View SK0-005 Exam Questions

Q: 1

Which of the following types of physical security controls would most likely be a target of a social engineering attack?

Options

Discussion

Hannah Q. Mar 14, 2026 9:21 am

Honestly, CompTIA always does this by mixing tech and people in answers. It's A.

Nora N. Mar 16, 2026 8:53 am

I see how D could work since attackers sometimes trick staff to override biometric locks, especially if there's poor policy or people get lazy about checking. D for that angle, since tech gets bypassed via humans now and then. Open to other takes though.

Avery T. Feb 26, 2026 7:00 pm

Not buying D here, since social engineering really works best on people, not tech. A.

Zoe K. Feb 26, 2026 4:16 pm

Likely D since I've seen some CompTIA prep material say attackers try to trick staff into overriding biometric locks, but I might be mixing up SE with technical bypass. Official guide and practice questions usually push human controls as the main target though. Anyone studied labs with social engineering angles?

Jordan Mar 2, 2026 7:43 pm

A , saw similar wording on a practice exam. Human-based controls like security guards are way more likely to be targeted in social engineering than hardware barriers. Happy to hear if anyone's seen different in real test reports.

LeoI Feb 27, 2026 11:17 pm

Its A, not D. Social engineering tricks people, not physical devices like biometrics or bollards.

MorganN Mar 5, 2026 11:52 am

Option D makes sense if you consider that attackers might try to trick employees into letting them use someone else's biometric credentials or override the lock. While guards are a common social engineering target, if the policy allows staff intervention on biometric problems, attackers could exploit that loophole. Pretty sure it's usually A, but I can see D getting hit if there's weak process around the device. Disagree?

Ava P. Mar 12, 2026 10:07 am

D but could see A making sense too if we focus on the human part.

Logan P. Mar 4, 2026 11:25 pm

Probably A here. Social engineering almost always hits the human, and a security guard is definitely more vulnerable than fences or locks.

Ethan D. Feb 27, 2026 9:07 pm

A for sure. Social engineering targets the human element, so a security guard is most likely. D looks tempting but it's a trap since tech controls aren't as easily manipulated as people. Pretty sure that's what CompTIA wants here, but open to debate.

Be respectful. No spam.

Q: 2

Which of the following policies would be BEST to deter a brute-force login attack?

Options

Discussion

Taylor Y. Mar 1, 2026 7:25 pm

D . Had something like this in a mock and account lockout threshold was flagged as the key control. It directly blocks repeated failed logins, which is exactly how brute-force works. Password complexity helps but doesn't actually stop the attempts.

Jason N. Mar 10, 2026 8:02 am

Not convinced it's A. D actually prevents brute-force by locking the account, while complexity just makes guessing harder but doesn't block attempts.

Jack Z. Mar 11, 2026 5:47 am

D imo, official study guide and practice test both mention lockout policies as effective against brute-force.

Luke Mar 15, 2026 1:18 pm

Makes sense to pick D for this. Lockout threshold actually blocks the brute-force after a set number of tries.

Ben P. Mar 16, 2026 11:34 pm

I don’t think it’s A. D is way better here since account lockout actually halts brute-force attacks as soon as the threshold is hit. The others help password strength but don't actively stop attack attempts. Pretty sure on this.

Anita X. Mar 16, 2026 12:22 pm

A , seen similar question on practice and complexity always gets flagged as a must-have.

SteadyLead7833 Feb 26, 2026 9:59 pm

Its A

Ava D. Mar 1, 2026 1:32 am

Wouldn’t account lockout be a problem if users get locked out during legit failed attempts? Still, D is correct unless the environment can’t handle potential user lockouts.

Avery D. Mar 12, 2026 1:06 am

D lockout threshold is what actually blocks brute-force. Password complexity just slows it, not stops it outright.

Jamie Z. Mar 4, 2026 5:17 pm

Dont think it’s A. D is more direct against brute-force since lockout stops repeated logins, but password complexity is a trap here.

Be respectful. No spam.

Q: 3

An administrator needs to perform bare-metal maintenance on a server in a remote datacenter. Which of the following should the administrator use to access the server’s console?

Options

Discussion

Riley D. Mar 16, 2026 5:11 pm

I don’t think it’s A. Option D trips up a lot of people, I'd pick RDP for remote console tasks here.

Amelia C. Mar 3, 2026 4:50 pm

Nah, it’s not B-VNC only works once the OS is running. For bare-metal (like BIOS or pre-boot) remote console, A (IP KVM) is what actually lets you interact before the OS loads. Got tripped by that a couple times in practice sets. Let me know if you think there’s a use case for anything but A.

Ben V. Mar 16, 2026 10:21 am

D seems right to me since RDP lets you remote into the server, even for maintenance. Maybe I'm missing something about "bare-metal," but I thought RDP could handle a lot of that if the OS is online. Am I off here?

SkepticalReviewer7079 Mar 6, 2026 3:24 pm

Definitely A for bare-metal. The other options rely on the OS being up, but an IP KVM gets you direct console access.

Sean Q. Mar 11, 2026 6:12 pm

Option D

Ravi I. Mar 11, 2026 3:51 pm

Maybe A lets you get to the server even if there's no OS or it's crashed. The real trap is picking VNC or RDP, but those only work when the OS is running. Seen similar questions in practice sets.

Jamie Mar 19, 2026 6:22 am

C or A? If the admin was on-site C would make sense, but for remote pre-OS access I'm thinking A is correct.

Morgan Mar 11, 2026 11:43 am

Every CompTIA question makes remote management sound trickier than it is. A imo, since IP KVM is the only one here that'll let you touch BIOS or pre-OS screens from afar, nothing else works at bare metal.

Arjun T. Mar 1, 2026 4:43 pm

Wouldn’t VNC require a working OS already? How would you use it for BIOS access?

Taylor N. Mar 1, 2026 6:35 am

Why wouldn't VNC (B) work here if you had a service running?

Be respectful. No spam.

Q: 4

A company deploys antivirus, anti-malware, and firewalls that can be assumed to be functioning properly. Which of the following is the MOST likely system vulnerability?

Options

Discussion

Mason F. Mar 10, 2026 8:08 pm

Yeah, gotta be A. Antivirus and firewalls don’t catch trusted users doing shady stuff.

Jordan P. Mar 10, 2026 9:59 pm

C , I think ransomware still poses a risk even with AV/firewall since not every variant is caught right away. D seems possible too but I usually see ransomware slipping through in practice. Anyone pick D?

PiyaE Mar 7, 2026 1:21 am

I get why some might pick D, but worms and ransomware are both mostly external threats and firewalls/AV cover those. Trap is thinking open ports matter most, but A is still the bigger risk with strong perimeter controls.

SeasonedArchitect8101 Mar 10, 2026 11:31 am

A tbh. Saw similar logic in practice exams and the official guide highlights that insider threat slips past traditional AV/firewall controls. Still, open ports (D) get people sometimes so worth labbing both scenarios if unsure.

Mason Mar 15, 2026 10:45 am

Hard to say, D, since open ports can still be overlooked even with strong AV and firewalls. A seems like a trap answer here.

Ben Q. Mar 16, 2026 7:32 am

Call it A here. Even with AV and a firewall working, insider threat is tough since it's about trusted users doing harm. Open ports looks tempting, but controls in place reduce that risk. Anyone think differently?

AvaW Mar 14, 2026 5:17 am

Option D - open ports. Similar question showed up in some practice exams, worth double-checking the official objectives and doing a few lab scenarios to see how often open ports get missed even with good AV.

TaylorA Mar 5, 2026 9:33 am

Pretty sure A (insider threat) is the one AV and firewalls can't really deal with since it's about someone already trusted. The others are mostly external or handled by those controls. Open to corrections if I missed something.

Aisha A. Mar 4, 2026 4:29 pm

A tbh, D is tempting but insider threat is what those tools can't really stop. Trap question imo.

Ryan L. Feb 26, 2026 1:16 pm

Its A. Even if your AV and firewalls are solid, they can't really protect against an insider using their legit access to do something bad. Only thing those controls miss, so makes sense here. If I'm missing something let me know.

Be respectful. No spam.

Q: 5

Which of the following must a server administrator do to ensure data on the SAN is not compromised if it is leaked?

Options

Discussion

Ishaan Mar 11, 2026 3:55 am

Yep, it's B here.

FocusedAuditor1748 Mar 9, 2026 10:04 am

Option B If someone leaks the SAN data, at-rest encryption is what really keeps it safe. Not 100 percent sure but all signs point to B for this kind of compromise.

Priya Y. Mar 5, 2026 9:53 pm

I don’t think D fits here. B is the best choice since encrypting data at rest specifically protects info if SAN drives or backups get leaked, not just network snooping. D is tempting but more about data moving in transit. Sometimes folks mix up both.

Jack S. Mar 13, 2026 2:29 pm

B . Only data-at-rest encryption protects against someone stealing SAN disks or snapshots. D is more about network eavesdropping, not leaks from storage itself. Pretty sure it's B but open to other thoughts.

CameronN Mar 8, 2026 1:32 am

If the data is compromised after being leaked (not while in transit), B.

Grace Q. Mar 3, 2026 12:10 pm

Pretty common in practice exams, official Server+ guide covers this. B

Logan Mar 6, 2026 11:10 pm

Not A, it’s really B here. The question focuses on leaked data from the SAN, which means you need encryption at rest, not just when the data is leaving or in transit. Easy to mix up with the transport options.

Hannah D. Mar 17, 2026 1:22 pm

B tbh, that's what protects against compromised SAN storage, not just network sniffing like D. Tricky wording.

Noah U. Feb 26, 2026 3:18 pm

Torn between B and D honestly, but B fits better since the question is about leaked data sitting on the SAN.

Taylor Z. Mar 3, 2026 12:26 pm

A is wrong, B. Encrypting data at rest on the SAN means if someone grabs the storage itself, they still can't read anything without the keys. Not 100 percent but that's how I'd approach it for this scenario.

Be respectful. No spam.

Q: 6

A technician is configuring a server that requires secure remote access. Which of the following ports should the technician use?

Options

Discussion

Liam Feb 28, 2026 6:09 am

My pick: B

Riley Mar 14, 2026 2:03 am

Option B is right since port 22 means SSH, which is secure remote access. But if the question asked for web-based remote admin (like HTTPS), D (443) would make more sense, so does it mean CLI or browser access?

Skyler Mar 3, 2026 8:06 pm

B . That's SSH's port for secure remote CLI, fits the question best here.

Karan Mar 17, 2026 12:09 pm

D tbh

HelpfulAnalyst4114 Mar 3, 2026 8:04 pm

Drew Y. Mar 6, 2026 4:07 pm

Are we sure this is talking about a browser or is it just generic remote CLI access?

JordanR Mar 13, 2026 7:31 pm

C or D, since secure remote access could mean HTTPS (443) for web consoles, not just CLI. Not 100 percent sure here.

Chris L. Mar 1, 2026 7:41 pm

Option D makes sense if we're talking a web-based management portal since 443 is HTTPS. The question just says "secure remote access" which feels vague, so I think D could be right if that's the context. B is probably what they're looking for but the wording can trip you up here.

Emma S. Mar 16, 2026 6:11 am

Pretty solid it's B. Port 22 is the default for SSH, which is the go-to for secure remote CLI access to servers. A and C are FTP/Telnet and not secure, D (443) is HTTPS and would only apply if a browser-based tool was involved, which isn't said here. Correct me if I'm missing a scenario!

NathanX Mar 5, 2026 8:40 pm

B tbh, 22 is secure remote CLI (SSH) so that's the right one here. D's just a trap if you're thinking HTTPS management. Seen similar question in other practice sets.

Be respectful. No spam.

Q: 7

Which of the following is typical of software licensing in the cloud?

Options

Discussion

Nora D. Mar 11, 2026 5:29 am

Not sure why folks are picking B, isn't subscription-based (C) way more common with cloud software than perpetual?

Owen A. Mar 12, 2026 9:11 am

Perpetual sounds right here, since I've seen lifetime licenses offered by some SaaS platforms in the cloud. B

Ethan I. Mar 16, 2026 4:34 am

C tbh

MorganA Mar 1, 2026 4:44 am

I'd say D here. Site-based still gets used for cloud in some setups, at least from what I've seen.

ZoeE Mar 3, 2026 11:12 pm

Its C, since most cloud software uses subscription-based licensing these days. Perpetual or per socket is super rare in the cloud.

Luke R. Mar 4, 2026 4:21 am

I don’t think it’s B. C fits because cloud licensing is usually pay-as-you-go, so subscription-based. Perpetual is a trap since that's more typical on-prem or legacy stuff. Stuff like per socket or site-based doesn't really match cloud setups. Pretty sure C, but open to discussion.

Nathan M. Mar 5, 2026 2:45 am

Probably C for this one. Subscription-based licensing is pretty much the norm for cloud software, you pay monthly or yearly rather than owning it forever. Official study guide and some recent practice sets mention this model a lot. Pretty sure that's what they're going for here, but open to other ideas.

Mia A. Feb 26, 2026 7:53 pm

B tbh, perpetual can apply since some vendors offer lifetime licenses in the cloud setup too. Site-based is a trap.

Olivia L. Mar 15, 2026 7:41 pm

Not B, C. Cloud software licensing is almost always subscription-based unless they specify legacy or on-prem cases.

Liam Mar 5, 2026 5:12 am

B or D, kinda stuck here since some vendors still do site-based in special contracts.

Be respectful. No spam.

Q: 8

Which of the following open ports should be closed to secure the server properly? (Choose two.)

Options

Discussion

Morgan M. Mar 2, 2026 8:36 pm

Honestly, these port questions are always vague. I'm putting D and F.

Casey Q. Mar 8, 2026 6:57 am

Nah, closing D would break DNS but A and C are insecure defaults. A, C.

Meera U. Mar 11, 2026 8:39 am

Its A and C. 21 is FTP and 23 is Telnet, both send data unencrypted. I think some might pick B (SSH) but that's actually needed for secure admin access.

Quinn Mar 14, 2026 7:36 pm

Option B and F. SSH (22) and LDAPS (636) are sometimes left open when not needed, so I usually pick those. Port 21 looks like a trap since some practice exams swap it out, but not fully sure.

Olivia O. Feb 27, 2026 3:18 pm

B tbh, but not sure since it depends if those services are actually needed. Maybe A and C are better picks.

LukeI Mar 13, 2026 10:05 am

Nah, not B or D. A and C are right here since FTP (21) and Telnet (23) are known for being super insecure, classic trap for leaving those open from older setups.

Neha Z. Mar 1, 2026 9:33 am

A C tbh, lots of practice tests say those are risky, official guide covers these ports too.

Logan H. Mar 8, 2026 8:44 pm

A and C

ThoughtfulLead3841 Mar 15, 2026 6:08 am

A C, saw this same combo in a mock exam and that's what I picked.

Priya R. Mar 10, 2026 2:42 pm

A and C make sense since FTP (21) and Telnet (23) both send stuff unencrypted. Those are usually the first to close for better security. Not 100% but pretty sure that's what they're after here, agree?

Be respectful. No spam.

Q: 9

Which of the following would be BEST to help protect an organization against social engineering?

Options

Discussion

Jason H. Feb 27, 2026 4:01 am

Option B makes the most sense. Social engineering attacks target people, not systems, so recurring training and support directly addresses the human element. D sounds good but is really just a policy update and won’t actually prevent users from falling for tricks. Pretty confident in B, but willing to hear other thoughts.

SofiaK Mar 17, 2026 5:23 am

C or D? SSO (C) seems like it could help by reducing credential reuse, which attackers love in social engineering. Or maybe D if you focus on policy changes. Not totally convinced these beat regular training though.

MethodicalLearner7249 Mar 9, 2026 8:51 pm

encountered exactly similar question in my exam, on practice, went with B

Quinn B. Mar 11, 2026 12:00 pm

Probably B here. Social engineering targets people, so technical stuff like complex passwords (A) or SSO (C) won’t really stop someone from being tricked. Recurring training and support actually helps users spot the scams. D isn’t enough, since policy alone won’t change behavior like regular awareness training will. Open to other views if I missed something, but pretty sure it’s B.

CarefulOps3767 Feb 27, 2026 9:10 am

Honestly, I get why D looks appealing since enforcing social media rules does help, but I think B is the real answer. Ongoing training is what actually sharpens staff against phishing or pretext attacks, which are core to social engineering. C (SSO) and A (complex passwords) are more technical controls, not really fixing the human side. Pretty sure it's B, but open if I'm missing something here.

Robin Mar 9, 2026 8:42 pm

C or D for me. SSO (C) can really cut down on password reuse and minimize weak links, which I think helps against certain social engineering attempts. D could work too since policies steer employee behavior directly. Not 100 percent but SSO feels underrated here, anyone disagree?

Ryan B. Mar 17, 2026 9:33 am

Honestly, I'd pick D here since updating the code of conduct seems like it would directly address what staff can share publicly, which is a big social engineering risk. Option B looks tempting but feels less immediate to me.

Amelia Mar 6, 2026 11:30 am

D . Updating the code of conduct for social media use should help by setting clear boundaries on what employees can share or post, reducing info leaks that social engineers could use. I feel like policies make a more direct impact in limiting risky behavior, compared to just training which people might forget. Not 100% sure though, but D seems practical to me-anyone else see it differently?

Sean T. Mar 6, 2026 6:46 pm

C or D, since SSO or a stricter code of conduct could limit exposure, but not sure they're stronger than recurring training for this.

Rowan W. Mar 13, 2026 3:18 am

B , recurring training is what actually changes user behavior and helps them spot social engineering tricks. Password complexity and SSO (A/C) don’t really address human manipulation, just technical access. Not 100% but that’s how CompTIA likes to frame it from what I’ve seen.

Be respectful. No spam.

Q: 10

A systems administrator is setting up a new server that will be used as a DHCP server. The administrator installs the OS but is then unable to log on using Active Directory credentials.The administrator logs on using the local administrator account and verifies the server has the correct IP address, subnet mask, and default gateway. The administrator then gets on another server and can ping the new server. Which of the following is causing the issue?

Options

Discussion

Daniel Mar 2, 2026 1:00 pm

Probably D. . Had something like this in a mock, couldn't use AD creds until the server was joined to the domain.

Zoe Mar 6, 2026 10:25 pm

Not seeing how B could be it, since network connectivity is fine (ping works). D is the more common trap here if you can't log in with AD creds.

Nina F. Mar 7, 2026 11:13 pm

Seen similar on practice labs, official guide also covers domain join issues like this. D

Skyler J. Mar 14, 2026 2:19 pm

Don’t think it’s B, since network’s working and you can ping. D fits better in this scenario.

Morgan R. Feb 26, 2026 7:28 pm

A, Firewall port 443 being closed could block some authentication traffic, I think. Not 100% sure here, but that's my pick.

Emma Mar 1, 2026 6:18 pm

Probably D here. If you can't log in with AD credentials but local works, that's usually a sign the server isn't joined to the domain. A and B are common traps, but network seems fine since the other server can ping it.

Luke N. Feb 28, 2026 12:30 pm

Does the question specify if "best" or "first" action is needed? That changes my pick, maybe D.

SharpOps7034 Mar 13, 2026 6:18 am

Feels like D - if you can't use AD credentials but can log in locally and ping works, the server's just not domain joined yet. Similar scenario was on another practice test, pretty sure that's what they want.

Jason O. Mar 11, 2026 5:49 am

Don’t think C would cause that, D is the main issue here.

NathanJ Mar 13, 2026 2:22 pm

Be respectful. No spam.

Question 1 of 20 · Page 1 / 2

Premium Access Includes

✓ Quiz Simulator
✓ Exam Mode
✓ Progress Tracking
✓ Question Saving
✓ Flash Cards
✓ Drag & Drops
✓ 3 Months Access
✓ PDF Downloads

Get Premium Access

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE