CompTIA Security+ Practice Test 31 1 / 10A breach exposes customer data in California. Which law applies? GDPR. HIPAA. CCPA. SOX. FISMA. Correct Answer: CCPA.Explanation: CCPA protects California residents’ consumer data.Correct Answer: CCPA.Explanation: CCPA protects California residents’ consumer data.2 / 10A company needs fast recovery after a crash. Which backup should they use? Incremental. Differential. Full. Synthetic. Compressed. Correct Answer: Full.Explanation: Full backups restore data quickly, requiring no incremental steps.Correct Answer: Full.Explanation: Full backups restore data quickly, requiring no incremental steps.3 / 10A new app has a vulnerability. What should the team follow? A random coding style. The Secure Software Development Lifecycle (SSDLC). A public release schedule. A single developer approach. A no-testing policy. Correct Answer: The Secure Software Development Lifecycle (SSDLC).Explanation: SSDLC embeds security throughout development.Correct Answer: The Secure Software Development Lifecycle (SSDLC).Explanation: SSDLC embeds security throughout development.4 / 10An email appears to come from the CEO but lacks a signature. What should be enabled? SMTP. DKIM. POP3. IMAP. NTP. Correct Answer: DKIM.Explanation: DKIM signs emails to verify authenticity, preventing spoofing.Correct Answer: DKIM.Explanation: DKIM signs emails to verify authenticity, preventing spoofing.5 / 10A DR plan fails during a test. What should the team do NEXT? Ignore the failure. Conduct a tabletop exercise. Encrypt all data. Reboot all systems. Update passwords. Correct Answer: Conduct a tabletop exercise.Explanation: Tabletop exercises refine the plan based on test results.Correct Answer: Conduct a tabletop exercise.Explanation: Tabletop exercises refine the plan based on test results.6 / 10A user clicks a hidden button on a trusted site. What attack occurred? SQL injection. XSS. File inclusion. CSRF. Clickjacking. Correct Answer: Clickjacking.Explanation: Clickjacking hides malicious actions under legitimate interfaces.Correct Answer: Clickjacking.Explanation: Clickjacking hides malicious actions under legitimate interfaces.7 / 10A hacker persists in a network for months. What type of threat is this? A phishing attack. A DDoS attack. A brute-force attack. An advanced persistent threat (APT). A malware infection. Correct Answer: An advanced persistent threat (APT).Explanation: APTs stealthily remain in systems for prolonged periods.Correct Answer: An advanced persistent threat (APT).Explanation: APTs stealthily remain in systems for prolonged periods.8 / 10A company prioritizes cybersecurity spending. Which framework should they use? ITIL. NIST CSF. COBIT. TOGAF. Six Sigma. Correct Answer: NIST CSF.Explanation: NIST CSF helps prioritize investments based on risk.Correct Answer: NIST CSF.Explanation: NIST CSF helps prioritize investments based on risk.9 / 10A backup restores clean data after ransomware. Where should it have been stored? On the infected server. On a public cloud. On a shared drive. In an offline location. On a USB stick. Correct Answer: In an offline location.Explanation: Offline backups are safe from ransomware encryption.Correct Answer: In an offline location.Explanation: Offline backups are safe from ransomware encryption.10 / 10A network protocol is intercepted in plaintext. What should have been used? SNMPv3. SNMPv2c. Telnet. FTP. HTTP. Correct Answer: SNMPv3.Explanation: SNMPv3 encrypts data, unlike SNMPv2c, which is plaintext.Correct Answer: SNMPv3.Explanation: SNMPv3 encrypts data, unlike SNMPv2c, which is plaintext.Your score isThe average score is 100% 0% Restart quiz
