CompTIA Security+ · SY0-701
Objective 2.2: Explain common threat vectors and attack surfaces
Practice questions for Security+ objective 2.2, “Explain common threat vectors and attack surfaces.” Every question is original, written to the SY0-701 exam objectives, and comes with a full explanation — answer them below to see instant grading.
This objective sits in Domain 2.0: Threats, Vulnerabilities, and Mitigations, which is about 22% of the exam — so mastering it moves your readiness score meaningfully.
1.An attacker sends an email with a PDF attachment that exploits a vulnerability in the PDF reader to execute malicious code. Which threat vector does this represent?
2.A company's security policy prohibits the use of Bluetooth on corporate laptops due to attack surface concerns. Which specific Bluetooth attack type involves an attacker forcing unauthorized connections to a Bluetooth-enabled device to exfiltrate data?
3.A company's managed service provider (MSP) is compromised, and the attacker uses the MSP's administrative access to push malicious configurations to all client networks. This is an example of which threat vector?
4.A threat actor sends an email to a company's accounts payable department that appears to come from the CEO. The email requests an urgent wire transfer, claims the CEO is traveling and unreachable by phone, and instructs the recipient not to follow the standard approval process. No malware is involved. Which threat category most precisely describes this attack?
5.Which threat vector involves attackers compromising websites frequently visited by a specific target group in order to infect the targets' systems?
Practice every objective, adaptively
CertBench tracks your score on 2.2 and every other objective, then builds a daily plan that targets your weakest spots. Start with the free diagnostic.
Take the free diagnostic