age 1 of 24
CompTIA CertMaster CE Security+ (2025) — Complete
Practice Questions and Answers with Explanations
A company set up controls to allow only a specific set of
software and tools to install on workstations. A user navigates to
a software library to make a selection. What type of method
prevents installation of software that is not a part of a library?
......ANSWER........Allow list
A company has two web servers using a load-balanced
configuration. Users report having periodic trust errors
connecting to the website. One of the servers is using an
incorrect web-server certificate path, while the other server is
using a valid certificate. Both servers are expected to use the
same path in a chain of trust. Which of the following actions
would most likely resolve the issue? ......ANSWER........Issue a new
certificate.
,age 2 of 24
An authoritative Domain Name System (DNS) server for a zone
creates a Resource Records Set (RRSet) signed with a zone
signing key. What is the result of this action?
......ANSWER........DNS Security Extensions
A cloud service provider (CSP) dashboard provides a view of all
applicable logs for cloud resources and services. When
examining the application programming interface (API) logs, the
cloud engineer sees some odd metrics. Which of the following
are examples that the engineer would have concerns for? (Select
all that apply.) ......ANSWER........Spike in API calls
& 78% average error rate
A company would like to deploy a software service to monitor
traffic and enforce security policies in their cloud environment.
, age 3 of 24
What tool should the company consider using?
......ANSWER........CASB
A Transport Layer Security (TLS) Virtual Private Network (VPN)
requires a remote access server listening on port 443 to encrypt
traffic with a client machine. An IPSec (Internet Protocol Security)
VPN can deliver traffic in two modes. One mode encrypts only
the payload of the IP packet. The other mode encrypts the
whole IP packet (header and payload). What are these two
modes? (Select all that apply.) ......ANSWER........Tunnel
& Transport
If managed improperly, which of the following would be most
detrimental to access management of cloud-based storage
resources? ......ANSWER........Resource policies
CompTIA CertMaster CE Security+ (2025) — Complete
Practice Questions and Answers with Explanations
A company set up controls to allow only a specific set of
software and tools to install on workstations. A user navigates to
a software library to make a selection. What type of method
prevents installation of software that is not a part of a library?
......ANSWER........Allow list
A company has two web servers using a load-balanced
configuration. Users report having periodic trust errors
connecting to the website. One of the servers is using an
incorrect web-server certificate path, while the other server is
using a valid certificate. Both servers are expected to use the
same path in a chain of trust. Which of the following actions
would most likely resolve the issue? ......ANSWER........Issue a new
certificate.
,age 2 of 24
An authoritative Domain Name System (DNS) server for a zone
creates a Resource Records Set (RRSet) signed with a zone
signing key. What is the result of this action?
......ANSWER........DNS Security Extensions
A cloud service provider (CSP) dashboard provides a view of all
applicable logs for cloud resources and services. When
examining the application programming interface (API) logs, the
cloud engineer sees some odd metrics. Which of the following
are examples that the engineer would have concerns for? (Select
all that apply.) ......ANSWER........Spike in API calls
& 78% average error rate
A company would like to deploy a software service to monitor
traffic and enforce security policies in their cloud environment.
, age 3 of 24
What tool should the company consider using?
......ANSWER........CASB
A Transport Layer Security (TLS) Virtual Private Network (VPN)
requires a remote access server listening on port 443 to encrypt
traffic with a client machine. An IPSec (Internet Protocol Security)
VPN can deliver traffic in two modes. One mode encrypts only
the payload of the IP packet. The other mode encrypts the
whole IP packet (header and payload). What are these two
modes? (Select all that apply.) ......ANSWER........Tunnel
& Transport
If managed improperly, which of the following would be most
detrimental to access management of cloud-based storage
resources? ......ANSWER........Resource policies
