Practice FC0-U61 Security questions with full explanations on every answer.
Start practicing
Security — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
Which of the following best describes the principle of confidentiality in the CIA triad?
2A company implements a policy requiring employees to use a password and a one-time code sent to their mobile phone when logging into the corporate network. Which security concept is being employed?
3A user receives an email that appears to be from their bank, asking them to click a link and verify their account details. The email contains urgent language and threats of account closure. What type of attack is this?
4Which of the following is the strongest password?
5A security analyst discovers that a file on a server has been modified without authorization. However, the system logs show that the modification was made by an authenticated user who had legitimate access to the file. Which aspect of the CIA triad has been violated?
6Which of the following malware types is characterized by self-replication without needing to attach to a host file?
7A company wants to ensure that sensitive documents are not readable if a laptop is stolen. Which of the following provides the best protection?
8What is the primary purpose of a password manager?
9An attacker gains physical access to a building by following an employee through a secured door without using a badge. This is an example of which social engineering technique?
10Which of the following is the best practice for creating strong passwords?
11A user downloads a free game from an untrusted website. After installation, the user's computer begins displaying pop-up advertisements frequently. Which type of malware is most likely installed?
12An organization uses a security model where users are granted the minimum permissions necessary to perform their job functions. This model is known as:
13Which TWO of the following are effective measures to protect against ransomware attacks? (Select two.)
14Which THREE of the following are examples of multi-factor authentication? (Select three.)
15Which TWO of the following are recommended practices for physical security in an office environment? (Select two.)
16Which of the following best describes the principle of least privilege?
17A user receives an email that appears to be from their bank, asking them to click a link and verify their account details. The user notices the email address is slightly misspelled (e.g., 'support@bankk.com' instead of 'support@bank.com'). Which type of attack is this?
18An organization implements a security control that requires users to swipe a smart card and then enter a PIN to access a secure facility. Which combination of authentication factors does this represent?
19Which of the following is a characteristic of a worm in the context of malware?
20A company wants to protect its network from unauthorized external access. Which of the following devices should be configured to filter traffic based on port and protocol?
21An employee is tailgated into a secure office building by someone without a badge. Which type of security threat does this represent?
22An organization adopts the 3-2-1 backup rule. Which of the following practices aligns with this rule?
23A security analyst is explaining the CIA triad to new employees. Which scenario best illustrates a breach of integrity?
24Which of the following is a best practice for creating a strong password?
25A small business owner wants to protect customer data stored on laptops in case the devices are stolen. Which encryption method provides the best protection for the entire hard drive?
26Which of the following is a key difference between a vulnerability and a threat in cybersecurity?
27A company implements a policy where employees must lock their computer screen when leaving their desk. Which security principle does this practice support?
28Which TWO of the following are examples of social engineering attacks? (Select TWO.)
29Which THREE of the following are effective methods to protect against malware infections? (Select THREE.)
30Which TWO of the following are characteristics of a strong password? (Select TWO.)
31Which of the following best describes the principle of confidentiality in the CIA triad?
32A user receives an email that appears to be from their bank, asking them to click a link and verify their account details. The user suspects it is a phishing attempt. Which type of phishing attack is this most likely to be?
33An organization implements a security policy where users must provide a password and a one-time code generated by a mobile app to log in. Which type of authentication is being used?
34Which of the following is a characteristic of a strong password?
35A company requires all employees to use a smart card and a PIN to access the building. This is an example of which concept?
36A security analyst discovers that a file on a server has been modified without authorization. Which element of the CIA triad has been compromised?
37Which type of malware is designed to replicate itself and spread to other computers without needing to attach to a host file?
38Which of the following is the best practice for backing up data according to the 3-2-1 rule?
39An attacker gains physical access to a secure area by following an authorized employee through a door that requires a badge. This social engineering technique is known as:
40Which of the following encryption methods is used to protect data in transit over a public network, such as the internet?
41A user reports that their computer has been displaying unwanted pop-up advertisements frequently. Which type of malware is most likely responsible?
42Which of the following is an example of a physical security control?
43A company wants to implement the principle of least privilege for its employees. Which TWO of the following actions align with this principle? (Choose TWO.)
44An organization is implementing a defense-in-depth strategy. Which THREE of the following are considered security controls that can be used? (Choose THREE.)
45Which TWO of the following are examples of multi-factor authentication? (Choose TWO.)
46Which element of the CIA triad is primarily concerned with ensuring that data is not accessed by unauthorized individuals?
47A user receives an email that appears to be from their bank, asking them to click a link and verify their account details. The user notices the sender's email address is slightly misspelled. Which type of threat is this?
48An organization requires employees to use a password and a one-time code sent to their mobile phone when logging into the network. Which security principle is being implemented?
49Which of the following is the best practice for creating a strong password?
50A security analyst is explaining the difference between a threat and a vulnerability. Which statement accurately describes this difference?
51Which type of malware is disguised as legitimate software but performs malicious actions?
52A company wants to ensure that data on lost laptops cannot be accessed. Which technology should be used?
53What is the primary purpose of a password manager?
54An employee calls the help desk claiming to be a manager from another department and requests a password reset. This is an example of which social engineering technique?
55A user is concerned about connecting to a public Wi-Fi network at a coffee shop. Which security measure can best protect their data?
56A company's backup strategy requires three copies of data, on two different media types, with one copy offsite. Which backup rule does this follow?
57Which of the following is an example of something you are in multi-factor authentication?
58A company is implementing physical security measures. Which two of the following are examples of physical security controls? (Select TWO.)
59An IT administrator is hardening a server. Which three of the following actions should be taken to improve security? (Select THREE.)
60A user receives a suspicious email with an attachment claiming to be an invoice. Which three practices should the user follow? (Select THREE.)
61Which component of the CIA triad ensures that data cannot be modified by unauthorized users?
62A user receives an email that appears to be from their bank, asking them to click a link and verify their account. The email contains urgent language and a generic greeting. Which type of security threat is this?
63A company implements a policy where employees must swipe their ID card and then enter a PIN to access the server room. Which two authentication factors are being used?
64Which of the following best describes the principle of least privilege?
65What is the primary purpose of a password manager?
66An employee allows a delivery person to enter a secure office building by holding the door open. The delivery person does not have an access badge. Which social engineering attack is this?
67A security administrator wants to protect data at rest on a laptop that may be lost or stolen. Which of the following is the BEST solution?
68Which backup strategy involves keeping three copies of data on two different media types with one copy offsite?
69What is the primary purpose of a network firewall?
70Which type of malware attaches to legitimate files and spreads when those files are executed?
71A company requires employees to use a one-time code from a smartphone app in addition to their password to log into the corporate VPN. This is an example of:
72What is the primary risk of using public Wi-Fi without a VPN?
73Which TWO of the following are examples of physical security measures? (Select TWO)
74Which THREE of the following are characteristics of a strong password? (Select THREE)
75Which TWO of the following are types of malware? (Select TWO)
76Which of the following best describes the 'Confidentiality' component of the CIA triad?
77An employee receives an email that appears to be from the CEO, urgently requesting a wire transfer to an external vendor. The email address looks slightly off. Which type of social engineering attack is this?
78A company is implementing a backup strategy. Which of the following best adheres to the 3-2-1 backup rule?
79Which of the following is an example of multi-factor authentication?
80Which of the following is a characteristic of a strong password?
81An organization wants to ensure that employees only have access to the data necessary to perform their job functions. Which principle should be applied?
82A security analyst notices that a user's computer is running slowly and displaying many pop-up ads. Which type of malware is most likely causing this?
83Which of the following is the primary purpose of hashing a password before storing it in a database?
84What is the difference between a threat and a vulnerability?
85An employee is working from a coffee shop and needs to access company files. Which of the following is the most secure method?
86Which of the following is a characteristic of a worm compared to a virus?
87What is the primary purpose of a firewall?
88A help desk technician receives a call from a user who says their computer is showing a message that files are encrypted and a ransom is demanded. Which TWO types of malware are most likely involved?
89A company is developing a security policy. Which THREE of the following are examples of physical security controls?
90Which TWO of the following are best practices for password security?
91A user receives an email from their bank asking them to click a link and verify their account information. The email contains spelling errors and the sender's address looks suspicious. Which type of social engineering attack is this?
92Which TWO of the following are examples of multi-factor authentication?
93A company's IT policy mandates data backups following the 3-2-1 rule. Which THREE of the following practices align with this rule?
94Which TWO of the following are characteristics of ransomware?
95Which THREE of the following are best practices for password security?
96A security analyst is evaluating risks to the company's network. According to the risk formula (Risk = Likelihood × Impact), which THREE of the following are considered vulnerabilities?
97Which TWO of the following are examples of physical security controls?
98A user wants to protect their laptop in case it is stolen. Which THREE of the following measures would help protect the confidentiality of the data?
The Security domain covers the key concepts tested in this area of the FC0-U61 exam blueprint published by CompTIA. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all FC0-U61 domains — no account required.
The Courseiva FC0-U61 question bank contains 98 questions in the Security domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Security domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included