{ "certification": "CompTIA Security+ (SY0-701)", "exam_code": "SY0-701", "tier": "free", "license": "Free tier for evaluation. Full verified bank available via the paid API; see /developers.html.", "count": 20, "questions": [ { "id": "dd5821a8-e18c-4a67-af07-6f01ac72ae47", "question": "What is multi-factor authentication (MFA)?", "options": { "A": "Biometric scanning only", "B": "Changing passwords frequently", "C": "Using two or more authentication methods to verify user identity", "D": "Using strong passwords" }, "correct": "C", "explanation": "Option C is correct because multi-factor authentication requires a user to present two or more distinct verification factors from different categories, such as something you know (password), something you have (hardware token or mobile authenticator), or something you are (biometric), substantially reducing the risk of unauthorized access even if one factor is compromised. Option A is incorrect because biometric scanning alone is only a single authentication factor and does not constitute MFA, which requires at least two independent methods. Option B is incorrect because frequently changing passwords is a password hygiene practice that involves only a single knowledge factor and provides no MFA protection. Option D is incorrect because using a strong password is a good security practice but still represents only one factor (something you know), whereas MFA mandates combining multiple distinct factor types.", "difficulty": "easy", "concepts": [ "mfa", "authentication", "identity verification", "security controls", "access management" ], "url": "https://www.getmycert.com/certifications/comptia-security-plus/questions/what-is-multi-factor-authentication-mfa.html" }, { "id": "036870df-0bbf-4cf2-ac1d-063db1b1acd5", "question": "Which security model best fits an organization requiring strong isolation between different classification levels of data?", "options": { "A": "Biba model", "B": "Take-Grant model", "C": "Bell-LaPadula model", "D": "Clark-Wilson model" }, "correct": "C", "explanation": "Option C is correct because the Bell-LaPadula model is a confidentiality-focused access control model designed for multi-level security environments, enforcing the 'no read up, no write down' rules that ensure strict isolation between data classification levels such as Confidential, Secret, and Top Secret. Option A is incorrect because the Biba model focuses on data integrity rather than confidentiality, enforcing 'no write up, no read down' to prevent integrity violations, not classification-level isolation for confidentiality. Option B is incorrect because the Take-Grant model is a formal model describing how access rights can be transferred between subjects and objects, and is not specifically designed for multi-level classification isolation. Option D is incorrect because the Clark-Wilson model also addresses data integrity by enforcing well-formed transactions and separation of duties, rather than providing confidentiality isolation between classification levels.", "difficulty": "medium", "concepts": [ "bell-lapadula", "access control models", "multi-level security", "data classification" ], "url": "https://www.getmycert.com/certifications/comptia-security-plus/questions/which-security-model-best-fits-an-organization-requiring-strong-isolation-betwee.html" }, { "id": "03a41302-34f4-481c-84b2-cc77c2a064dd", "question": "What is the primary goal of the NIST Cybersecurity Framework?", "options": { "A": "Replace all security systems", "B": "Reduce IT costs", "C": "Eliminate all cyber attacks", "D": "Provide guidelines for managing cybersecurity risks in organizations" }, "correct": "D", "explanation": "Option D is correct because the NIST Cybersecurity Framework (CSF) was developed to provide organizations with a voluntary, risk-based set of guidelines, best practices, and standards for identifying, protecting against, detecting, responding to, and recovering from cybersecurity threats, making risk management its central purpose. Option A is incorrect because the NIST CSF is not designed to replace existing security systems; it is a complementary framework that organizations apply on top of their existing controls. Option B is incorrect because while good security practices may reduce operational inefficiencies, reducing IT costs is not the primary goal of the NIST CSF. Option C is incorrect because no framework can guarantee the elimination of all cyber attacks; the CSF focuses on managing and reducing risk to acceptable levels rather than achieving perfect security.", "difficulty": "easy", "concepts": [ "nist csf", "cybersecurity framework", "risk management", "security guidelines" ], "url": "https://www.getmycert.com/certifications/comptia-security-plus/questions/what-is-the-primary-goal-of-the-nist-cybersecurity-framework.html" }, { "id": "67ee30df-e481-42db-881c-28f02ca70ead", "question": "An organization must ensure that employees cannot deny they authorized a transaction. Which security principle is being addressed?", "options": { "A": "Confidentiality", "B": "Non-repudiation", "C": "Integrity", "D": "Availability" }, "correct": "B", "explanation": "Option B, non-repudiation, is correct because it ensures that a party cannot deny having performed an action, such as authorizing a transaction, typically enforced through digital signatures, audit logs, or timestamped records. Option A, confidentiality, protects data from unauthorized disclosure but does not address whether a party can deny an action they took. Option C, integrity, ensures data has not been altered in transit or at rest, which is related but does not specifically bind an action to an individual who cannot later deny it. Option D, availability, concerns ensuring systems and data are accessible when needed, which is entirely unrelated to denying or confirming a past action.", "difficulty": "easy", "concepts": [ "non-repudiation", "security principles", "digital signatures", "comptia security+" ], "url": "https://www.getmycert.com/certifications/comptia-security-plus/questions/an-organization-must-ensure-that-employees-cannot-deny-they-authorized-a-transac.html" }, { "id": "26e57fc2-5a2c-4c5f-b1ea-6197900a5401", "question": "What is the purpose of an Intrusion Detection System (IDS)?", "options": { "A": "Monitor network traffic and systems to detect unauthorized access and attacks", "B": "Encrypt data", "C": "Manage user access", "D": "Prevent all attacks" }, "correct": "A", "explanation": "Option A is correct because an Intrusion Detection System passively monitors network traffic and system activity, comparing observed behavior against known attack signatures or baseline profiles to detect and alert on unauthorized access attempts and malicious activity. Option B is incorrect because data encryption is the responsibility of protocols such as TLS or tools such as BitLocker, not an IDS. Option C is incorrect because managing user access, including authentication and authorization, is the function of identity and access management systems, not an IDS. Option D is incorrect because an IDS is a detection and alerting tool only; it does not actively block or prevent attacks, which is the role of an Intrusion Prevention System (IPS).", "difficulty": "easy", "concepts": [ "ids", "intrusion detection", "network security", "comptia security+" ], "url": "https://www.getmycert.com/certifications/comptia-security-plus/questions/what-is-the-purpose-of-an-intrusion-detection-system-ids.html" }, { "id": "320f2910-31b4-4d44-904f-a285f36aea7c", "question": "What is a social engineering attack?", "options": { "A": "Manipulating people into divulging confidential information or performing security-violating actions", "B": "A password cracking technique", "C": "A computer virus", "D": "A network intrusion" }, "correct": "A", "explanation": "Social engineering is the practice of psychologically manipulating individuals into revealing confidential information, granting unauthorized access, or performing actions that compromise security, exploiting human trust rather than technical vulnerabilities, which makes Option A the correct definition. Option B is incorrect because password cracking refers to computational techniques such as brute force or dictionary attacks used to recover passwords from hashed or encrypted values, which is a technical rather than a human-manipulation approach. Option C is incorrect because a computer virus is a type of malware that self-replicates by attaching to legitimate files, representing a purely technical threat distinct from psychological manipulation. Option D is incorrect because a network intrusion involves unauthorized access to network infrastructure or systems through technical exploitation, not through manipulating people.", "difficulty": "easy", "concepts": [ "social engineering", "human factor", "security awareness", "comptia security+" ], "url": "https://www.getmycert.com/certifications/comptia-security-plus/questions/what-is-a-social-engineering-attack.html" }, { "id": "2f69eb13-08b5-4453-a3ad-ce597c2fa6b9", "question": "Which framework provides a comprehensive approach to managing information security within an organization?", "options": { "A": "COSO", "B": "ISO/IEC 27001", "C": "ITIL", "D": "COBIT" }, "correct": "B", "explanation": "Option B is correct because ISO/IEC 27001 is an internationally recognized standard specifically designed to establish, implement, maintain, and continually improve an Information Security Management System (ISMS), providing a comprehensive and certifiable framework for managing information security risk across an organization. Option A is incorrect because COSO is a framework focused on enterprise risk management and internal financial controls, not information security management. Option C is incorrect because ITIL is a framework for IT service management best practices and does not specifically govern information security programs. Option D is incorrect because COBIT is primarily a governance and management framework for enterprise IT, covering a broader IT governance scope rather than being dedicated to information security.", "difficulty": "medium", "concepts": [ "iso 27001", "isms", "information security frameworks", "governance", "security+" ], "url": "https://www.getmycert.com/certifications/comptia-security-plus/questions/which-framework-provides-a-comprehensive-approach-to-managing-information-securi.html" }, { "id": "6e6c9083-4f3f-459e-b1bd-42593ed30dba", "question": "What is the purpose of a Security Information and Event Management (SIEM) system?", "options": { "A": "Manage user passwords", "B": "Filter malicious websites", "C": "Encrypt network traffic", "D": "Collect, aggregate, and analyze security logs and events for threat detection and response" }, "correct": "D", "explanation": "Option D is correct because a SIEM system ingests log and event data from across the environment, normalizes and correlates it, and applies detection rules and analytics to identify threats, supporting both real-time alerting and historical forensic investigation. Option A describes a password manager or identity system function, which is unrelated to the log aggregation and threat detection role of a SIEM. Option B describes the function of a web proxy or DNS filtering solution, not a SIEM, which operates on log data rather than inline traffic filtering. Option C describes the role of a VPN, TLS, or network encryption solution; while a SIEM may ingest logs from such systems, its purpose is analysis and detection, not encryption.", "difficulty": "easy", "concepts": [ "siem", "log management", "threat detection", "security monitoring", "security+" ], "url": "https://www.getmycert.com/certifications/comptia-security-plus/questions/what-is-the-purpose-of-a-security-information-and-event-management-siem-system.html" }, { "id": "56ab045c-f1e2-4c49-81c2-bec4845d1930", "question": "Which protocol is used to secure web traffic?", "options": { "A": "FTP", "B": "HTTP", "C": "HTTPS", "D": "SMTP" }, "correct": "C", "explanation": "Option C is correct because HTTPS (Hypertext Transfer Protocol Secure) uses TLS to encrypt web traffic between clients and servers, ensuring confidentiality, integrity, and authentication for web communications. Option A is wrong because FTP (File Transfer Protocol) is used for file transfers and transmits data in cleartext without encryption. Option B is incorrect because HTTP is the unencrypted version of the web protocol and does not provide any security for data in transit. Option D is wrong because SMTP is an email transmission protocol and is not used to secure general web traffic, though it can be secured separately with TLS.", "difficulty": "easy", "concepts": [ "https", "tls", "web security", "network protocols", "comptia security+" ], "url": "https://www.getmycert.com/certifications/comptia-security-plus/questions/which-protocol-is-used-to-secure-web-traffic.html" }, { "id": "5430cb59-5230-47a9-ae7f-6796f11cabf7", "question": "A company wants to implement a public key infrastructure (PKI) solution. Which component is responsible for issuing and revoking digital certificates?", "options": { "A": "Certificate Authority (CA)", "B": "Trust Anchor", "C": "Registration Authority (RA)", "D": "Certificate Revocation List (CRL)" }, "correct": "A", "explanation": "Option A is correct because the Certificate Authority (CA) is the trusted entity in a PKI that signs, issues, and revokes digital certificates, binding public keys to identities. Option B is incorrect because a Trust Anchor is the root CA or public key that a relying party inherently trusts as a starting point for chain validation, not the component that performs issuance or revocation. Option C is incorrect because the Registration Authority (RA) handles identity vetting and enrollment requests on behalf of the CA but does not itself sign or revoke certificates. Option D is incorrect because the Certificate Revocation List (CRL) is an artifact published by the CA listing revoked certificate serial numbers, not a component that performs the revocation action itself.", "difficulty": "easy", "concepts": [ "pki", "certificate authority", "digital certificates", "certificate revocation" ], "url": "https://www.getmycert.com/certifications/comptia-security-plus/questions/a-company-wants-to-implement-a-public-key-infrastructure-pki-solution-which-comp.html" }, { "id": "5596c2b0-0f80-47cc-b73d-2ae437ad3785", "question": "What is the purpose of data classification?", "options": { "A": "Back up critical data", "B": "Encrypt all data", "C": "Delete unnecessary data", "D": "Categorize data by sensitivity level to apply appropriate protection controls" }, "correct": "D", "explanation": "Option D is correct because data classification is the process of categorizing data according to its sensitivity, value, and criticality (for example, public, internal, confidential, restricted) so that organizations can apply appropriate security controls, access policies, and handling procedures proportional to the risk associated with each category. Option A, backing up critical data, is a data protection practice that depends on knowing which data is critical, but backup itself is not the purpose of classification. Option B, encrypting all data, is a blanket security control that does not require classification and does not represent the goal of the classification process. Option C, deleting unnecessary data, relates to data retention and minimization policies, which may be informed by classification but is not its primary purpose.", "difficulty": "easy", "concepts": [ "data classification", "information security", "security controls", "comptia security+" ], "url": "https://www.getmycert.com/certifications/comptia-security-plus/questions/what-is-the-purpose-of-data-classification.html" }, { "id": "562acaf8-dcc1-4654-9efe-b23f32976667", "question": "A security team discovers that attackers have compromised a web server and are using it to distribute malware to customers. What is the FIRST action that should be taken?", "options": { "A": "Investigate the attack to gather evidence", "B": "Disconnect the server from the network", "C": "Check web server logs for attack details", "D": "Restore the server from a known-good backup" }, "correct": "B", "explanation": "Option B is correct because when a web server is actively distributing malware to customers, the immediate priority is containment, which means disconnecting the server from the network to stop ongoing harm to customers and prevent further spread of the malware. Option A is incorrect because investigation and evidence gathering are important but are secondary to stopping active harm; evidence can still be collected after the server is isolated. Option C is incorrect because reviewing logs is part of the investigation phase and should occur after the server has been contained, not before stopping the active threat. Option D is incorrect because restoring from a backup is a recovery action that happens later in the incident response process, after containment and forensic analysis are complete.", "difficulty": "medium", "concepts": [ "incident response", "containment", "web server security", "security+", "malware" ], "url": "https://www.getmycert.com/certifications/comptia-security-plus/questions/a-security-team-discovers-that-attackers-have-compromised-a-web-server-and-are-u.html" }, { "id": "5700d181-102a-40e3-a5d9-5fd9fc32c814", "question": "Which of the following best describes a zero-day vulnerability?", "options": { "A": "A vulnerability that only impacts end-of-life operating systems", "B": "A vulnerability that is unknown to the vendor and has no available patch", "C": "A vulnerability that affects systems with zero security controls", "D": "A vulnerability that has been known to the vendor for more than 30 days" }, "correct": "B", "explanation": "Option B is correct because a zero-day vulnerability is one that is unknown to the software vendor (or has only just been disclosed), meaning no official patch or mitigation exists yet, leaving systems fully exposed until one is developed. Option A is wrong because zero-day vulnerabilities can affect fully supported, modern software and are not limited to end-of-life systems. Option C is wrong because a zero-day refers to the patch-timeline status of the vulnerability, not to the security posture of the affected system. Option D contradicts the definition entirely; once a vendor has known about a flaw for any period and has issued a patch, it is no longer considered a zero-day.", "difficulty": "easy", "concepts": [ "zero-day", "vulnerability management", "patch management", "threat intelligence" ], "url": "https://www.getmycert.com/certifications/comptia-security-plus/questions/which-of-the-following-best-describes-a-zero-day-vulnerability.html" }, { "id": "5c053ebd-9303-4373-9279-c03183caa1aa", "question": "A penetration tester uses a tool to capture and analyze unencrypted authentication traffic on a network. What vulnerability is being exploited?", "options": { "A": "Unencrypted protocol usage", "B": "Weak password policy", "C": "Missing multi-factor authentication", "D": "Absence of network segmentation" }, "correct": "A", "explanation": "Option A is correct because capturing cleartext authentication credentials is only possible when the protocol in use does not encrypt the session, such as telnet, FTP, or basic HTTP, making unencrypted protocol usage the root vulnerability being demonstrated. Option B is incorrect because a weak password policy describes credential strength, not why credentials are visible on the wire. Option C is incorrect because the absence of multi-factor authentication is a separate control gap; even with MFA, the credential being transmitted in cleartext is the direct vulnerability exploited by passive sniffing. Option D is incorrect because network segmentation limits attacker reach but does not prevent credential exposure once the attacker is on the same segment; the underlying issue remains the lack of transport encryption.", "difficulty": "medium", "concepts": [ "network sniffing", "cleartext protocols", "credential exposure", "penetration testing" ], "url": "https://www.getmycert.com/certifications/comptia-security-plus/questions/a-penetration-tester-uses-a-tool-to-capture-and-analyze-unencrypted-authenticati.html" }, { "id": "5dcb8334-9efd-4768-ba2b-cbd2ac0a56b5", "question": "What is the primary purpose of a firewall?", "options": { "A": "Control incoming and outgoing network traffic based on security policies", "B": "Prevent malware from spreading", "C": "Assign IP addresses", "D": "Encrypt all data" }, "correct": "A", "explanation": "Option A is correct because a firewall's primary function is to inspect network packets and control which traffic is permitted or denied based on defined security rules and policies, effectively enforcing a boundary between trusted and untrusted network segments. Option B is wrong because preventing malware from spreading is primarily the role of endpoint protection platforms and network segmentation tools, not a traditional firewall's core function. Option C is wrong because assigning IP addresses is the function of DHCP servers, which is unrelated to firewall operations. Option D is wrong because encrypting all data is performed by protocols such as TLS and IPsec or by dedicated encryption appliances, not by firewalls.", "difficulty": "easy", "concepts": [ "firewall", "network security", "access control", "security controls" ], "url": "https://www.getmycert.com/certifications/comptia-security-plus/questions/what-is-the-primary-purpose-of-a-firewall.html" }, { "id": "93186338-3a57-48af-999e-d4d9b71a59fe", "question": "Which compliance regulation specifically requires organizations to report data breaches involving personal information of US residents?", "options": { "A": "State breach notification laws", "B": "PCI DSS", "C": "GDPR", "D": "HIPAA" }, "correct": "A", "explanation": "Option A is correct because the United States does not have a single federal breach notification law; instead, all 50 states and several territories have enacted their own breach notification statutes that specifically require organizations to notify affected individuals and often regulators when personal information of US residents is compromised. Option B is wrong because PCI DSS is a payment card industry standard focused on protecting cardholder data, and while it has incident response requirements, it is not a government-mandated breach notification law for general personal information. Option C is incorrect because GDPR is a European Union regulation governing data protection and privacy of EU residents, not US residents specifically. Option D is wrong because HIPAA applies only to protected health information held by covered entities and their business associates, not to general personal information breaches across all industries.", "difficulty": "medium", "concepts": [ "breach notification", "compliance", "data privacy", "regulatory requirements" ], "url": "https://www.getmycert.com/certifications/comptia-security-plus/questions/which-compliance-regulation-specifically-requires-organizations-to-report-data-b.html" }, { "id": "a095e3ee-fcfb-432b-9c85-12ea62be0d95", "question": "An organization experiences a sudden spike in outbound network traffic from several workstations to unknown IPs. Which attack is MOST likely occurring?", "options": { "A": "Botnet malware infection", "B": "Brute force attack", "C": "Man-in-the-middle attack", "D": "Distributed denial of service (DDoS)" }, "correct": "A", "explanation": "Option A is correct because a botnet infection causes compromised workstations (bots) to receive commands from a command-and-control server and generate large volumes of outbound traffic to external IPs, which matches the described spike to unknown addresses from multiple hosts. Option B is wrong because a brute force attack typically generates inbound authentication attempts against a target, not a spike in outbound traffic from workstations. Option C is wrong because a man-in-the-middle attack intercepts traffic between two parties and does not inherently produce abnormal outbound volume from multiple endpoints. Option D is wrong because a DDoS attack uses many sources to flood a victim, but the symptom described here is outbound traffic originating from inside the network, which is more consistent with the compromised workstations being the bots rather than the target.", "difficulty": "medium", "concepts": [ "botnet", "malware", "network traffic analysis", "command and control", "threat detection" ], "url": "https://www.getmycert.com/certifications/comptia-security-plus/questions/an-organization-experiences-a-sudden-spike-in-outbound-network-traffic-from-seve.html" }, { "id": "ab468b35-f100-47b6-8a93-92fcf00596b8", "question": "Which encryption algorithm provides the strongest security for sensitive government communications and is approved by the NSA for TOP SECRET information?", "options": { "A": "AES-256", "B": "RC4", "C": "RSA-2048", "D": "DES" }, "correct": "A", "explanation": "Option A is correct because AES-256 is a symmetric encryption algorithm approved by the NSA for protecting TOP SECRET information and is part of the Commercial National Security Algorithm Suite. Option B is incorrect because RC4 is a deprecated stream cipher with known vulnerabilities and is no longer considered secure for any sensitive communications. Option C is incorrect because RSA-2048 is an asymmetric algorithm used primarily for key exchange and digital signatures, not for bulk data encryption, and while it provides strong security it is not the NSA-approved choice for TOP SECRET bulk data. Option D is incorrect because DES uses a 56-bit key that is completely broken and has been deprecated since the late 1990s.", "difficulty": "medium", "concepts": [ "encryption", "aes", "nsa", "cryptography", "symmetric encryption" ], "url": "https://www.getmycert.com/certifications/comptia-security-plus/questions/which-encryption-algorithm-provides-the-strongest-security-for-sensitive-governm.html" }, { "id": "aea8f7f3-ea88-4b4a-8cfe-6490f920180c", "question": "What is a DMZ (Demilitarized Zone)?", "options": { "A": "A backup storage location", "B": "A type of firewall rule", "C": "A network segment that separates internal networks from untrusted external networks", "D": "An encryption protocol" }, "correct": "C", "explanation": "Option C is correct because a DMZ (Demilitarized Zone) is a physical or logical network segment positioned between an organization's internal trusted network and an untrusted external network such as the internet, hosting public-facing services like web or mail servers while limiting their direct access to internal systems. Option A is incorrect because a DMZ is not a backup storage location; it is a network architecture concept related to traffic segmentation and security boundaries. Option B is incorrect because a DMZ is a network zone, not a type of firewall rule; firewall rules are the mechanisms used to control traffic flowing into and out of the DMZ. Option D is incorrect because a DMZ is not an encryption protocol; encryption protocols such as TLS operate at a different layer and are unrelated to network segmentation.", "difficulty": "easy", "concepts": [ "network security", "dmz", "network segmentation", "security+" ], "url": "https://www.getmycert.com/certifications/comptia-security-plus/questions/what-is-a-dmz-demilitarized-zone.html" }, { "id": "e7d30a9c-89aa-414e-aebb-515f9cd414ad", "question": "What is the primary difference between a virus and a worm?", "options": { "A": "There is no difference", "B": "Worms are more destructive", "C": "Viruses require user action to spread; worms spread automatically without user interaction", "D": "Viruses are newer technology" }, "correct": "C", "explanation": "Option C is correct because a virus is malicious code that requires a host file and typically needs a user to execute it or open an infected file for the code to activate and propagate, whereas a worm is self-contained malware that exploits vulnerabilities to replicate and spread across networks automatically without any user interaction. Option A is incorrect because viruses and worms are meaningfully distinct in their propagation mechanisms and do not refer to the same thing. Option B is incorrect because destructiveness is not the defining difference; a worm may or may not be more destructive than a virus depending on its payload, and the key distinction is the propagation method. Option D is incorrect because both viruses and worms have existed for decades; neither is newer technology than the other, and age is not a meaningful differentiator between the two.", "difficulty": "easy", "concepts": [ "malware", "virus vs worm", "propagation", "security fundamentals" ], "url": "https://www.getmycert.com/certifications/comptia-security-plus/questions/what-is-the-primary-difference-between-a-virus-and-a-worm.html" } ] }