CompTIA Security+ Practice Test of the Day 260220

Question 1

An analyst in a SOC observes multiple failed login attempts followed by a successful login to a finance server from an external IP address. The organization suspects credential stuffing. The analyst needs to determine whether the attacker moved laterally after gaining access. Which data source would provide the MOST direct evidence of lateral movement to other internal systems?

A. Firewall logs B. Endpoint security logs from the compromised server C. Vulnerability scan reports D. Public threat intelligence feeds

Question 2

Your organization suspects data exfiltration from a database server hosted in a hybrid cloud environment. Large volumes of outbound encrypted traffic were detected during non-business hours. The incident response team needs to determine exactly what data was transmitted. Which data source would provide the MOST granular visibility into the contents of the suspicious transmissions?

A. NetFlow data B. Packet capture (PCAP) files C. SNMP traps D. System asset inventory records

Question 3

A security administrator at a mid-sized company detects unusual registry modifications on several Windows workstations. The team believes malware persistence mechanisms may have been deployed. Which log source would BEST confirm whether the registry changes were associated with malicious executable activity?

A. Windows Security Event Logs B. IDS alert logs C. Application vulnerability scan results D. DNS query logs

Question 4

An attacker is attempting to maintain covert command-and-control (C2) communication using DNS tunneling techniques. The SOC team wants to validate whether large amounts of encoded data are being transmitted through DNS queries. Which data source would MOST effectively support this investigation?

A. DNS server logs B. Physical access badge logs C. Asset classification documentation D. Database audit reports

Question 5

An analyst in a SOC receives an alert indicating a possible brute-force attack against the organization’s VPN concentrator. Several users report account lockouts around the same timeframe. The analyst must determine whether the attack originated from a single source or from a distributed botnet. Which data source would BEST help identify the number and distribution of attacking IP addresses?

A. VPN authentication logs B. Endpoint antivirus logs C. Data classification policy documents D. Asset procurement records

Question 6

Your organization detects suspicious outbound traffic from an internal host to an unfamiliar external domain. The security team wants to determine whether the domain has been previously associated with malware campaigns. Which data source would BEST provide contextual intelligence about the domain’s reputation and known threat associations?

A. Packet capture files B. Threat intelligence feeds C. Windows event logs D. Router configuration backups

Question 7

A security administrator notices unusually high bandwidth utilization on a core switch during business hours. The administrator needs to identify which internal hosts are generating the most traffic and the types of connections being established. Which data source would MOST efficiently provide summarized traffic flow information without requiring full packet inspection?

A. Full packet capture analysis B. NetFlow data C. Physical security camera footage D. Vulnerability assessment reports

Question 8

An incident responder is tasked with preserving digital evidence from a compromised workstation suspected of hosting ransomware. The responder must ensure the evidence remains legally admissible for potential litigation. Which documentation component is MOST critical to maintain throughout the evidence collection process?

A. Chain of custody records B. Network topology diagrams C. Data retention policy summaries D. Patch management schedules

Question 9

Your organization suspects that an internal employee may be exfiltrating sensitive intellectual property using removable media. Data loss prevention (DLP) alerts indicate large file transfers to USB devices over the past two weeks. The investigation team must determine whether the files copied to external storage match confidential engineering documents stored on a secured file server. Which data source would BEST help validate that specific sensitive files were accessed and copied prior to the USB transfers?

A. File integrity monitoring (FIM) logs B. Firewall logs C. Environmental monitoring system logs D. Public vulnerability database reports

Question 10

An analyst in a SOC detects signs of a possible on-path (man-in-the-middle) attack within the internal network. Users report intermittent connectivity issues and certificate warnings when accessing internal web applications. The analyst needs to determine whether ARP spoofing is occurring on the local subnet. Which data source would MOST directly support confirmation of this attack?

A. Packet capture (PCAP) from the affected subnet B. Asset lifecycle management documentation C. Password policy configuration files D. Cloud service provider billing statements

CompTIA Security+ Practice Test of the Day 260220

ByThe Test Master

Related Post

CompTIA Security+ Practice Test of the Day 260410

CompTIA Security+ Practice Test of the Day 260409

CompTIA Security+ Practice Test of the Day 260408

Leave a Reply Cancel reply

You missed

CEH v13 Domain 3.3 Practice Test 002

CEH v13 Domain 3.2 Practice Test 002

CEH v13 Domain 3.1 Practice Test 002

CEH v13 Domain 2.3 Practice Test 002