CompTIA Security+ (SY0-701)
Level 3 – Advanced (Exam 3)
Time allowed: 1 hour
Total marks: 40
Pass mark: 26 (65%)
Instructions: Answer all questions. Write your answers in the spaces provided. Marks are
shown in brackets [ ] at the end of each question.
Section A: Multiple Choice (10 marks)
Circle the correct answer.
1. An organisation wants to ensure that sensitive data stored in the cloud cannot be read by the
cloud provider. Which control should be implemented?
A) Data classification
B) Client-side encryption before upload
C) Network segmentation
D) Multi-factor authentication
[1 mark]
2. Which of the following best describes privilege escalation?
A) An attacker gains higher-level access than originally granted
B) A user forgets their password and requests a reset
C) An administrator assigns unnecessary permissions
D) A system automatically logs out inactive users
[1 mark]
3. In zero trust architecture, which principle is most important?
A) Trust internal network, distrust external
B) Never trust, always verify (every request, every time)
C) Trust users but not devices
D) Trust devices but not users
[1 mark]
4. Which attack involves an attacker positioning themselves between two communicating parties
to intercept and possibly alter traffic?
A) Replay attack
B) Man-in-the-middle (MITM)
C) DoS (Denial of Service)
, D) Phishing
[1 mark]
5. What is the purpose of a Certificate Authority (CA) in PKI?
A) To issue and revoke digital certificates
B) To encrypt all outbound emails
C) To store user passwords
D) To monitor network traffic
[1 mark]
6. Which of the following is an example of two-factor authentication (2FA) using something
you are and something you know?
A) Password + smart card
B) Fingerprint + PIN
C) Retina scan + iris scan
D) One-time code + security question
[1 mark]
7. A replay attack occurs when:
A) An attacker repeats a captured valid transmission to impersonate a legitimate user
B) An attacker floods a network with traffic
C) An attacker guesses a password repeatedly
D) An attacker intercepts traffic without altering it
[1 mark]
8. Which of the following is a strong hashing algorithm for password storage?
A) MD5
B) SHA-1
C) bcrypt
D) DES
[1 mark]
9. What does SAML (Security Assertion Markup Language) enable?
A) Encrypted email
B) Single sign-on (SSO) between different systems
C) Secure file transfer
D) Network monitoring
[1 mark]
10. Which incident response phase involves documenting lessons learned and updating
policies?
A) Detection
B) Containment
C) Eradication
D) Post-incident activity
[1 mark]
Level 3 – Advanced (Exam 3)
Time allowed: 1 hour
Total marks: 40
Pass mark: 26 (65%)
Instructions: Answer all questions. Write your answers in the spaces provided. Marks are
shown in brackets [ ] at the end of each question.
Section A: Multiple Choice (10 marks)
Circle the correct answer.
1. An organisation wants to ensure that sensitive data stored in the cloud cannot be read by the
cloud provider. Which control should be implemented?
A) Data classification
B) Client-side encryption before upload
C) Network segmentation
D) Multi-factor authentication
[1 mark]
2. Which of the following best describes privilege escalation?
A) An attacker gains higher-level access than originally granted
B) A user forgets their password and requests a reset
C) An administrator assigns unnecessary permissions
D) A system automatically logs out inactive users
[1 mark]
3. In zero trust architecture, which principle is most important?
A) Trust internal network, distrust external
B) Never trust, always verify (every request, every time)
C) Trust users but not devices
D) Trust devices but not users
[1 mark]
4. Which attack involves an attacker positioning themselves between two communicating parties
to intercept and possibly alter traffic?
A) Replay attack
B) Man-in-the-middle (MITM)
C) DoS (Denial of Service)
, D) Phishing
[1 mark]
5. What is the purpose of a Certificate Authority (CA) in PKI?
A) To issue and revoke digital certificates
B) To encrypt all outbound emails
C) To store user passwords
D) To monitor network traffic
[1 mark]
6. Which of the following is an example of two-factor authentication (2FA) using something
you are and something you know?
A) Password + smart card
B) Fingerprint + PIN
C) Retina scan + iris scan
D) One-time code + security question
[1 mark]
7. A replay attack occurs when:
A) An attacker repeats a captured valid transmission to impersonate a legitimate user
B) An attacker floods a network with traffic
C) An attacker guesses a password repeatedly
D) An attacker intercepts traffic without altering it
[1 mark]
8. Which of the following is a strong hashing algorithm for password storage?
A) MD5
B) SHA-1
C) bcrypt
D) DES
[1 mark]
9. What does SAML (Security Assertion Markup Language) enable?
A) Encrypted email
B) Single sign-on (SSO) between different systems
C) Secure file transfer
D) Network monitoring
[1 mark]
10. Which incident response phase involves documenting lessons learned and updating
policies?
A) Detection
B) Containment
C) Eradication
D) Post-incident activity
[1 mark]
