Security+ Practice Test MCQs (301–350) – Full Exam Style

Looking for a Security+ practice test that feels like the real exam? You’re in the right place. This section (MCQs 301–350) is designed in full exam style, featuring past exam-based questions across all Security+ domains:

Threats, Attacks & Vulnerabilities
Secure Architecture & Design
Identity & Access Management
Cryptography & PKI
Governance, Risk, and Compliance

Each MCQ comes with the correct answer and detailed explanation to help you not only memorize but also understand exam logic. This ensures you are well-prepared for real-world scenarios and exam success.

Whether you’re preparing for the CompTIA Security+ SY0-701, upgrading from SY0-601, or building cybersecurity knowledge for jobs, this mixed practice test will sharpen your skills.

301. Which security control ensures that users can only access resources necessary for their job role?

A. Least Privilege
B. Separation of Duties
C. Defense in Depth
D. Privilege Escalation

✅ Correct Answer: A. Least Privilege
Explanation: Least Privilege enforces minimal access rights for users to perform their duties, reducing the attack surface.

302. A system administrator detects unusual outbound traffic from a server on port 4444. This may indicate:

A. Secure remote login
B. Malware command-and-control (C2) traffic
C. Database query response
D. Legitimate backup replication

✅ Correct Answer: B. Malware command-and-control (C2) traffic
Explanation: Port 4444 is often abused by malware for C2 traffic, indicating compromise.

303. Which authentication factor is represented by a retina scan?

A. Something you know
B. Something you have
C. Something you are
D. Something you do

✅ Correct Answer: C. Something you are
Explanation: Biometrics (fingerprint, retina, face) are “something you are” factors.

304. A digital signature primarily provides:

A. Confidentiality
B. Availability
C. Non-repudiation
D. Obfuscation

✅ Correct Answer: C. Non-repudiation
Explanation: Digital signatures confirm authenticity and integrity while preventing denial of authorship.

305. Which wireless security protocol is the most secure for enterprise environments?

A. WEP
B. WPA
C. WPA2-PSK
D. WPA3-Enterprise

✅ Correct Answer: D. WPA3-Enterprise
Explanation: WPA3-Enterprise provides the strongest encryption and authentication for wireless networks.

306. During an incident, logs show an attacker tried multiple passwords for an account until successful. This is an example of:

A. Replay Attack
B. Brute Force Attack
C. Man-in-the-Middle Attack
D. Credential Stuffing

✅ Correct Answer: B. Brute Force Attack
Explanation: Brute force attacks involve systematically guessing credentials until access is granted.

307. Which of the following is a preventive control?

A. Security awareness training
B. CCTV monitoring
C. Incident response plan
D. Forensic investigation

✅ Correct Answer: A. Security awareness training
Explanation: Preventive controls stop incidents before they occur. Training reduces human error.

308. What is the purpose of a DMZ in network design?

A. Encrypt internal communications
B. Isolate and expose public-facing services
C. Replace firewalls for inbound traffic
D. Store sensitive corporate data

✅ Correct Answer: B. Isolate and expose public-facing services
Explanation: A DMZ hosts public services (web, mail, DNS) separated from the internal network for security.

309. Which hashing algorithm is considered outdated and insecure for modern cryptography?

A. SHA-256
B. MD5
C. SHA-3
D. SHA-512

✅ Correct Answer: B. MD5
Explanation: MD5 is broken and should not be used for integrity validation.

310. A company requires data to be encrypted while moving between cloud services. Which protocol should be implemented?

A. FTP
B. TLS
C. Telnet
D. SNMP

✅ Correct Answer: B. TLS
Explanation: TLS encrypts data in transit, ensuring confidentiality between services.

311. What is the main security risk of shadow IT?

A. Stronger access controls
B. Unapproved and unmanaged technology usage
C. Increased data encryption
D. Better network segmentation

✅ Correct Answer: B. Unapproved and unmanaged technology usage
Explanation: Shadow IT creates security gaps because it bypasses IT governance.

312. Which tool is most commonly used to capture and analyze network traffic?

A. Wireshark
B. Nessus
C. Nmap
D. Snort

✅ Correct Answer: A. Wireshark
Explanation: Wireshark is a packet analyzer for monitoring and troubleshooting network traffic.

313. An attacker modifies DNS records to redirect traffic to a malicious site. This is known as:

A. DNS Hijacking
B. Pharming
C. DNS Spoofing
D. All of the above

✅ Correct Answer: D. All of the above
Explanation: DNS hijacking/spoofing leads to pharming attacks that redirect users to fake sites.

314. Which RAID level provides both redundancy and performance using mirroring and striping?

A. RAID 0
B. RAID 1
C. RAID 5
D. RAID 10

✅ Correct Answer: D. RAID 10
Explanation: RAID 10 (1+0) combines mirroring (redundancy) with striping (performance).

315. A penetration tester uses a tool to automatically scan and exploit vulnerabilities. This is called:

A. White-box testing
B. Automated penetration testing
C. Social engineering
D. Manual exploitation

✅ Correct Answer: B. Automated penetration testing
Explanation: Automated pen testing uses tools to identify and exploit weaknesses.

316. Which backup method only stores files changed since the last full backup?

A. Full backup
B. Incremental backup
C. Differential backup
D. Continuous backup

✅ Correct Answer: B. Incremental backup
Explanation: Incremental backup saves only changes since the last full or incremental backup.

317. What is the function of SIEM in cybersecurity?

A. Encrypt data at rest
B. Aggregate and analyze security logs
C. Block DDoS attacks
D. Provide cloud storage redundancy

✅ Correct Answer: B. Aggregate and analyze security logs
Explanation: SIEM tools collect, analyze, and correlate log data for threat detection.

318. Which protocol is primarily used for securely accessing a remote server?

A. FTP
B. SSH
C. HTTP
D. SMTP

✅ Correct Answer: B. SSH
Explanation: SSH encrypts remote access sessions for secure administration.

319. What is the primary function of a honeypot?

A. Protect databases directly
B. Lure attackers for monitoring and analysis
C. Encrypt network traffic
D. Prevent phishing

✅ Correct Answer: B. Lure attackers for monitoring and analysis
Explanation: Honeypots simulate vulnerable systems to study attacker behavior.

320. Which vulnerability allows attackers to inject malicious code into web applications via unsanitized inputs?

A. CSRF
B. XSS
C. SQL Injection
D. Buffer Overflow

✅ Correct Answer: C. SQL Injection
Explanation: SQL injection occurs when input isn’t sanitized, allowing malicious queries.

321. Which of the following is an example of multifactor authentication?

A. Username + Password
B. Smart Card + PIN
C. Fingerprint + Retina Scan
D. Password + Security Question

✅ Correct Answer: B. Smart Card + PIN
Explanation: Multifactor requires different categories. Smart card = something you have, PIN = something you know.

322. Which type of malware records keystrokes to steal sensitive data?

A. Trojan
B. Rootkit
C. Keylogger
D. Worm

✅ Correct Answer: C. Keylogger
Explanation: Keyloggers capture typed input, often used for credential theft.

323. What is the main difference between symmetric and asymmetric encryption?

A. Symmetric uses two keys; asymmetric uses one
B. Symmetric uses the same key for encryption/decryption; asymmetric uses a key pair
C. Asymmetric is faster than symmetric
D. Both provide identical performance

✅ Correct Answer: B. Symmetric uses the same key for encryption/decryption; asymmetric uses a key pair
Explanation: Symmetric = one shared key, Asymmetric = public/private key pair.

324. Which attack floods a network with traffic to overwhelm its resources?

A. MITM
B. DoS/DDoS
C. Replay
D. Phishing

✅ Correct Answer: B. DoS/DDoS
Explanation: DoS/DDoS attacks disrupt services by overwhelming systems with traffic.

325. Which of these is a physical security control?

A. Firewall
B. Security Guard
C. Encryption
D. Antivirus

✅ Correct Answer: B. Security Guard
Explanation: Physical controls protect facilities directly (guards, locks, fences).

326. In incident response, which phase focuses on restoring systems back to normal operations?

A. Detection
B. Containment
C. Eradication
D. Recovery

✅ Correct Answer: D. Recovery
Explanation: Recovery restores systems after eradication of threats.

327. What is the primary purpose of a certificate authority (CA)?

A. Encrypt data transmissions
B. Issue and manage digital certificates
C. Manage network firewalls
D. Detect phishing emails

✅ Correct Answer: B. Issue and manage digital certificates
Explanation: CAs validate identities and issue trusted certificates.

**328. Which type of firewall filters traffic based on application-layer data?**

A. Packet-filtering firewall
B. Circuit-level firewall
C. Stateful inspection firewall
D. Application proxy firewall

✅ Correct Answer: D. Application proxy firewall
Explanation: Application firewalls filter traffic at Layer 7 (apps, protocols, content).

329. A company wants to prevent employees from copying data onto USB drives. Which control is most effective?

A. IDS
B. DLP
C. SIEM
D. Proxy

✅ Correct Answer: B. DLP
Explanation: Data Loss Prevention tools restrict data transfer to unauthorized media.

330. Which cryptographic algorithm is used in blockchain for transaction verification?

A. AES
B. SHA-256
C. DES
D. RSA

✅ Correct Answer: B. SHA-256
Explanation: Bitcoin and many blockchains use SHA-256 for hashing transactions.

331. Which of the following attacks exploits the trust between a user’s browser and a web application?

A. SQL Injection
B. XSS
C. CSRF
D. DNS Hijacking

✅ Correct Answer: C. CSRF
Explanation: CSRF forces users to perform unintended actions on web apps where they’re authenticated.

332. Which of these is an example of a strong password policy?

A. Minimum length of 4 characters
B. No expiration required
C. At least 12 characters with complexity requirements
D. Passwords stored in plaintext

✅ Correct Answer: C. At least 12 characters with complexity requirements
Explanation: Long, complex passwords reduce the risk of brute force.

333. Which vulnerability scanner is widely used for identifying system misconfigurations?

A. Nessus
B. Wireshark
C. Burp Suite
D. Snort

✅ Correct Answer: A. Nessus
Explanation: Nessus is a popular vulnerability assessment tool.

334. Which type of malware disguises itself as legitimate software?

A. Worm
B. Trojan
C. Rootkit
D. Spyware

✅ Correct Answer: B. Trojan
Explanation: Trojans appear harmless but contain malicious functions.

335. What is the first step in a penetration test?

A. Exploitation
B. Reconnaissance
C. Reporting
D. Post-exploitation

✅ Correct Answer: B. Reconnaissance
Explanation: Recon gathers intelligence about the target before attacks.

336. A business requires 99.999% uptime for its critical systems. This is also called:

A. Three nines availability
B. Five nines availability
C. Four nines availability
D. Continuous uptime

✅ Correct Answer: B. Five nines availability
Explanation: Five nines = 99.999% uptime (~5 minutes downtime/year).

337. Which wireless attack attempts to trick users into connecting to a fake access point?

A. Evil Twin
B. Bluejacking
C. War Driving
D. Packet Sniffing

✅ Correct Answer: A. Evil Twin
Explanation: Evil twin APs impersonate legitimate Wi-Fi networks.

338. Which security principle prevents one individual from having too much control?

A. Separation of Duties
B. Least Privilege
C. Defense in Depth
D. Non-repudiation

✅ Correct Answer: A. Separation of Duties
Explanation: SoD ensures critical tasks are divided among multiple people.

339. Which cryptographic function ensures that data has not been altered?

A. Confidentiality
B. Integrity
C. Availability
D. Obfuscation

✅ Correct Answer: B. Integrity
Explanation: Integrity is ensured by hashing functions (e.g., SHA-256).

340. Which tool is used for password cracking using precomputed hash values?

A. Hydra
B. John the Ripper
C. Rainbow Tables
D. Cain & Abel

✅ Correct Answer: C. Rainbow Tables
Explanation: Rainbow tables use precomputed hashes to crack passwords quickly.

341. Which type of IDS alerts only when malicious activity is detected?

A. Passive IDS
B. Active IDS
C. Signature-based IDS
D. Anomaly-based IDS

✅ Correct Answer: A. Passive IDS
Explanation: Passive IDS detects and alerts but does not block activity.

342. Which attack targets the ARP protocol to redirect traffic to an attacker’s device?

A. DNS Spoofing
B. ARP Poisoning
C. Replay Attack
D. Session Hijacking

✅ Correct Answer: B. ARP Poisoning
Explanation: ARP poisoning maps attacker’s MAC address to a legitimate IP.

343. Which law regulates data protection in the European Union?

A. HIPAA
B. GDPR
C. CCPA
D. SOX

✅ Correct Answer: B. GDPR
Explanation: General Data Protection Regulation applies across the EU.

344. What type of attack occurs when an attacker reuses valid authentication tokens?

A. Replay Attack
B. Brute Force Attack
C. Dictionary Attack
D. Phishing

✅ Correct Answer: A. Replay Attack
Explanation: Replay attacks capture and reuse valid authentication data.

345. Which type of cloud service provides infrastructure like servers and storage?

A. SaaS
B. PaaS
C. IaaS
D. DaaS

✅ Correct Answer: C. IaaS
Explanation: Infrastructure-as-a-Service delivers hardware and networking resources.

346. Which of these is a common defense against phishing?

A. File Integrity Monitoring
B. Email Filtering with SPF/DKIM
C. Network Load Balancing
D. Port Forwarding

✅ Correct Answer: B. Email Filtering with SPF/DKIM
Explanation: Email authentication protocols (SPF, DKIM, DMARC) prevent spoofing.

347. Which hashing algorithm is used by Bitcoin for mining?

A. SHA-1
B. SHA-256
C. MD5
D. AES

✅ Correct Answer: B. SHA-256
Explanation: Bitcoin mining relies on SHA-256 hashing.

348. Which type of attack relies on exploiting a buffer overflow?

A. Code Injection
B. SQL Injection
C. Logic Bomb
D. Brute Force

✅ Correct Answer: A. Code Injection
Explanation: Buffer overflows allow attackers to insert malicious code.

349. What is the main function of a UTM device?

A. Database monitoring
B. Unified threat management (firewall + IDS/IPS + filtering)
C. Email filtering only
D. Antivirus only

✅ Correct Answer: B. Unified threat management (firewall + IDS/IPS + filtering)
Explanation: UTM devices combine multiple security functions in one.

350. Which cybersecurity framework was developed by NIST to help organizations manage and reduce risk?

A. CIS Controls
B. NIST Cybersecurity Framework
C. ISO 27001
D. COBIT

✅ Correct Answer: B. NIST Cybersecurity Framework
Explanation: The NIST CSF provides guidelines for managing and reducing cybersecurity risks.

You’ve completed the Security+ Mixed Practice Test (MCQs 301–350) with answers and explanations. This exam-style batch combined realistic past exam questions with detailed solutions, making it one of the best study resources for 2025 Security+ preparation.

👉 Next Steps:

Continue practicing with our other Security+ MCQ batches.
Revisit weak areas like PKI, authentication, or risk management.
Bookmark this page for daily revision.

✅ With consistent practice, you’ll be fully confident to pass Security+ on your first attempt and strengthen your cybersecurity career.