CompTIA Security+ 701 Practice Test 1

Question 1

In the context of Zero Trust, what is the role of the Policy Engine?

A. To enforce the security policies
B. To manage policies
C. To create implicit trust zones
D. To define the security policies

Answer 1

To define the security policies

The Policy Engine in Zero Trust focuses on defining the security policies.

Question 2

Which of the following is an example of a directive control?

A. Access control vestibule
B. Incident response plan
C. Security policy
D. Firewall

Answer 2

Security policy

A directive control as it guides actions and processes.

Question 3

Which of the following is a physical security control?

A. Security policy
B. Incident response plan
C. Access badge
D. Firewall

Answer 3

Access badge

A physical control used to regulate access to a facility.

Question 4

Which of the following best describes the ‘A’ in the AAA model?

A. Authorization
B. Adaptive identity
C. Accounting
D. Authentication

Answer 4

Authorization

Refers to granting or denying access to resources.

Question 5

What type of security control is a security guard?

A. Deterrent
B. Operational
C. Technical
D. Managerial

Answer 5

Deterrent

A deterrent control as their presence can discourage potential attackers.

Question 6

What is the main goal of authentication in the context of security?

A. To grant or deny access to resources
B. To discourage potential attackers
C. To provide proof of the origin of data
D. To verify the identity of a user or system

Answer 6

To verify the identity of a user or system

Authentication is the process of verifying the identity of a user or system.

Question 7

Which of the following is an example of a detective control?

A. Firewall
B. Access badge
C. Security policy
D. Video surveillance

Answer 7

Video surveillance

A detective control as it helps in detecting unauthorized activities.

Question 8

Which of the following is NOT a component of physical security?

A. Bollards
B. Policy Engine
C. Access control vestibule
D. Lighting

Answer 8

Policy Engine

A component of the Zero Trust model, not physical security.

Question 9

What is the purpose of an approval process in change management?

A. To ensure that the proposed change is reviewed and authorized by the appropriate stakeholders.
B. To update the diagrams and policies/procedures.
C. To identify the dependencies of the change.
D. To schedule a specific time frame for performing the change.

Answer 9

To ensure that the proposed change is reviewed and authorized by the appropriate stakeholders.

The approval process in change management ensures that the proposed change is reviewed and authorized by the appropriate stakeholders before it is implemented. This helps in ensuring that the change is necessary, well-planned, and will not adversely affect the organization’s operations or security.

Question 10

Which of the following is NOT a level of encryption?

A. Full-disk
B. Tokenization
C. Volume
D. Record

Answer 10

Tokenization

A method of replacing sensitive data with non-sensitive placeholders, it is not a level of encryption.

Question 11

What is the significance of a backout plan in the change management process?

A. To identify the dependencies of the change.
B. To update the diagrams and policies/procedures.
C. To define the steps to revert to the original state if the change is unsuccessful.
D. To ensure that the change is reviewed and authorized by the appropriate stakeholders.

Answer 11

To define the steps to revert to the original state if the change is unsuccessful.

A backout plan defines the steps to revert to the original state if the change is unsuccessful. It is a critical part of the change management process as it ensures that the organization can quickly recover if the change has adverse effects.

Question 12

What is the primary purpose of a Hardware Security Module (HSM)?

A. To replace sensitive data with non-sensitive placeholders.
B. To securely generate, store, and manage cryptographic keys.
C. To check the revocation status of digital certificates in real-time.
D. To hide data within other data.

Answer 12

To securely generate, store, and manage cryptographic keys.

A Hardware Security Module (HSM) is a physical device that securely generates, stores, and manages cryptographic keys. It provides a secure environment for performing cryptographic operations and is designed to be resistant to physical and logical attacks.

Question 13

What is the purpose of data masking in cryptographic solutions?

A. To verify the integrity and authenticity of a digital message or document.
B. To protect sensitive data by replacing it with fake or pseudonymous data.
C. To establish a chain of trust to verify unknown public keys.
D. To increase the computational effort required to brute force a password.

Answer 13

To protect sensitive data by replacing it with fake or pseudonymous data.

Data masking is a method of protecting sensitive data by replacing it with fake or pseudonymous data. This is useful for testing and development environments where real data is needed but exposing the actual data is a security risk.

Question 14

What is the purpose of a root of trust in cryptographic solutions?

A. To hide data within other data.
B. To securely store a copy of cryptographic keys.
C. To check the revocation status of digital certificates in real-time.
D. To establish a trusted starting point for the cryptographic operations of a system.

Answer 14

To establish a trusted starting point for the cryptographic operations of a system.

A root of trust is a secure area or component in a system that is trusted to perform the cryptographic operations of the system. It establishes a trusted starting point for the system’s security architecture and is used to verify the integrity and authenticity of the system and its components.

Question 15

Which of the following is a characteristic of symmetric encryption?

A. It replaces sensitive data with non-sensitive placeholders.
B. The same key is used for both encryption and decryption.
C. It uses a pair of keys: a public key and a private key.
D. It is used to verify the integrity and authenticity of a digital message or document.

Answer 15

The same key is used for both encryption and decryption.

Symmetric encryption uses the same key for both encryption and decryption.

Question 16

What best describes the motivations of a threat actor involved in causing chaos within an organization for personal vendetta?

A. Ethical
B. Revenge
C. Financial gain
D. Espionage

Answer 16

Revenge

Denotes a motive of retaliation, typically driven by feelings of anger or vendetta.

Question 17

An attacker is using a malicious USB drive to compromise a target computer when plugged in. Which of the following best describes this type of attack vector?

A. Email
B. Removable device
C. Phishing
D. Voice call

Answer 17

Removable device

USB drives for example, are a hardware-related attack vector.

Question 18

If an attacker is attempting to compromise an organization’s network by taking advantage of open wireless networks, which of the following best describes the attack surface?

A. Removable device
B. Bluetooth
C. Wired
D. Wireless

Answer 18

Wireless

An open wireless network represents a wireless attack surface.

Question 19

An attacker sends a text message to a user, urging them to click on a malicious link. This type of attack is known as:

A. Smishing
B. Business email compromise
C. Vishing
D. Phishing

Answer 19

Smishing

Involves the use of SMS to deceive individuals.

Question 20

A threat actor that operates on behalf of a government to steal information from other countries is best described as:

A. Hacktivist
B. Organized crime
C. Shadow IT
D. Nation-state

Answer 20

Nation-state

Actors operate on behalf of their governments and often have significant resources at their disposal.

Question 21

When an attacker tricks an employee into revealing their password by pretending to be from the IT department, this tactic is called:

A. Misinformation
B. Impersonation
C. Brand impersonation
D. Pretexting

Answer 21

Pretexting

Involves creating a fabricated scenario or pretext to manipulate a target, which matches the described tactic.

Question 22

An attacker registers a domain that looks visually similar to a legitimate domain by using characters from other scripts or slight misspellings. This kind of deception is known as:

A. Watering hole
B. Phishing
C. Pretexting
D. Punycode

Answer 22

Punycode

A method used to represent Unicode with the limited character subset of ASCII supported by the Domain Name System (DNS), and its abuse can lead to domain names that look similar to legitimate ones.

Question 23

Which of the following best describes the concept of “microservices” in the context of architecture models?

A. Designing an application as a collection of loosely coupled, independently deployable services.
B. Dividing an application into tiny pieces where each piece is a separate OS.
C. Multiple physical servers combined to create a large compute cluster.
D. Offloading server management to cloud providers.

Answer 23

Designing an application as a collection of loosely coupled, independently deployable services.

Microservices architecture breaks down applications into small services that run in their own processes.

Question 24

Which consideration involves understanding the potential dangers when a security solution stops working and defaults to a state where all traffic is allowed?

A. Cost-effectiveness
B. Responsiveness
C. Scalability
D. Fail-open

Answer 24

Fail-open

When a security device fails, it defaults to allowing traffic, which could be risky.

Question 25

For which of the following scenarios would the use of a Jump Server be most appropriate?

A. To balance the load between multiple web servers.
B. To provide a controlled means of accessing another network segment.
C. To cache web content for faster access.
D. To scan incoming network traffic for malicious patterns.

Answer 25

To provide a controlled means of accessing another network segment.

Jump servers (or bastion hosts) are used to securely access and manage devices in a different security zone.

Question 26

What does “containerization” primarily provide for application deployment?

A. An isolated environment to run and manage applications consistently across different stages.
B. A physical server environment to host applications.
C. Splitting applications into smaller services that can be developed independently.
D. Encrypting application data during transit.

Answer 26

An isolated environment to run and manage applications consistently across different stages.

Containers package an application with all of its dependencies to ensure it runs consistently in varied environments.

Question 27

In terms of security architecture, why might an organization prefer a decentralized approach?

A. To make it easier to apply patches across the network.
B. To reduce the risk of a single point of failure and distribute resources.
C. To decrease the cost of deploying multiple data centers.
D. To ensure all data is stored in a single, central database.

Answer 27

To reduce the risk of a single point of failure and distribute resources.

Decentralized architectures distribute resources and functionalities, reducing risks associated with central points of failure.

Question 28

Which protocol is primarily associated with port security and allows for network access control at the Data Link Layer?

A. IPSec
B. TLS
C. 802.1X
D. SD-WAN

Answer 28

802.1X

A standard for network access control at the Data Link Layer, often used in wired and wireless networks.

Question 29

A network appliance that inspects traffic at both the transport and application layers, and can make decisions based on both is known as:

A. Web application firewall (WAF)
B. Unified threat management (UTM)
C. Intrusion detection system (IDS)
D. Next-generation firewall (NGFW)

Answer 29

Next-generation firewall (NGFW)

NGFWs inspect traffic at both the transport and application layers, allowing for more granular security decisions.

Question 30

If a company wants to ensure secure communications over a public network between its headquarters and branch offices, which technology should it primarily consider?

A. Proxy server
B. Intrusion prevention system (IPS)
C. Load balancer
D. Virtual private network (VPN)

Answer 30

Virtual private network (VPN)

VPNs create encrypted tunnels over public networks to ensure secure communication between sites.

Question 31

Why might a company employ a software-defined wide area network (SD-WAN)?

A. To distribute incoming web traffic across multiple servers.
B. To achieve more efficient and flexible network traffic routing between multiple locations.
C. To create isolated application environments.
D. To ensure data at rest encryption in databases.

Answer 31

To achieve more efficient and flexible network traffic routing between multiple locations.

SD-WANs use software-defined methods to manage wide area network connections and can make dynamic path decisions based on current network conditions.

Question 32

When deploying IoT devices in an organization, what is a critical initial step to enhance security?

A. Hardening the device configurations.
B. Assigning them public IP addresses.
C. Using the same password for all devices for uniformity.
D. Regularly rebooting the devices.

Answer 32

Hardening the device configurations.

Involves adjusting settings to enhance security, like changing default passwords and disabling unnecessary services.

Question 33

When managing mobile devices in a large organization, which solution allows centralized management, including software distribution and remote wipes?

A. Mobile Device Management (MDM).
B. Sandboxing.
C. Secure cookies.
D. Site surveys.

Answer 33

Mobile Device Management (MDM).

It provides centralized control over mobile devices, ensuring they meet the organization’s security policies.

Question 34

An organization is concerned about the security of its wireless networks. What is the primary function of AAA in this context?

A. Authenticating and authorizing users, and accounting for their actions.
B. Assigning IP addresses to wireless clients.
C. Auditing all network traffic.
D. Allocating bandwidth to devices.

Answer 34

Authenticating and authorizing users, and accounting for their actions.

The foundational purpose of AAA (Authentication, Authorization, and Accounting).

Question 35

Which approach involves creating an isolated environment within a system to run and test suspicious programs without affecting the primary system?

A. Static code analysis.
B. Heat maps.
C. Mobile device management (MDM).
D. Sandboxing.

Answer 35

Sandboxing.

It allows for the secure testing or running of untrusted programs without risk to the primary environment.

Question 36

In the process of data asset management, why is proper classification crucial?

A. To ensure the maximum storage capacity is utilized.
B. To determine the software compatibility.
C. To assess the age of the data.
D. To apply appropriate security controls based on sensitivity.

Answer 36

To apply appropriate security controls based on sensitivity.

Classification helps in understanding how data should be handled and protected.

Question 37

Why might an organization subscribe to an open-source intelligence (OSINT) threat feed?

A. To gather information about potential threats from public sources.
B. To conduct static code analysis.
C. To source proprietary software for internal use.
D. To assess employee performance.

Answer 37

To gather information about potential threats from public sources.

OSINT involves collecting and analyzing publicly available data.

Question 38

What role does the Common Vulnerability Enumeration (CVE) play in vulnerability management?

A. It scores the severity of vulnerabilities.
B. It offers insurance against potential breaches.
C. It provides a standardized identifier for a known vulnerability.
D. It provides patches for vulnerabilities.

Answer 38

It provides a standardized identifier for a known vulnerability.

CVE is a cataloging system giving each vulnerability a unique identifier.

Question 39

After a vulnerability has been addressed, what action should be taken to ensure its effective mitigation?

A. Change the system’s IP address.
B. Decommission the system.
C. Subscribe to a threat feed.
D. Re-scan the system.

Answer 39

Re-scan the system.

It verifies that the vulnerability has been effectively addressed.

Question 40

An organization has a limited budget and cannot address all the known vulnerabilities immediately. What should they use to determine which vulnerabilities to tackle first?

A. Date of vulnerability discovery.
B. Number of users using the software.
C. Risk assessment and vulnerability severity scores.
D. Alphabetical order of software names.

Answer 40

Risk assessment and vulnerability severity scores.

Help prioritize vulnerabilities based on their potential impact and exploitability.

Question 41

Given an organization is looking for ways to detect unauthorized changes to system files. Which tool should they prioritize implementing?

A. DNS filtering
B. Vulnerability scanners
C. Security Content Automation Protocol (SCAP)
D. File integrity monitoring

Answer 41

File integrity monitoring

It checks for unauthorized changes to files.

Question 42

When trying to streamline the access to a cloud application from the company’s internal application, which authentication mechanism would be best to use?

A. Multi-factor Authentication
B. Security Assertions Markup Language (SAML)
C. Federation
D. File integrity Monitoring

Answer 42

Federation

It enables the trust between different systems or domains, allowing for streamlined access and single sign-on capabilities.

Question 43

Which of the following solutions is most suitable for ensuring that outbound emails from an organization are genuinely from that organization and not spoofed?

A. Web filter
B. Multifactor authentication
C. Firewall rules
D. DomainKeys Identified Mail (DKIM)

Answer 43

DomainKeys Identified Mail (DKIM)

It validates the domain of an email sender and ensures the message wasn’t altered during transit.

Question 44

In a distributed company environment, to centralize the collection and analysis of log data from various sources, which tool should be primarily utilized?

A. Web filter
B. SNMP traps
C. NetFlow
D. Security information and event management (SIEM)

Answer 44

Security information and event management (SIEM)

It provides real-time analysis of security alerts generated by hardware and software.

Question 45

Which of the following is a primary reason to use agents in security tools?

A. To enable Just-in-time permissions
B. To reduce network latency
C. To gather detailed data from endpoints
D. To scan URLs

Answer 45

To gather detailed data from endpoints

Agents, being installed on endpoints, can collect and relay comprehensive data to centralized servers.

Question 46

Given an organization wants to enforce a policy where users can only access certain applications during their working hours. Which type of access control is this?

A. Role-based access control
B. Attribute-based access control
C. Discretionary access control
D. Time-of-day restrictions

Answer 46

Time-of-day restrictions

Limit access based on the time.

Question 47

What’s the primary purpose of implementing Universal Resource Locator (URL) scanning in an organization?

A. To log user activities
B. To detect and block malicious URLs
C. To facilitate single sign-on
D. To enforce password policies

Answer 47

To detect and block malicious URLs

URL scanning assesses URLs for potential threats.

Question 48

In terms of password best practices, why is password reuse discouraged?

A. It strengthens password security.
B. It simplifies password management for users.
C. If one account is compromised, other accounts are at risk.
D. It ensures password complexity.

Answer 48

If one account is compromised, other accounts are at risk.

Reusing passwords means that a breach in one platform can lead to vulnerabilities in others where the same password is used.

Question 49

Which solution primarily focuses on analyzing the behavior patterns of users in a network to detect potential security threats?

A. User behavior analytics
B. Vulnerability scanners
C. Data loss prevention (DLP)
D. Antivirus

Answer 49

User behavior analytics

It analyzes patterns of user behavior to detect anomalies that might indicate security threats.

Question 50

Which term refers to built-in checks that ensure an automated process doesn’t deviate too far from its intended purpose, potentially causing harm?

A. Continuous integration and testing
B. Ticket creation
C. Guard rails
D. User provisioning

Answer 50

Guard rails

Designed mechanisms that guide user or system behavior, preventing unintended consequences.

Question 51

During an incident response, which phase primarily focuses on bringing systems back to operational status?

A. Analysis
B. Eradication
C. Containment
D. Recovery

Answer 51

Recovery

It’s main goal is to restore and validate system functionality for business operations.

Question 52

In the context of automation, what is the primary advantage of having standardized infrastructure configurations?

A. Continuous integration and testing
B. Enforcing baselines
C. Reaction time
D. Employee retention

Answer 52

Enforcing baselines

Standardized configurations ensure that systems are set up based on a known and approved standard.

Question 53

An organization’s security team is collecting detailed network traffic packets for analysis following a potential security incident. What are they performing?

A. E-discovery
B. Analysis of application logs
C. Reviewing IPS/IDS logs
D. Packet captures

Answer 53

Packet captures

Involves collecting detailed network packets for analysis.

Question 54

If an organization wants to ensure the preservation of electronic data to potentially serve as evidence in a future lawsuit, which action would they likely implement?

A. Legal hold
B. Threat hunting
C. Root cause analysis
D. Chain of custody

Answer 54

Legal hold

Ensures data relevant to potential litigation is preserved and protected.

Question 55

Automation’s ability to handle a larger operational load without needing proportionate resource increases helps in:

A. Scaling in a secure manner
B. Minimizing technical debt
C. Continuous integration and testing
D. Reducing complexity

Answer 55

Scaling in a secure manner

Automation allows operations to expand securely without linearly increasing resources.

Question 56

In a security incident involving a compromised application, which log type would offer the most granular insight into the application’s behavior?

A. OS-specific security logs
B. Metadata
C. Firewall logs
D. Application logs

Answer 56

Application logs

Offers detailed events related to the specific application’s functions and behavior.

Question 57

Which of the following is NOT typically an advantage of automation in security operations?

A. Reaction time
B. Workforce multiplier
C. Efficiency/time saving
D. Ongoing supportability

Answer 57

Ongoing supportability

While automation can streamline many tasks, it might also introduce new complexities that require continuous support and maintenance.

Question 58

Which of the following governance structures is characterized by a single central authority making security decisions for an organization?

A. Boards
B. Centralized
C. Committees
D. Government entities

Answer 58

Centralized

Refers to a structure where decisions are made by a single, central authority.

Question 59

A vendor is subjected to a simulated cyber-attack to evaluate their security posture. What method is being used?

A. Supply chain analysis
B. Penetration testing
C. Due diligence
D. Vendor monitoring

Answer 59

Penetration testing

It’s a simulated cyber attack to identify vulnerabilities in a system.

Question 60

Before entering into an agreement with a third-party vendor, a company wants to ensure that specific service expectations and metrics are defined. Which document should they use?

A. Non-disclosure agreement (NDA)
B. Memorandum of agreement (MOA)
C. Service-level agreement (SLA)
D. Business partners agreement (BPA)

Answer 60

Service-level agreement (SLA)

It sets out specific service expectations and metrics that the vendor agrees to meet.

Question 61

Which process primarily focuses on defining how IT system changes should be proposed, reviewed, and implemented?

A. Change management
B. Disaster recovery
C. Incident response
D. Onboarding/offboarding

Answer 61

Change management

It defines how changes to IT systems or processes should be managed.

Question 62

An organization’s decision to implement multi-factor authentication (MFA) after identifying potential authentication vulnerabilities is an example of which risk management strategy?

A. Transfer
B. Avoid
C. Accept
D. Mitigate

Answer 62

Mitigate

By implementing MFA, the organization is taking steps to reduce the likelihood or impact of the risk.

Question 63

Which of the following focuses on the continuous refinement and updating of security policies, standards, and procedures to ensure they remain effective and relevant?

A. Monitoring and revision
B. Playbooks
C. Business continuity
D. Incident response

Answer 63

Monitoring and revision

It involves regularly reviewing and updating security governance elements to keep them current.

Question 64

An organization decides not to do business in a country due to the high risk of data breaches and cyber threats. This is an example of which risk management strategy?

A. Transfer
B. Avoid
C. Accept
D. Mitigate

Answer 64

Avoid

The organization is choosing not to engage in activities that pose the risk.

Question 65

When dealing with third-party risk assessments, what document outlines the right to inspect or review a vendor’s practices and procedures?

A. Work order (WO)/statement of work (SOW)
B. Business partners agreement (BPA)
C. Service-level agreement (SLA)
D. Right-to-audit clause

Answer 65

Right-to-audit clause

It stipulates the organization’s right to inspect or review a vendor’s activities.

Question 66

When a company actively keeps track of its data assets, ensuring every piece of data is accounted for and properly classified, this process is best known as:

A. Data inventory
B. Data retention
C. Data monitoring
D. Data categorization

Answer 66

Data inventory

It involves creating a catalog or comprehensive list of data assets in an organization.

Question 67

Which type of audit involves an organization evaluating its own systems and procedures without external influence?

A. Internal audit
B. Compliance audit
C. Independent third-party audit
D. Regulatory audit

Answer 67

Internal audit

It involves the organization evaluating its own systems and procedures.

Question 68

An organization has been fined for failing to protect user data adequately. This is an example of:

A. Privacy implications
B. Consequences of non-compliance
C. Reputational damage
D. Contractual impacts

Answer 68

Consequences of non-compliance

Fines are a direct outcome of not adhering to regulations.

Question 69

A business conducts a test where they intentionally leave USB drives in the parking lot to see if employees will pick them up and plug them into company computers. This test is primarily to raise awareness about:

A. Password management
B. Social engineering
C. Phishing
D. Insider threats

Answer 69

Social engineering

It involves manipulating individuals into performing certain actions or divulging confidential information.

Question 70

If a company wants to verify they are adhering to regional data protection laws, which type of assessment would they likely undergo?

A. Internal audit
B. Regulatory examination
C. Attestation
D. Self-assessment

Answer 70

Regulatory examination

It focuses on ensuring adherence to specific regional or local laws.

Question 71

To best protect against threats originating from employees — either maliciously or unintentionally — an organization should invest in training focused on:

A. Insider threats
B. External examinations
C. Data inventory
D. Penetration testing

Answer 71

Insider threats

The training would focus on the risks posed by individuals within the organization.

Question 72

A company undergoes a process where an independent entity verifies its adherence to industry standards. This process is best described as:

A. Attestation
B. Self-assessment
C. Independent third-party audit
D. Internal audit

Answer 72

Independent third-party audit

It involves an external entity evaluating the organization against set standards.