Zero Trust Architecture (ZTA) D DMZ architecture

58 / 60

Question 59 of 60

Which cloud security model makes the cloud provider responsible for infrastructure security while the customer remains responsible for data, applications, and access management?

A Managed service model B Dedicated tenancy model C Shared responsibility model D Cloud-native security model

59 / 60

Question 60 of 60

A penetration tester successfully exploits a vulnerability, gaining initial access to a low-privileged user account. The tester then exploits a local privilege escalation vulnerability to obtain administrator-level access. Which post-exploitation phase does this represent?

A Initial access B Lateral movement C Privilege escalation D Persistence establishment

60 / 60

CompTIA Security+ SY0-701 Intermediate Quiz