COMPTIA SECURITY+ EXAM
2026
VERIFIED QUESTIONS &
SOLUTIONS (100 ITEMS)
1. Which security principle ensures information is not altered without authorization?
A. Availability
B. Confidentiality
C. Integrity ✓
D. Authenticity
2. Which type of malware demands payment to restore data?
A. Worm
B. Spyware
C. Ransomware ✓
D. Rootkit
3. Which protocol uses port 443?
A. FTP
B. SSH
C. HTTPS ✓
D. Telnet
4. What does a firewall primarily prevent?
A. Physical intrusion
B. Unauthorized network access ✓
C. Strong authentication
D. Backup loss
,5. Which attack intercepts communication between two parties?
A. DDoS
B. Phishing
C. Man-in-the-Middle ✓
D. Smishing
6. What is the purpose of MFA?
A. Reduce encryption
B. Add multiple authentication factors ✓
C. Replace passwords
D. Disable firewalls
7. Which wireless security protocol is strongest?
A. WEP
B. WPA
C. WPA2
D. WPA3 ✓
8. Which tool detects vulnerabilities but does not exploit them?
A. Exploit kit
B. Vulnerability scanner ✓
C. Penetration test
D. Traffic generator
9. Which device analyzes and blocks malicious network traffic?
A. Switch
B. Router
C. IPS ✓
D. Modem
10. Which cryptographic concept hides data content?
A. Hashing
B. Encryption ✓
C. Tokenization
D. Compression
,11. What is the weakest password type?
A. Passphrase
B. Short dictionary word ✓
C. Alphanumeric
D. Randomized
12. What is shoulder surfing?
A. Watching someone enter credentials ✓
B. Breaking into networks
C. Malware injection
D. MITM attack
13. Which is a physical security control?
A. Firewall
B. Encryption
C. Security guard ✓
D. IDS
14. What does hashing provide?
A. Confidentiality
B. Availability
C. Integrity ✓
D. Access control
15. Which is an example of social engineering?
A. SQL injection
B. Tricking users to reveal passwords ✓
C. ARP spoofing
D. MAC flooding
16. What is a botnet?
A. Secure cloud
B. Group of infected devices controlled remotely ✓
C. Patch server
D. Backup cluster
17. Which encryption is faster?
, A. Symmetric ✓
B. Asymmetric
C. Hybrid
D. Tokenized
18. What is least privilege?
A. Users get full access
B. Users only get necessary access ✓
C. Users get root accounts
D. No access at all
19. Which attack floods a server with traffic?
A. MITM
B. DDoS ✓
C. XSS
D. Phishing
20. What is a honeypot?
A. Secure storage
B. Decoy system to attract attackers ✓
C. Policy engine
D. Monitoring software
21. What is the purpose of patching?
A. Improve speed
B. Fix security vulnerabilities ✓
C. Remove logs
D. Disable encryption
22. Which device connects multiple networks?
A. Switch
B. Router ✓
C. Modem
D. Firewall
23. What is PII?
2026
VERIFIED QUESTIONS &
SOLUTIONS (100 ITEMS)
1. Which security principle ensures information is not altered without authorization?
A. Availability
B. Confidentiality
C. Integrity ✓
D. Authenticity
2. Which type of malware demands payment to restore data?
A. Worm
B. Spyware
C. Ransomware ✓
D. Rootkit
3. Which protocol uses port 443?
A. FTP
B. SSH
C. HTTPS ✓
D. Telnet
4. What does a firewall primarily prevent?
A. Physical intrusion
B. Unauthorized network access ✓
C. Strong authentication
D. Backup loss
,5. Which attack intercepts communication between two parties?
A. DDoS
B. Phishing
C. Man-in-the-Middle ✓
D. Smishing
6. What is the purpose of MFA?
A. Reduce encryption
B. Add multiple authentication factors ✓
C. Replace passwords
D. Disable firewalls
7. Which wireless security protocol is strongest?
A. WEP
B. WPA
C. WPA2
D. WPA3 ✓
8. Which tool detects vulnerabilities but does not exploit them?
A. Exploit kit
B. Vulnerability scanner ✓
C. Penetration test
D. Traffic generator
9. Which device analyzes and blocks malicious network traffic?
A. Switch
B. Router
C. IPS ✓
D. Modem
10. Which cryptographic concept hides data content?
A. Hashing
B. Encryption ✓
C. Tokenization
D. Compression
,11. What is the weakest password type?
A. Passphrase
B. Short dictionary word ✓
C. Alphanumeric
D. Randomized
12. What is shoulder surfing?
A. Watching someone enter credentials ✓
B. Breaking into networks
C. Malware injection
D. MITM attack
13. Which is a physical security control?
A. Firewall
B. Encryption
C. Security guard ✓
D. IDS
14. What does hashing provide?
A. Confidentiality
B. Availability
C. Integrity ✓
D. Access control
15. Which is an example of social engineering?
A. SQL injection
B. Tricking users to reveal passwords ✓
C. ARP spoofing
D. MAC flooding
16. What is a botnet?
A. Secure cloud
B. Group of infected devices controlled remotely ✓
C. Patch server
D. Backup cluster
17. Which encryption is faster?
, A. Symmetric ✓
B. Asymmetric
C. Hybrid
D. Tokenized
18. What is least privilege?
A. Users get full access
B. Users only get necessary access ✓
C. Users get root accounts
D. No access at all
19. Which attack floods a server with traffic?
A. MITM
B. DDoS ✓
C. XSS
D. Phishing
20. What is a honeypot?
A. Secure storage
B. Decoy system to attract attackers ✓
C. Policy engine
D. Monitoring software
21. What is the purpose of patching?
A. Improve speed
B. Fix security vulnerabilities ✓
C. Remove logs
D. Disable encryption
22. Which device connects multiple networks?
A. Switch
B. Router ✓
C. Modem
D. Firewall
23. What is PII?
