COMPTIA SECURITY+ –QUESTIONS AND CORRECT ANSWERS (VERIFIED ANSWERS) PLUS RATIONALES
2026 Q&A | INSTANT DOWNLOAD PDF.
CORE DOMAINS
* Threat Environments
* Vulnerability Management
* Security Architecture
* Identity and Access Management
* Risk Management
* Cryptography and PKI
* Incident Response
* Regulatory Compliance and Ethics
INTRODUCTION
*The CompTIA Security+ certification exam serves as the primary benchmark for validating foundational, vendor-neutra
SECTION ONE: QUESTIONS 1–100
1. A security administrator identifies that an unauthorized device is connected to a secure internal network segment.
Which of the following technologies should be implemented to prevent this in the future?
A. Network Address Translation
B. Port-based Authentication
C. VLAN Trunking
,D. Application Layer Filtering
🟢 B. Port-based Authentication
🔴 RATIONALE: Port-based authentication, specifically IEEE 802.1X, restricts network access by requiring devices to
authenticate before gaining access to the network port.
2. Which cryptographic method is best suited for encrypting large amounts of data at rest?
A. RSA
B. Diffie-Hellman
C. AES
D. ECC
🟢 C. AES
🔴 RATIONALE: Advanced Encryption Standard (AES) is a symmetric encryption algorithm that is highly efficient for
bulk data encryption.
3. An organization must comply with a regulation that requires all sensitive financial data to be encrypted in transit.
Which protocol should be prioritized?
A. Telnet
B. FTP
C. TLS 1.3
D. HTTP
🟢 C. TLS 1.3
🔴 RATIONALE: Transport Layer Security (TLS) provides secure communication over a network, and version 1.3 is
the current standard for protecting data in transit.
4. A technician notices unusual traffic patterns originating from an internal workstation, suggesting a possible botnet
infection. What is the first step in the incident response process?
A. Eradication
B. Recovery
,C. Preparation
D. Identification
🟢 D. Identification
🔴 RATIONALE: The first step in the CompTIA incident response cycle is identification (or detection), where the
presence of the incident is confirmed.
5. Which attack type involves an attacker intercepting communication between two parties who believe they are
talking to each other?
A. Man-in-the-middle
B. Replay attack
C. Cross-site scripting
D. SQL injection
🟢 A. Man-in-the-middle
🔴 RATIONALE: A Man-in-the-middle (MitM) attack allows an adversary to intercept, relay, or alter communications
between two unsuspecting parties.
6. A user reports that they received an email requesting them to click a link to update their password on a site that
mimics the corporate login page. What type of attack is this?
A. Whaling
B. Phishing
C. Smishing
D. Vishing
🟢 B. Phishing
🔴 RATIONALE: Phishing is the practice of sending fraudulent emails that appear to come from a reputable source to
induce individuals to reveal personal information.
7. Which of the following is an example of an asynchronous authentication factor?
, A. Password
B. Smart card
C. PIN
D. Pattern lock
🟢 B. Smart card
🔴 RATIONALE: A smart card is a "something you have" factor, which is considered a form of hardware-based
authentication.
8. Which security model is based on the concept of "never trust, always verify"?
A. Zero Trust
B. Defense in Depth
C. Perimeter Security
D. Least Privilege
🟢 A. Zero Trust
🔴 RATIONALE: The Zero Trust model assumes that the network is always hostile and requires strict verification for
every person and device trying to access resources.
9. An organization wants to ensure that data remains confidential even if a drive is stolen from a server. Which
solution is most effective?
A. File system permissions
B. Full disk encryption
C. Folder shadowing
D. RAID 5
🟢 B. Full disk encryption
🔴 RATIONALE: Full disk encryption (FDE) encrypts all data on a storage medium, ensuring it cannot be accessed
without the correct decryption key if the drive is physically removed.
10. A company needs to implement a policy that requires employees to change their passwords every 90 days.
Which administrative control is this?
2026 Q&A | INSTANT DOWNLOAD PDF.
CORE DOMAINS
* Threat Environments
* Vulnerability Management
* Security Architecture
* Identity and Access Management
* Risk Management
* Cryptography and PKI
* Incident Response
* Regulatory Compliance and Ethics
INTRODUCTION
*The CompTIA Security+ certification exam serves as the primary benchmark for validating foundational, vendor-neutra
SECTION ONE: QUESTIONS 1–100
1. A security administrator identifies that an unauthorized device is connected to a secure internal network segment.
Which of the following technologies should be implemented to prevent this in the future?
A. Network Address Translation
B. Port-based Authentication
C. VLAN Trunking
,D. Application Layer Filtering
🟢 B. Port-based Authentication
🔴 RATIONALE: Port-based authentication, specifically IEEE 802.1X, restricts network access by requiring devices to
authenticate before gaining access to the network port.
2. Which cryptographic method is best suited for encrypting large amounts of data at rest?
A. RSA
B. Diffie-Hellman
C. AES
D. ECC
🟢 C. AES
🔴 RATIONALE: Advanced Encryption Standard (AES) is a symmetric encryption algorithm that is highly efficient for
bulk data encryption.
3. An organization must comply with a regulation that requires all sensitive financial data to be encrypted in transit.
Which protocol should be prioritized?
A. Telnet
B. FTP
C. TLS 1.3
D. HTTP
🟢 C. TLS 1.3
🔴 RATIONALE: Transport Layer Security (TLS) provides secure communication over a network, and version 1.3 is
the current standard for protecting data in transit.
4. A technician notices unusual traffic patterns originating from an internal workstation, suggesting a possible botnet
infection. What is the first step in the incident response process?
A. Eradication
B. Recovery
,C. Preparation
D. Identification
🟢 D. Identification
🔴 RATIONALE: The first step in the CompTIA incident response cycle is identification (or detection), where the
presence of the incident is confirmed.
5. Which attack type involves an attacker intercepting communication between two parties who believe they are
talking to each other?
A. Man-in-the-middle
B. Replay attack
C. Cross-site scripting
D. SQL injection
🟢 A. Man-in-the-middle
🔴 RATIONALE: A Man-in-the-middle (MitM) attack allows an adversary to intercept, relay, or alter communications
between two unsuspecting parties.
6. A user reports that they received an email requesting them to click a link to update their password on a site that
mimics the corporate login page. What type of attack is this?
A. Whaling
B. Phishing
C. Smishing
D. Vishing
🟢 B. Phishing
🔴 RATIONALE: Phishing is the practice of sending fraudulent emails that appear to come from a reputable source to
induce individuals to reveal personal information.
7. Which of the following is an example of an asynchronous authentication factor?
, A. Password
B. Smart card
C. PIN
D. Pattern lock
🟢 B. Smart card
🔴 RATIONALE: A smart card is a "something you have" factor, which is considered a form of hardware-based
authentication.
8. Which security model is based on the concept of "never trust, always verify"?
A. Zero Trust
B. Defense in Depth
C. Perimeter Security
D. Least Privilege
🟢 A. Zero Trust
🔴 RATIONALE: The Zero Trust model assumes that the network is always hostile and requires strict verification for
every person and device trying to access resources.
9. An organization wants to ensure that data remains confidential even if a drive is stolen from a server. Which
solution is most effective?
A. File system permissions
B. Full disk encryption
C. Folder shadowing
D. RAID 5
🟢 B. Full disk encryption
🔴 RATIONALE: Full disk encryption (FDE) encrypts all data on a storage medium, ensuring it cannot be accessed
without the correct decryption key if the drive is physically removed.
10. A company needs to implement a policy that requires employees to change their passwords every 90 days.
Which administrative control is this?