1. Which type of malware disguises itself as legitimate software to trick users into installing it?
0
1
2
3
✅ Correct Answer: Trojan Horse
2. What is the purpose of a firewall in network security?
0
1
2
3
✅ Correct Answer: Block unauthorized access
3. Which type of attack involves overwhelming a system with traffic?
0
1
2
3
✅ Correct Answer: Denial of Service (DoS)
4. What is the purpose of multi-factor authentication (MFA)?
0
1
2
3
✅ Correct Answer: Enhance security by requiring multiple forms of verification
5. Which type of attack involves injecting malicious SQL queries?
0
1
2
3
✅ Correct Answer: SQL Injection
6. What is the purpose of a vulnerability scanner?
0
1
2
3
✅ Correct Answer: Identify weaknesses in a system
7. Which type of malware encrypts files and demands payment for decryption?
0
1
2
3
✅ Correct Answer: Ransomware
8. What is the purpose of a security information and event management (SIEM) system?
0
1
2
3
✅ Correct Answer: Monitor and analyze security events
9. Which type of attack involves redirecting a user to a malicious website?
0
1
2
3
✅ Correct Answer: Phishing
10. What is the purpose of a honeypot?
0
1
2
3
✅ Correct Answer: Attract and detect attackers
11. Which type of encryption is used to secure web traffic?
0
1
2
3
✅ Correct Answer: SSL/TLS
12. What is the purpose of a penetration testing report?
0
1
2
3
✅ Correct Answer: Document findings and recommendations
13. Which type of attack involves exploiting session tokens?
0
1
2
3
✅ Correct Answer: Session Hijacking
14. What is the purpose of a vulnerability assessment?
0
1
2
3
✅ Correct Answer: Identify and prioritize vulnerabilities
15. Which type of attack involves injecting malicious scripts into web pages?
0
1
2
3
✅ Correct Answer: Cross-Site Scripting (XSS)
16. What is the purpose of a password cracking tool?
0
1
2
3
✅ Correct Answer: Recover or guess passwords
17. Which type of malware spreads without user interaction?
0
1
2
3
✅ Correct Answer: Worm
18. What is the purpose of a firewall in network security?
0
1
2
3
✅ Correct Answer: Block unauthorized access
19. Which type of attack involves redirecting a user to a malicious website?
0
1
2
3
✅ Correct Answer: Phishing
20. What is the purpose of a honeypot?
0
1
2
3
✅ Correct Answer: Attract and detect attackers
21. What is the purpose of a security operations center (SOC)?
To monitor and analyze security events
To develop security policies
To conduct penetration tests
To manage physical security
✅ Correct Answer: To monitor and analyze security events
22. Which framework provides guidelines for information security management?
ISO 27001
PCI DSS
HIPAA
GDPR
✅ Correct Answer: ISO 27001
23. What is the purpose of a zero trust security model?
To verify every access request
To block all internet access
To eliminate passwords
To centralize security controls
✅ Correct Answer: To verify every access request
24. Which type of attack involves manipulating human psychology?
Social engineering
DDoS
SQL injection
Buffer overflow
✅ Correct Answer: Social engineering
25. What is the purpose of a security information and event management (SIEM) system?
To correlate and analyze security events
To encrypt sensitive data
To conduct vulnerability scans
To manage firewalls
✅ Correct Answer: To correlate and analyze security events
26. Which protocol provides secure remote access to network devices?
SSH
HTTP
FTP
Telnet
✅ Correct Answer: SSH
27. What is the purpose of a hardware security module (HSM)?
To securely manage cryptographic keys
To encrypt network traffic
To scan for vulnerabilities
To block malware
✅ Correct Answer: To securely manage cryptographic keys
28. Which type of malware encrypts files and demands payment?
Ransomware
Spyware
Adware
Rootkit
✅ Correct Answer: Ransomware
29. What is the purpose of a web application firewall (WAF)?
To protect against web application attacks
To block all internet traffic
To encrypt web communications
To scan for viruses
✅ Correct Answer: To protect against web application attacks
30. Which standard governs payment card security?
PCI DSS
ISO 27001
HIPAA
GDPR
✅ Correct Answer: PCI DSS
31. What is the purpose of threat intelligence?
To understand current security threats
To encrypt sensitive data
To conduct penetration tests
To manage firewalls
✅ Correct Answer: To understand current security threats
32. Which encryption algorithm is asymmetric?
RSA
AES
3DES
Blowfish
✅ Correct Answer: RSA
33. What is the purpose of a security baseline?
To establish minimum security standards
To encrypt communications
To scan for vulnerabilities
To block malware
✅ Correct Answer: To establish minimum security standards
34. Which type of control is an IDS?
Detective
Preventive
Corrective
Compensating
✅ Correct Answer: Detective
35. What is the purpose of a chain of custody in digital forensics?
To document evidence handling
To encrypt forensic data
To analyze malware
To recover deleted files
✅ Correct Answer: To document evidence handling
36. Which protocol provides secure web browsing?
HTTPS
HTTP
FTP
SMTP
✅ Correct Answer: HTTPS
37. What is the purpose of a security assessment?
To evaluate security controls
To encrypt sensitive data
To block attacks
To manage firewalls
✅ Correct Answer: To evaluate security controls
38. Which type of attack involves DNS cache poisoning?
DNS spoofing
Phishing
SQL injection
Cross-site scripting
✅ Correct Answer: DNS spoofing
39. What is the purpose of a virtual private network (VPN)?
To create secure remote connections
To block internet access
To scan for viruses
To encrypt local files
✅ Correct Answer: To create secure remote connections
40. Which regulation protects healthcare data in the US?
HIPAA
PCI DSS
GDPR
SOX
✅ Correct Answer: HIPAA
41. What is the purpose of a disaster recovery plan?
To restore operations after an incident
To prevent security breaches
To encrypt sensitive data
To manage firewalls
✅ Correct Answer: To restore operations after an incident
42. Which encryption mode provides both confidentiality and integrity?
GCM
CBC
ECB
OFB
✅ Correct Answer: GCM
43. What is the purpose of a security awareness program?
To educate users about security risks
To encrypt communications
To scan for vulnerabilities
To block malware
✅ Correct Answer: To educate users about security risks
44. Which type of control is multi-factor authentication?
Preventive
Detective
Corrective
Compensating
✅ Correct Answer: Preventive
45. What is the purpose of a red team exercise?
To simulate real-world attacks
To test backup systems
To encrypt sensitive data
To manage firewalls
✅ Correct Answer: To simulate real-world attacks
46. Which protocol provides secure email?
S/MIME
SMTP
POP3
IMAP
✅ Correct Answer: S/MIME
47. What is the purpose of a business impact analysis?
To identify critical business functions
To encrypt sensitive data
To conduct penetration tests
To manage firewalls
✅ Correct Answer: To identify critical business functions
48. Which type of attack involves session token theft?
Session hijacking
Phishing
SQL injection
Cross-site scripting
✅ Correct Answer: Session hijacking
49. What is the purpose of a security policy?
To define organizational security requirements
To encrypt communications
To scan for vulnerabilities
To block malware
✅ Correct Answer: To define organizational security requirements
50. Which regulation protects personal data in the EU?
GDPR
HIPAA
PCI DSS
SOX
✅ Correct Answer: GDPR
51. What is the purpose of a vulnerability management program?
To identify and remediate vulnerabilities
To encrypt sensitive data
To block attacks
To manage firewalls
✅ Correct Answer: To identify and remediate vulnerabilities
52. Which encryption algorithm is quantum-resistant?
Lattice-based cryptography
RSA
ECC
AES
✅ Correct Answer: Lattice-based cryptography
53. What is the purpose of a secure coding standard?
To prevent vulnerabilities in software
To encrypt communications
To scan for malware
To block network attacks
✅ Correct Answer: To prevent vulnerabilities in software
54. Which type of control is a backup system?
Corrective
Preventive
Detective
Compensating
✅ Correct Answer: Corrective
55. What is the purpose of a penetration test?
To identify exploitable vulnerabilities
To encrypt sensitive data
To block attacks
To manage firewalls
✅ Correct Answer: To identify exploitable vulnerabilities
56. Which protocol provides secure file transfer?
SFTP
FTP
HTTP
SMTP
✅ Correct Answer: SFTP
57. What is the purpose of a risk assessment?
To identify and prioritize risks
To encrypt sensitive data
To conduct penetration tests
To manage firewalls
✅ Correct Answer: To identify and prioritize risks
58. Which type of attack involves LDAP injection?
Directory traversal
Phishing
SQL injection
Cross-site scripting
✅ Correct Answer: Directory traversal
59. What is the purpose of a security control framework?
To organize security controls
To encrypt communications
To scan for vulnerabilities
To block malware
✅ Correct Answer: To organize security controls
60. Which regulation governs financial reporting in the US?
SOX
HIPAA
PCI DSS
GDPR
✅ Correct Answer: SOX
61. What is the purpose of an incident response plan?
To handle security incidents
To prevent breaches
To encrypt sensitive data
To manage firewalls
✅ Correct Answer: To handle security incidents
62. Which encryption algorithm provides perfect forward secrecy?
ECDHE
RSA
AES
3DES
✅ Correct Answer: ECDHE
63. What is the purpose of a data classification policy?
To categorize data by sensitivity
To encrypt communications
To scan for vulnerabilities
To block malware
✅ Correct Answer: To categorize data by sensitivity
64. Which type of control is a security awareness program?
Administrative
Technical
Physical
Compensating
✅ Correct Answer: Administrative
65. What is the purpose of a tabletop exercise?
To test incident response plans
To encrypt sensitive data
To conduct penetration tests
To manage firewalls
✅ Correct Answer: To test incident response plans
66. Which protocol provides secure DNS?
DNSSEC
DNS
DHCP
SNMP
✅ Correct Answer: DNSSEC
67. What is the purpose of a security architecture?
To design secure systems
To encrypt communications
To scan for vulnerabilities
To block malware
✅ Correct Answer: To design secure systems
68. Which type of attack involves XML external entities?
XXE
Phishing
SQL injection
Cross-site scripting
✅ Correct Answer: XXE
69. What is the purpose of a security audit?
To verify compliance with policies
To encrypt sensitive data
To conduct penetration tests
To manage firewalls
✅ Correct Answer: To verify compliance with policies
70. Which regulation protects children's online privacy in the US?
COPPA
HIPAA
PCI DSS
GDPR
✅ Correct Answer: COPPA
71. What is the purpose of a threat modeling process?
To identify potential threats
To encrypt communications
To scan for vulnerabilities
To block malware
✅ Correct Answer: To identify potential threats
72. Which encryption algorithm is used in blockchain?
SHA-256
AES
RSA
3DES
✅ Correct Answer: SHA-256
73. What is the purpose of a security champion program?
To promote security awareness in teams
To encrypt sensitive data
To conduct penetration tests
To manage firewalls
✅ Correct Answer: To promote security awareness in teams
74. Which type of control is a firewall?
Preventive
Detective
Corrective
Compensating
✅ Correct Answer: Preventive
75. What is the purpose of a bug bounty program?
To incentivize vulnerability reporting
To encrypt sensitive data
To block attacks
To manage firewalls
✅ Correct Answer: To incentivize vulnerability reporting
76. Which protocol provides secure time synchronization?
NTPsec
SNMP
SMTP
HTTP
✅ Correct Answer: NTPsec
77. What is the purpose of a security maturity assessment?
To evaluate security program effectiveness
To encrypt communications
To scan for vulnerabilities
To block malware
✅ Correct Answer: To evaluate security program effectiveness
78. Which type of attack involves insecure deserialization?
Object injection
Phishing
SQL injection
Cross-site scripting
✅ Correct Answer: Object injection
79. What is the purpose of a security governance framework?
To align security with business objectives
To encrypt sensitive data
To conduct penetration tests
To manage firewalls
✅ Correct Answer: To align security with business objectives
80. Which regulation governs data breach notifications in the EU?
GDPR
HIPAA
PCI DSS
SOX
✅ Correct Answer: GDPR
81. What is the purpose of a security metrics program?
To measure security effectiveness
To encrypt communications
To scan for vulnerabilities
To block malware
✅ Correct Answer: To measure security effectiveness
82. Which encryption algorithm is used in WPA3?
SAE
AES
RSA
3DES
✅ Correct Answer: SAE
83. What is the purpose of a security awareness training?
To educate users about security risks
To encrypt communications
To scan for vulnerabilities
To block malware
✅ Correct Answer: To educate users about security risks
84. Which type of control is a security camera?
Detective
Preventive
Corrective
Compensating
✅ Correct Answer: Detective
85. What is the purpose of a purple team exercise?
To collaborate on security testing
To encrypt sensitive data
To conduct penetration tests
To manage firewalls
✅ Correct Answer: To collaborate on security testing
86. Which protocol provides secure VoIP?
SRTP
RTP
SIP
HTTP
✅ Correct Answer: SRTP
87. What is the purpose of a security operations manual?
To document security procedures
To encrypt communications
To scan for vulnerabilities
To block malware
✅ Correct Answer: To document security procedures
88. Which type of attack involves insecure direct object references?
IDOR
Phishing
SQL injection
Cross-site scripting
✅ Correct Answer: IDOR
89. What is the purpose of a security certification?
To validate security knowledge
To encrypt sensitive data
To conduct penetration tests
To manage firewalls
✅ Correct Answer: To validate security knowledge
90. Which regulation governs data protection in California?
CCPA
HIPAA
PCI DSS
GDPR
✅ Correct Answer: CCPA
The CompTIA_CA1_005_SecurityX certification is a globally recognized credential for IT professionals.
This practice test helps you prepare by covering key topics like hardware, networking, troubleshooting, and security.
Want more practice? Check out our other mock exams: