COMPTIA SECURITY+ CERTIFICATION V2-PRACTICE QUESTIONS
SEC+ | UPDATED PRACTICE TEST WITH 200 QUESTIONS AND
CORRECT ANSWERS COVERING THE RECENT MOST TESTED
QUESTIONS
SEC+ V2 PRACTICE QUESTIONS PREPARE CANDIDATES FOR THE COMPTIA
SECURITY+ EXAM BY COVERING CORE DOMAINS IN CYBERSECURITY. THESE
QUESTIONS SUPPORT UNDERSTANDING OF SECURITY FUNDAMENTALS,
INDUSTRY STANDARDS, AND RISK MANAGEMENT NEEDED FOR ENTRY-LEVEL
INFORMATION SECURITY ROLES
A company wants to implement a system that allows employees to securely connect to the
corporate network from remote locations. What type of system should they implement?
A. Firewall
B. Intrusion Detection System (IDS)
C. Virtual Private Network (VPN)
D. Network Access Control (NAC) system - CORRECT ANSWER-C. Virtual Private Network (VPN)
A security analyst is reviewing the results of a vulnerability scan and notices that a server is missing a
critical security patch. Which of the following should the analyst do FIRST?
A. Apply the patch
B. Conduct a risk assessment
C. Notify management
D. Shutdown the server - CORRECT ANSWER-B. Conduct a risk assessment
A company is considering implementing a BYOD policy. What is the most significant security risk to
consider?
A. Increased hardware costs
B. Reduced network performance
C. Possible data leakage
D. Potential for decreased productivity - CORRECT ANSWER-B. Reduced network performance
,A company has implemented a security policy that requires all employees to change their password
every 90 days. This is an example of what type of security control?
A. Physical control
B. Technical control
C. Administrative control
D. Deterrent control - CORRECT ANSWER-B. Technical control
A company has decided to implement a security policy that requires users to authenticate using
something they know and something they have. What type of authentication is this?
A. Single-factor authentication
B. Two-factor authentication
C. Multifactor authentication
D. Biometric authentication - CORRECT ANSWER-A. Single-factor authentication
A security analyst has discovered a vulnerability in the company's network. The vulnerability allows
an attacker to execute arbitrary code remotely. What type of vulnerability is this?
A. Buffer overflow
B. SQL Injection
C. Cross-Site Scripting
D. Cross-Site Request Forgery - CORRECT ANSWER-B. SQL Injection
A company is implementing a new security policy that will require all data to be encrypted while it is
in transit. What type of encryption should they use?
A. Symmetric encryption
B. Asymmetric encryption
C. Hashing
D. Digital signatures - CORRECT ANSWER-D. Digital signatures
A company is considering implementing a system that uses artificial intelligence to detect and
respond to security threats in real-time. What type of system is this?
A. Intrusion Detection System (IDS)
B. Intrusion Prevention System (IPS)
,C. Security Information and Event Management (SIEM) system
D. User and Entity Behavior Analytics (UEBA) system - CORRECT ANSWER-B. Intrusion
Prevention System (IPS)
A company is considering outsourcing its IT services to a cloud provider. Which type of cloud
deployment model would provide the company with its own private cloud infrastructure, but have it
managed by the third-party provider?
A. Public cloud
B. Private cloud
C. Hybrid cloud
D. Community cloud - CORRECT ANSWER-C. Hybrid cloud
A security analyst is conducting a penetration test and has gained access to a system. The analyst
now wants to maintain their access for future exploitation. What technique should the analyst use?
A. Social engineering
B. Phishing
C. Creating a backdoor
D. Spoofing - CORRECT ANSWER-A. Social engineering
A company wants to ensure that the software they develop is free of any security vulnerabilities.
Which of the following would be the best approach to achieve this?
A. Implement secure coding practices
B. Use antivirus software
C. Use a firewall
D. Encrypt all data in transit - CORRECT ANSWER-A. Implement secure coding practices
A company is implementing a new security policy that requires all data to be encrypted while at rest.
What type of encryption should they use?
A. Symmetric encryption
B. Asymmetric encryption
C. Hashing
D. Digital signatures - CORRECT ANSWER-A. Symmetric encryption
, Which of the following is a security concern associated with cloud computing?
A. The company will lose control over its data
B. The company will have to purchase new hardware
C. The company will have to hire more IT staff
D. The company will have to implement a new network infrastructure - CORRECT ANSWER-B.
The company will have to purchase new hardware
A company has implemented a policy that requires users to authenticate using a smart card and a
PIN. What type of authentication is this?
A. Single-factor authentication
B. Two-factor authentication
C. Multifactor authentication
D. Biometric authentication - CORRECT ANSWER-C. Multifactor authentication
A company is considering implementing a new system that can provide secure remote access to the
corporate network. Which of the following would be the best choice?
A. Network Access Control (NAC) system
B. Intrusion Detection System (IDS)
C. Virtual Private Network (VPN)
D. Firewall - CORRECT ANSWER-A. Network Access Control (NAC) system
A security analyst is investigating an incident where an unauthorized user gained access to the
network. The analyst suspects that the user was able to capture the network traffic and use it to gain
access. What type of attack does this describe?
A. Replay attack
B. Brute force attack
C. Man-in-the-middle attack
D. Phishing attack - CORRECT ANSWER-D. Phishing attack
A company is considering implementing a system that uses artificial intelligence to detect and
respond to security threats in real-time. What type of system is this?
SEC+ | UPDATED PRACTICE TEST WITH 200 QUESTIONS AND
CORRECT ANSWERS COVERING THE RECENT MOST TESTED
QUESTIONS
SEC+ V2 PRACTICE QUESTIONS PREPARE CANDIDATES FOR THE COMPTIA
SECURITY+ EXAM BY COVERING CORE DOMAINS IN CYBERSECURITY. THESE
QUESTIONS SUPPORT UNDERSTANDING OF SECURITY FUNDAMENTALS,
INDUSTRY STANDARDS, AND RISK MANAGEMENT NEEDED FOR ENTRY-LEVEL
INFORMATION SECURITY ROLES
A company wants to implement a system that allows employees to securely connect to the
corporate network from remote locations. What type of system should they implement?
A. Firewall
B. Intrusion Detection System (IDS)
C. Virtual Private Network (VPN)
D. Network Access Control (NAC) system - CORRECT ANSWER-C. Virtual Private Network (VPN)
A security analyst is reviewing the results of a vulnerability scan and notices that a server is missing a
critical security patch. Which of the following should the analyst do FIRST?
A. Apply the patch
B. Conduct a risk assessment
C. Notify management
D. Shutdown the server - CORRECT ANSWER-B. Conduct a risk assessment
A company is considering implementing a BYOD policy. What is the most significant security risk to
consider?
A. Increased hardware costs
B. Reduced network performance
C. Possible data leakage
D. Potential for decreased productivity - CORRECT ANSWER-B. Reduced network performance
,A company has implemented a security policy that requires all employees to change their password
every 90 days. This is an example of what type of security control?
A. Physical control
B. Technical control
C. Administrative control
D. Deterrent control - CORRECT ANSWER-B. Technical control
A company has decided to implement a security policy that requires users to authenticate using
something they know and something they have. What type of authentication is this?
A. Single-factor authentication
B. Two-factor authentication
C. Multifactor authentication
D. Biometric authentication - CORRECT ANSWER-A. Single-factor authentication
A security analyst has discovered a vulnerability in the company's network. The vulnerability allows
an attacker to execute arbitrary code remotely. What type of vulnerability is this?
A. Buffer overflow
B. SQL Injection
C. Cross-Site Scripting
D. Cross-Site Request Forgery - CORRECT ANSWER-B. SQL Injection
A company is implementing a new security policy that will require all data to be encrypted while it is
in transit. What type of encryption should they use?
A. Symmetric encryption
B. Asymmetric encryption
C. Hashing
D. Digital signatures - CORRECT ANSWER-D. Digital signatures
A company is considering implementing a system that uses artificial intelligence to detect and
respond to security threats in real-time. What type of system is this?
A. Intrusion Detection System (IDS)
B. Intrusion Prevention System (IPS)
,C. Security Information and Event Management (SIEM) system
D. User and Entity Behavior Analytics (UEBA) system - CORRECT ANSWER-B. Intrusion
Prevention System (IPS)
A company is considering outsourcing its IT services to a cloud provider. Which type of cloud
deployment model would provide the company with its own private cloud infrastructure, but have it
managed by the third-party provider?
A. Public cloud
B. Private cloud
C. Hybrid cloud
D. Community cloud - CORRECT ANSWER-C. Hybrid cloud
A security analyst is conducting a penetration test and has gained access to a system. The analyst
now wants to maintain their access for future exploitation. What technique should the analyst use?
A. Social engineering
B. Phishing
C. Creating a backdoor
D. Spoofing - CORRECT ANSWER-A. Social engineering
A company wants to ensure that the software they develop is free of any security vulnerabilities.
Which of the following would be the best approach to achieve this?
A. Implement secure coding practices
B. Use antivirus software
C. Use a firewall
D. Encrypt all data in transit - CORRECT ANSWER-A. Implement secure coding practices
A company is implementing a new security policy that requires all data to be encrypted while at rest.
What type of encryption should they use?
A. Symmetric encryption
B. Asymmetric encryption
C. Hashing
D. Digital signatures - CORRECT ANSWER-A. Symmetric encryption
, Which of the following is a security concern associated with cloud computing?
A. The company will lose control over its data
B. The company will have to purchase new hardware
C. The company will have to hire more IT staff
D. The company will have to implement a new network infrastructure - CORRECT ANSWER-B.
The company will have to purchase new hardware
A company has implemented a policy that requires users to authenticate using a smart card and a
PIN. What type of authentication is this?
A. Single-factor authentication
B. Two-factor authentication
C. Multifactor authentication
D. Biometric authentication - CORRECT ANSWER-C. Multifactor authentication
A company is considering implementing a new system that can provide secure remote access to the
corporate network. Which of the following would be the best choice?
A. Network Access Control (NAC) system
B. Intrusion Detection System (IDS)
C. Virtual Private Network (VPN)
D. Firewall - CORRECT ANSWER-A. Network Access Control (NAC) system
A security analyst is investigating an incident where an unauthorized user gained access to the
network. The analyst suspects that the user was able to capture the network traffic and use it to gain
access. What type of attack does this describe?
A. Replay attack
B. Brute force attack
C. Man-in-the-middle attack
D. Phishing attack - CORRECT ANSWER-D. Phishing attack
A company is considering implementing a system that uses artificial intelligence to detect and
respond to security threats in real-time. What type of system is this?
