Text preview & study summary

CompTIA Server+ Full Exam Objectives with Simulators

A free sample of 5 questions from this quiz, shown in full with answer choices and explanations. No interactivity — everything is visible on this page for study and review.

Want to test your knowledge? Launch the Interactive Exam Simulator

Question 1

The command: systemctl enable --now firewalld is run on a Linux server. What does this accomplish?

Answer choices

  • A. Starts and enables the firewalld service to start automatically at boot. (Correct)

  • B. Disables all firewall rules and allows all traffic temporarily.

  • C. Installs the firewalld package from the default repository.

  • D. Restarts the network service after applying new firewall rules.

Explanation

systemctl enable starts the service immediately and configures it to start automatically at every subsequent boot; --now combines the start and enable actions. On systemd systems, systemctl is the normal interface for service state and can be used cleanly inside automation. It also lets the script check status, start, stop, restart, or enable services consistently.

Question 2

A security administrator deploys a production-like server loaded with realistic-looking but fake sensitive data that has no legitimate business purpose. Connections to this server trigger immediate alerts. What is this security control called?

Answer choices

  • A. DMZ server

  • B. Honeypot (Correct)

  • C. Bastion host

  • D. Jump server

Explanation

A honeypot is a decoy system loaded with attractive-looking fake data; any access to it is by definition unauthorized and triggers security alerts, helping detect reconnaissance and intrusion activity. For Server+ questions, the safest approach is to tie the clue in the scenario to the function the technology actually performs in production.

Question 3

A company deploys a dedicated firewall between its internal servers and the internet. Servers running public-facing services are placed in a subnet accessible from the internet but isolated from internal corporate resources. What is this intermediate network zone called?

Answer choices

  • A. VLAN trunk

  • B. Trusted zone

  • C. DMZ (Demilitarized Zone) (Correct)

  • D. Management network

Explanation

A DMZ is an intermediate network zone that exposes specific services to the internet while isolating them from the internal corporate network, limiting breach impact. The wording in the stem matters here because it points to the operating characteristic being tested, not just a related technology name.

Question 4

All servers run a modular antivirus solution. One server begins exhibiting symptoms that suggest its AV engine may have been disabled by malware. Which TWO actions should be taken FIRST?

Answer choices

  • A. Isolate the affected server from the network to prevent lateral spread. (Correct)

  • B. Reinstall the OS immediately.

  • C. Boot from trusted read-only media and run an offline scan. (Correct)

  • D. Run an online scan using the potentially compromised AV client.

Explanation

Isolating the server prevents lateral movement; an offline scan from trusted media bypasses any rootkit or malware that may have disabled or subverted the installed AV engine. This is also a good example of why memorizing terms is not enough; the scenario is testing when that term applies operationally.

Question 5

Monitoring has flagged APP-SRV-02 for unusual outbound HTTPS traffic to an external address during off-hours. The server hosts an internal reporting application and also runs several scheduled maintenance jobs. You have been given a simulated PowerShell investigation console on the server. Determine what is causing the outbound traffic, identify the strongest evidence, and choose the best containment and prevention steps.

Explanation

The strongest evidence shows APP-SRV-02 making unexpected outbound HTTPS connections to 203.0.113.77 from PID 4136. That PID maps to powershell.exe running as CORP\svc-reporting. The scheduled task ReportCacheUpdate launches C:/Scripts/Temp/report_cache_update.ps1 using that same service account, and local administrator membership shows the service account is overprivileged. The best response is to contain the activity while preserving evidence, disable the suspicious task, and rotate or disable the affected service account credential.