I can only supply content in text form.

then gimme the content

Certainly! Below is the complete, formatted content of your CompTIA Security+ practice sets
including:
Multiple-Choice Questions (MCQs) for Weeks 1 to 4, each week with all topics covered
Scenario-Based Performance-Based Questions (PBQs) for each week, with full solutions
Answer keys for all MCQs
You can copy this entire content into a document editor (like Word or Google Docs) and export it
as a PDF for your study.

CompTIA Security+ Practice Questions and

Answers
Week 1: Foundation & Core Concepts

Multiple Choice Questions (MCQs)

Security Principles & CIA Triad
1. What does the “integrity” pillar of the CIA triad ensure?
A) That systems are always available
B) That information is accurate and unaltered
C) That only authorized users have access
D) That information is backed up daily
2. Which of these is NOT a characteristic of availability?
A) Redundant hardware
B) Frequent backups
C) Access control lists
D) Load balancing
3. Which scenario below best demands high confidentiality?
A) Hosting a public web server
B) Distributing marketing brochures
C) Storing medical patient records
 D) Creating a user help guide
Threats & Attacks
4. What is a phishing attack?
A) Installing malware via USB drives
B) Pretending to be a trusted entity to obtain sensitive information
C) Cracking password hashes
D) Intercepting network traffic
5. Which attack manipulates users into giving up sensitive information?
A) Man-in-the-middle
B) Phishing
C) Zero-day exploit
D) DoS
6. Malware can be described as which of the following?
A) Benign code not meant to harm
B) Software that provides useful features only
C) Malicious software such as viruses or ransomware
D) A protocol used for file transfer
Cryptography & PKI
7. What is the primary function of hashing in information security?
A) Encrypting data
B) Hiding information
C) Verifying data integrity
D) Authenticating users
8. Which of these is a symmetric algorithm?
A) AES
B) RSA
C) DSA
D) ECC
9. PKI stands for:
A) Pretty Key Infrastructure
B) Public Key Infrastructure
C) Private Key Implementation
D) Professional Key Integration
Network Security Devices & Protocols
10. Which device segments a network into different broadcast domains?
- A) Hub
- B) Switch
- C) Router
- D) Firewall
11. Which port does SSH use by default?
A) 21
B) 22
C) 23
D) 25
12. What is the primary role of a firewall?
A) Encrypt data
B) Block all outgoing traffic
C) Filter network traffic and block potential threats
D) Store passwords
Passwords & Authentication
13. Which is an example of something-you-know authentication?
- A) Password
- B) Smart card
- C) Biometric scan
- D) Security token
14. Why is Password123 a weak password?
A) It is not long enough
B) It is commonly used and easy to guess
C) It uses special characters
D) It is case-sensitive
15. What is the difference between authentication and authorization?
A) Authentication is granting access, authorization is proving identity
B) Authentication proves identity, authorization grants access rights
C) Both are the same
D) Authorization involves encryption

Week 2: Networks, IAM, Protocols

Multiple Choice Questions (MCQs)
Secure Network Design & Segmentation
1. What is a DMZ in network security?
A) Main corporate network
B) Secure staff intranet
C) Isolated network for external-facing services
D) Wireless guest network
2. How do VLANs improve security?
A) By speeding up internet connections
B) By physically separating devices
C) By logically segmenting networks
D) By scanning for malware
3. Which is a physical security control for equipment rooms?
A) Password policy
B) CCTV cameras
C) Firewall configuration
D) Antivirus software
Wireless Security
4. Why is WEP insecure?
A) Uses weak, easily cracked encryption
B) Uses strong protocols
C) Is only for wired connections
D) Is not compatible with mobile devices
5. WPA3 is more secure than WPA2 because:
A) Requires less complex passwords
B) Offers better brute-force protections
C) Disables encryption
D) Allows only guest users
6. What is a recommended way to secure access points?
A) Use default admin credentials
B) Hide the SSID and use WPA2/WPA3 encryption
C) Use open authentication
D) Set static IPs for all devices
Identity & Access Management (IAM)
7. The principle of least privilege states:
A) All users have admin access
B) Users only get minimum access rights needed
C) Privileges never change
D) Access is managed by passwords only
8. Which is an example of two-factor authentication?
A) Password only
B) Smart card plus PIN
C) Username only
D) Facial recognition only
9. Federated identity allows:
A) Identity sharing across organizations
B) Multiple users to share passwords
C) Unrestricted access
D) Single factor authentication
Secure Protocols
10. SFTP provides:
- A) Unencrypted file transfer
- B) Secure file transfer using SSH
- C) Email encryption
- D) Two-factor authentication
11. What port is used by HTTPS?
A) 21
B) 22
C) 80
D) 443
12. For secure remote administration, you should use:
A) Telnet
B) FTP
C) SSH
D) HTTP
Week 3: Risk, Host, App Security

Multiple Choice Questions (MCQs)

Risk Management
1. Which defines a threat in risk management?
A) A weakness in a system
B) A potential danger exploits a vulnerability
C) A software update
D) An audit report
2. What is “residual risk”?
A) Risk completely removed
B) Risk remaining after controls are applied
C) Unidentified risk
D) All resource risk
3. Which is NOT a step in risk management?
A) Risk assessment
B) Risk monitoring
C) Marketing evaluation
D) Risk mitigation
Security Assessment & Tools
4. Which tool scans for open ports?
A) Password manager
B) Port scanner
C) VPN client
D) Intrusion prevention system
5. Penetration testing is best described as:
A) Auditing software licenses
B) Simulating an attack to find vulnerabilities
C) Developing encryption algorithms
D) Training new employees
6. Vulnerability scanners are used to:
A) Patch vulnerabilities automatically
B) Detect known security weaknesses
C) Encrypt hard drives
 D) Segment networks
Incident Response
7. Which is a phase in incident response?
A) Investigation only
B) Containment
C) User education
D) Software installation
8. On detecting an incident, your first step should be:
A) Monitor business impact
B) Document incident
C) Contain the incident
D) Run a backup
9. Why document security incidents?
A) For regulatory compliance and future prevention
B) To share on social media
C) To increase network traffic
D) For hardware troubleshooting
Secure System & Application Design
10. System hardening is:
- A) Allowing all services by default
- B) Disabling unnecessary features and services
- C) Installing new software weekly
- D) Encrypting only application code
11. Which is an operating system hardening measure?
A) Creating guest accounts
B) Updating and removing unused services
C) Disabling antivirus
D) Disabling firewalls
12. Why are application patches important?
A) Slow down systems
B) Fix vulnerabilities and improve security
C) Increase social engineering risk
D) Allow remote access
Week 4: Advanced Topics & Mock Exam

Multiple Choice Questions (MCQs)

Social Engineering & Physical Security
1. Tailgating into a building can be prevented by:
A) CCTV only
B) Mantraps or security guards
C) Free Wi-Fi
D) Visitor badges only
2. “Vishing” is:
A) Phishing by email
B) Social engineering via phone call
C) A wireless attack
D) Malware propagation
3. Physical server room security includes:
A) Software updates
B) Locked doors and access controls
C) Wireless security
D) Web filters
Crypto Attacks & Countermeasures
4. A brute force attack tries to:
A) Trick a user into revealing a password
B) Guess every possible password or key
C) Encrypt files with ransomware
D) Sniff network traffic
5. To defend against rainbow table attacks, use:
A) Strong firewall rules
B) Salting passwords before hashing
C) Two-factor authentication only
D) Wireless encryption
6. A man-in-the-middle attack:
A) Steals data from backup drives
B) Intercepts and possibly alters communication between two parties
C) Compromises a server’s hard drive
 D) Is a type of DDoS
Cloud, Virtualization, Mobile Security
7. Which cloud model offers most control over virtual machines and OS?
A) SaaS
B) IaaS
C) PaaS
D) DaaS
8. A risk with BYOD is:
A) Improved compliance
B) Data leakage if a device is lost/stolen
C) More secure admin access
D) Easier patching
9. A good mobile device security measure is:
A) No device encryption
B) Strong device PIN and remote wipe capabilities
C) Sharing credentials via SMS
D) Using outdated OS versions
Review/Exam Strategy
10. Using timed practice exams helps:
- A) Increase panic levels
- B) Simulate real test conditions and boost time management
- C) Slow down learning
- D) Provide exam answers
11. If unsure about a question on test day, best strategy is:
A) Skip and never return
B) Make the best guess and flag for review
C) Ask the proctor for help
D) Choose ‘A’ for every uncertain answer
12. The Pomodoro technique involves:
A) Studying all day without breaks
B) Alternating short focused study with regular breaks
C) Eating after every module
D) Reviewing with a group only
Answer Keys

Week 1
1. B
2. C
3. C
4. B
5. B
6. C
7. C
8. A
9. B
10. C
11. B
12. C
13. A
14. B
15. B

Week 2
1. C
2. C
3. B
4. A
5. B
6. B
7. B
8. B
9. A
10. B
11. D
12. C
Week 3
1. B
2. B
3. C
4. B
5. B
6. B
7. B
8. C
9. A
10. B
11. B
12. B

Week 4
1. B
2. B
3. B
4. B
5. B
6. B
7. B
8. B
9. B
10. B
11. B
12. B

Scenario-Based Performance-Based Questions (PBQs)

Week 1 PBQ: Device Placement and Network Zones

Scenario:
Design a secure network for a branch office: The company public website must be accessible
from the internet, but the HR database and internal workstations must be protected from direct
outside access. Incoming internet traffic must be filtered.
Task: Place the following on appropriate network zones:
 Web Server
HR Database Server
User Workstations
Firewall
Solution Summary:
Firewall at perimeter, filtering all incoming/outgoing traffic.
Web Server placed in the DMZ (accessible from internet but restricted).
HR Database Server and User Workstations in the internal network zone (protected, no
direct public access).

Week 2 PBQ: Wireless Security Configuration

Scenario:
Configure wireless security for a company upgrading its network.
Options:
WPA2-PSK or Open
Strong/Complex Passphrase or Default Password
Disabled SSID broadcast or Broadcast enabled
MAC address filtering enabled or disabled
Correct Configuration:
Use WPA2-PSK (preferably WPA3 if available)
Use a strong, complex passphrase
Disable SSID broadcast (optional but recommended)
Enable MAC address filtering as an additional layer

Week 3 PBQ: Incident Response Steps

Scenario:
A security breach occurs on a file server. The incident response team must take correct steps in
order.
Steps:
A) Contain the incident
B) Eradicate the threat
C) Identify the incident
D) Recover systems
E) Document and lessons learned
Correct Order:
 1. C — Identify
2. A — Contain
3. B — Eradicate
4. D — Recover
5. E — Document

Week 4 PBQ: Access Control Implementation

Scenario:
Set permissions on the Payroll folder:
Finance Managers have read/write/modify access
Finance Staff have read-only
HR Staff have no access
IT Admins have full modify access
Permission Table:

User Permissions

Finance Manager Read, Write, Modify

Finance Staff Read

HR Staff No Access

IT Admin Read, Write, Modify

How to use this:

1. Copy all the above content into a document editor of your choice.
2. Format headings, add spacing, or insert page breaks if preferred.
3. Export or save as PDF.
4. Use this file as your full Security+ study question bank, practice worksheet, or mock exam.
If you want me to provide a text-only version structured as a ready-to-copy template with
minimal editing needed, or want help with a formatted Word or Markdown layout to paste, just
say so!