Free practice test · no sign-up
CompTIA SecurityXFree Advanced Security Practitioner practice test
10 real CompTIA SecurityX practice questions with instant answers and explanations — no account, no credit card, no email. Score yourself, then unlock the full bank of 1,018questions whenever you’re ready. The CompTIA SecurityX passing score is Pass/Fail.
An organization has a single employee filling the procurement officer position. Management wants a different staff member to step into that role temporarily while the current officer is away, in order to detect any irregularities. Which personnel security practice best describes this approach?
Answer key
All 10 CompTIA SecurityX questions & answers
Prefer to just read the answers and explanations? Here’s the full key for this free CompTIA SecurityX test.
Q1. An organization has a single employee filling the procurement officer position. Management wants a different staff member to step into that role temporarily while the current officer is away, in order to detect any irregularities. Which personnel security practice best describes this approach?
Correct answer: C. Mandatory vacation
Mandatory vacation requires an employee to be away from their position so a colleague can temporarily cover the role, creating an opportunity to uncover fraudulent or unusual activity. Job rotation cross-trains employees across roles but does not specifically require the primary employee to be absent. Separation of duties divides a sensitive task among multiple people rather than rotating coverage.
Q2. During an incident investigation, a security team identified an intruder's specific tactics and techniques. They want to contribute what they discovered to a globally maintained repository that catalogues adversarial behaviors. Which resource should they submit the information to?
Correct answer: C. MITRE ATT&CK
MITRE ATT&CK is a structured knowledge base documenting adversary behaviors, including initial access methods, lateral movement, and persistence techniques, making it the appropriate destination for sharing attacker TTPs. CVE and NVD focus on cataloguing known software vulnerabilities rather than behavioral patterns. The Cyber Kill Chain is an analytical model describing attack phases, not a community submission repository.
Q3. An organization has deployed video conferencing software so staff can collaborate remotely. Which of the following is NOT a recognized risk associated with using this type of platform?
Correct answer: B. Side loading
Side loading refers to installing applications on mobile devices from sources outside an official app store, which is unrelated to web conferencing risks. Uninvited participants can join poorly secured meetings that lack access codes. Video streams may be captured if the platform lacks end-to-end encryption. Recordings stored on shared servers can lead to data exposure if access controls are insufficient.
Q4. An organization is concerned that employees are vulnerable to manipulation tactics used by malicious actors. Which countermeasure is most effective at reducing this type of human-targeted risk?
Correct answer: A. Security awareness training
Security awareness training educates staff on recognizing and resisting manipulation techniques, directly reducing susceptibility to social engineering. Compliance tracking ensures policies are followed but does not build employee skills for identifying deception. Continuous monitoring detects anomalies in systems but does not teach users to resist manipulation. Quality assurance is focused on product and service quality, not workforce security education.
Q5. A security team is analyzing a recent breach and needs a framework that maintains an extensive, structured catalogue of the specific actions adversaries take throughout an attack lifecycle. Which framework best fits this need?
Correct answer: B. MITRE ATT&CK
MITRE ATT&CK provides a detailed, continuously updated matrix of adversary tactics, techniques, and procedures mapped to specific attack stages, making it the best choice for granular behavioral analysis. The Cyber Kill Chain offers a high-level seven-phase model rather than a comprehensive TTP catalogue. CAPEC focuses on software attack patterns at the design and code level. The Diamond Model assists analysts in correlating adversary, capability, infrastructure, and victim attributes.
Q6. An organization is hiring an external vendor to build its public-facing website. Which document legally establishes the minimum acceptable performance standards the vendor must meet?
Correct answer: A. SLA
A Service Level Agreement (SLA) defines the minimum performance criteria a service provider must deliver and typically includes penalties for non-compliance. A Memorandum of Understanding (MoU) is a pre-contract document that is generally non-binding. A Request for Proposal (RFP) solicits bids from vendors for a project. A Statement of Work (SoW) describes the detailed scope and deliverables of a project.
Q7. A security team wants to map out the sequential stages an attacker typically follows from initial reconnaissance through achieving their final objective. Which framework provides this high-level, phase-based view of an attack?
Correct answer: D. Cyber Kill Chain
The Cyber Kill Chain outlines seven sequential phases of an attack, from reconnaissance to actions on objectives, giving defenders a structured way to understand attacker progression. MITRE ATT&CK provides granular technique-level detail rather than a phased overview. CVE and NVD are databases of known software vulnerabilities and are not designed to describe attacker behavior stages.
Q8. An e-commerce company does not want to be liable for storing customer payment card data and decides to hand off payment processing entirely to a third-party provider. Which risk management strategy does this represent?
Correct answer: B. Transference
Risk transference shifts the financial or operational burden of a risk to another party, such as a third-party processor or insurer. Risk avoidance means ceasing the activity that creates the risk entirely. Risk deterrence uses controls or consequences to discourage threat actors. Risk mitigation reduces the likelihood or impact of a risk but retains it within the organization.
Q9. A government agency requires a specially constructed, electromagnetically shielded area where sensitive discussions and classified work can occur without risk of electronic eavesdropping or unauthorized entry. Which technical specification governs such a facility?
Correct answer: D. SCIF
A Sensitive Compartmented Information Facility (SCIF) is defined by standards from the National Counterintelligence and Security Center and specifies construction and access requirements for spaces that must be protected from electronic surveillance. CPTED is a design philosophy for deterring crime through environmental layout. ATT&CK is a cyber threat intelligence framework. RIPEMD is a family of cryptographic hash functions.
Q10. An organization wants daily backups of user files, a fast restoration process, and moderate storage consumption. Which backup strategy satisfies all three requirements?
Correct answer: D. Differential
A differential backup captures all changes since the last full backup, requiring only two backup sets for recovery — the full backup and the most recent differential — resulting in fast restore times and moderate storage use. Full daily backups consume the most storage. Incremental backups use the least storage but require restoring multiple sets, leading to slower recovery. Copy backups are one-time snapshots and are not a standard recurring strategy.
Exam facts and objectives sourced from the official CompTIA certification page. Last reviewed June 2026.
Ready for the full CompTIA SecurityX bank? Start free.
1,018 questions, timed mock exams, and missed-question review — 30 free questions, no card.
Start free trial