Text preview & study summary
CompTIA Server+ Full Exam Objectives with Simulators
A free sample of 5 questions from this quiz, shown in full with answer choices and explanations. No interactivity — everything is visible on this page for study and review.
Want to test your knowledge? Launch the Interactive Exam Simulator
Question 1
The command: systemctl enable --now firewalld is run on a Linux server. What does this accomplish?
Explanation
systemctl enable starts the service immediately and configures it to start automatically at every subsequent boot; --now combines the start and enable actions. On systemd systems, systemctl is the normal interface for service state and can be used cleanly inside automation. It also lets the script check status, start, stop, restart, or enable services consistently.
Question 2
A security administrator deploys a production-like server loaded with realistic-looking but fake sensitive data that has no legitimate business purpose. Connections to this server trigger immediate alerts. What is this security control called?
Explanation
A honeypot is a decoy system loaded with attractive-looking fake data; any access to it is by definition unauthorized and triggers security alerts, helping detect reconnaissance and intrusion activity. For Server+ questions, the safest approach is to tie the clue in the scenario to the function the technology actually performs in production.
Question 3
A company deploys a dedicated firewall between its internal servers and the internet. Servers running public-facing services are placed in a subnet accessible from the internet but isolated from internal corporate resources. What is this intermediate network zone called?
Explanation
A DMZ is an intermediate network zone that exposes specific services to the internet while isolating them from the internal corporate network, limiting breach impact. The wording in the stem matters here because it points to the operating characteristic being tested, not just a related technology name.
Question 4
All servers run a modular antivirus solution. One server begins exhibiting symptoms that suggest its AV engine may have been disabled by malware. Which TWO actions should be taken FIRST?
Explanation
Isolating the server prevents lateral movement; an offline scan from trusted media bypasses any rootkit or malware that may have disabled or subverted the installed AV engine. This is also a good example of why memorizing terms is not enough; the scenario is testing when that term applies operationally.
Question 5
Monitoring has flagged APP-SRV-02 for unusual outbound HTTPS traffic to an external address during off-hours. The server hosts an internal reporting application and also runs several scheduled maintenance jobs. You have been given a simulated PowerShell investigation console on the server. Determine what is causing the outbound traffic, identify the strongest evidence, and choose the best containment and prevention steps.
Explanation
The strongest evidence shows APP-SRV-02 making unexpected outbound HTTPS connections to 203.0.113.77 from PID 4136. That PID maps to powershell.exe running as CORP\svc-reporting. The scheduled task ReportCacheUpdate launches C:/Scripts/Temp/report_cache_update.ps1 using that same service account, and local administrator membership shows the service account is overprivileged. The best response is to contain the activity while preserving evidence, disable the suspicious task, and rotate or disable the affected service account credential.
