Top CompTIA Security+ Exam Practice Questions and Answers..pdf
InfosecTrain4
15 views
29 slides
Apr 10, 2025
Slide 1 of 29
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
About This Presentation
Ready to take on the CompTIA Security+ certification exam (SY0-701)?
Whether you're starting your cybersecurity journey or advancing your IT career, the CompTIA Security+ exam is a crucial step towards becoming a cybersecurity professional.
Top Security+ Exam Practice Q/A - https://www.infosec...
Slide Content
www.infosectrain.com
Top Exam Practice Questions and Answers
CompTIA Security+
Top Exam Practice Questions and Answers
CompTIA Security+
www.infosectrain.com
Introduction
If you’re gearing up for the CompTIA Security+ certification exam (SY0-701),
you already know this isn’t just another exam—it’s your gateway to a thriving
career in cybersecurity. Whether you’re an aspiring IT Security Professional, a
Network Administrator, or even a career switcher looking to break into
information security, passing the CompTIA Security+ exam is crucial.
But let’s be honest—studying for the CompTIA Security+ can feel
overwhelming. The exam covers five core domains that are critical in
information security:
Each domain carries a different weightage in the exam, making it essential to
focus on high-scoring areas while ensuring a strong grasp of all topics. And
that’s just scratching the surface! So, how do you ensure you’re ready to tackle
those tricky multiple-choice and performance-based questions with
confidence?
That’s where this guide becomes your go-to resource. We’ve compiled the top
CompTIA Security+ exam practice questions and answers to help you:
Domain 1: General Security Concepts (12%)
Domain 2: Threats, Vulnerabilities, and Mitigations (22%)
Domain 3: Security Architecture (18%)
Domain 4: Security Operations (28%)
Domain 5: Security Program Management and Oversight (20%)
Master key cybersecurity concepts with real-world scenarios
Test your knowledge before the big day
Identify weak areas and improve your score
Gain confidence to ace the Security+ exam on your first try
Introduction
If you’re gearing up for the CompTIA Security+ certification exam (SY0-701),
you already know this isn’t just another exam—it’s your gateway to a thriving
career in cybersecurity. Whether you’re an aspiring IT Security Professional, a
Network Administrator, or even a career switcher looking to break into
information security, passing the CompTIA Security+ exam is crucial.
But let’s be honest—studying for the CompTIA Security+ can feel
overwhelming. The exam covers five core domains that are critical in
information security:
Each domain carries a different weightage in the exam, making it essential to
focus on high-scoring areas while ensuring a strong grasp of all topics. And
that’s just scratching the surface! So, how do you ensure you’re ready to tackle
those tricky multiple-choice and performance-based questions with
confidence?
That’s where this guide becomes your go-to resource. We’ve compiled the top
CompTIA Security+ exam practice questions and answers to help you:
Domain 1: General Security Concepts (12%)
Domain 2: Threats, Vulnerabilities, and Mitigations (22%)
Domain 3: Security Architecture (18%)
Domain 4: Security Operations (28%)
Domain 5: Security Program Management and Oversight (20%)
Master key cybersecurity concepts with real-world scenarios
Test your knowledge before the big day
Identify weak areas and improve your score
Gain confidence to ace the Security+ exam on your first try
www.infosectrain.comwww.infosectrain.com
This isn’t just another Security+ practice test—it’s a carefully curated collection
of high-quality, exam type questions that simulate what you’ll actually face on
exam day. Plus, we'll provide in-depth explanations and study hacks to make
your prep journey smoother.
Ready to crush the CompTIA Security+ exam and kickstart your cybersecurity
career? Let’s dive in!
This isn’t just another Security+ practice test—it’s a carefully curated collection
of high-quality, exam type questions that simulate what you’ll actually face on
exam day. Plus, we'll provide in-depth explanations and study hacks to make
your prep journey smoother.
Ready to crush the CompTIA Security+ exam and kickstart your cybersecurity
career? Let’s dive in!
www.infosectrain.com
Q.1. What encryption method should be used to secure files both at rest and
during transfer while allowing user-specific access?
Partition encryption
File encryption
Full-disk encryption
Record-level encryption
Answer: B. File encryption
Explanation: File encryption ensures that each file is encrypted individually,
allowing for granular, user-specific access control. It also protects data both at
rest and in motion, making it ideal for sensitive files shared across networks.
Answer: B. File encryption
Explanation: File encryption ensures that each file is encrypted individually,
allowing for granular, user-specific access control. It also protects data both at
rest and in motion, making it ideal for sensitive files shared across networks.
Domain 1General Security Concepts (12%)
Partition Encryption --> Protects sections of a drive
File Encryption --> Secures individual files (Best for access control)
Full-disk Encryption --> Protects entire drives (Good for lost/stolen devices)
Database-level Encryption --> Secures specific database records
STUDY HACK
Use the acronym "P-F-F-D" to remember encryption types:
CompTIA Security+
Practice Exam Questions and Answers
Q.1. What encryption method should be used to secure files both at rest and
during transfer while allowing user-specific access?
Partition encryption
File encryption
Full-disk encryption
Record-level encryption
Answer: B. File encryption
Explanation: File encryption ensures that each file is encrypted individually,
allowing for granular, user-specific access control. It also protects data both at
rest and in motion, making it ideal for sensitive files shared across networks.
Answer: B. File encryption
Explanation: File encryption ensures that each file is encrypted individually,
allowing for granular, user-specific access control. It also protects data both at
rest and in motion, making it ideal for sensitive files shared across networks.
Domain 1General Security Concepts (12%)
Partition Encryption --> Protects sections of a drive
File Encryption --> Secures individual files (Best for access control)
Full-disk Encryption --> Protects entire drives (Good for lost/stolen devices)
Database-level Encryption --> Secures specific database records
STUDY HACK
Use the acronym "P-F-F-D" to remember encryption types:
CompTIA Security+
Practice Exam Questions and Answers
www.infosectrain.com
Q.2. What type of certificate should Valerie use to secure multiple subdomains
like sales.example.com and support.example.com?
Self-signed certificate
Root of trust certificate
CRL certificate
Wildcard certificate
Answer: D. Wildcard certificate
Explanation: A Wildcard SSL certificate allows securing multiple subdomains
under the same main domain (example.com). It is cost-effective and easier to
manage than issuing separate certificates for each subdomain.
Answer: D. Wildcard certificate
Explanation: A Wildcard SSL certificate allows securing multiple subdomains
under the same main domain (example.com). It is cost-effective and easier to
manage than issuing separate certificates for each subdomain.
Q.3. During an urgent security update, a development team recommends
restarting a live, customer-facing application. What is the primary technical
concern when performing this restart?
Application configuration changes caused by the restart
Whether the patch will apply properly
Lack of security controls during the restart
The downtime during the restart
STUDY HACK
Remember Wildcard certificates as a "Wildcard in a deck of cards"—one
card (certificate) can cover multiple values (subdomains).
Domain 1
Q.2. What type of certificate should Valerie use to secure multiple subdomains
like sales.example.com and support.example.com?
Self-signed certificate
Root of trust certificate
CRL certificate
Wildcard certificate
Answer: D. Wildcard certificate
Explanation: A Wildcard SSL certificate allows securing multiple subdomains
under the same main domain (example.com). It is cost-effective and easier to
manage than issuing separate certificates for each subdomain.
Answer: D. Wildcard certificate
Explanation: A Wildcard SSL certificate allows securing multiple subdomains
under the same main domain (example.com). It is cost-effective and easier to
manage than issuing separate certificates for each subdomain.
Q.3. During an urgent security update, a development team recommends
restarting a live, customer-facing application. What is the primary technical
concern when performing this restart?
Application configuration changes caused by the restart
Whether the patch will apply properly
Lack of security controls during the restart
The downtime during the restart
STUDY HACK
Remember Wildcard certificates as a "Wildcard in a deck of cards"—one
card (certificate) can cover multiple values (subdomains).
Domain 1
www.infosectrain.com
Answer: D. The downtime during the restart
Explanation: Restarting a production system can cause temporary service
disruptions, which can impact business operations and user experience. To
minimize downtime, organizations often use rolling updates, blue-green
deployments, or canary releases to test patches on a small portion of users
before a full rollout.
Answer: D. The downtime during the restart
Explanation: Restarting a production system can cause temporary service
disruptions, which can impact business operations and user experience. To
minimize downtime, organizations often use rolling updates, blue-green
deployments, or canary releases to test patches on a small portion of users
before a full rollout.
STUDY HACK
Plan downtime
Deploy updates in stages
Rollback if issues occur
Remember "PDR" for updates:
Q.4. A Security Analyst is concerned that a critical system's password could be
vulnerable to brute-force attacks. Which technique helps reduce the risk by
increasing the time needed to test each possible key?
Master keying
Key stretching
Key rotation
Passphrase armoring
Answer: B. Key stretching
Explanation: Key stretching enhances password security by adding
computational delay to brute-force attempts. Common algorithms include
PBKDF2, bcrypt, and Argon2, which require attackers to invest more
computing power to crack passwords.
Answer: B. Key stretching
Explanation: Key stretching enhances password security by adding
computational delay to brute-force attempts. Common algorithms include
PBKDF2, bcrypt, and Argon2, which require attackers to invest more
computing power to crack passwords.
Domain 1
Answer: D. The downtime during the restart
Explanation: Restarting a production system can cause temporary service
disruptions, which can impact business operations and user experience. To
minimize downtime, organizations often use rolling updates, blue-green
deployments, or canary releases to test patches on a small portion of users
before a full rollout.
Answer: D. The downtime during the restart
Explanation: Restarting a production system can cause temporary service
disruptions, which can impact business operations and user experience. To
minimize downtime, organizations often use rolling updates, blue-green
deployments, or canary releases to test patches on a small portion of users
before a full rollout.
STUDY HACK
Plan downtime
Deploy updates in stages
Rollback if issues occur
Remember "PDR" for updates:
Q.4. A Security Analyst is concerned that a critical system's password could be
vulnerable to brute-force attacks. Which technique helps reduce the risk by
increasing the time needed to test each possible key?
Master keying
Key stretching
Key rotation
Passphrase armoring
Answer: B. Key stretching
Explanation: Key stretching enhances password security by adding
computational delay to brute-force attempts. Common algorithms include
PBKDF2, bcrypt, and Argon2, which require attackers to invest more
computing power to crack passwords.
Answer: B. Key stretching
Explanation: Key stretching enhances password security by adding
computational delay to brute-force attempts. Common algorithms include
PBKDF2, bcrypt, and Argon2, which require attackers to invest more
computing power to crack passwords.
Domain 1
www.infosectrain.com
STUDY HACK
Remember "Stretching Takes Time"—Key stretching is all about slowing
down brute-force attacks.
Q.5. What type of control category does log monitoring fall under?
Technical
Managerial
Operational
Physical
Answer: C. Operational
Explanation: Log monitoring is an Operational control because it involves
continuous monitoring, analysis, and response to security events as part of
security operations.
Answer: C. Operational
Explanation: Log monitoring is an Operational control because it involves
continuous monitoring, analysis, and response to security events as part of
security operations.
Technical --> Uses software/hardware (Firewalls, IDS, Encryption)
Managerial --> Policy and procedures (Risk assessments, Training)
Operational --> Daily security tasks (Log monitoring, Incident response)
Physical --> Tangible security (CCTV, Locks, Guards)
STUDY HACK
Use the "T-M-O-P" method to classify security controls:
Domain 1
STUDY HACK
Remember "Stretching Takes Time"—Key stretching is all about slowing
down brute-force attacks.
Q.5. What type of control category does log monitoring fall under?
Technical
Managerial
Operational
Physical
Answer: C. Operational
Explanation: Log monitoring is an Operational control because it involves
continuous monitoring, analysis, and response to security events as part of
security operations.
Answer: C. Operational
Explanation: Log monitoring is an Operational control because it involves
continuous monitoring, analysis, and response to security events as part of
security operations.
Technical --> Uses software/hardware (Firewalls, IDS, Encryption)
Managerial --> Policy and procedures (Risk assessments, Training)
Operational --> Daily security tasks (Log monitoring, Incident response)
Physical --> Tangible security (CCTV, Locks, Guards)
STUDY HACK
Use the "T-M-O-P" method to classify security controls:
Domain 1
www.infosectrain.com
Domain 2Threats, Vulnerabilities, and Mitigations (22%)
Q.1. A cybersecurity team is analyzing potential threat actors that may target
their organization's infrastructure and systems. Which of the following is the
most likely motivation behind a nation-state actor's activities?
Financial gain
Blackmail
Espionage
Extortion
Answer: C. Espionage
Explanation: Nation-state threat actors primarily focus on cyber espionage,
gathering intelligence, and disrupting the operations of rival nations or
organizations. Unlike cybercriminals seeking financial gain, these actors often
conduct long-term, highly sophisticated attacks.
Answer: C. Espionage
Explanation: Nation-state threat actors primarily focus on cyber espionage,
gathering intelligence, and disrupting the operations of rival nations or
organizations. Unlike cybercriminals seeking financial gain, these actors often
conduct long-term, highly sophisticated attacks.
Governmental interests (Political, military, or economic spying)
Infrastructure disruption (Critical infrastructure attacks)
Propaganda and misinformation campaigns
STUDY HACK
Remember “GIP (Government, Infrastructure, and Propaganda)” for
Nation-State Motivations:
Domain 2Threats, Vulnerabilities, and Mitigations (22%)
Q.1. A cybersecurity team is analyzing potential threat actors that may target
their organization's infrastructure and systems. Which of the following is the
most likely motivation behind a nation-state actor's activities?
Financial gain
Blackmail
Espionage
Extortion
Answer: C. Espionage
Explanation: Nation-state threat actors primarily focus on cyber espionage,
gathering intelligence, and disrupting the operations of rival nations or
organizations. Unlike cybercriminals seeking financial gain, these actors often
conduct long-term, highly sophisticated attacks.
Answer: C. Espionage
Explanation: Nation-state threat actors primarily focus on cyber espionage,
gathering intelligence, and disrupting the operations of rival nations or
organizations. Unlike cybercriminals seeking financial gain, these actors often
conduct long-term, highly sophisticated attacks.
Governmental interests (Political, military, or economic spying)
Infrastructure disruption (Critical infrastructure attacks)
Propaganda and misinformation campaigns
STUDY HACK
Remember “GIP (Government, Infrastructure, and Propaganda)” for
Nation-State Motivations:
www.infosectrain.com
Q.2. An investment firm's Marketing Executive receives an email encouraging
them to take part in a survey by clicking on an embedded link. The email
appears to come from an industry organization, but the recipient is unsure of
its legitimacy. What type of attack does this represent?
Phishing
Social engineering
Spear phishing
Trojan horse
Answer: C. Spear phishing
Explanation: Spear phishing is a targeted attack where cybercriminals craft
personalized emails to deceive specific individuals or organizations. Unlike
generic phishing, these attacks use relevant details to gain trust and increase
the likelihood of interaction.
Answer: C. Spear phishing
Explanation: Spear phishing is a targeted attack where cybercriminals craft
personalized emails to deceive specific individuals or organizations. Unlike
generic phishing, these attacks use relevant details to gain trust and increase
the likelihood of interaction.
Specific recipient targeting
Personalized details
Email urgency or requests for sensitive information
Attachment or link included
Red flags like unknown senders or slight misspellings in URLs
STUDY HACK
Use "SPEAR" to identify spear phishing signs:
Domain 2
Q.2. An investment firm's Marketing Executive receives an email encouraging
them to take part in a survey by clicking on an embedded link. The email
appears to come from an industry organization, but the recipient is unsure of
its legitimacy. What type of attack does this represent?
Phishing
Social engineering
Spear phishing
Trojan horse
Answer: C. Spear phishing
Explanation: Spear phishing is a targeted attack where cybercriminals craft
personalized emails to deceive specific individuals or organizations. Unlike
generic phishing, these attacks use relevant details to gain trust and increase
the likelihood of interaction.
Answer: C. Spear phishing
Explanation: Spear phishing is a targeted attack where cybercriminals craft
personalized emails to deceive specific individuals or organizations. Unlike
generic phishing, these attacks use relevant details to gain trust and increase
the likelihood of interaction.
Specific recipient targeting
Personalized details
Email urgency or requests for sensitive information
Attachment or link included
Red flags like unknown senders or slight misspellings in URLs
STUDY HACK
Use "SPEAR" to identify spear phishing signs:
Domain 2
www.infosectrain.com
Q.3. A cloud-based application infrastructure is managed by a third-party IT
service provider. What is the most effective way to mitigate risks associated
with potential security threats from the managed service provider (MSP)?
Conduct regular vulnerability scans
Implement shared incident response drills
Ensure strong contractual security agreements
Require an annual penetration test
Answer: C. Ensure strong contractual security agreements
Explanation: Third-party security risks must be addressed through clear
contractual obligations that define data protection, compliance requirements,
and security responsibilities. Organizations should also enforce regular security
audits and incident response collaboration.
Answer: C. Ensure strong contractual security agreements
Explanation: Third-party security risks must be addressed through clear
contractual obligations that define data protection, compliance requirements,
and security responsibilities. Organizations should also enforce regular security
audits and incident response collaboration.
Contracts that define security expectations
Continuous monitoring of MSP activities
Mandatory security assessments & compliance checks
STUDY HACK
Remember "CCM " for MSP Security Management:
Domain 2
Q.3. A cloud-based application infrastructure is managed by a third-party IT
service provider. What is the most effective way to mitigate risks associated
with potential security threats from the managed service provider (MSP)?
Conduct regular vulnerability scans
Implement shared incident response drills
Ensure strong contractual security agreements
Require an annual penetration test
Answer: C. Ensure strong contractual security agreements
Explanation: Third-party security risks must be addressed through clear
contractual obligations that define data protection, compliance requirements,
and security responsibilities. Organizations should also enforce regular security
audits and incident response collaboration.
Answer: C. Ensure strong contractual security agreements
Explanation: Third-party security risks must be addressed through clear
contractual obligations that define data protection, compliance requirements,
and security responsibilities. Organizations should also enforce regular security
audits and incident response collaboration.
Contracts that define security expectations
Continuous monitoring of MSP activities
Mandatory security assessments & compliance checks
STUDY HACK
Remember "CCM " for MSP Security Management:
Domain 2
www.infosectrain.com
Q.4. A cybersecurity advisory warns about a vulnerability that allows software
running on a virtual machine to execute commands on the underlying
hypervisor. What type of security issue does this describe?
Resource reuse flaw
VM escape vulnerability
Jailbreaking exploit
Sideloading attack
Answer: B. VM escape vulnerability
Explanation: VM escape occurs when a malicious process breaks out of the
virtual machine, and gains control over the hypervisor or host system. To
prevent this, organizations should:
• Use strict hypervisor security configurations
• Implement strong VM isolation techniques
• Apply timely hypervisor updates and patches
Answer: B. VM escape vulnerability
Explanation: VM escape occurs when a malicious process breaks out of the
virtual machine, and gains control over the hypervisor or host system. To
prevent this, organizations should:
• Use strict hypervisor security configurations
• Implement strong VM isolation techniques
• Apply timely hypervisor updates and patches
STUDY HACK
Think of VM escape as a prisoner escaping jail—the attacker moves from a
restricted VM to take control of the broader system.
Domain 2
Q.4. A cybersecurity advisory warns about a vulnerability that allows software
running on a virtual machine to execute commands on the underlying
hypervisor. What type of security issue does this describe?
Resource reuse flaw
VM escape vulnerability
Jailbreaking exploit
Sideloading attack
Answer: B. VM escape vulnerability
Explanation: VM escape occurs when a malicious process breaks out of the
virtual machine, and gains control over the hypervisor or host system. To
prevent this, organizations should:
• Use strict hypervisor security configurations
• Implement strong VM isolation techniques
• Apply timely hypervisor updates and patches
Answer: B. VM escape vulnerability
Explanation: VM escape occurs when a malicious process breaks out of the
virtual machine, and gains control over the hypervisor or host system. To
prevent this, organizations should:
• Use strict hypervisor security configurations
• Implement strong VM isolation techniques
• Apply timely hypervisor updates and patches
STUDY HACK
Think of VM escape as a prisoner escaping jail—the attacker moves from a
restricted VM to take control of the broader system.
Domain 2
www.infosectrain.com
Q.5. A Network Administrator is tasked with enhancing workstation security
against ransomware threats. Which of the following measures would be most
effective?
Enabling host-based firewalls
Installing endpoint protection software
Deploying a host-based intrusion prevention system (HIPS)
Removing unnecessary software
Answer: B. Installing endpoint protection software
Explanation: Endpoint Protection Solutions (EPPs) integrate antivirus,
behavioral analysis, and real-time scanning to detect ransomware activity
before it encrypts files. Advanced solutions may also include ransomware
rollback features.
Answer: B. Installing endpoint protection software
Explanation: Endpoint Protection Solutions (EPPs) integrate antivirus,
behavioral analysis, and real-time scanning to detect ransomware activity
before it encrypts files. Advanced solutions may also include ransomware
rollback features.
Detect threats using advanced endpoint protection
Deny execution of unauthorized programs
Data backup strategy for fast recovery
STUDY HACK
Remember "3D Defense" for Ransomware Prevention:
Domain 2
Q.5. A Network Administrator is tasked with enhancing workstation security
against ransomware threats. Which of the following measures would be most
effective?
Enabling host-based firewalls
Installing endpoint protection software
Deploying a host-based intrusion prevention system (HIPS)
Removing unnecessary software
Answer: B. Installing endpoint protection software
Explanation: Endpoint Protection Solutions (EPPs) integrate antivirus,
behavioral analysis, and real-time scanning to detect ransomware activity
before it encrypts files. Advanced solutions may also include ransomware
rollback features.
Answer: B. Installing endpoint protection software
Explanation: Endpoint Protection Solutions (EPPs) integrate antivirus,
behavioral analysis, and real-time scanning to detect ransomware activity
before it encrypts files. Advanced solutions may also include ransomware
rollback features.
Detect threats using advanced endpoint protection
Deny execution of unauthorized programs
Data backup strategy for fast recovery
STUDY HACK
Remember "3D Defense" for Ransomware Prevention:
Domain 2
www.infosectrain.com
Domain 3Security Architecture (18%)
Q.1. Nancy’s organization wants to define the amount of data loss they can
tolerate and the maximum time allowed for system recovery after a failure.
Which two key parameters should she establish?
Recovery Point Objective (RPO) and Recovery Time Objective (RTO)
Recovery File Backup Time (RFBT) and Recovery Point Objective (RPO)
Recovery Point Objective (RPO) and Mean Time Between Failures (MTBF)
Mean Time Between Failures (MTBF) and Recovery File Backup Time (RFBT)
Answer: A. Recovery Point Objective (RPO) and Recovery Time Objective
(RTO)
Explanation: RPO (Recovery Point Objective) is the maximum amount of data
loss that an organization can tolerate due to an incident. RTO (Recovery Time
Objective) is the duration within which services must be restored to avoid
major disruptions.
Answer: A. Recovery Point Objective (RPO) and Recovery Time Objective
(RTO)
Explanation: RPO (Recovery Point Objective) is the maximum amount of data
loss that an organization can tolerate due to an incident. RTO (Recovery Time
Objective) is the duration within which services must be restored to avoid
major disruptions.
STUDY HACK
RPO determines how much data loss is acceptable, while RTO defines how
quickly systems must be restored. RPO is like a “data clock” (tolerable data
loss in time) and RTO is a “stopwatch” (time to restore systems).
Domain 3Security Architecture (18%)
Q.1. Nancy’s organization wants to define the amount of data loss they can
tolerate and the maximum time allowed for system recovery after a failure.
Which two key parameters should she establish?
Recovery Point Objective (RPO) and Recovery Time Objective (RTO)
Recovery File Backup Time (RFBT) and Recovery Point Objective (RPO)
Recovery Point Objective (RPO) and Mean Time Between Failures (MTBF)
Mean Time Between Failures (MTBF) and Recovery File Backup Time (RFBT)
Answer: A. Recovery Point Objective (RPO) and Recovery Time Objective
(RTO)
Explanation: RPO (Recovery Point Objective) is the maximum amount of data
loss that an organization can tolerate due to an incident. RTO (Recovery Time
Objective) is the duration within which services must be restored to avoid
major disruptions.
Answer: A. Recovery Point Objective (RPO) and Recovery Time Objective
(RTO)
Explanation: RPO (Recovery Point Objective) is the maximum amount of data
loss that an organization can tolerate due to an incident. RTO (Recovery Time
Objective) is the duration within which services must be restored to avoid
major disruptions.
STUDY HACK
RPO determines how much data loss is acceptable, while RTO defines how
quickly systems must be restored. RPO is like a “data clock” (tolerable data
loss in time) and RTO is a “stopwatch” (time to restore systems).
www.infosectrain.com
Q.2. John manages an Intrusion Detection System (IDS) for his organization’s
network. Occasionally, the IDS reports normal network traffic as an attack.
What is this situation called?
False positive
False negative
False trigger
False flag
Answer: A. False positive
Explanation: A false positive happens when an IDS incorrectly identifies
normal behavior as a threat, leading to unnecessary alerts and wasted
investigation time.
Answer: A. False positive
Explanation: A false positive happens when an IDS incorrectly identifies
normal behavior as a threat, leading to unnecessary alerts and wasted
investigation time.
STUDY HACK
P – Ping! Too many alerts (Over-reporting)
O – Ordinary activity misclassified (Normal traffic flagged)
S – Security team distraction (Wastes time & resources)
I – Incorrect detection (Wrongly identifies threats)
T – Tuning required (IDS needs better rules)
I – Impact on efficiency (Real threats may be overlooked)
V – Very frustrating (Annoying for analysts)
E – Extra verification needed (Manual investigation required)
To quickly remember False Positives, think:
Domain 3
Q.2. John manages an Intrusion Detection System (IDS) for his organization’s
network. Occasionally, the IDS reports normal network traffic as an attack.
What is this situation called?
False positive
False negative
False trigger
False flag
Answer: A. False positive
Explanation: A false positive happens when an IDS incorrectly identifies
normal behavior as a threat, leading to unnecessary alerts and wasted
investigation time.
Answer: A. False positive
Explanation: A false positive happens when an IDS incorrectly identifies
normal behavior as a threat, leading to unnecessary alerts and wasted
investigation time.
STUDY HACK
P – Ping! Too many alerts (Over-reporting)
O – Ordinary activity misclassified (Normal traffic flagged)
S – Security team distraction (Wastes time & resources)
I – Incorrect detection (Wrongly identifies threats)
T – Tuning required (IDS needs better rules)
I – Impact on efficiency (Real threats may be overlooked)
V – Very frustrating (Annoying for analysts)
E – Extra verification needed (Manual investigation required)
To quickly remember False Positives, think:
Domain 3
www.infosectrain.com
Q.3. Joy is responsible for protecting his company’s backup data from malware.
Currently, they back up critical servers to a networked storage device. Which
option would be the most effective in preventing backup infections?
Isolating the backup server on a separate VLAN
Completely air-gapping the backup server
Placing the backup server in a different network segment
Deploying a honeynet
Answer: B. Completely air-gapping the backup server
Explanation: Air-gapped backups are completely isolated from any network,
making them immune to ransomware and malware that spread through
connected environments.
Answer: B. Completely air-gapping the backup server
Explanation: Air-gapped backups are completely isolated from any network,
making them immune to ransomware and malware that spread through
connected environments.
A – Absolutely isolated (No network connection)
I – Immune to ransomware & malware
R – Requires physical access for backup & restore
STUDY HACK
To remember Air-Gapped Backups, think:
If no online connection exists, malware can’t spread—air-gapping wins!
Domain 3
Q.3. Joy is responsible for protecting his company’s backup data from malware.
Currently, they back up critical servers to a networked storage device. Which
option would be the most effective in preventing backup infections?
Isolating the backup server on a separate VLAN
Completely air-gapping the backup server
Placing the backup server in a different network segment
Deploying a honeynet
Answer: B. Completely air-gapping the backup server
Explanation: Air-gapped backups are completely isolated from any network,
making them immune to ransomware and malware that spread through
connected environments.
Answer: B. Completely air-gapping the backup server
Explanation: Air-gapped backups are completely isolated from any network,
making them immune to ransomware and malware that spread through
connected environments.
A – Absolutely isolated (No network connection)
I – Immune to ransomware & malware
R – Requires physical access for backup & restore
STUDY HACK
To remember Air-Gapped Backups, think:
If no online connection exists, malware can’t spread—air-gapping wins!
Domain 3
www.infosectrain.com
Q.4. Joy wants a contract with a facility that is fully equipped and can be
immediately used for operations in case of a disaster. What type of recovery
site should he choose?
Hot site
Cold site
Warm site
RTO site
Answer: A. Hot site
Explanation: A hot site is a fully functional facility that allows businesses to
resume operations immediately after a disaster, making it ideal for critical
systems requiring high availability.
Answer: A. Hot site
Explanation: A hot site is a fully functional facility that allows businesses to
resume operations immediately after a disaster, making it ideal for critical
systems requiring high availability.
H – Highly available (Minimal downtime)
O – Operational immediately (No setup needed)
T – Technology pre-installed (Fully functional)
STUDY HACK
HOT = "Ready to GO" Trick
Hot site = Instant recovery, Cold site = Delayed setup, Warm site = Partial setup!
Domain 3
Q.4. Joy wants a contract with a facility that is fully equipped and can be
immediately used for operations in case of a disaster. What type of recovery
site should he choose?
Hot site
Cold site
Warm site
RTO site
Answer: A. Hot site
Explanation: A hot site is a fully functional facility that allows businesses to
resume operations immediately after a disaster, making it ideal for critical
systems requiring high availability.
Answer: A. Hot site
Explanation: A hot site is a fully functional facility that allows businesses to
resume operations immediately after a disaster, making it ideal for critical
systems requiring high availability.
H – Highly available (Minimal downtime)
O – Operational immediately (No setup needed)
T – Technology pre-installed (Fully functional)
STUDY HACK
HOT = "Ready to GO" Trick
Hot site = Instant recovery, Cold site = Delayed setup, Warm site = Partial setup!
Domain 3
www.infosectrain.com
Q.5. Jack is designing IoT devices and wants to ensure that unauthorized
parties cannot modify the device's operating system after purchase. What is
the best security measure to achieve this?
Set a default password
Require signed and encrypted firmware
Check the MD5 hash of firmware versions
Apply regular software patches
Answer: B. Require signed and encrypted firmware
Explanation: Firmware signing and encryption prevent attackers from injecting
malicious firmware, which can lead to backdoors, botnets, and device
takeovers.
Answer: B. Require signed and encrypted firmware
Explanation: Firmware signing and encryption prevent attackers from injecting
malicious firmware, which can lead to backdoors, botnets, and device
takeovers.
STUDY HACK
A firmware signing is like a digital passport—only verified updates get through!
www.infosectrain.com
www.infosectrain.com
Domain 3
Q.5. Jack is designing IoT devices and wants to ensure that unauthorized
parties cannot modify the device's operating system after purchase. What is
the best security measure to achieve this?
Set a default password
Require signed and encrypted firmware
Check the MD5 hash of firmware versions
Apply regular software patches
Answer: B. Require signed and encrypted firmware
Explanation: Firmware signing and encryption prevent attackers from injecting
malicious firmware, which can lead to backdoors, botnets, and device
takeovers.
Answer: B. Require signed and encrypted firmware
Explanation: Firmware signing and encryption prevent attackers from injecting
malicious firmware, which can lead to backdoors, botnets, and device
takeovers.
STUDY HACK
A firmware signing is like a digital passport—only verified updates get through!
www.infosectrain.com
www.infosectrain.com
Domain 3
www.infosectrain.com
Domain 4Security Operations (28%)
Q.1. John wants to enhance his organization’s router security. There are no
known vulnerabilities currently affecting the device. Which hardening measure
would provide the greatest security improvement?
Indicator of Compromise (IoC) development
Threat hunting
Root cause analysis
Incident eradication
Answer: B. Threat hunting
Explanation: Threat hunting proactively detects hidden threats by analyzing
system logs and network traffic for anomalies. Even without known
vulnerabilities, attackers may exploit misconfigurations or weak security
practices. By identifying suspicious activities like unauthorized account creation,
threat hunting helps prevent persistence mechanisms before an attack occurs.
Answer: B. Threat hunting
Explanation: Threat hunting proactively detects hidden threats by analyzing
system logs and network traffic for anomalies. Even without known
vulnerabilities, attackers may exploit misconfigurations or weak security
practices. By identifying suspicious activities like unauthorized account creation,
threat hunting helps prevent persistence mechanisms before an attack occurs.
A – Analyze logs and network traffic for anomalies.
C – Catch suspicious patterns like unauthorized access attempts.
T – Thwart potential threats before they escalate.
STUDY HACK
“ACT” Method for Security Hardening
If there’s no known vulnerability, go proactive with Threat Hunting instead of
waiting for an attack!
Domain 4Security Operations (28%)
Q.1. John wants to enhance his organization’s router security. There are no
known vulnerabilities currently affecting the device. Which hardening measure
would provide the greatest security improvement?
Indicator of Compromise (IoC) development
Threat hunting
Root cause analysis
Incident eradication
Answer: B. Threat hunting
Explanation: Threat hunting proactively detects hidden threats by analyzing
system logs and network traffic for anomalies. Even without known
vulnerabilities, attackers may exploit misconfigurations or weak security
practices. By identifying suspicious activities like unauthorized account creation,
threat hunting helps prevent persistence mechanisms before an attack occurs.
Answer: B. Threat hunting
Explanation: Threat hunting proactively detects hidden threats by analyzing
system logs and network traffic for anomalies. Even without known
vulnerabilities, attackers may exploit misconfigurations or weak security
practices. By identifying suspicious activities like unauthorized account creation,
threat hunting helps prevent persistence mechanisms before an attack occurs.
A – Analyze logs and network traffic for anomalies.
C – Catch suspicious patterns like unauthorized access attempts.
T – Thwart potential threats before they escalate.
STUDY HACK
“ACT” Method for Security Hardening
If there’s no known vulnerability, go proactive with Threat Hunting instead of
waiting for an attack!
www.infosectrain.com
Q.2. John's company provides an API for customers. She wants to ensure that
only paying customers can access the API. What is the best way to enforce this?
Require authentication
Configure a firewall
Filter based on IP addresses
Deploy an Intrusion Prevention System (IPS)
Answer: A. Require authentication
Explanation: To ensure that only paying customers access the API,
implementing authentication mechanisms such as API keys, OAuth, or
token-based authentication is the best approach. These methods verify users
before granting access, preventing unauthorized usage.
Answer: A. Require authentication
Explanation: To ensure that only paying customers access the API,
implementing authentication mechanisms such as API keys, OAuth, or
token-based authentication is the best approach. These methods verify users
before granting access, preventing unauthorized usage.
P – Protect with authentication (API keys, OAuth, tokens)
A – Authorize users based on payment status
I – Implement rate limiting to prevent misuse
D – Deny access to unauthorized users
STUDY HACK
Remember "PAID" to secure API access for paying customers:
Always enforce authentication for API access control—firewalls, IP filters,
and IPS won’t differentiate paying vs. non-paying users!
Domain 4
Q.2. John's company provides an API for customers. She wants to ensure that
only paying customers can access the API. What is the best way to enforce this?
Require authentication
Configure a firewall
Filter based on IP addresses
Deploy an Intrusion Prevention System (IPS)
Answer: A. Require authentication
Explanation: To ensure that only paying customers access the API,
implementing authentication mechanisms such as API keys, OAuth, or
token-based authentication is the best approach. These methods verify users
before granting access, preventing unauthorized usage.
Answer: A. Require authentication
Explanation: To ensure that only paying customers access the API,
implementing authentication mechanisms such as API keys, OAuth, or
token-based authentication is the best approach. These methods verify users
before granting access, preventing unauthorized usage.
P – Protect with authentication (API keys, OAuth, tokens)
A – Authorize users based on payment status
I – Implement rate limiting to prevent misuse
D – Deny access to unauthorized users
STUDY HACK
Remember "PAID" to secure API access for paying customers:
Always enforce authentication for API access control—firewalls, IP filters,
and IPS won’t differentiate paying vs. non-paying users!
Domain 4
www.infosectrain.com
Q.3. Pooja needs access to a network protected by a NAC system that validates
devices based on their MAC addresses. How could she potentially bypass this
security control?
Spoof a valid IP address
Perform a Denial-of-Service (DoS) attack on the NAC system
Clone a legitimate MAC address
None of the above
Answer: C. Clone a legitimate MAC address
Explanation: Network Access Control (NAC) systems that rely solely on MAC
address filtering authenticate devices based on their MAC addresses. However,
they do not verify the actual legitimacy of the device behind the MAC.
Attackers can easily spoof or clone a legitimate MAC address using readily
available tools, allowing them to bypass NAC restrictions.
Answer: C. Clone a legitimate MAC address
Explanation: Network Access Control (NAC) systems that rely solely on MAC
address filtering authenticate devices based on their MAC addresses. However,
they do not verify the actual legitimacy of the device behind the MAC.
Attackers can easily spoof or clone a legitimate MAC address using readily
available tools, allowing them to bypass NAC restrictions.
Domain 4
M – Modify your MAC address using spoofing tools
A – Analyze a valid device's MAC address on the network
C – Clone the legitimate MAC to gain access
STUDY HACK
Remember “MAC ATTACK” to recall NAC bypass tricks:
MAC-based NAC security is weak without additional authentication like 802.1X,
certificates, or endpoint security checks!
Q.3. Pooja needs access to a network protected by a NAC system that validates
devices based on their MAC addresses. How could she potentially bypass this
security control?
Spoof a valid IP address
Perform a Denial-of-Service (DoS) attack on the NAC system
Clone a legitimate MAC address
None of the above
Answer: C. Clone a legitimate MAC address
Explanation: Network Access Control (NAC) systems that rely solely on MAC
address filtering authenticate devices based on their MAC addresses. However,
they do not verify the actual legitimacy of the device behind the MAC.
Attackers can easily spoof or clone a legitimate MAC address using readily
available tools, allowing them to bypass NAC restrictions.
Answer: C. Clone a legitimate MAC address
Explanation: Network Access Control (NAC) systems that rely solely on MAC
address filtering authenticate devices based on their MAC addresses. However,
they do not verify the actual legitimacy of the device behind the MAC.
Attackers can easily spoof or clone a legitimate MAC address using readily
available tools, allowing them to bypass NAC restrictions.
Domain 4
M – Modify your MAC address using spoofing tools
A – Analyze a valid device's MAC address on the network
C – Clone the legitimate MAC to gain access
STUDY HACK
Remember “MAC ATTACK” to recall NAC bypass tricks:
MAC-based NAC security is weak without additional authentication like 802.1X,
certificates, or endpoint security checks!
www.infosectrain.com
Q.4. Sonika subscribes to a private cybersecurity intelligence service that is
only available to vetted users who pay a subscription fee. What type of
intelligence feed is this?
Proprietary threat intelligence
Open-source intelligence (OSINT)
Electronic Intelligence (ELINT)
Corporate threat intelligence
Answer: A. Proprietary threat intelligence
Explanation: Proprietary threat intelligence refers to paid, exclusive threat
intelligence services provided by specialized vendors. These services offer
curated, real-time security insights based on confidential or premium sources,
available only to vetted users who pay a subscription fee.
Answer: A. Proprietary threat intelligence
Explanation: Proprietary threat intelligence refers to paid, exclusive threat
intelligence services provided by specialized vendors. These services offer
curated, real-time security insights based on confidential or premium sources,
available only to vetted users who pay a subscription fee.
P – Proprietary (Paid, Exclusive, Subscription-based)
P – Public (OSINT) (Free, Open, Community-driven)
E – Electronic (ELINT) (Signals, Military, Communications)
C – Corporate (Internal, Business-Specific, Private Analysis)
STUDY HACK
Use "PPEC" to remember Threat Intelligence Categories:
If access requires payment and vetting, it's likely proprietary threat
intelligence!
Domain 4
Q.4. Sonika subscribes to a private cybersecurity intelligence service that is
only available to vetted users who pay a subscription fee. What type of
intelligence feed is this?
Proprietary threat intelligence
Open-source intelligence (OSINT)
Electronic Intelligence (ELINT)
Corporate threat intelligence
Answer: A. Proprietary threat intelligence
Explanation: Proprietary threat intelligence refers to paid, exclusive threat
intelligence services provided by specialized vendors. These services offer
curated, real-time security insights based on confidential or premium sources,
available only to vetted users who pay a subscription fee.
Answer: A. Proprietary threat intelligence
Explanation: Proprietary threat intelligence refers to paid, exclusive threat
intelligence services provided by specialized vendors. These services offer
curated, real-time security insights based on confidential or premium sources,
available only to vetted users who pay a subscription fee.
P – Proprietary (Paid, Exclusive, Subscription-based)
P – Public (OSINT) (Free, Open, Community-driven)
E – Electronic (ELINT) (Signals, Military, Communications)
C – Corporate (Internal, Business-Specific, Private Analysis)
STUDY HACK
Use "PPEC" to remember Threat Intelligence Categories:
If access requires payment and vetting, it's likely proprietary threat
intelligence!
Domain 4
www.infosectrain.com
Q.5. Ruchi wants to enhance her organization’s router security. There are no
known vulnerabilities currently affecting the device. Which hardening measure
would provide the greatest security improvement?
Assigning administrative interfaces to a dedicated VLAN
Disabling all unnecessary services
Updating the router OS to the latest patch
Enabling SNMP-based logging
Answer: B. Disabling all unnecessary services
Explanation: Disabling unnecessary services reduces the attack surface by
preventing attackers from exploiting unused or default functionalities that could
be vulnerable to misuse. Many routers come with pre-enabled services that
may not be required for operations, and keeping them active increases security
risks.
Answer: B. Disabling all unnecessary services
Explanation: Disabling unnecessary services reduces the attack surface by
preventing attackers from exploiting unused or default functionalities that could
be vulnerable to misuse. Many routers come with pre-enabled services that
may not be required for operations, and keeping them active increases security
risks.
D – Disable unused services
U – Update firmware & OS regularly
S – Segment networks (VLANs, admin interfaces)
T – Track logs & monitor traffic
STUDY HACK
To remember key router hardening steps, think "DUST" (because security
removes unnecessary elements like dust )
First step in router hardening? Always disable what’s not needed!
Domain 4
Q.5. Ruchi wants to enhance her organization’s router security. There are no
known vulnerabilities currently affecting the device. Which hardening measure
would provide the greatest security improvement?
Assigning administrative interfaces to a dedicated VLAN
Disabling all unnecessary services
Updating the router OS to the latest patch
Enabling SNMP-based logging
Answer: B. Disabling all unnecessary services
Explanation: Disabling unnecessary services reduces the attack surface by
preventing attackers from exploiting unused or default functionalities that could
be vulnerable to misuse. Many routers come with pre-enabled services that
may not be required for operations, and keeping them active increases security
risks.
Answer: B. Disabling all unnecessary services
Explanation: Disabling unnecessary services reduces the attack surface by
preventing attackers from exploiting unused or default functionalities that could
be vulnerable to misuse. Many routers come with pre-enabled services that
may not be required for operations, and keeping them active increases security
risks.
D – Disable unused services
U – Update firmware & OS regularly
S – Segment networks (VLANs, admin interfaces)
T – Track logs & monitor traffic
STUDY HACK
To remember key router hardening steps, think "DUST" (because security
removes unnecessary elements like dust )
First step in router hardening? Always disable what’s not needed!
Domain 4
www.infosectrain.com
Domain 5Security Program Management and Oversight (20%)
Q.1. Prerna wants to assess whether the Key Risk Indicators (KRIs) suggested
by his team are effective for the organization. Which of the following
characteristics is NOT essential for a useful KRI?
Actionable
Measurable
Relevant
Inexpensive
Answer: D. Inexpensive
Explanation: A Key Risk Indicator (KRI) is a measurable value that helps
organizations predict, monitor, and mitigate risks. For a KRI to be effective, it
must be:
• Actionable – It should trigger a response or decision-making process.
• Measurable – It must have quantifiable data to track risk levels over time.
• Relevant – It should directly relate to the organization's risk landscape.
While cost efficiency is beneficial, it does not determine the effectiveness of a
KRI. A highly effective KRI may require investment in tools, data collection, and
analysis, making "Inexpensive" not an essential characteristic.
Answer: D. Inexpensive
Explanation: A Key Risk Indicator (KRI) is a measurable value that helps
organizations predict, monitor, and mitigate risks. For a KRI to be effective, it
must be:
• Actionable – It should trigger a response or decision-making process.
• Measurable – It must have quantifiable data to track risk levels over time.
• Relevant – It should directly relate to the organization's risk landscape.
While cost efficiency is beneficial, it does not determine the effectiveness of a
KRI. A highly effective KRI may require investment in tools, data collection, and
analysis, making "Inexpensive" not an essential characteristic.
Domain 5Security Program Management and Oversight (20%)
Q.1. Prerna wants to assess whether the Key Risk Indicators (KRIs) suggested
by his team are effective for the organization. Which of the following
characteristics is NOT essential for a useful KRI?
Actionable
Measurable
Relevant
Inexpensive
Answer: D. Inexpensive
Explanation: A Key Risk Indicator (KRI) is a measurable value that helps
organizations predict, monitor, and mitigate risks. For a KRI to be effective, it
must be:
• Actionable – It should trigger a response or decision-making process.
• Measurable – It must have quantifiable data to track risk levels over time.
• Relevant – It should directly relate to the organization's risk landscape.
While cost efficiency is beneficial, it does not determine the effectiveness of a
KRI. A highly effective KRI may require investment in tools, data collection, and
analysis, making "Inexpensive" not an essential characteristic.
Answer: D. Inexpensive
Explanation: A Key Risk Indicator (KRI) is a measurable value that helps
organizations predict, monitor, and mitigate risks. For a KRI to be effective, it
must be:
• Actionable – It should trigger a response or decision-making process.
• Measurable – It must have quantifiable data to track risk levels over time.
• Relevant – It should directly relate to the organization's risk landscape.
While cost efficiency is beneficial, it does not determine the effectiveness of a
KRI. A highly effective KRI may require investment in tools, data collection, and
analysis, making "Inexpensive" not an essential characteristic.
www.infosectrain.com
A – Actionable (Leads to clear decisions)
R – Relevant (Aligned with business risks)
M – Measurable (Quantifiable & trackable)
STUDY HACK
To remember essential KRI characteristics, think “ARM Your KRIs”:
If a KRI is cheap but ineffective, it won’t help manage risk!
www.infosectrain.comwww.infosectrain.com
Domain 5
A – Actionable (Leads to clear decisions)
R – Relevant (Aligned with business risks)
M – Measurable (Quantifiable & trackable)
STUDY HACK
To remember essential KRI characteristics, think “ARM Your KRIs”:
If a KRI is cheap but ineffective, it won’t help manage risk!
www.infosectrain.comwww.infosectrain.com
Domain 5
www.infosectrain.com
Q.2. Amit’s organization has developed a document outlining the acceptable
and unacceptable ways employees can use company resources, including
networks and systems. What type of policy does this represent?
Business continuity policy
Acceptable use policy
Incident response policy
A standard, not a policy
Answer: B. Acceptable use policy
Explanation: An Acceptable Use Policy (AUP) defines the permissible and
prohibited ways employees can use company resources, including networks,
systems, and data. This policy ensures compliance, security, and responsible
use of organizational assets.
Answer: B. Acceptable use policy
Explanation: An Acceptable Use Policy (AUP) defines the permissible and
prohibited ways employees can use company resources, including networks,
systems, and data. This policy ensures compliance, security, and responsible
use of organizational assets.
A – Access rules for company systems
U – Usage guidelines (What’s allowed vs. prohibited)
P – Protection from misuse & legal issues
STUDY HACK
To remember AUP , think:
If it defines how employees can use company tech, it's an AUP.
Domain 5
Q.2. Amit’s organization has developed a document outlining the acceptable
and unacceptable ways employees can use company resources, including
networks and systems. What type of policy does this represent?
Business continuity policy
Acceptable use policy
Incident response policy
A standard, not a policy
Answer: B. Acceptable use policy
Explanation: An Acceptable Use Policy (AUP) defines the permissible and
prohibited ways employees can use company resources, including networks,
systems, and data. This policy ensures compliance, security, and responsible
use of organizational assets.
Answer: B. Acceptable use policy
Explanation: An Acceptable Use Policy (AUP) defines the permissible and
prohibited ways employees can use company resources, including networks,
systems, and data. This policy ensures compliance, security, and responsible
use of organizational assets.
A – Access rules for company systems
U – Usage guidelines (What’s allowed vs. prohibited)
P – Protection from misuse & legal issues
STUDY HACK
To remember AUP , think:
If it defines how employees can use company tech, it's an AUP.
Domain 5
www.infosectrain.com
Q.3. Anie is conducting a penetration test and retrieves information about her
target using the Shodan search engine without directly interacting with the
systems. What type of reconnaissance is she performing?
Active
Commercial
Scanner-based
Passive
Answer: D. Passive
Explanation: Passive reconnaissance involves gathering information about a
target without directly interacting with its systems, reducing the chance of
detection. Tools like Shodan, WHOIS lookups, and OSINT techniques allow
attackers or penetration testers to collect valuable insights without triggering
security alarms.
Answer: D. Passive
Explanation: Passive reconnaissance involves gathering information about a
target without directly interacting with its systems, reducing the chance of
detection. Tools like Shodan, WHOIS lookups, and OSINT techniques allow
attackers or penetration testers to collect valuable insights without triggering
security alarms.
P – Publicly available data (Shodan, WHOIS, OSINT)
A – Avoids direct interaction (No scanning)
S – Silent approach (Undetectable)
S – Search engines & open databases used
I – Information gathering only (No system engagement)
V – Very low risk of detection
E – External sources leveraged
STUDY HACK
To remember Passive Reconnaissance, think:
If no direct contact with the target occurs, it’s passive reconnaissance!
Domain 5
Q.3. Anie is conducting a penetration test and retrieves information about her
target using the Shodan search engine without directly interacting with the
systems. What type of reconnaissance is she performing?
Active
Commercial
Scanner-based
Passive
Answer: D. Passive
Explanation: Passive reconnaissance involves gathering information about a
target without directly interacting with its systems, reducing the chance of
detection. Tools like Shodan, WHOIS lookups, and OSINT techniques allow
attackers or penetration testers to collect valuable insights without triggering
security alarms.
Answer: D. Passive
Explanation: Passive reconnaissance involves gathering information about a
target without directly interacting with its systems, reducing the chance of
detection. Tools like Shodan, WHOIS lookups, and OSINT techniques allow
attackers or penetration testers to collect valuable insights without triggering
security alarms.
P – Publicly available data (Shodan, WHOIS, OSINT)
A – Avoids direct interaction (No scanning)
S – Silent approach (Undetectable)
S – Search engines & open databases used
I – Information gathering only (No system engagement)
V – Very low risk of detection
E – External sources leveraged
STUDY HACK
To remember Passive Reconnaissance, think:
If no direct contact with the target occurs, it’s passive reconnaissance!
Domain 5
www.infosectrain.com
Q.4. Nancy’s company is purchasing cybersecurity insurance to reduce the
financial impact of a potential data breach. What type of risk management
strategy is being used?
Transfer
Accept
Avoid
Mitigate
Answer: A. Transfer
Explanation: Risk transfer shifts the financial burden of a risk to a third party,
such as an insurance provider, instead of directly mitigating or accepting it. By
purchasing cybersecurity insurance, Nancy’s company ensures that if a data
breach occurs, the insurance provider covers the financial losses.
Answer: A. Transfer
Explanation: Risk transfer shifts the financial burden of a risk to a third party,
such as an insurance provider, instead of directly mitigating or accepting it. By
purchasing cybersecurity insurance, Nancy’s company ensures that if a data
breach occurs, the insurance provider covers the financial losses.
T – Transfer (Shift risk to insurance or third party)
A – Accept (Do nothing, absorb the risk)
M – Mitigate (Implement controls to reduce the risk)
A – Avoid (Eliminate the risk by discontinuing the risky activity)
STUDY HACK
Remember "TAM-A" for the four main risk management strategies:
If the company buys insurance, it's a risk transfer!
Domain 5
Q.4. Nancy’s company is purchasing cybersecurity insurance to reduce the
financial impact of a potential data breach. What type of risk management
strategy is being used?
Transfer
Accept
Avoid
Mitigate
Answer: A. Transfer
Explanation: Risk transfer shifts the financial burden of a risk to a third party,
such as an insurance provider, instead of directly mitigating or accepting it. By
purchasing cybersecurity insurance, Nancy’s company ensures that if a data
breach occurs, the insurance provider covers the financial losses.
Answer: A. Transfer
Explanation: Risk transfer shifts the financial burden of a risk to a third party,
such as an insurance provider, instead of directly mitigating or accepting it. By
purchasing cybersecurity insurance, Nancy’s company ensures that if a data
breach occurs, the insurance provider covers the financial losses.
T – Transfer (Shift risk to insurance or third party)
A – Accept (Do nothing, absorb the risk)
M – Mitigate (Implement controls to reduce the risk)
A – Avoid (Eliminate the risk by discontinuing the risky activity)
STUDY HACK
Remember "TAM-A" for the four main risk management strategies:
If the company buys insurance, it's a risk transfer!
Domain 5
www.infosectrain.com
Summary
Preparing for the CompTIA Security+ (SY0-701) certification exam can be
challenging, but with the right strategy, you can enhance your understanding,
refine your exam techniques, and pass with confidence on your first try. This
guide has provided you with real-world practice questions, expert
explanations, and study hacks tailored to each domain, helping you identify
weak areas and strengthen your cybersecurity expertise.
The Security+ certification is a globally recognized certification that opens
doors to various cybersecurity roles, including Security Analyst, Network
Administrator, and SOC Analyst. By mastering encryption methods, risk
management strategies, incident response, and security architecture, you’ll be
well-equipped to handle today’s evolving cyber threats.
But simply reading questions isn’t enough—you need a structured learning
path with hands-on labs, expert-led training, and real exam simulations to
solidify your understanding.
If you’re serious about passing the CompTIA Security+ exam and advancing
your cybersecurity career, InfosecTrain’s CompTIA Security+ training course is
your ultimate learning solution.
Summary
Preparing for the CompTIA Security+ (SY0-701) certification exam can be
challenging, but with the right strategy, you can enhance your understanding,
refine your exam techniques, and pass with confidence on your first try. This
guide has provided you with real-world practice questions, expert
explanations, and study hacks tailored to each domain, helping you identify
weak areas and strengthen your cybersecurity expertise.
The Security+ certification is a globally recognized certification that opens
doors to various cybersecurity roles, including Security Analyst, Network
Administrator, and SOC Analyst. By mastering encryption methods, risk
management strategies, incident response, and security architecture, you’ll be
well-equipped to handle today’s evolving cyber threats.
But simply reading questions isn’t enough—you need a structured learning
path with hands-on labs, expert-led training, and real exam simulations to
solidify your understanding.
If you’re serious about passing the CompTIA Security+ exam and advancing
your cybersecurity career, InfosecTrain’s CompTIA Security+ training course is
your ultimate learning solution.
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 15
- Slides 29
- Age 236 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
45 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views