Career upgrade: Learn practical AI skills for better jobs and higher pay.
Level up
PracticeVideosBlogFlashcardsEspañol
All Practice Exams

100+ Free LPI Security Essentials Practice Questions

Pass your LPI Security Essentials (Exam 020-100) exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
Not publicly disclosed Pass Rate
100+ Questions
100% Free
1 / 100
Question 1
Score: 0/0

Which attack tricks devices on a LAN into sending traffic through the attacker by poisoning the address-resolution cache?

A
B
C
D
to track
Same family resources

Explore More Linux Professional Institute Certifications

Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.

LPI BSD Specialist (702-100)

Practice Questions

LPI DevOps Tools Engineer (701-100)

Practice Questions

LPI Linux Essentials (010-160)

Practice Questions

LPI Open Source Essentials (050-100)

Practice Questions

LPI Web Development Essentials (030-100)

Practice Questions

LPIC-1 Linux Administrator — Exam 101 (101-500)

Practice Questions
2026 Statistics

Key Facts: LPI Security Essentials Exam

40

Exam Questions

LPI 020 exam blueprint

60 min

Exam Duration

LPI 020 exam blueprint

$120

Exam Fee (USD, Tier 1)

lpi.org/exam-pricing

500 / 800

Passing Score

LPI scaled scoring

Pearson VUE

Test Provider

LPI testing partner

Lifetime

Credential Validity

LPI Essentials certificates do not expire

LPI Security Essentials (exam 020-100) is a 40-question, 60-minute certification with a $120 USD Tier 1 fee, scored 200-800 with a 500 cut. It targets users and IT staff who must understand security fundamentals: CIA triad and AAA, symmetric vs asymmetric cryptography, AES/RSA/SHA-256, Diffie-Hellman, Perfect Forward Secrecy, X.509/TLS 1.3, OpenPGP/S/MIME, malware families (viruses, worms, ransomware, rootkits, keyloggers, cryptominers), backup strategies and the 3-2-1 rule, Wi-Fi security (WPA2 vs WPA3), VPNs (OpenVPN, WireGuard, IPsec), Tor, SSH hardening, fail2ban, nftables/ufw, SPF/DKIM/DMARC, MFA and TOTP (RFC 6238), FIDO2/WebAuthn passkeys, password hashing with bcrypt/scrypt/Argon2, GDPR principles, and pseudonymization vs anonymization.

Sample LPI Security Essentials Practice Questions

Try these sample questions to test your LPI Security Essentials exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1Which three properties form the classic CIA triad in information security?
A.Confidentiality, Integrity, Availability
B.Control, Identity, Authorization
C.Cryptography, Identity, Auditing
D.Confidentiality, Identification, Authentication
Explanation: The CIA triad is Confidentiality (only authorized parties can read data), Integrity (data is not altered without authorization), and Availability (authorized users can access systems and data when needed). LPI 020-100 objective 021.1 also adds non-repudiation as a fourth core security goal.
2Which CIA property is most directly violated when an attacker silently modifies a database record without authorization?
A.Integrity
B.Confidentiality
C.Availability
D.Non-repudiation
Explanation: Integrity is broken when data is altered by an unauthorized party. Confidentiality would be broken by reading the data, and availability by deleting or denying access to it. Non-repudiation prevents a party from denying an action they performed.
3Which threat actor type is best described as a highly resourced, often state-sponsored group that maintains long-term covert access to a target network?
A.Advanced Persistent Threat (APT)
B.Script kiddie
C.Hacktivist
D.Insider threat
Explanation: An Advanced Persistent Threat is a sophisticated, well-funded adversary (frequently nation-state) that establishes persistent footholds for espionage or sabotage. Script kiddies use prebuilt tools opportunistically, hacktivists pursue political messages, and insiders are trusted users abusing access.
4What does CVE stand for in the context of vulnerability tracking?
A.Common Vulnerabilities and Exposures
B.Critical Vulnerability Evaluation
C.Computer Vulnerability Engine
D.Cybersecurity Vulnerability Exchange
Explanation: CVE (Common Vulnerabilities and Exposures) is a publicly maintained dictionary of disclosed vulnerabilities, each assigned a unique ID like CVE-2024-12345. CVE entries are coordinated by MITRE and reused by NVD, vendors, and scanners worldwide.
5What term describes a security flaw that is actively being exploited before the vendor releases a patch?
A.Zero-day vulnerability
B.Known exploited vulnerability
C.Privilege escalation
D.Buffer overflow
Explanation: A zero-day is a vulnerability unknown to the vendor (or unpatched at exploit time), so defenders have had zero days to fix it. Privilege escalation is a category of attack technique, and buffer overflow is a specific class of memory bug that may or may not be a zero-day.
6Which activity is the primary purpose of penetration testing?
A.Authorized simulated attack to identify exploitable weaknesses
B.Continuous automated patch deployment
C.User awareness training delivery
D.Antivirus signature distribution
Explanation: A penetration test is an authorized engagement that emulates an attacker to find weaknesses before real adversaries do. It produces evidence and remediation guidance. Patch deployment, awareness training, and AV updates are operational tasks, not pen testing.
7Which group is typically convened to coordinate response to a major security incident across an organization or sector?
A.CERT (Computer Emergency Response Team)
B.ISP NOC
C.Help desk Tier 1
D.Marketing operations
Explanation: A CERT or CSIRT (Computer Security Incident Response Team) coordinates triage, containment, and communication during incidents. National CERTs (US-CERT/CISA, CERT-EU) coordinate at country level. NOCs handle availability, not security incident response.
8What practice describes a researcher privately reporting a vulnerability to the vendor and waiting an agreed period before public disclosure?
A.Responsible (coordinated) disclosure
B.Full disclosure
C.Bug squatting
D.Open source bounty
Explanation: Coordinated or responsible disclosure gives the vendor a window (often 90 days) to patch before public details are released. Full disclosure publishes details immediately. CERT/CC and vendor advisories are typical coordination paths.
9Which legal area most directly governs unauthorized access to a computer system?
A.Penal (criminal) law
B.Tax law
C.Patent law
D.Maritime law
Explanation: Unauthorized computer access is generally a criminal offense under penal law (e.g., the U.S. Computer Fraud and Abuse Act, the UK Computer Misuse Act). Privacy and copyright laws may also apply, but the core unauthorized-access offense is criminal.
10Which security goal ensures that a sender cannot later deny having sent a signed message?
A.Non-repudiation
B.Confidentiality
C.Availability
D.Anonymity
Explanation: Non-repudiation, typically achieved with digital signatures, binds an action to a specific identity so the actor cannot credibly deny it. Confidentiality protects from reading, availability protects from outage, and anonymity is the opposite of non-repudiation.

About the LPI Security Essentials Exam

The LPI Security Essentials (exam 020-100) certification verifies foundational, vendor-neutral knowledge of IT security: security concepts and goals, cryptography and PKI, device and storage security, network and service security, and identity and privacy.

Questions

40 scored questions

Time Limit

60 minutes

Passing Score

500 / 800 (scaled)

Exam Fee

$120 USD (Tier 1) (Linux Professional Institute (LPI) / Pearson VUE)

LPI Security Essentials Exam Content Outline

13%

Security Concepts

Goals (CIA triad and non-repudiation), AAA, threat actors, CVE, zero-day, privilege escalation, penetration testing, APTs, CERT/CSIRT, responsible vs full disclosure, bug bounties, and legal frameworks (penal, privacy, copyright).

23%

Encryption

Symmetric (AES, ChaCha20) vs asymmetric (RSA, ECC), hashing (SHA-256/SHA-3, MD5 deprecated), Diffie-Hellman, Perfect Forward Secrecy, X.509 fields and CA chain validation, Let's Encrypt/ACME, TLS 1.3, OpenPGP/GnuPG, S/MIME, VeraCrypt, BitLocker, LUKS, Cryptomator.

23%

Node, Device and Storage Security

Hardware security, IoT, USB/Bluetooth/RFID risk, TPM and trusted computing, application security (buffer overflows, SQL injection), software updates and trusted repositories, host firewalls (ufw, nftables), malware families, backup strategies (full/differential/incremental, 3-2-1 rule, immutability), Unix and Windows permissions.

25%

Network and Service Security

OSI layers, TCP/UDP, IPv4/IPv6, DNS and DNSSEC, IaaS/PaaS/SaaS, Wi-Fi (WEP/WPA/WPA2/WPA3 SAE), MITM and ARP spoofing, DoS/DDoS and botnets, VPNs (IPsec, OpenVPN, WireGuard), Tor and anonymity, SSH hardening (sshd_config, keys, fail2ban), SPF/DKIM/DMARC, HSTS, SFTP/SCP.

16%

Identity and Privacy

Authentication factors, passwords and password managers (KeePass), 2FA/MFA, TOTP, FIDO2/WebAuthn/passkeys, password hashing with salt (bcrypt, scrypt, Argon2), brute-force/dictionary/rainbow attacks, phishing and social engineering, NDAs, GDPR principles, pseudonymization vs anonymization, browser fingerprinting, cookie attributes.

How to Pass the LPI Security Essentials Exam

What You Need to Know

  • Passing score: 500 / 800 (scaled)
  • Exam length: 40 questions
  • Time limit: 60 minutes
  • Exam fee: $120 USD (Tier 1)

Keys to Passing

  • Complete 500+ practice questions
  • Score 80%+ consistently before scheduling
  • Focus on highest-weighted sections
  • Use our AI tutor for tough concepts

LPI Security Essentials Study Tips from Top Performers

1Build a one-page cheat sheet of the CIA triad plus AAA and where each property is broken by which attack class - the exam stems mix the frameworks deliberately.
2Memorize key sizes and digest lengths: AES-128/256, RSA 2048+, ECC P-256, SHA-256 (256 bits), SHA-1 (160), MD5 (128). Wrong sizes are common distractors.
3Know which TLS feature does what: SAN matches hostnames, HSTS forces HTTPS, PFS protects past sessions, TLS 1.3 mandates PFS and removes RSA key transport.
4Drill the OpenPGP vs S/MIME contrast (web of trust vs X.509) and the gpg, openssl, ssh-keygen tool families so you do not confuse them on fill-in-the-blank items.
5Be fluent in Wi-Fi standards (WEP broken, WPA TKIP broken, WPA2-PSK vulnerable to offline dictionary attacks, WPA3 SAE prevents this) and which generation each device supports.
6Practice naming the right tool for the right job: Cryptomator for cloud files, VeraCrypt for local containers, LUKS for Linux full-disk, BitLocker for Windows, FileVault for macOS.
7Learn the SPF/DKIM/DMARC roles word-for-word - SPF authorizes IPs, DKIM signs messages, DMARC publishes policy and reporting.
8Memorize password-hash properties: salting defeats rainbow tables, work factor defeats raw GPU power, Argon2/scrypt/bcrypt are appropriate, MD5/SHA-1 are not.

Frequently Asked Questions

What is on the LPI Security Essentials (020-100) exam?

Five topic groups: Security Concepts (CIA, AAA, threat actors, CVE, ethical disclosure), Encryption (symmetric/asymmetric, hashing, PKI, TLS, OpenPGP, S/MIME, disk encryption), Node/Device/Storage Security (TPM, IoT, malware, backups, permissions), Network and Service Security (DNS, Wi-Fi, VPN, Tor, SSH hardening, SPF/DKIM/DMARC), and Identity and Privacy (MFA, FIDO2, password hashing, GDPR, pseudonymization).

How long is the exam and how many questions does it have?

LPI Security Essentials is 40 questions in 60 minutes. Question types include multiple choice and fill-in-the-blank, delivered via Pearson VUE at a test center or OnVUE remote proctoring.

What is the passing score for 020-100?

LPI uses a scaled 200-800 scoring system across all its exams. You need 500 or higher to pass. Because LPI calibrates difficulty between forms, the raw number of correct answers required for 500 varies by exam form.

How much does the exam cost?

In Tier 1 markets the LPI Security Essentials exam fee is approximately $120 USD per attempt, the same price as Linux Essentials, Open Source Essentials, and Web Development Essentials. LPI charges lower fees in many markets (India, Pakistan, Brazil, Africa); confirm your local price on the official LPI exam pricing page before buying a voucher.

Who should take Security Essentials?

Security Essentials is aimed at people who use IT systems and need a solid security foundation: end users, junior IT staff, students, journalists, NGO workers, and anyone preparing for higher LPI or vendor security exams. It is also useful as a vocabulary primer before CompTIA Security+ or LPIC-3 303.

How does it compare to LPI Linux Essentials (010-160)?

Linux Essentials focuses on the Linux command line, file system, and basic administration. Security Essentials focuses on cross-platform security knowledge: cryptography, PKI, malware, networking security, MFA, and privacy. Both are Tier 1 / $120 / 40 questions / 60 minutes / lifetime credentials, and many candidates take both in the same study cycle.