CompTIA Security+ Practice Test sample questions

These starter questions help you launch a general studies mock test quickly. Swap them with your own worksheet, notebook, or textbook questions any time.

1. What type of attack intercepts communications between two parties without their knowledge?
A) Phishing  B) Man-in-the-Middle (MitM)  C) SQL injection  D) Brute force
2. Which cryptographic algorithm is asymmetric?
A) AES  B) 3DES  C) RSA  D) SHA-256
3. What is the purpose of multi-factor authentication (MFA)?
A) To encrypt data  B) To require two or more verification factors, making unauthorised access harder  C) To monitor network traffic  D) To patch vulnerabilities
4. What does a firewall primarily do?
A) Encrypts data in transit  B) Filters network traffic based on rules  C) Detects malware  D) Manages user identities
5. What is a zero-day vulnerability?
A) A vulnerability that has been patched  B) A flaw unknown to the vendor that has no available fix  C) A vulnerability that only affects zero users  D) A vulnerability in day-zero deployments
6. What does PKI stand for?
A) Private Key Infrastructure  B) Public Key Infrastructure  C) Protected Key Interchange  D) Primary Key Installation
7. Which type of malware encrypts the victim's files and demands payment?
A) Spyware  B) Adware  C) Ransomware  D) Worm
8. What is the principle of least privilege?
A) Admins should have all permissions  B) Users should be given only the minimum permissions needed to perform their job  C) Permissions should be reviewed annually  D) All users should have equal access
9. What is a honeypot in cybersecurity?
A) A type of firewall  B) A decoy system designed to attract and detect attackers  C) A password manager  D) An encryption key
10. Which protocol provides encrypted web communication?
A) HTTP  B) FTP  C) HTTPS (TLS)  D) SMTP
11. What does SIEM stand for?
A) Security Information and Event Management  B) Secure Identity and Encryption Module  C) System Integrity and Error Monitoring  D) Software Integration and Event Management
12. What is social engineering?
A) A network attack using packets  B) Manipulating people into revealing confidential information  C) Exploiting software vulnerabilities  D) Brute-forcing passwords
13. Which of the following is a symmetric encryption algorithm?
A) RSA  B) ECC  C) AES  D) Diffie-Hellman
14. What is the purpose of a digital certificate?
A) To encrypt files on disk  B) To bind a public key to an identity, verified by a Certificate Authority  C) To store passwords securely  D) To block network intrusions
15. What is a DDoS attack?
A) Data deletion on storage  B) Overwhelming a target with traffic from multiple sources to make it unavailable  C) Stealing encrypted data  D) Intercepting DNS queries
16. What does the CIA triad stand for in security?
A) Central Intelligence Agency  B) Confidentiality, Integrity, Availability  C) Compliance, Identity, Authentication  D) Certificate, Integrity, Authorisation
17. What is SQL injection?
A) Inserting malicious SQL code into a query to manipulate a database  B) Installing a database  C) Sending spam emails  D) Exploiting physical hardware
18. What is a VPN?
A) A type of firewall  B) A Virtual Private Network that encrypts traffic over a public network  C) A cloud service  D) An intrusion detection system
19. What does HTTPS use to secure communications?
A) IPSec  B) SSH  C) TLS/SSL  D) WPA3
20. What is an IDS vs an IPS?
A) Both block traffic  B) IDS detects threats and alerts; IPS detects and actively blocks threats  C) IDS blocks traffic; IPS only alerts  D) They are identical
21. What is phishing?
A) A network scan  B) A social engineering attack using deceptive emails or websites to steal credentials  C) A type of malware  D) A buffer overflow
22. What is the purpose of hashing in security?
A) To encrypt data so it can be decrypted later  B) To produce a fixed-length one-way digest used to verify data integrity  C) To compress files  D) To authenticate users
23. What is a brute force attack?
A) Guessing passwords using a wordlist  B) Systematically trying every possible combination of characters to crack a password  C) Exploiting a known vulnerability  D) Intercepting network packets
24. What does AAA stand for in security?
A) Authentication, Authorisation, Accounting  B) Access, Audit, Administration  C) Application, Assessment, Assurance  D) Availability, Accuracy, Accountability
25. What is the purpose of network segmentation?
A) To increase bandwidth  B) To divide a network into smaller zones to limit the spread of breaches  C) To speed up DNS resolution  D) To reduce hardware costs
26. What is a certificate authority (CA)?
A) A type of firewall  B) A trusted entity that issues and signs digital certificates  C) A malware scanner  D) A backup service
27. What does WPA3 protect in wireless networks?
A) Wired connections  B) Wi-Fi connections with stronger encryption and authentication than WPA2  C) VPN tunnels  D) DNS queries
28. What is the difference between a vulnerability and an exploit?
A) They are the same thing  B) A vulnerability is a weakness; an exploit is code or technique that takes advantage of that weakness  C) An exploit is a weakness; a vulnerability takes advantage of it  D) Vulnerabilities only exist in software; exploits only exist in hardware
29. What is a security baseline?
A) The minimum acceptable security configuration for a system or device  B) The maximum level of encryption  C) A type of penetration test  D) The starting salary for a security analyst
30. What is the purpose of a penetration test?
A) To install security updates  B) To simulate an attack to identify vulnerabilities before malicious actors do  C) To monitor network logs  D) To train new employees