CompTIA Security+ Practice Test of the Day 260219

By /

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on subdomain 4.8 (Explain appropriate incident response activities.) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test 260219
10 questions • Single best answer
Question 1
An analyst in a SOC observes multiple failed login attempts followed by a successful administrative login from an unfamiliar IP address. Shortly after, several large outbound data transfers are detected from a critical file server. The incident response team is notified, and leadership demands immediate action to prevent further damage while preserving evidence. Which of the following should be the FIRST action taken by the incident response team?
    Question 2
    Your organization recently experienced a ransomware attack that encrypted several production servers. After restoring from backups and validating system integrity, leadership wants to ensure the organization is better prepared for future incidents. The CISO requests a structured review of what occurred, including timeline documentation, effectiveness of controls, and response gaps. Which incident response phase addresses this requirement?
      Question 3
      A security administrator at a healthcare company suspects insider data theft involving patient records. Legal counsel instructs the security team to preserve all relevant digital evidence in anticipation of possible litigation. The investigation requires strict documentation of who handled the evidence and when it changed possession. Which of the following is MOST critical to maintain in this scenario?
        Question 4
        Your company is conducting a tabletop exercise to simulate a large-scale distributed denial-of-service (DDoS) attack against its public web infrastructure. During the exercise, participants walk through communication plans, escalation paths, and containment decisions without affecting production systems. Which of the following BEST describes this activity?
          Question 5
          A security administrator at a financial services company detects malware beaconing from an internal workstation to a known command-and-control server. The incident response team immediately isolates the workstation from the network. After analysis, the team determines the infection occurred due to a malicious email attachment exploiting an unpatched vulnerability. Which of the following actions BEST represents the eradication phase?
            Question 6
            An attacker is attempting to exfiltrate intellectual property from a research environment. During the investigation, forensic analysts create bit-level copies of affected drives to preserve original data integrity before performing analysis. Legal counsel emphasizes that original evidence must remain unchanged. Which forensic principle is being applied?
              Question 7
              An analyst in a SOC identifies suspicious PowerShell activity across several endpoints. Threat intelligence suggests the behavior matches a known advanced persistent threat (APT) campaign. The organization decides to proactively search for similar indicators across the environment, even on systems not currently flagged. Which of the following BEST describes this activity?
                Question 8
                Your organization experiences a web application compromise due to a misconfigured cloud storage bucket. After restoring services and correcting the configuration, leadership wants to ensure similar exposures are identified more quickly in the future. The SOC recommends updating monitoring dashboards and implementing automated alert thresholds. Which phase of incident response does this recommendation MOST closely support?
                  Question 9
                  Your organization detects unauthorized privilege escalation on a Linux production server hosting customer-facing applications. During the investigation, the incident response team discovers modified system binaries and suspicious cron jobs configured to re-establish persistence. Management wants to ensure the attacker’s access is permanently removed and that no remnants remain. Which of the following actions BEST represents the transition from containment to recovery?
                    Question 10
                    An analyst in a SOC identifies suspicious outbound DNS tunneling activity that may indicate covert data exfiltration. During the investigation, the team correlates DNS logs, firewall logs, endpoint detection alerts, and packet captures. The goal is to reconstruct the attack timeline and determine what data was accessed. Which of the following BEST describes this investigative activity?
                      Answered: 0/10

                      Take more CompTIA Security+ practice tests

                      Related Posts

                      Scroll to Top