CompTIA Security+ Certification Prep | Questions
And Correct Answers (Verified Answers) Plus
Rationales 2025 Q&A | Instant Download PDF
1. Which type of malware is designed to replicate itself and spread without
human interaction?
A. Trojan horse
B. Spyware
C. Worm
D. Rootkit
Worms are self-replicating malware that spread automatically across networks
without needing to be attached to a host file or requiring user action.
2. What is the main purpose of a firewall?
A. Detect viruses
B. Control incoming and outgoing network traffic
C. Encrypt network traffic
D. Prevent physical access
Firewalls filter and control network traffic based on predefined security rules,
acting as a barrier between trusted and untrusted networks.
3. Which of the following is an example of two-factor authentication?
A. Username and password
B. Smart card and PIN
,C. Password and security question
D. Fingerprint and retina scan
Two-factor authentication uses two of the following: something you know,
something you have, and something you are. A smart card and PIN combine two
distinct factors.
4. What is the purpose of hashing?
A. Encrypt data
B. Ensure data integrity
C. Provide confidentiality
D. Control access
Hashing ensures that data has not been altered by creating a unique fixed-size
output (digest) from input data.
5. Which protocol uses port 443 by default?
A. FTP
B. HTTP
C. Telnet
D. HTTPS
HTTPS uses port 443 and encrypts HTTP traffic using TLS/SSL for secure web
communication.
6. What type of attack involves intercepting communication between two
parties?
A. Replay attack
B. Phishing
C. Man-in-the-middle
,D. DoS
A man-in-the-middle (MITM) attack involves an attacker intercepting or altering
communications between two parties without their knowledge.
7. Which concept ensures that sensitive data is not disclosed to unauthorized
individuals?
A. Confidentiality
B. Availability
C. Integrity
D. Accountability
Confidentiality ensures that information is accessible only to those with
authorized access.
8. What is the primary purpose of penetration testing?
A. Prevent phishing
B. Identify security vulnerabilities
C. Monitor traffic
D. Encrypt data
Penetration testing simulates real-world attacks to uncover security weaknesses
before they can be exploited.
9. Which device is best for detecting suspicious traffic on a network?
A. Switch
B. Intrusion Detection System (IDS)
C. Router
D. Firewall
, An IDS monitors and analyzes network traffic for signs of suspicious activity or
policy violations.
10. What kind of policy would govern how data is classified and handled?
A. BYOD policy
B. Clean desk policy
C. Data classification policy
D. Remote access policy
A data classification policy defines how data is labeled and handled based on
sensitivity and impact.
11. What type of malware disguises itself as legitimate software?
A. Trojan horse
B. Worm
C. Virus
D. Ransomware
A Trojan horse appears legitimate but contains malicious code, often used to
gain unauthorized access.
12. Which authentication protocol uses tickets to allow access to network
services?
A. LDAP
B. Kerberos
C. RADIUS
D. TACACS+
And Correct Answers (Verified Answers) Plus
Rationales 2025 Q&A | Instant Download PDF
1. Which type of malware is designed to replicate itself and spread without
human interaction?
A. Trojan horse
B. Spyware
C. Worm
D. Rootkit
Worms are self-replicating malware that spread automatically across networks
without needing to be attached to a host file or requiring user action.
2. What is the main purpose of a firewall?
A. Detect viruses
B. Control incoming and outgoing network traffic
C. Encrypt network traffic
D. Prevent physical access
Firewalls filter and control network traffic based on predefined security rules,
acting as a barrier between trusted and untrusted networks.
3. Which of the following is an example of two-factor authentication?
A. Username and password
B. Smart card and PIN
,C. Password and security question
D. Fingerprint and retina scan
Two-factor authentication uses two of the following: something you know,
something you have, and something you are. A smart card and PIN combine two
distinct factors.
4. What is the purpose of hashing?
A. Encrypt data
B. Ensure data integrity
C. Provide confidentiality
D. Control access
Hashing ensures that data has not been altered by creating a unique fixed-size
output (digest) from input data.
5. Which protocol uses port 443 by default?
A. FTP
B. HTTP
C. Telnet
D. HTTPS
HTTPS uses port 443 and encrypts HTTP traffic using TLS/SSL for secure web
communication.
6. What type of attack involves intercepting communication between two
parties?
A. Replay attack
B. Phishing
C. Man-in-the-middle
,D. DoS
A man-in-the-middle (MITM) attack involves an attacker intercepting or altering
communications between two parties without their knowledge.
7. Which concept ensures that sensitive data is not disclosed to unauthorized
individuals?
A. Confidentiality
B. Availability
C. Integrity
D. Accountability
Confidentiality ensures that information is accessible only to those with
authorized access.
8. What is the primary purpose of penetration testing?
A. Prevent phishing
B. Identify security vulnerabilities
C. Monitor traffic
D. Encrypt data
Penetration testing simulates real-world attacks to uncover security weaknesses
before they can be exploited.
9. Which device is best for detecting suspicious traffic on a network?
A. Switch
B. Intrusion Detection System (IDS)
C. Router
D. Firewall
, An IDS monitors and analyzes network traffic for signs of suspicious activity or
policy violations.
10. What kind of policy would govern how data is classified and handled?
A. BYOD policy
B. Clean desk policy
C. Data classification policy
D. Remote access policy
A data classification policy defines how data is labeled and handled based on
sensitivity and impact.
11. What type of malware disguises itself as legitimate software?
A. Trojan horse
B. Worm
C. Virus
D. Ransomware
A Trojan horse appears legitimate but contains malicious code, often used to
gain unauthorized access.
12. Which authentication protocol uses tickets to allow access to network
services?
A. LDAP
B. Kerberos
C. RADIUS
D. TACACS+
