CompTIA Security+ Practice Test of the Day 260216

By /

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on subdomain 4.4 (Explain security alerting and monitoring concepts and tools) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 260216
10 questions • Single best answer
Question 1
A SOC analyst finds that a SIEM rule designed to detect brute-force logins is generating hundreds of false alerts daily due to a scheduled service account that resets its password automatically. She modifies the rule to exclude this account. What activity is she performing?
    Question 2
    A network engineer needs to detect potential data exfiltration on a core router by analyzing traffic patterns — source and destination IPs, ports, protocols, and bytes transferred — without capturing full packet payloads. Which monitoring tool provides this capability?
      Question 3
      An enterprise monitors all servers with locally installed software that collects detailed telemetry — running processes, open connections, and file changes. Legacy systems that cannot support the software are polled via network queries. What monitoring distinction does this illustrate?
        Question 4
        A compliance team needs to verify that all Windows servers meet CIS Benchmark security configurations. They use an automated framework that leverages OVAL and XCCDF formats to assess and report on configuration compliance across the fleet. What framework are they using?
          Question 5
          An employee attempts to email a spreadsheet containing 800 Social Security numbers to a personal Gmail address. The email is blocked before delivery, and the SOC receives an alert within seconds. Which security tool prevented the data from leaving the organization?
            Question 6
            A SIEM administrator is configuring log ingestion to pull events from firewalls, Active Directory, cloud services, and endpoint agents into a single platform for correlation analysis. What SIEM activity is she configuring?
              Question 7
              An endpoint infected with malware is detected by the SIEM. The security team immediately disconnects the device from the network while they investigate. In the context of alert response, what action was taken?
                Question 8
                A network switch sends an automated notification to the management system indicating that port utilization has exceeded 95% for more than five minutes. The message includes the switch name, interface ID, and threshold value. What monitoring mechanism generated this alert?
                  Question 9
                  A security analyst observes that vulnerability scan reports from previous quarters are consuming significant storage on the SIEM platform. The compliance framework requires a three-year retention period. She moves reports older than 90 days to cold storage while keeping recent reports accessible for analysis. What monitoring activity does this represent?
                    Question 10
                    A SOC manager wants to ensure all endpoint agents, firewalls, and cloud logs are feeding into the SIEM correctly. She reviews dashboards showing the volume of events per source, last event received timestamp, and any gaps in data collection. What monitoring activity does this represent?
                      Answered: 0/10

                      Take more CompTIA Security+ practice tests

                      Related Posts

                      Scroll to Top