CompTIA CertMaster CE Security+
Practice Exam Questions And Correct
Answers (Verified Answers) Plus
Rationales 2026 Q&A | Instant
Download Pdf
1. Which type of malware is designed to appear harmless but actually
executes malicious actions once activated?
A. Worm
B. Trojan
C. Virus
D. Ransomware
B. Trojan
Trojans disguise themselves as legitimate software but perform malicious
actions once installed.
, 2. A company wants to ensure that sensitive data cannot be read if
intercepted during transmission. Which security principle should be
applied?
A. Authentication
B. Confidentiality
C. Availability
D. Integrity
B. Confidentiality
Confidentiality ensures that data is accessible only to authorized parties,
typically through encryption.
3. What type of attack involves overwhelming a system with traffic to
make it unavailable to users?
A. Man-in-the-middle
B. Denial-of-service
C. Phishing
D. Brute-force
B. Denial-of-service
A DoS attack floods a system with traffic to disrupt normal operations and
make resources unavailable.
4. Which protocol is commonly used to securely connect to a remote
server for command-line access?
A. FTP
B. SSH
, C. HTTP
D. Telnet
B. SSH
SSH provides encrypted, secure communication for remote management of
servers.
5. A company implements multi-factor authentication. Which
combination is an example of MFA?
A. Username and password
B. Password and security question
C. Password and fingerprint scan
D. Security question and PIN
C. Password and fingerprint scan
MFA requires two or more authentication factors, typically something you
know (password) and something you are (biometrics).
6. Which term describes a network attack that captures and potentially
alters data between two endpoints without the users’ knowledge?
A. Phishing
B. Denial-of-service
C. Man-in-the-middle
D. Spoofing
, C. Man-in-the-middle
A man-in-the-middle attack intercepts communication between two
parties, potentially altering or stealing data.
7. Which type of backup allows restoration of the entire system,
including operating system and applications?
A. Differential backup
B. Full system image backup
C. Incremental backup
D. Transactional backup
B. Full system image backup
A full system image backup captures the entire system, enabling complete
restoration of OS, applications, and data.
8. What is the primary purpose of a firewall?
A. Encrypt data
B. Filter network traffic
C. Detect viruses
D. Authenticate users
B. Filter network traffic
Firewalls control network traffic based on predefined rules, protecting
systems from unauthorized access.
9. Which attack involves sending fraudulent emails that appear to come
from legitimate sources?
Practice Exam Questions And Correct
Answers (Verified Answers) Plus
Rationales 2026 Q&A | Instant
Download Pdf
1. Which type of malware is designed to appear harmless but actually
executes malicious actions once activated?
A. Worm
B. Trojan
C. Virus
D. Ransomware
B. Trojan
Trojans disguise themselves as legitimate software but perform malicious
actions once installed.
, 2. A company wants to ensure that sensitive data cannot be read if
intercepted during transmission. Which security principle should be
applied?
A. Authentication
B. Confidentiality
C. Availability
D. Integrity
B. Confidentiality
Confidentiality ensures that data is accessible only to authorized parties,
typically through encryption.
3. What type of attack involves overwhelming a system with traffic to
make it unavailable to users?
A. Man-in-the-middle
B. Denial-of-service
C. Phishing
D. Brute-force
B. Denial-of-service
A DoS attack floods a system with traffic to disrupt normal operations and
make resources unavailable.
4. Which protocol is commonly used to securely connect to a remote
server for command-line access?
A. FTP
B. SSH
, C. HTTP
D. Telnet
B. SSH
SSH provides encrypted, secure communication for remote management of
servers.
5. A company implements multi-factor authentication. Which
combination is an example of MFA?
A. Username and password
B. Password and security question
C. Password and fingerprint scan
D. Security question and PIN
C. Password and fingerprint scan
MFA requires two or more authentication factors, typically something you
know (password) and something you are (biometrics).
6. Which term describes a network attack that captures and potentially
alters data between two endpoints without the users’ knowledge?
A. Phishing
B. Denial-of-service
C. Man-in-the-middle
D. Spoofing
, C. Man-in-the-middle
A man-in-the-middle attack intercepts communication between two
parties, potentially altering or stealing data.
7. Which type of backup allows restoration of the entire system,
including operating system and applications?
A. Differential backup
B. Full system image backup
C. Incremental backup
D. Transactional backup
B. Full system image backup
A full system image backup captures the entire system, enabling complete
restoration of OS, applications, and data.
8. What is the primary purpose of a firewall?
A. Encrypt data
B. Filter network traffic
C. Detect viruses
D. Authenticate users
B. Filter network traffic
Firewalls control network traffic based on predefined rules, protecting
systems from unauthorized access.
9. Which attack involves sending fraudulent emails that appear to come
from legitimate sources?
