CompTIA Security+ Practice Test of the Day 260216

Question 1

An analyst in a SOC observes that security logs from multiple domain controllers, firewalls, and cloud workloads are being forwarded to a centralized platform. The platform correlates authentication failures with unusual outbound traffic and generates a high-priority alert. The organization relies on this system to detect suspicious patterns across its hybrid infrastructure. Which of the following tools is being described?

A. Data loss prevention (DLP) B. Security information and event management (SIEM) C. Simple Network Management Protocol (SNMP) D. NetFlow analyzer

Question 2

A security administrator at a mid-sized company notices that its monitoring solution is generating thousands of alerts daily, many of which are later determined to be false positives. This has caused analysts to miss several legitimate incidents due to alert fatigue. Management wants to reduce unnecessary alerts while maintaining visibility into real threats. Which of the following actions would BEST address this issue?

A. Disable alerting for low-severity events B. Implement alert tuning C. Increase log retention time D. Enable full packet capture for all systems

Question 3

Your organization recently deployed several new Linux servers in a cloud environment. The security team wants to monitor file changes on critical system binaries and configuration files. If unauthorized modifications occur, the team needs immediate notification. Which of the following tools would BEST meet this requirement?

A. File integrity monitoring (FIM) B. Vulnerability scanner C. SCAP benchmarking tool D. NetFlow collector

Question 4

An attacker is attempting to move laterally within a corporate network. The SOC wants to monitor unusual east-west traffic patterns between internal hosts without capturing full packet payloads. The team wants visibility into source/destination IP addresses, ports, and traffic volumes to identify abnormal behavior. Which of the following tools would BEST support this requirement?

A. Antivirus software B. SNMP traps C. NetFlow D. Data loss prevention (DLP)

Question 5

A security administrator at a mid-sized company has deployed monitoring agents on all workstations and servers. However, several legacy systems cannot support agent installation. The organization still needs visibility into configuration compliance and vulnerability posture across those systems without installing software locally. Which of the following approaches would BEST meet this requirement?

A. Deploy agentless vulnerability scanning B. Implement endpoint detection and response (EDR) C. Enable host-based intrusion prevention (HIPS) D. Install antivirus with heuristic analysis

Question 6

An analyst in a SOC observes that network infrastructure devices are configured to automatically send notifications to the monitoring platform when CPU utilization exceeds defined thresholds or when interfaces go down. These notifications are immediately logged and generate alerts for review. Which of the following mechanisms is being used?

A. NetFlow exports B. SNMP traps C. SIEM correlation rules D. SCAP benchmarks

Question 7

Your organization processes sensitive financial data and must prevent unauthorized transmission of regulated information outside the corporate network. The security team wants real-time monitoring of outbound emails and file transfers to detect and block sensitive data such as credit card numbers and personally identifiable information. Which of the following tools would BEST address this requirement?

A. Vulnerability scanner B. Data loss prevention (DLP) C. NetFlow analyzer D. Log archiving system

Question 8

An organization has implemented a vulnerability management program. After patching several high-risk systems, the security team wants to ensure that the vulnerabilities are fully remediated and no longer present. The team also wants documented evidence for audit purposes. Which of the following actions should the team perform NEXT?

A. Update the risk register B. Perform rescanning and verification C. Adjust SIEM alert thresholds D. Archive previous vulnerability reports

Question 9

Your company operates in a hybrid cloud environment and must ensure that all systems comply with established security configuration baselines. The security team wants an automated method to assess system configurations against standardized benchmarks and generate machine-readable compliance reports for integration with other monitoring tools. Which of the following tools would BEST meet this requirement?

A. Security Content Automation Protocol (SCAP) B. Security information and event management (SIEM) C. NetFlow analyzer D. Simple Network Management Protocol (SNMP)

Question 10

An analyst in a SOC notices that several critical alerts were not generated during a recent malware outbreak. Investigation reveals that relevant endpoint logs were never forwarded to the centralized monitoring system. Management is concerned about gaps in visibility and wants to ensure all required log sources are consistently collected and retained for future analysis. Which of the following activities would BEST address this concern?

A. Log aggregation and centralized collection validation B. Increasing antivirus signature update frequency C. Implementing additional SNMP traps D. Deploying data masking on sensitive databases

CompTIA Security+ Practice Test of the Day 260216

ByThe Test Master

Related Post

CompTIA Security+ Practice Test of the Day 260410

CompTIA Security+ Practice Test of the Day 260409

CompTIA Security+ Practice Test of the Day 260408

You missed

CEH v13 Domain 7.1 Practice Test 002

CEH v13 Domain 6.1 Practice Test 002

CEH v13 Domain 5.3 Practice Test 002

CEH v13 Domain 5.2 Practice Test 002