Security+ Practice Exam 2 – Part 3 (Q41–Q60)
Questions only – No answers provided
Q41. Which of the following BEST protects against session hijacking? A. Using HTTPS with secure
cookies B. Disabling antivirus C. Strong password policy D. Changing firewall rules
Q42. A company wants to classify data based on sensitivity. Which of the following is the BEST
example of classification levels? A. Secret, Confidential, Public B. High, Medium, Low Availability C.
PCI DSS, HIPAA, GDPR D. Backup, Archive, Restore
Q43. Which attack exploits a vulnerability in dynamic memory allocation? A. Buffer overflow B. XSS
C. Phishing D. Ransomware
Q44. An employee receives a phone call from someone pretending to be IT support asking for login
credentials. This is an example of: A. Vishing B. Phishing C. Smishing D. Whaling
Q45. Which of the following is MOST effective in preventing tailgating? A. Security guard B. Strong
passwords C. IDS D. SIEM
Q46. Which cryptographic concept ensures that the sender of a message cannot later deny sending
it? A. Confidentiality B. Integrity C. Availability D. Non-repudiation
Q47. Which security framework focuses specifically on payment card security? A. ISO 27001 B.
PCI DSS C. HIPAA D. GDPR
Q48. Which technology allows a single physical server to run multiple virtual machines? A.
Hypervisor B. Containerization C. RAID D. Clustering
Q49. A penetration tester uses social media to gather details about employees before launching a
phishing campaign. This is BEST described as: A. Passive reconnaissance B. Active
reconnaissance C. Exploitation D. Pivoting
Q50. Which of the following devices can help prevent data loss from removable storage devices? A.
IDS B. DLP C. WAF D. Firewall
Q51. Which algorithm is commonly used for public key encryption? A. AES B. RSA C. SHA-256 D.
MD5
Q52. Which of the following is a corrective control? A. Security awareness training B. Fire
extinguisher system C. Motion sensor D. Intrusion alarm
Q53. A security analyst notices unusual outbound traffic from a server at 2 AM. What is the MOST
likely cause? A. Insider threat B. Data exfiltration C. Backup process D. DoS attack
Q54. Which backup site type provides the FASTEST recovery time objective (RTO)? A. Cold site B.
Warm site C. Hot site D. Tape archive
Q55. An organization wants to ensure system patches are tested before deployment. Which
process ensures this? A. Incident response B. Change management C. Configuration management
D. Disaster recovery planning
Q56. Which of the following uses deception technology to detect intruders? A. Honeypot B. IDS C.
Firewall D. SIEM
Q57. Which wireless attack involves an attacker creating a fake access point? A. Evil twin B.
Replay C. Bluejacking D. Jamming
Q58. Which type of test involves security experts simulating attacks with prior knowledge of the
target? A. Black box B. White box C. Gray box D. Fuzzing
�Q59. Which of the following is considered a physical security control? A. Firewall B. Security
camera C. Antivirus software D. Access control list
Q60. Which cloud service model provides pre-configured applications for users? A. IaaS B. PaaS
C. SaaS D. FaaS
