CompTIA Security+ · SY0-701

Objective 3.2: Given a scenario, apply security principles to secure enterprise infrastructure

Practice questions for Security+ objective 3.2, Given a scenario, apply security principles to secure enterprise infrastructure.” Every question is original, written to the SY0-701 exam objectives, and comes with a full explanation — answer them below to see instant grading.

This objective sits in Domain 3.0: Security Architecture, which is about 18% of the exam — so mastering it moves your readiness score meaningfully.

1.A scenario: A penetration tester discovers that the company's web application firewall is deployed in monitoring mode rather than prevention mode. What is the PRIMARY security implication?

2.FTPS differs from SFTP in that FTPS:

3.An organization is deploying a new externally accessible API that mobile applications will use to access customer account data. The API will be exposed on the public internet and will handle authentication tokens, personal information, and financial data. A security architect must design the API's network architecture to protect against volumetric attacks, provide TLS termination, enforce rate limiting per API key, and route requests to multiple backend API server instances. Which infrastructure component most precisely fulfills all four of these requirements as a unified solution?

4.A cloud architect is designing the network architecture for a three-tier web application deployed in a public cloud environment. The application consists of a public-facing web tier, an application logic tier, and a database tier containing customer PII. The architect wants to ensure that the database tier is not directly reachable from the internet under any circumstances, that the application tier can only receive traffic from the web tier, and that each tier can only initiate connections to the tier directly below it. Which architecture and enforcement mechanism most precisely implements these requirements?

5.Which protocol provides encrypted and authenticated file transfer as an extension of SSH?

Practice every objective, adaptively

CertBench tracks your score on 3.2 and every other objective, then builds a daily plan that targets your weakest spots. Start with the free diagnostic.

Take the free diagnostic

More objectives in Domain 3.0

← All Security+ practice questions