PracticeVideosBlogFlashcardsEspañol
All Practice Exams

100+ Free SEC1 Practice Questions

TryHackMe Cyber Security 101 (SEC1) practice questions are available now; exam metadata is being verified.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
100+ Questions
100% Free
1 / 100
Question 1
Score: 0/0

In the CIA triad, which property ensures that information is accessible only to those with authorized access?

A
B
C
D
to track
Same family resources

Explore More TryHackMe Certifications

Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.

TryHackMe Junior Penetration Tester (PT1)

Practice Questions

TryHackMe Security Analyst Level 1 (SAL1)

Practice Questions

TryHackMe Security Analyst Level 2 (SAL2)

Practice Questions
2026 Statistics

Key Facts: SEC1 Exam

24 hours

Exam Window

TryHackMe

7 sections

Exam Sections

TryHackMe

65%

Passing Score (455/700)

TryHackMe

Beginner

Difficulty Level

TryHackMe

54 rooms

Preparatory Path Length

TryHackMe Cyber Security 101

1 retake

Resit Allowance

TryHackMe

The SEC1 is TryHackMe's entry-level practical certification for learners who complete the 54-room Cyber Security 101 path (~45 hours). The 24-hour exam comprises 7 sections (3 Purple Team, 2 Blue Team, 2 Red Team) with fill-in-the-blank questions answered using real tools in a browser-based VM. Passing score is 455/700 (65%). One retake is available after a cooldown period. The exam is included with a TryHackMe Premium subscription. This practice bank tests the foundational knowledge — Linux/Windows CLI, Nmap, Metasploit, Wireshark, Hydra, Gobuster, CyberChef, SQLi, XSS, log analysis, and incident response — required to succeed in the hands-on sections.

Sample SEC1 Practice Questions

Try these sample questions to test your SEC1 exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1In the CIA triad, which property ensures that information is accessible only to those with authorized access?
A.Availability
B.Confidentiality
C.Integrity
D.Authenticity
Explanation: Confidentiality ensures that sensitive information is accessible only to authorized parties. It is enforced through mechanisms such as encryption, access controls, and authentication. Integrity ensures data has not been altered, while availability ensures systems remain accessible to authorized users.
2Which of the following best describes the role of a Security Operations Center (SOC)?
A.Monitoring, detecting, and responding to security incidents 24/7
B.Developing new security software and tools
C.Conducting penetration tests against external targets
D.Managing an organization's firewall rule configurations
Explanation: A SOC is a centralized team that continuously monitors an organization's security posture, detects threats using SIEM and other tools, and coordinates incident response. It operates around the clock to reduce mean time to detect (MTTD) and mean time to respond (MTTR) to threats.
3What is the primary purpose of the Nmap tool in the context of offensive security?
A.Password hash cracking
B.Web application fuzzing
C.Network scanning and host discovery
D.Malware sandboxing
Explanation: Nmap (Network Mapper) is used to discover hosts on a network, determine open ports, identify running services and versions, and fingerprint operating systems. It is a foundational reconnaissance tool in penetration testing and CTF challenges, and is covered in the THM Cyber Security 101 path.
4Which Nmap flag performs a SYN (stealth) scan, sending SYN packets without completing the TCP handshake?
A.-sT
B.-sU
C.-sS
D.-sV
Explanation: The -sS flag performs a TCP SYN scan, also called a half-open or stealth scan. Nmap sends SYN packets and observes whether a SYN-ACK or RST is returned without completing the three-way handshake, making it less likely to appear in application logs. It requires root/administrator privileges.
5In the Linux filesystem, which directory stores system-wide configuration files?
A./bin
B./var
C./etc
D./home
Explanation: /etc contains system-wide configuration files and shell scripts for system initialization. Examples include /etc/passwd (user accounts), /etc/shadow (password hashes), /etc/hosts (local DNS mappings), and /etc/crontab (scheduled tasks). This knowledge is essential for Linux privilege escalation enumeration.
6Which Linux command displays the current user's group memberships?
A.whoami
B.ps aux
C.uname -a
D.id
Explanation: The `id` command displays the current user's UID, GID, and all supplementary group memberships. This is important during privilege escalation enumeration — if a user is in the `sudo` or `docker` group, it may allow privilege escalation to root.
7In Windows, which Event ID is generated when a user successfully logs on interactively?
A.4624
B.4625
C.4688
D.4720
Explanation: Windows Event ID 4624 is logged in the Security event log whenever an account successfully logs on. The logon type field indicates how the logon occurred: Type 2 = interactive, Type 3 = network, Type 10 = remote interactive (RDP). Blue teams analyze 4624 logs for lateral movement and unauthorized access.
8What does the Metasploit module type 'exploit' do?
A.Delivers a payload to exploit a vulnerability and gain access
B.Scans targets for open ports
C.Generates shellcode for manual injection
D.Performs passive traffic sniffing
Explanation: In Metasploit Framework, 'exploit' modules leverage known vulnerabilities to gain unauthorized access to a target system. They work in conjunction with 'payload' modules (such as reverse shells or Meterpreter) that execute after the exploit succeeds. The exploit module handles the vulnerability, while the payload handles post-exploitation communication.
9Which protocol does HTTPS use to encrypt web traffic, replacing the deprecated SSL?
A.SSH
B.TLS
C.IPsec
D.SFTP
Explanation: HTTPS uses Transport Layer Security (TLS) to encrypt web communication between clients and servers. TLS replaced the older, insecure SSL protocol. Current best practice is TLS 1.2 or TLS 1.3 — older versions (SSL 3.0, TLS 1.0, TLS 1.1) are deprecated due to known vulnerabilities like POODLE and BEAST.
10In the OSI model, at which layer does the TCP protocol operate?
A.Layer 2 — Data Link
B.Layer 3 — Network
C.Layer 4 — Transport
D.Layer 7 — Application
Explanation: TCP (Transmission Control Protocol) operates at Layer 4, the Transport layer of the OSI model. It provides reliable, connection-oriented communication through the three-way handshake (SYN, SYN-ACK, ACK), error detection, and retransmission. Understanding OSI layers is fundamental for analyzing network protocols and traffic.

About the SEC1 Practice Questions

Verified exam format metadata for TryHackMe Cyber Security 101 (SEC1) is pending. The practice questions above remain available while official exam length, timing, passing score, fee, and administrator details are reviewed.