CompTIA Security+ Practice Questions: Threats and Vulnerabilities

8 free, exam-style CompTIA Security+ (SY0-701) practice questions covering Threats and Vulnerabilities. Each question shows the correct answer and a clear explanation. Ready for the real thing? Take the full timed quiz below.

🚀 Take the full CompTIA Security+ quiz 📘 CompTIA Security+ study guide

Q1. Which of the following BEST describes a zero-day vulnerability?

Explanation: Zero-day vulnerabilities are unknown to the vendor, leaving no time for patches before potential exploitation. Learn more.

Q2. Which attack uses many systems to overwhelm a target service with traffic?

Explanation: Distributed denial-of-service attacks use multiple sources to exhaust capacity or availability. Learn more.

Q3. Which wireless attack creates a fake access point that appears legitimate?

Explanation: An evil twin is a rogue access point configured to impersonate a legitimate wireless network. Learn more.

Q4. Which type of malware encrypts user files and demands payment?

Explanation: Ransomware denies access to data, often through encryption, and demands payment for recovery. Learn more.

Q5. Which attack uses a fake QR code to send users to a malicious site?

Explanation: Quishing is phishing that uses QR codes to direct users to malicious content. Learn more.

Q6. Which attack uses similar-looking domain names to trick users?

Explanation: Typosquatting registers lookalike or misspelled domains to lure users. Learn more.

Q7. Which vulnerability occurs when an application includes user input in an LDAP query without safe handling?

Explanation: LDAP injection manipulates directory queries through unsafe input handling. Learn more.

Q8. Which attack sends fraudulent text messages to steal information?

Explanation: Smishing is phishing conducted through SMS or text messages. Learn more.

More CompTIA Security+ practice topics