COMPTIA SECURITY+ (CYBERSECURITY) PRACTICE EXAM
TEST QUESTIONS WITH VERIFIED ANSWERS.
1. Which security principle ensures that data is not altered without authorization?
A. Confidentiality
B. Integrity
C. Availability
D. Non-repudiation
Correct Answer: B
Rationale: Integrity ensures data remains accurate and unaltered. Confidentiality
protects secrecy, availability ensures access, and non-repudiation prevents denial of
actions.
2. A company wants to ensure that users cannot deny performing a transaction. Which
concept is being enforced?
A. Authentication
B. Authorization
C. Non-repudiation
D. Accounting
Correct Answer: C
Rationale: Non-repudiation ensures users cannot deny actions. Authentication
verifies identity, authorization grants access, and accounting logs activity.
3. Which type of malware is designed to appear legitimate while performing malicious
actions?
A. Worm
B. Trojan
C. Ransomware
D. Rootkit
Correct Answer: B
Rationale: A Trojan disguises itself as legitimate software. Worms self-replicate,
ransomware encrypts data, and rootkits hide system-level access.
4. What is the primary purpose of a firewall?
A. Encrypt data
B. Monitor system logs
C. Filter network traffic
D. Authenticate users
Correct Answer: C
Rationale: Firewalls filter incoming and outgoing traffic based on rules. Encryption,
logging, and authentication are separate functions.
,5. Which attack involves overwhelming a system with traffic to make it unavailable?
A. Phishing
B. Spoofing
C. DDoS
D. Man-in-the-middle
Correct Answer: C
Rationale: Distributed Denial-of-Service (DDoS) floods systems with traffic. Other
options involve deception or interception.
6. What type of encryption uses the same key for encryption and decryption?
A. Asymmetric
B. Symmetric
C. Hashing
D. Tokenization
Correct Answer: B
Rationale: Symmetric encryption uses one shared key. Asymmetric uses two keys,
hashing is one-way, and tokenization replaces data.
7. Which protocol is used to securely browse websites?
A. HTTP
B. FTP
C. HTTPS
D. SMTP
Correct Answer: C
Rationale: HTTPS uses TLS/SSL for secure communication. HTTP is insecure, FTP
transfers files, SMTP handles email.
8. Which authentication factor is represented by a fingerprint scan?
A. Something you know
B. Something you have
C. Something you are
D. Somewhere you are
Correct Answer: C
Rationale: Biometrics like fingerprints are “something you are.” Knowledge and
possession are different factors.
9. What is the main goal of social engineering attacks?
A. Exploit software vulnerabilities
B. Manipulate human behavior
C. Encrypt data
D. Scan networks
Correct Answer: B
, Rationale: Social engineering targets people rather than systems, exploiting trust or
ignorance.
10. Which type of attack intercepts communication between two parties?
A. MITM
B. Phishing
C. SQL Injection
D. Brute force
Correct Answer: A
Rationale: Man-in-the-middle (MITM) attacks intercept and possibly alter
communications.
11. What does least privilege mean?
A. Users have maximum access
B. Users have only necessary access
C. Users share accounts
D. Users have admin rights
Correct Answer: B
Rationale: Least privilege limits access to only what is required, reducing risk.
12. Which tool is used to detect unauthorized network activity?
A. IDS
B. Firewall
C. VPN
D. Proxy
Correct Answer: A
Rationale: Intrusion Detection Systems (IDS) monitor and alert on suspicious activity.
13. What is phishing?
A. Network scanning
B. Sending fraudulent emails
C. Encrypting files
D. Blocking ports
Correct Answer: B
Rationale: Phishing tricks users into revealing sensitive information via fake
communications.
14. Which security control is a locked door?
A. Administrative
B. Technical
, C. Physical
D. Operational
Correct Answer: C
Rationale: Physical controls protect physical assets like doors and locks.
15. Which hashing algorithm is considered insecure?
A. SHA-256
B. SHA-512
C. MD5
D. SHA-3
Correct Answer: C
Rationale: MD5 is outdated and vulnerable to collisions.
16. What is a vulnerability?
A. A threat actor
B. A system weakness
C. A security policy
D. A firewall rule
Correct Answer: B
Rationale: Vulnerabilities are weaknesses that can be exploited.
17. Which term describes a potential cause of harm?
A. Risk
B. Threat
C. Vulnerability
D. Control
Correct Answer: B
Rationale: A threat is a potential danger that can exploit a vulnerability.
18. What does a VPN provide?
A. Open access
B. Secure remote access
C. Email filtering
D. Password storage
Correct Answer: B
Rationale: VPNs create encrypted tunnels for secure remote connections.
19. Which attack uses automated attempts to guess passwords?
A. Phishing
B. Brute force
TEST QUESTIONS WITH VERIFIED ANSWERS.
1. Which security principle ensures that data is not altered without authorization?
A. Confidentiality
B. Integrity
C. Availability
D. Non-repudiation
Correct Answer: B
Rationale: Integrity ensures data remains accurate and unaltered. Confidentiality
protects secrecy, availability ensures access, and non-repudiation prevents denial of
actions.
2. A company wants to ensure that users cannot deny performing a transaction. Which
concept is being enforced?
A. Authentication
B. Authorization
C. Non-repudiation
D. Accounting
Correct Answer: C
Rationale: Non-repudiation ensures users cannot deny actions. Authentication
verifies identity, authorization grants access, and accounting logs activity.
3. Which type of malware is designed to appear legitimate while performing malicious
actions?
A. Worm
B. Trojan
C. Ransomware
D. Rootkit
Correct Answer: B
Rationale: A Trojan disguises itself as legitimate software. Worms self-replicate,
ransomware encrypts data, and rootkits hide system-level access.
4. What is the primary purpose of a firewall?
A. Encrypt data
B. Monitor system logs
C. Filter network traffic
D. Authenticate users
Correct Answer: C
Rationale: Firewalls filter incoming and outgoing traffic based on rules. Encryption,
logging, and authentication are separate functions.
,5. Which attack involves overwhelming a system with traffic to make it unavailable?
A. Phishing
B. Spoofing
C. DDoS
D. Man-in-the-middle
Correct Answer: C
Rationale: Distributed Denial-of-Service (DDoS) floods systems with traffic. Other
options involve deception or interception.
6. What type of encryption uses the same key for encryption and decryption?
A. Asymmetric
B. Symmetric
C. Hashing
D. Tokenization
Correct Answer: B
Rationale: Symmetric encryption uses one shared key. Asymmetric uses two keys,
hashing is one-way, and tokenization replaces data.
7. Which protocol is used to securely browse websites?
A. HTTP
B. FTP
C. HTTPS
D. SMTP
Correct Answer: C
Rationale: HTTPS uses TLS/SSL for secure communication. HTTP is insecure, FTP
transfers files, SMTP handles email.
8. Which authentication factor is represented by a fingerprint scan?
A. Something you know
B. Something you have
C. Something you are
D. Somewhere you are
Correct Answer: C
Rationale: Biometrics like fingerprints are “something you are.” Knowledge and
possession are different factors.
9. What is the main goal of social engineering attacks?
A. Exploit software vulnerabilities
B. Manipulate human behavior
C. Encrypt data
D. Scan networks
Correct Answer: B
, Rationale: Social engineering targets people rather than systems, exploiting trust or
ignorance.
10. Which type of attack intercepts communication between two parties?
A. MITM
B. Phishing
C. SQL Injection
D. Brute force
Correct Answer: A
Rationale: Man-in-the-middle (MITM) attacks intercept and possibly alter
communications.
11. What does least privilege mean?
A. Users have maximum access
B. Users have only necessary access
C. Users share accounts
D. Users have admin rights
Correct Answer: B
Rationale: Least privilege limits access to only what is required, reducing risk.
12. Which tool is used to detect unauthorized network activity?
A. IDS
B. Firewall
C. VPN
D. Proxy
Correct Answer: A
Rationale: Intrusion Detection Systems (IDS) monitor and alert on suspicious activity.
13. What is phishing?
A. Network scanning
B. Sending fraudulent emails
C. Encrypting files
D. Blocking ports
Correct Answer: B
Rationale: Phishing tricks users into revealing sensitive information via fake
communications.
14. Which security control is a locked door?
A. Administrative
B. Technical
, C. Physical
D. Operational
Correct Answer: C
Rationale: Physical controls protect physical assets like doors and locks.
15. Which hashing algorithm is considered insecure?
A. SHA-256
B. SHA-512
C. MD5
D. SHA-3
Correct Answer: C
Rationale: MD5 is outdated and vulnerable to collisions.
16. What is a vulnerability?
A. A threat actor
B. A system weakness
C. A security policy
D. A firewall rule
Correct Answer: B
Rationale: Vulnerabilities are weaknesses that can be exploited.
17. Which term describes a potential cause of harm?
A. Risk
B. Threat
C. Vulnerability
D. Control
Correct Answer: B
Rationale: A threat is a potential danger that can exploit a vulnerability.
18. What does a VPN provide?
A. Open access
B. Secure remote access
C. Email filtering
D. Password storage
Correct Answer: B
Rationale: VPNs create encrypted tunnels for secure remote connections.
19. Which attack uses automated attempts to guess passwords?
A. Phishing
B. Brute force
