CompTIA Security+ Practice Exam Questions And
Correct Answers (Verified Answers) Plus Rationales
2025/2026 Q&A | Instant Download Pdf
1. Which of the following best describes the primary goal of information
security?
A. Confidentiality, Integrity, Availability
B. Risk Avoidance, Recovery, Reporting
C. Detection, Prevention, Reaction
D. Access Control, Authentication, Authorization
Answer: A
The CIA triad—Confidentiality, Integrity, and Availability—is the core principle
of information security.
2. What is the most effective method to ensure data confidentiality?
A. Hashing
B. Encryption
C. Backups
D. Compression
Answer: B
Encryption transforms data into an unreadable format, ensuring that only
authorized users can access it.
3. Which of the following is considered a social engineering attack?
A. SQL Injection
B. Phishing
C. DDoS
D. Port Scanning
Answer: B
Phishing manipulates users into revealing confidential information, making it a
social engineering method.
4. Which type of malware replicates itself without user intervention?
A. Virus
,B. Worm
C. Trojan
D. Spyware
Answer: B
Worms spread automatically across networks without requiring a host file or
user action.
5. Which type of attack floods a target system with traffic to make it
unavailable?
A. Spoofing
B. DDoS
C. Brute Force
D. Replay
Answer: B
A Distributed Denial of Service (DDoS) attack overwhelms a system’s resources,
causing downtime.
6. Which security control type is an access badge?
A. Administrative
B. Technical
C. Physical
D. Logical
Answer: C
Physical controls restrict physical access to facilities or assets.
7. What is the purpose of a digital signature?
A. Ensure confidentiality
B. Verify sender identity and integrity
C. Compress large files
D. Encrypt storage devices
Answer: B
Digital signatures use asymmetric cryptography to verify the authenticity and
integrity of a message.
, 8. Which port does HTTPS use by default?
A. 21
B. 22
C. 80
D. 443
Answer: D
HTTPS uses TCP port 443 to secure web traffic through SSL/TLS.
9. Which of the following best mitigates brute force password attacks?
A. Password expiration
B. Account lockout
C. Encryption
D. Logging
Answer: B
Account lockout policies prevent attackers from trying endless password
combinations.
10. What is the main goal of a penetration test?
A. Identify vulnerabilities before attackers exploit them
B. Audit compliance standards
C. Review documentation
D. Patch all systems
Answer: A
Penetration testing simulates attacks to find exploitable weaknesses.
11. Which tool captures and analyzes network traffic?
A. Wireshark
B. Nessus
C. Snort
D. Nmap
Answer: A
Wireshark is a packet analyzer used to inspect network communication in
detail.
Correct Answers (Verified Answers) Plus Rationales
2025/2026 Q&A | Instant Download Pdf
1. Which of the following best describes the primary goal of information
security?
A. Confidentiality, Integrity, Availability
B. Risk Avoidance, Recovery, Reporting
C. Detection, Prevention, Reaction
D. Access Control, Authentication, Authorization
Answer: A
The CIA triad—Confidentiality, Integrity, and Availability—is the core principle
of information security.
2. What is the most effective method to ensure data confidentiality?
A. Hashing
B. Encryption
C. Backups
D. Compression
Answer: B
Encryption transforms data into an unreadable format, ensuring that only
authorized users can access it.
3. Which of the following is considered a social engineering attack?
A. SQL Injection
B. Phishing
C. DDoS
D. Port Scanning
Answer: B
Phishing manipulates users into revealing confidential information, making it a
social engineering method.
4. Which type of malware replicates itself without user intervention?
A. Virus
,B. Worm
C. Trojan
D. Spyware
Answer: B
Worms spread automatically across networks without requiring a host file or
user action.
5. Which type of attack floods a target system with traffic to make it
unavailable?
A. Spoofing
B. DDoS
C. Brute Force
D. Replay
Answer: B
A Distributed Denial of Service (DDoS) attack overwhelms a system’s resources,
causing downtime.
6. Which security control type is an access badge?
A. Administrative
B. Technical
C. Physical
D. Logical
Answer: C
Physical controls restrict physical access to facilities or assets.
7. What is the purpose of a digital signature?
A. Ensure confidentiality
B. Verify sender identity and integrity
C. Compress large files
D. Encrypt storage devices
Answer: B
Digital signatures use asymmetric cryptography to verify the authenticity and
integrity of a message.
, 8. Which port does HTTPS use by default?
A. 21
B. 22
C. 80
D. 443
Answer: D
HTTPS uses TCP port 443 to secure web traffic through SSL/TLS.
9. Which of the following best mitigates brute force password attacks?
A. Password expiration
B. Account lockout
C. Encryption
D. Logging
Answer: B
Account lockout policies prevent attackers from trying endless password
combinations.
10. What is the main goal of a penetration test?
A. Identify vulnerabilities before attackers exploit them
B. Audit compliance standards
C. Review documentation
D. Patch all systems
Answer: A
Penetration testing simulates attacks to find exploitable weaknesses.
11. Which tool captures and analyzes network traffic?
A. Wireshark
B. Nessus
C. Snort
D. Nmap
Answer: A
Wireshark is a packet analyzer used to inspect network communication in
detail.
