CompTIA Security+ MCQs – Batch 1 (Threats, Attacks & Vulnerabilities)

Preparing for the CompTIA Security+ (SY0-701) exam requires a strong grasp of threats, attacks, and vulnerabilities. This section provides 50 high-quality multiple-choice questions (MCQs) with detailed answers and explanations to help students, IT professionals, and exam aspirants strengthen their concepts.

These practice questions cover critical topics like malware types, phishing, brute force attacks, session hijacking, rootkits, ARP spoofing, zero-day exploits, and more. Designed with EAAT principles (Experience, Expertise, Authoritativeness, Trustworthiness), this set ensures you get real exam-style questions that improve both knowledge and confidence.

Whether you’re preparing for CompTIA Security+ in the USA, UK, Canada, Australia, or Europe, these MCQs will boost your chances of success.

1. Which of the following best describes a phishing attack?

A) Unauthorized scanning of open ports
B) Fraudulent emails designed to trick users into revealing sensitive information
C) Exploiting software vulnerabilities in a system
D) Intercepting network traffic between two parties

✅ Answer: B
📘 Explanation: Phishing attacks use deceptive emails, messages, or websites to trick users into providing sensitive data such as usernames, passwords, or financial details.

2. An attacker modifies a DNS server’s records to redirect traffic from a legitimate website to a malicious one. What is this called?

A) DNS poisoning
B) Domain hijacking
C) URL spoofing
D) ARP poisoning

✅ Answer: A
📘 Explanation: DNS poisoning (or DNS spoofing) alters DNS records to redirect traffic. It’s a common attack method for spreading malware or capturing credentials.

3. Which type of malware disguises itself as a legitimate program?

A) Worm
B) Trojan
C) Virus
D) Rootkit

✅ Answer: B
📘 Explanation: A Trojan horse looks legitimate but hides malicious code. Unlike worms and viruses, it requires the user to install or execute it.

4. Which attack involves overwhelming a system with excessive traffic to make it unavailable?

A) Replay attack
B) Brute-force attack
C) Denial-of-Service (DoS) attack
D) Man-in-the-middle attack

✅ Answer: C
📘 Explanation: DoS attacks flood a system with traffic or requests, exhausting resources and making the system unavailable to legitimate users.

5. An attacker reuses valid network packets to gain unauthorized access. This is called:

A) Replay attack
B) Zero-day attack
C) Session hijacking
D) Spoofing

✅ Answer: A
📘 Explanation: A replay attack involves capturing valid data packets and retransmitting them later to impersonate a user or system.

6. What is the main goal of a rootkit?

A) Encrypt files until ransom is paid
B) Hide malicious processes from detection
C) Infect files and spread via networks
D) Monitor keystrokes of users

✅ Answer: B
📘 Explanation: A rootkit hides processes, files, or system modifications to avoid detection, often used in combination with other malware.

7. Which of the following is an example of a zero-day attack?

A) Exploiting a vulnerability after it has been patched
B) Exploiting a vulnerability on the same day it is discovered
C) Exploiting weak passwords through brute-force
D) Exploiting default admin credentials

✅ Answer: B
📘 Explanation: Zero-day attacks occur when hackers exploit vulnerabilities before a vendor releases a patch, making them highly dangerous.

8. Which attack involves sending false ARP messages on a local network?

A) ARP poisoning
B) DNS hijacking
C) Smurf attack
D) SQL injection

✅ Answer: A
📘 Explanation: ARP poisoning sends false ARP responses to link an attacker’s MAC address with a legitimate IP address, enabling traffic interception.

9. Which type of malware self-replicates without human interaction?

A) Trojan
B) Worm
C) Spyware
D) Ransomware

✅ Answer: B
📘 Explanation: Worms replicate and spread automatically through networks, consuming bandwidth and system resources.

10. What is the primary purpose of ransomware?

A) Collecting browsing data
B) Encrypting files and demanding payment
C) Spreading spam emails
D) Hiding processes from detection

✅ Answer: B
📘 Explanation: Ransomware encrypts files or locks users out of systems until payment (usually in cryptocurrency) is made.

11. Which attack involves injecting malicious SQL queries into input fields?

A) XSS
B) SQL injection
C) Command injection
D) Code injection

✅ Answer: B
📘 Explanation: SQL injection manipulates database queries through user input, often leading to unauthorized data access.

12. What is the main goal of a logic bomb?

A) Replicate across systems
B) Trigger malicious code when certain conditions are met
C) Hide processes from detection
D) Steal login credentials

✅ Answer: B
📘 Explanation: A logic bomb is malicious code that activates under specific conditions, such as a date or user action.

13. Which of the following best describes spear phishing?

A) Generic phishing targeting many people
B) Targeted phishing attack on specific individuals or organizations
C) Fake websites to capture login details
D) Voice-based phishing

✅ Answer: B
📘 Explanation: Spear phishing is a highly targeted phishing attempt aimed at specific individuals, often using personal details.

14. A virus attaches itself to:

A) Boot sectors
B) Legitimate programs or files
C) Network traffic only
D) Operating system kernels exclusively

✅ Answer: B
📘 Explanation: Viruses require a host file or program to replicate, unlike worms which spread independently.

15. Which type of social engineering uses phone calls to deceive people?

A) Smishing
B) Vishing
C) Pharming
D) Spear phishing

✅ Answer: B
📘 Explanation: Vishing (voice phishing) uses phone calls to trick users into revealing sensitive information.

16. An attacker installs hardware between a keyboard and computer to steal keystrokes. This is:

A) Rootkit
B) Keylogger
C) Logic bomb
D) Brute-force attack

✅ Answer: B
📘 Explanation: Keyloggers (hardware or software) record keystrokes, often to steal credentials.

17. Which attack sends ICMP packets with spoofed source addresses to flood a target?

A) Ping of Death
B) Smurf attack
C) SYN flood
D) ARP spoofing

✅ Answer: B
📘 Explanation: A Smurf attack uses ICMP echo requests with spoofed IP addresses, amplifying traffic to overwhelm a target.

18. Which type of malware is specifically designed to gather user activity without consent?

A) Adware
B) Spyware
C) Worm
D) Trojan

✅ Answer: B
📘 Explanation: Spyware monitors user activities like keystrokes, browsing, or emails without the user’s knowledge.

19. Which best describes a watering hole attack?

A) Infecting websites frequently visited by the target group
B) Luring users through fake email links
C) Exploiting outdated operating systems
D) Stealing cookies from browsers

✅ Answer: A
📘 Explanation: In watering hole attacks, attackers compromise popular websites of a target group to deliver malware.

20. An attacker intercepts and alters communication between two systems. This is known as:

A) Replay attack
B) Brute-force attack
C) Man-in-the-Middle (MITM)
D) Session fixation

✅ Answer: C
📘 Explanation: A MITM attack occurs when attackers secretly intercept and modify communication between two parties.

21. What does a buffer overflow exploit?

A) Database queries
B) Web forms
C) Memory allocation flaws
D) User password storage

✅ Answer: C
📘 Explanation: Buffer overflow exploits memory allocation vulnerabilities by writing data beyond buffer limits.

22. Which describes a brute-force attack?

A) Using malware to steal passwords
B) Trying every possible password combination
C) Phishing emails for credentials
D) Injecting malicious scripts

✅ Answer: B
📘 Explanation: Brute-force attacks systematically attempt all password combinations until the correct one is found.

23. Which attack targets cloud-based multi-tenant environments to gain unauthorized access?

A) Hypervisor attack
B) Side-channel attack
C) Cloud jacking
D) Session hijacking

✅ Answer: A
📘 Explanation: Hypervisor attacks target virtualization layers to compromise multiple virtual machines.

24. Which of the following is an example of credential stuffing?

A) Using stolen usernames and passwords across multiple sites
B) Exploiting weak encryption methods
C) Replaying captured packets
D) Exploiting database misconfigurations

✅ Answer: A
📘 Explanation: Credential stuffing involves using leaked usernames and passwords on multiple platforms to gain access.

25. A cross-site scripting (XSS) attack exploits:

A) Client-side input validation flaws
B) DNS servers
C) Database permissions
D) File system vulnerabilities

✅ Answer: A
📘 Explanation: XSS occurs when attackers inject malicious scripts into websites that run on the user’s browser.

26. What is the purpose of privilege escalation?

A) Preventing access to unauthorized users
B) Gaining higher access than originally permitted
C) Encrypting user data for ransom
D) Infecting files with malware

✅ Answer: B
📘 Explanation: Privilege escalation allows attackers to gain higher-level permissions than those assigned initially.

27. Which attack aims to exhaust resources by half-opening TCP connections?

A) SYN flood
B) Smurf attack
C) Ping of Death
D) ARP poisoning

✅ Answer: A
📘 Explanation: SYN floods exploit the TCP handshake by sending multiple requests without completing the connection.

28. Which of the following is a passive attack?

A) Eavesdropping
B) SQL injection
C) Brute-force
D) DoS attack

✅ Answer: A
📘 Explanation: Passive attacks like eavesdropping do not alter data; they simply monitor communications.

29. Which describes a botnet?

A) A collection of infected machines controlled remotely
B) Malware hidden inside legitimate applications
C) Unauthorized access to cloud storage
D) Exploiting wireless encryption flaws

✅ Answer: A
📘 Explanation: Botnets are networks of compromised computers controlled by attackers, often used for large-scale attacks.

30. Which attack involves manipulating users into revealing confidential information?

A) Malware attack
B) Social engineering
C) Brute-force
D) MITM

✅ Answer: B
📘 Explanation: Social engineering exploits human psychology rather than technical flaws to extract sensitive data.

31. Which type of attack involves sending malformed packets that exceed size limits?

A) SYN flood
B) Ping of Death
C) Replay attack
D) Smurf attack

✅ Answer: B
📘 Explanation: The Ping of Death uses oversized packets that crash or freeze target systems.

32. Which of the following is an example of a zero-day attack?

A) Exploiting a known vulnerability without patching
B) Exploiting a vulnerability before a patch is released
C) Using outdated software intentionally
D) Brute-forcing weak passwords

✅ Answer: B
📘 Explanation: Zero-day attacks exploit vulnerabilities that are unknown to vendors and not yet patched.

33. What is the main risk of rainbow table attacks?

A) Guessing usernames
B) Pre-computed password hashes used to crack passwords
C) Phishing emails
D) Fake SSL certificates

✅ Answer: B
📘 Explanation: Rainbow tables allow attackers to crack hashed passwords using pre-computed values.

34. Which best describes pharming?

A) Redirecting users to fake websites via DNS poisoning
B) Sending fraudulent SMS messages
C) Targeting executives with phishing
D) Recording keystrokes

✅ Answer: A
📘 Explanation: Pharming redirects traffic from legitimate sites to malicious ones by corrupting DNS or host files.

35. Which is an example of a supply chain attack?

A) Brute-forcing user credentials
B) Inserting malware into legitimate software updates
C) Phishing emails to employees
D) Denial-of-service attacks

✅ Answer: B
📘 Explanation: Supply chain attacks compromise trusted vendors or updates, like the SolarWinds attack.

36. Which is a distinguishing feature of a worm compared to a virus?

A) Requires a host file
B) Spreads independently across networks
C) Steals credentials
D) Always disguised as software

✅ Answer: B
📘 Explanation: Unlike viruses, worms self-replicate without needing a host file.

37. What is a primary defense against brute-force attacks?

A) Strong encryption
B) Account lockout policies
C) Antivirus software
D) Phishing filters

✅ Answer: B
📘 Explanation: Account lockout policies prevent brute-force attempts by limiting login retries.

38. Which attack tricks a user’s browser into performing actions without consent?

A) SQL injection
B) CSRF (Cross-Site Request Forgery)
C) XSS
D) Replay

✅ Answer: B
📘 Explanation: CSRF forces authenticated users to perform actions unknowingly, such as fund transfers.

39. Which describes rootkits?

A) Malicious programs that steal keystrokes
B) Tools that hide malicious processes from detection
C) Viruses that replicate using files
D) Malware that encrypts data for ransom

✅ Answer: B
📘 Explanation: Rootkits modify system functions to conceal malware from antivirus and monitoring tools.

40. Which wireless attack relies on tricking users into connecting to a fake Wi-Fi hotspot?

A) Evil twin attack
B) Replay attack
C) Bluejacking
D) Smurf attack

✅ Answer: A
📘 Explanation: Evil twin attacks create fake Wi-Fi hotspots to intercept communications.

41. Which is the main purpose of ARP spoofing?

A) Redirect DNS queries
B) Associate attacker’s MAC address with victim’s IP
C) Inject malicious scripts
D) Overload login systems

✅ Answer: B
📘 Explanation: ARP spoofing misleads networks by mapping attacker’s MAC address to a victim’s IP, enabling MITM.

42. Which describes a polymorphic virus?

A) Infects mobile apps only
B) Constantly changes its code to avoid detection
C) Infects boot sectors only
D) Requires admin privileges to run

✅ Answer: B
📘 Explanation: Polymorphic viruses alter their code signatures, making them hard to detect with traditional antivirus.

43. Which of the following is an example of session hijacking?

A) Intercepting cookies to impersonate users
B) Sending fraudulent emails
C) Exploiting outdated encryption
D) Guessing passwords

✅ Answer: A
📘 Explanation: Session hijacking exploits stolen session tokens or cookies to take over accounts.

44. What is the main purpose of a honeypot?

A) Protect user passwords
B) Monitor and study attacker techniques
C) Encrypt files for ransom
D) Spread malware

✅ Answer: B
📘 Explanation: Honeypots lure attackers into interacting with decoy systems to study and detect attacks.

45. Which attack uses ICMP packets to flood a target?

A) Smurf attack
B) SYN flood
C) Replay attack
D) DNS spoofing

✅ Answer: A
📘 Explanation: Smurf attacks use ICMP echo requests with spoofed addresses to flood the victim.

46. Which describes whaling?

A) Generic phishing
B) Phishing targeting executives or high-value individuals
C) Voice-based phishing
D) Pharming

✅ Answer: B
📘 Explanation: Whaling attacks target CEOs, CFOs, or executives with tailored phishing attempts.

47. Which describes a Trojan horse?

A) Self-replicating malware
B) Malware disguised as legitimate software
C) Malware that spreads without human interaction
D) Malware embedded in boot sectors

✅ Answer: B
📘 Explanation: Trojans appear as legitimate software but contain hidden malicious code.

48. Which attack type is associated with reusing intercepted credentials?

A) Replay attack
B) Logic bomb
C) Smishing
D) Pharming

✅ Answer: A
📘 Explanation: Replay attacks involve intercepting and retransmitting valid authentication data.

49. Which attack takes advantage of predictable session IDs?

A) Session fixation
B) Brute-force attack
C) CSRF
D) Rootkit attack

✅ Answer: A
📘 Explanation: Session fixation allows attackers to hijack sessions by forcing victims to use known session IDs.

50. Which security issue arises when input is not properly validated?

A) XSS, SQL injection, and buffer overflow
B) Only brute-force attacks
C) Only phishing attempts
D) ARP spoofing

✅ Answer: A
📘 Explanation: Lack of input validation exposes systems to XSS, SQL injection, and buffer overflow vulnerabilities.

You’ve just practiced 50 CompTIA Security+ MCQs on Threats, Attacks & Vulnerabilities, complete with explanations to clear your doubts. To master the exam, continue with other sections like Technologies & Tools, Architecture & Design, Risk Management, and Cryptography.

Stay tuned as we upload more Security+ practice sets to help you succeed on your first attempt. For best results, bookmark this page and practice daily!