Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsFC0-U61DomainsSecurity
FC0-U61Free — No Signup

Security

Practice FC0-U61 Security questions with full explanations on every answer.

98questions

Start practicing

Security — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

FC0-U61 Domains

IT Concepts and TerminologyInfrastructureApplications and SoftwareSoftware DevelopmentDatabase FundamentalsSecuritySoftware Development Concepts

Practice Security questions

10Q20Q30Q50Q

All FC0-U61 Security questions (98)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

Which of the following best describes the principle of confidentiality in the CIA triad?

2

A company implements a policy requiring employees to use a password and a one-time code sent to their mobile phone when logging into the corporate network. Which security concept is being employed?

3

A user receives an email that appears to be from their bank, asking them to click a link and verify their account details. The email contains urgent language and threats of account closure. What type of attack is this?

4

Which of the following is the strongest password?

5

A security analyst discovers that a file on a server has been modified without authorization. However, the system logs show that the modification was made by an authenticated user who had legitimate access to the file. Which aspect of the CIA triad has been violated?

6

Which of the following malware types is characterized by self-replication without needing to attach to a host file?

7

A company wants to ensure that sensitive documents are not readable if a laptop is stolen. Which of the following provides the best protection?

8

What is the primary purpose of a password manager?

9

An attacker gains physical access to a building by following an employee through a secured door without using a badge. This is an example of which social engineering technique?

10

Which of the following is the best practice for creating strong passwords?

11

A user downloads a free game from an untrusted website. After installation, the user's computer begins displaying pop-up advertisements frequently. Which type of malware is most likely installed?

12

An organization uses a security model where users are granted the minimum permissions necessary to perform their job functions. This model is known as:

13

Which TWO of the following are effective measures to protect against ransomware attacks? (Select two.)

14

Which THREE of the following are examples of multi-factor authentication? (Select three.)

15

Which TWO of the following are recommended practices for physical security in an office environment? (Select two.)

16

Which of the following best describes the principle of least privilege?

17

A user receives an email that appears to be from their bank, asking them to click a link and verify their account details. The user notices the email address is slightly misspelled (e.g., 'support@bankk.com' instead of 'support@bank.com'). Which type of attack is this?

18

An organization implements a security control that requires users to swipe a smart card and then enter a PIN to access a secure facility. Which combination of authentication factors does this represent?

19

Which of the following is a characteristic of a worm in the context of malware?

20

A company wants to protect its network from unauthorized external access. Which of the following devices should be configured to filter traffic based on port and protocol?

21

An employee is tailgated into a secure office building by someone without a badge. Which type of security threat does this represent?

22

An organization adopts the 3-2-1 backup rule. Which of the following practices aligns with this rule?

23

A security analyst is explaining the CIA triad to new employees. Which scenario best illustrates a breach of integrity?

24

Which of the following is a best practice for creating a strong password?

25

A small business owner wants to protect customer data stored on laptops in case the devices are stolen. Which encryption method provides the best protection for the entire hard drive?

26

Which of the following is a key difference between a vulnerability and a threat in cybersecurity?

27

A company implements a policy where employees must lock their computer screen when leaving their desk. Which security principle does this practice support?

28

Which TWO of the following are examples of social engineering attacks? (Select TWO.)

29

Which THREE of the following are effective methods to protect against malware infections? (Select THREE.)

30

Which TWO of the following are characteristics of a strong password? (Select TWO.)

31

Which of the following best describes the principle of confidentiality in the CIA triad?

32

A user receives an email that appears to be from their bank, asking them to click a link and verify their account details. The user suspects it is a phishing attempt. Which type of phishing attack is this most likely to be?

33

An organization implements a security policy where users must provide a password and a one-time code generated by a mobile app to log in. Which type of authentication is being used?

34

Which of the following is a characteristic of a strong password?

35

A company requires all employees to use a smart card and a PIN to access the building. This is an example of which concept?

36

A security analyst discovers that a file on a server has been modified without authorization. Which element of the CIA triad has been compromised?

37

Which type of malware is designed to replicate itself and spread to other computers without needing to attach to a host file?

38

Which of the following is the best practice for backing up data according to the 3-2-1 rule?

39

An attacker gains physical access to a secure area by following an authorized employee through a door that requires a badge. This social engineering technique is known as:

40

Which of the following encryption methods is used to protect data in transit over a public network, such as the internet?

41

A user reports that their computer has been displaying unwanted pop-up advertisements frequently. Which type of malware is most likely responsible?

42

Which of the following is an example of a physical security control?

43

A company wants to implement the principle of least privilege for its employees. Which TWO of the following actions align with this principle? (Choose TWO.)

44

An organization is implementing a defense-in-depth strategy. Which THREE of the following are considered security controls that can be used? (Choose THREE.)

45

Which TWO of the following are examples of multi-factor authentication? (Choose TWO.)

46

Which element of the CIA triad is primarily concerned with ensuring that data is not accessed by unauthorized individuals?

47

A user receives an email that appears to be from their bank, asking them to click a link and verify their account details. The user notices the sender's email address is slightly misspelled. Which type of threat is this?

48

An organization requires employees to use a password and a one-time code sent to their mobile phone when logging into the network. Which security principle is being implemented?

49

Which of the following is the best practice for creating a strong password?

50

A security analyst is explaining the difference between a threat and a vulnerability. Which statement accurately describes this difference?

51

Which type of malware is disguised as legitimate software but performs malicious actions?

52

A company wants to ensure that data on lost laptops cannot be accessed. Which technology should be used?

53

What is the primary purpose of a password manager?

54

An employee calls the help desk claiming to be a manager from another department and requests a password reset. This is an example of which social engineering technique?

55

A user is concerned about connecting to a public Wi-Fi network at a coffee shop. Which security measure can best protect their data?

56

A company's backup strategy requires three copies of data, on two different media types, with one copy offsite. Which backup rule does this follow?

57

Which of the following is an example of something you are in multi-factor authentication?

58

A company is implementing physical security measures. Which two of the following are examples of physical security controls? (Select TWO.)

59

An IT administrator is hardening a server. Which three of the following actions should be taken to improve security? (Select THREE.)

60

A user receives a suspicious email with an attachment claiming to be an invoice. Which three practices should the user follow? (Select THREE.)

61

Which component of the CIA triad ensures that data cannot be modified by unauthorized users?

62

A user receives an email that appears to be from their bank, asking them to click a link and verify their account. The email contains urgent language and a generic greeting. Which type of security threat is this?

63

A company implements a policy where employees must swipe their ID card and then enter a PIN to access the server room. Which two authentication factors are being used?

64

Which of the following best describes the principle of least privilege?

65

What is the primary purpose of a password manager?

66

An employee allows a delivery person to enter a secure office building by holding the door open. The delivery person does not have an access badge. Which social engineering attack is this?

67

A security administrator wants to protect data at rest on a laptop that may be lost or stolen. Which of the following is the BEST solution?

68

Which backup strategy involves keeping three copies of data on two different media types with one copy offsite?

69

What is the primary purpose of a network firewall?

70

Which type of malware attaches to legitimate files and spreads when those files are executed?

71

A company requires employees to use a one-time code from a smartphone app in addition to their password to log into the corporate VPN. This is an example of:

72

What is the primary risk of using public Wi-Fi without a VPN?

73

Which TWO of the following are examples of physical security measures? (Select TWO)

74

Which THREE of the following are characteristics of a strong password? (Select THREE)

75

Which TWO of the following are types of malware? (Select TWO)

76

Which of the following best describes the 'Confidentiality' component of the CIA triad?

77

An employee receives an email that appears to be from the CEO, urgently requesting a wire transfer to an external vendor. The email address looks slightly off. Which type of social engineering attack is this?

78

A company is implementing a backup strategy. Which of the following best adheres to the 3-2-1 backup rule?

79

Which of the following is an example of multi-factor authentication?

80

Which of the following is a characteristic of a strong password?

81

An organization wants to ensure that employees only have access to the data necessary to perform their job functions. Which principle should be applied?

82

A security analyst notices that a user's computer is running slowly and displaying many pop-up ads. Which type of malware is most likely causing this?

83

Which of the following is the primary purpose of hashing a password before storing it in a database?

84

What is the difference between a threat and a vulnerability?

85

An employee is working from a coffee shop and needs to access company files. Which of the following is the most secure method?

86

Which of the following is a characteristic of a worm compared to a virus?

87

What is the primary purpose of a firewall?

88

A help desk technician receives a call from a user who says their computer is showing a message that files are encrypted and a ransom is demanded. Which TWO types of malware are most likely involved?

89

A company is developing a security policy. Which THREE of the following are examples of physical security controls?

90

Which TWO of the following are best practices for password security?

91

A user receives an email from their bank asking them to click a link and verify their account information. The email contains spelling errors and the sender's address looks suspicious. Which type of social engineering attack is this?

92

Which TWO of the following are examples of multi-factor authentication?

93

A company's IT policy mandates data backups following the 3-2-1 rule. Which THREE of the following practices align with this rule?

94

Which TWO of the following are characteristics of ransomware?

95

Which THREE of the following are best practices for password security?

96

A security analyst is evaluating risks to the company's network. According to the risk formula (Risk = Likelihood × Impact), which THREE of the following are considered vulnerabilities?

97

Which TWO of the following are examples of physical security controls?

98

A user wants to protect their laptop in case it is stolen. Which THREE of the following measures would help protect the confidentiality of the data?

Practice all 98 Security questions

Other FC0-U61 exam domains

IT Concepts and TerminologyInfrastructureApplications and SoftwareSoftware DevelopmentDatabase FundamentalsSoftware Development Concepts

Frequently asked questions

What does the Security domain cover on the FC0-U61 exam?

The Security domain covers the key concepts tested in this area of the FC0-U61 exam blueprint published by CompTIA. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all FC0-U61 domains — no account required.

How many Security questions are in the FC0-U61 question bank?

The Courseiva FC0-U61 question bank contains 98 questions in the Security domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Security for FC0-U61?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Security questions for FC0-U61?

Yes — the session launcher on this page draws questions exclusively from the Security domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your FC0-U61 domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide