CompTIA Security+ Practice Test of the Day 260220

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on subdomain 4.9 (Given a scenario, use data sources to support an investigation.) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 260220

10 questions • Single best answer

Question 1

An analyst investigating a SQL injection attack against a web application reviews logs that capture HTTP request parameters, application error messages, database query errors, and response codes generated by the application itself. Which log type is she reviewing?

A. Firewall logs B. OS-specific security logs C. Network logs D. Application logs

Question 2

A forensic analyst needs to examine the exact content of packets exchanged between a compromised server and an external IP address during a suspected data exfiltration event. Which data source provides full payload visibility?

A. NetFlow records B. Firewall logs C. Packet captures (PCAP) D. IDS/IPS logs

Question 3

A SOC analyst notices a spike in blocked connection attempts from a specific external IP address. She reviews logs that record source and destination IP addresses, port numbers, protocols, and the action taken (allow/deny) by the security device at the network perimeter. Which log source is she reviewing?

A. Application logs B. IPS/IDS logs C. Firewall logs D. Endpoint logs

Question 4

An investigator reviewing a Windows workstation examines event logs containing Event IDs for successful and failed logons, privilege use, account lockouts, and security policy changes. Which log source is this?

A. Network logs B. Application logs C. OS-specific security logs D. Endpoint behavioral logs

Question 5

A security analyst receives an automated report generated overnight by the vulnerability scanner that identifies 47 new vulnerabilities, their CVSS scores, affected systems, and recommended remediations. Which data source category does this represent?

A. Dashboard B. Packet captures C. IDS/IPS logs D. Vulnerability scans

Question 6

An IDS detects a port scan from an internal workstation targeting the production network. The detection system logs the signature triggered, the source IP, the destination range, and the timestamp. During the investigation, which log source does the analyst query?

A. Firewall logs B. OS-specific security logs C. Application logs D. IPS/IDS logs

Question 7

During a cloud security investigation, an analyst reviews records of every API call made to the cloud provider — including the caller's identity, the resource affected, the timestamp, the source IP address, and the action performed — without examining the actual data content of those operations. What type of log data is this?

A. Packet captures B. Application logs C. Metadata D. Network flow logs

Question 8

A security operations center uses a centralized screen displaying real-time metrics: active critical alerts, systems with unpatched critical vulnerabilities, failed authentication attempts in the last hour, and current incident queue status. What type of data source is being used?

A. Vulnerability scan report B. Automated report C. Packet capture D. Dashboard

Question 9

An EDR analyst investigating a suspected compromise queries the platform for process creation events on a specific workstation over the past 30 days, reviewing parent-child process relationships, network connections initiated by each process, and file modifications. Which log type provided this data?

A. Network logs B. Endpoint logs C. OS-specific security logs D. IPS/IDS logs

Question 10

During a DDoS investigation, a network engineer analyzes records showing source IPs, destination IPs, traffic volumes in bytes, packet counts, duration, and protocol types for thousands of concurrent flows — without examining any packet payload content. Which data source provides this level of traffic analysis?

A. Packet captures B. Firewall logs C. Network flow logs (NetFlow) D. Endpoint logs

Take more CompTIA Security+ practice tests

CompTIA Security+ Practice Test of the Day 260220

Related Posts