1|Page
COMPTIA SECURITY+ CERTIFICATION EXAM
ACTUAL PREP QUESTIONS AND WELL
REVISED ANSWERS - LATEST AND COMPLETE
UPDATE WITH VERIFIED SOLUTIONS –
ASSURES PASS
1. Which of the following is a primary purpose of a firewall in a network?
A. Encrypt data in transit
B. Prevent unauthorized access to or from a network
C. Monitor user activity on endpoints
D. Perform vulnerability scanning
Answer: B
Firewalls control incoming and outgoing network traffic based on security
rules, preventing unauthorized access.
2. What type of attack involves overwhelming a system with traffic to make it
unavailable?
A. Phishing
B. Denial of Service (DoS)
C. Man-in-the-Middle
D. SQL Injection
Answer: B
A DoS attack floods a system with traffic, causing service disruption.
3. Which security principle ensures that a user can only access the information
necessary to perform their job?
A. Least privilege
,2|Page
B. Defense in depth
C. Separation of duties
D. Need to know
Answer: A
The principle of least privilege restricts user access to only what is
necessary to perform their tasks.
4. What is the best method to secure data at rest?
A. VPN
B. AES encryption
C. Multi-factor authentication
D. IDS
Answer: B
Data at rest is protected by encryption methods such as AES, which prevents
unauthorized access if data is stolen.
5. Which protocol is used to securely transmit data over the internet?
A. FTP
B. HTTP
C. HTTPS
D. Telnet
Answer: C
HTTPS uses TLS/SSL to encrypt data in transit, providing secure
communication over the internet.
6. Which attack uses deceptive emails to trick users into revealing sensitive
information?
A. Tailgating
B. Phishing
C. SQL Injection
,3|Page
D. DNS Spoofing
Answer: B
Phishing attacks use social engineering via email or messages to steal
credentials or sensitive data.
7. Which of the following is a symmetric encryption algorithm?
A. RSA
B. AES
C. ECC
D. DSA
Answer: B
AES is a symmetric encryption algorithm where the same key is used for
encryption and decryption.
8. What is the purpose of a DMZ in network security?
A. To encrypt network traffic
B. To isolate public-facing servers from the internal network
C. To block malware from internal devices
D. To monitor employee activity
Answer: B
A DMZ (demilitarized zone) separates external-facing services from internal
networks to reduce risk exposure.
9. Which of the following describes a zero-day vulnerability?
A. A flaw known by the vendor but not patched
B. A vulnerability that requires user interaction
C. A misconfiguration in the firewall
D. A vulnerability exploited immediately after discovery, before a patch
exists
Answer: D
, 4|Page
Zero-day vulnerabilities are exploited before a patch is released, making
them highly dangerous.
10.Which access control model is based on predefined roles?
A. Discretionary Access Control (DAC)
B. Role-Based Access Control (RBAC)
C. Mandatory Access Control (MAC)
D. Attribute-Based Access Control (ABAC)
Answer: B
RBAC assigns permissions to users based on their roles within an
organization.
11.What type of malware restricts access to files and demands payment to
restore access?
A. Worm
B. Ransomware
C. Trojan
D. Spyware
Answer: B
Ransomware encrypts or locks files, requiring payment for decryption or
restoration.
12.Which of the following describes spear phishing?
A. Random emails sent to many users
B. Targeted emails aimed at specific individuals or organizations
C. Emails containing malware attachments only
D. Emails sent from a compromised website
Answer: B
Spear phishing targets specific individuals with personalized content to
increase the chance of success.
COMPTIA SECURITY+ CERTIFICATION EXAM
ACTUAL PREP QUESTIONS AND WELL
REVISED ANSWERS - LATEST AND COMPLETE
UPDATE WITH VERIFIED SOLUTIONS –
ASSURES PASS
1. Which of the following is a primary purpose of a firewall in a network?
A. Encrypt data in transit
B. Prevent unauthorized access to or from a network
C. Monitor user activity on endpoints
D. Perform vulnerability scanning
Answer: B
Firewalls control incoming and outgoing network traffic based on security
rules, preventing unauthorized access.
2. What type of attack involves overwhelming a system with traffic to make it
unavailable?
A. Phishing
B. Denial of Service (DoS)
C. Man-in-the-Middle
D. SQL Injection
Answer: B
A DoS attack floods a system with traffic, causing service disruption.
3. Which security principle ensures that a user can only access the information
necessary to perform their job?
A. Least privilege
,2|Page
B. Defense in depth
C. Separation of duties
D. Need to know
Answer: A
The principle of least privilege restricts user access to only what is
necessary to perform their tasks.
4. What is the best method to secure data at rest?
A. VPN
B. AES encryption
C. Multi-factor authentication
D. IDS
Answer: B
Data at rest is protected by encryption methods such as AES, which prevents
unauthorized access if data is stolen.
5. Which protocol is used to securely transmit data over the internet?
A. FTP
B. HTTP
C. HTTPS
D. Telnet
Answer: C
HTTPS uses TLS/SSL to encrypt data in transit, providing secure
communication over the internet.
6. Which attack uses deceptive emails to trick users into revealing sensitive
information?
A. Tailgating
B. Phishing
C. SQL Injection
,3|Page
D. DNS Spoofing
Answer: B
Phishing attacks use social engineering via email or messages to steal
credentials or sensitive data.
7. Which of the following is a symmetric encryption algorithm?
A. RSA
B. AES
C. ECC
D. DSA
Answer: B
AES is a symmetric encryption algorithm where the same key is used for
encryption and decryption.
8. What is the purpose of a DMZ in network security?
A. To encrypt network traffic
B. To isolate public-facing servers from the internal network
C. To block malware from internal devices
D. To monitor employee activity
Answer: B
A DMZ (demilitarized zone) separates external-facing services from internal
networks to reduce risk exposure.
9. Which of the following describes a zero-day vulnerability?
A. A flaw known by the vendor but not patched
B. A vulnerability that requires user interaction
C. A misconfiguration in the firewall
D. A vulnerability exploited immediately after discovery, before a patch
exists
Answer: D
, 4|Page
Zero-day vulnerabilities are exploited before a patch is released, making
them highly dangerous.
10.Which access control model is based on predefined roles?
A. Discretionary Access Control (DAC)
B. Role-Based Access Control (RBAC)
C. Mandatory Access Control (MAC)
D. Attribute-Based Access Control (ABAC)
Answer: B
RBAC assigns permissions to users based on their roles within an
organization.
11.What type of malware restricts access to files and demands payment to
restore access?
A. Worm
B. Ransomware
C. Trojan
D. Spyware
Answer: B
Ransomware encrypts or locks files, requiring payment for decryption or
restoration.
12.Which of the following describes spear phishing?
A. Random emails sent to many users
B. Targeted emails aimed at specific individuals or organizations
C. Emails containing malware attachments only
D. Emails sent from a compromised website
Answer: B
Spear phishing targets specific individuals with personalized content to
increase the chance of success.
