CompTIA
Security+
Question Dumps
2024
Cyber Interactive L.L.C.
,Contents
Section 1: Questions ............................................................................................................ 3
Domain 1 - Attacks, Threats, and Vulnerabilities ............................................................. 3
Domain 2 - Architecture and Design .............................................................................. 14
Domain 3 - Governance, Risk, and Compliance ............................................................. 37
Domain 4 - Implementation ........................................................................................... 44
Domain 5 - Operations and Incident Response ............................................................. 49
Section 2: Answers and Explanations ................................................................................ 54
Domain 1 - Attacks, Threats, and Vulnerabilities ........................................................... 54
Domain 2 - Architecture and Design .............................................................................. 58
Domain 3 - Governance, Risk, and Compliance ............................................................. 68
Domain 4 - Implementation ........................................................................................... 71
Domain 5 - Operations and Incident Response ............................................................. 72
2
,Section 1: Questions
Domain 1 - Attacks, Threats, and Vulnerabilities
1. What is a common characteristic of a phishing attack?
A. Deceptive emails with malicious links
B. Unauthorized port scanning
C. SQL injection attacks
D. Denial-of-service attacks
2. What is a key characteristic of a DDoS (Distributed Denial of Service) attack?
A. It overwhelms a system, service, or network with a flood of traffic
B. It relies on physical access to exploit vulnerabilities
C. It targets specific individuals with personalized attacks
D. It involves exploiting software bugs to gain unauthorized access
3. What is a characteristic of a zero-day vulnerability?
A. It is a vulnerability that does not require any user interaction
B. It is a software vulnerability that is exploited before the vendor releases a patch
C. It is a vulnerability that only affects outdated software
D. It is a vulnerability caused by weak passwords
4. What is a common method to mitigate the risk of a social engineering attack?
A. Increasing the number of firewalls
B. Employee training and awareness programs
C. Installing antivirus software
D. Disabling user accounts
5. What is the main goal of a man-in-the-middle (MitM) attack?
A. Overwhelm a system with traffic
B. Intercept and manipulate communication between two parties
3
, C. Gain unauthorized access to a system
D. Exploit vulnerabilities in web applications
6. What is a common characteristic of a ransomware attack?
A. Exploits software vulnerabilities to gain unauthorized access
B. Encrypts files and demands payment for their release
C. Sends a flood of traffic to overwhelm a network
D. Steals sensitive information without the user's knowledge
7. What is the primary purpose of a SQL injection attack?
A. Overloading a network with traffic to disrupt services
B. Exploiting vulnerabilities in a database by injecting malicious SQL code
C. Gaining unauthorized access to a network through wireless connections
D. Distributing malicious files via email
8. What is a common characteristic of a social engineering attack?
A. Overloading a network with traffic
B. Exploiting software vulnerabilities to gain unauthorized access
C. Manipulating individuals to divulge sensitive information
D. Distributing malware through infected files
9. What is the primary goal of a privilege escalation attack?
A. Exploiting wireless vulnerabilities to gain unauthorized access
B. Disrupting network services with a flood of traffic
C. Elevating the user's privileges to gain unauthorized access to resources
D. Distributing malicious files via email
10. What is a common characteristic of a brute-force attack?
A. Simulating multiple users to overload a network
4
Security+
Question Dumps
2024
Cyber Interactive L.L.C.
,Contents
Section 1: Questions ............................................................................................................ 3
Domain 1 - Attacks, Threats, and Vulnerabilities ............................................................. 3
Domain 2 - Architecture and Design .............................................................................. 14
Domain 3 - Governance, Risk, and Compliance ............................................................. 37
Domain 4 - Implementation ........................................................................................... 44
Domain 5 - Operations and Incident Response ............................................................. 49
Section 2: Answers and Explanations ................................................................................ 54
Domain 1 - Attacks, Threats, and Vulnerabilities ........................................................... 54
Domain 2 - Architecture and Design .............................................................................. 58
Domain 3 - Governance, Risk, and Compliance ............................................................. 68
Domain 4 - Implementation ........................................................................................... 71
Domain 5 - Operations and Incident Response ............................................................. 72
2
,Section 1: Questions
Domain 1 - Attacks, Threats, and Vulnerabilities
1. What is a common characteristic of a phishing attack?
A. Deceptive emails with malicious links
B. Unauthorized port scanning
C. SQL injection attacks
D. Denial-of-service attacks
2. What is a key characteristic of a DDoS (Distributed Denial of Service) attack?
A. It overwhelms a system, service, or network with a flood of traffic
B. It relies on physical access to exploit vulnerabilities
C. It targets specific individuals with personalized attacks
D. It involves exploiting software bugs to gain unauthorized access
3. What is a characteristic of a zero-day vulnerability?
A. It is a vulnerability that does not require any user interaction
B. It is a software vulnerability that is exploited before the vendor releases a patch
C. It is a vulnerability that only affects outdated software
D. It is a vulnerability caused by weak passwords
4. What is a common method to mitigate the risk of a social engineering attack?
A. Increasing the number of firewalls
B. Employee training and awareness programs
C. Installing antivirus software
D. Disabling user accounts
5. What is the main goal of a man-in-the-middle (MitM) attack?
A. Overwhelm a system with traffic
B. Intercept and manipulate communication between two parties
3
, C. Gain unauthorized access to a system
D. Exploit vulnerabilities in web applications
6. What is a common characteristic of a ransomware attack?
A. Exploits software vulnerabilities to gain unauthorized access
B. Encrypts files and demands payment for their release
C. Sends a flood of traffic to overwhelm a network
D. Steals sensitive information without the user's knowledge
7. What is the primary purpose of a SQL injection attack?
A. Overloading a network with traffic to disrupt services
B. Exploiting vulnerabilities in a database by injecting malicious SQL code
C. Gaining unauthorized access to a network through wireless connections
D. Distributing malicious files via email
8. What is a common characteristic of a social engineering attack?
A. Overloading a network with traffic
B. Exploiting software vulnerabilities to gain unauthorized access
C. Manipulating individuals to divulge sensitive information
D. Distributing malware through infected files
9. What is the primary goal of a privilege escalation attack?
A. Exploiting wireless vulnerabilities to gain unauthorized access
B. Disrupting network services with a flood of traffic
C. Elevating the user's privileges to gain unauthorized access to resources
D. Distributing malicious files via email
10. What is a common characteristic of a brute-force attack?
A. Simulating multiple users to overload a network
4
