age 1 of 24
CompTIA CertMaster CE Security+ 2025 – Complete
Domain-Based Q&A
An authoritative Domain Name System (DNS) server for a zone
creates a Resource Records Set (RRSet) signed with a zone
signing key. What is the result of this action?
......ANSWER........DNS Security Extensions
A cloud service provider (CSP) dashboard provides a view of all
applicable logs for cloud resources and services. When
examining the application programming interface (API) logs, the
cloud engineer sees some odd metrics. Which of the following
are examples that the engineer would have concerns for? (Select
all that apply.) ......ANSWER........Spike in API calls
& 78% average error rate
,age 2 of 24
A company would like to deploy a software service to monitor
traffic and enforce security policies in their cloud environment.
What tool should the company consider using?
......ANSWER........CASB
A Transport Layer Security (TLS) Virtual Private Network (VPN)
requires a remote access server listening on port 443 to encrypt
traffic with a client machine. An IPSec (Internet Protocol Security)
VPN can deliver traffic in two modes. One mode encrypts only
the payload of the IP packet. The other mode encrypts the
whole IP packet (header and payload). What are these two
modes? (Select all that apply.) ......ANSWER........Tunnel
& Transport
, age 3 of 24
If managed improperly, which of the following would be most
detrimental to access management of cloud-based storage
resources? ......ANSWER........Resource policies
Which of the following is used to review application code for
signatures of known issues before it is packaged as an
executable? ......ANSWER........Static code analysis
A security engineer must install an X.509 certificate to a
computer system, but it is not accepted. The system requires a
Base64 encoded format. What must the security engineer
execute to properly install this certificate?
......ANSWER........Convert to a .pem file.
Cloud service providers make services available around the
world through a variety of methods. The concept of a zone
CompTIA CertMaster CE Security+ 2025 – Complete
Domain-Based Q&A
An authoritative Domain Name System (DNS) server for a zone
creates a Resource Records Set (RRSet) signed with a zone
signing key. What is the result of this action?
......ANSWER........DNS Security Extensions
A cloud service provider (CSP) dashboard provides a view of all
applicable logs for cloud resources and services. When
examining the application programming interface (API) logs, the
cloud engineer sees some odd metrics. Which of the following
are examples that the engineer would have concerns for? (Select
all that apply.) ......ANSWER........Spike in API calls
& 78% average error rate
,age 2 of 24
A company would like to deploy a software service to monitor
traffic and enforce security policies in their cloud environment.
What tool should the company consider using?
......ANSWER........CASB
A Transport Layer Security (TLS) Virtual Private Network (VPN)
requires a remote access server listening on port 443 to encrypt
traffic with a client machine. An IPSec (Internet Protocol Security)
VPN can deliver traffic in two modes. One mode encrypts only
the payload of the IP packet. The other mode encrypts the
whole IP packet (header and payload). What are these two
modes? (Select all that apply.) ......ANSWER........Tunnel
& Transport
, age 3 of 24
If managed improperly, which of the following would be most
detrimental to access management of cloud-based storage
resources? ......ANSWER........Resource policies
Which of the following is used to review application code for
signatures of known issues before it is packaged as an
executable? ......ANSWER........Static code analysis
A security engineer must install an X.509 certificate to a
computer system, but it is not accepted. The system requires a
Base64 encoded format. What must the security engineer
execute to properly install this certificate?
......ANSWER........Convert to a .pem file.
Cloud service providers make services available around the
world through a variety of methods. The concept of a zone
