Security Architecture
55 free practice questions with explanations
PassNova has 55 free CompTIA Security+ practice questions on Security Architecture, each with a clear explanation. Practise them in the browser with instant feedback — 100% free, no sign-up, on any device. Updated for 2026.
Security Architecture: example questions & answers
Here are 6 example questions from this topic. Practise the full set of 55 free in the browser.
-
Which network zone hosts public-facing servers separated from the internal LAN?
- A Core
- B Screened subnet (DMZ) ✓
- C Access layer
- D Management VLAN
Answer: A screened subnet (DMZ) isolates internet-facing servers from the internal network.
-
Which design principle assumes breach and limits trust by default?
- A Perimeter security
- B Zero trust ✓
- C Implicit trust
- D Open access
Answer: Zero trust assumes breach and verifies every request, granting least privilege.
-
Which control segments the network to contain breaches?
- A Flat network
- B Microsegmentation ✓
- C Single VLAN
- D Open trust
Answer: Microsegmentation creates fine-grained segments to contain lateral movement.
-
Which cloud responsibility model defines who secures what between provider and customer?
- A SLA
- B Shared responsibility model ✓
- C NDA
- D AUP
Answer: The shared responsibility model defines security duties split between cloud provider and customer.
-
In IaaS, who is responsible for securing the guest OS and applications?
- A Provider
- B Customer ✓
- C Neither
- D ISP
Answer: In IaaS, the customer secures the OS, applications, and data; the provider secures the infrastructure.
-
Which technology isolates workloads with lightweight, OS-sharing packaging?
- A Full VM only
- B Containers ✓
- C Bare metal only
- D Mainframe
Answer: Containers isolate workloads while sharing the host kernel, lighter than full VMs.