CompTIA Security+ Practice Test of the Day 260519

Welcome to today’s CompTIA Security+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 4.4 (Explain security alerting and monitoring concepts and tools) from the CompTIA Security+ SY0-701 objectives.

This beginner-level practice test is inspired by the CompTIA Security+ (SY0-701) exam and is designed to help you reinforce key cybersecurity concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Security+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Security+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Security+ practice tests based on specific domains/subdomains, click that link.

CompTIA Security+ Practice Test of the Day 260519

10 questions • Single best answer

Question 1

A SOC analyst at a financial institution finds that security events from firewalls, endpoints, and cloud workloads are stored in separate platforms, making cross-source correlation impossible. Which tool should be deployed to centralize collection and enable unified alerting?

A. Data loss prevention (DLP) B. NetFlow analyzer C. Security information and event management (SIEM) D. Vulnerability scanner

Question 2

A healthcare organization operates 800 servers across three data centers. The security team needs all system-generated logs forwarded to a central platform for retention, analysis, and regulatory compliance. Which monitoring activity does this describe?

A. Alert tuning B. Log aggregation C. SNMP trapping D. Archiving policies

Question 3

A SOC team processes over 12,000 alerts per day from their SIEM, but analysts estimate 90% are benign events. Alert fatigue is causing genuine threats to be missed. What should the team perform to address this problem?

A. Disable correlation rules for low-severity event categories B. Replace the SIEM with endpoint antivirus software C. Alert tuning D. Quarantine all endpoints generating alerts

Question 4

A security administrator discovers employees are emailing unencrypted customer PII to personal email accounts from corporate laptops. Which security tool is BEST suited to detect and block this type of unauthorized data movement?

A. SNMP trap collector B. NetFlow analyzer C. Vulnerability scanner D. Data loss prevention (DLP)

Question 5

An analyst suspects a compromised server is periodically beaconing to an external C2 IP. Which monitoring tool provides flow-level visibility — source/destination IPs, ports, and byte counts — without capturing full packet payloads?

A. Antivirus B. NetFlow C. SIEM D. DLP

Question 6

A network device automatically sends an unsolicited alert to the monitoring platform when a WAN interface goes down — without the platform polling the device first. Which protocol enables this behavior?

A. NetFlow B. Syslog C. SCAP D. SNMP traps

Question 7

A security team must deploy endpoint monitoring across 3,000 workstations. Installing and maintaining dedicated software on each device is not feasible given available staff. Which monitoring deployment approach should the team evaluate?

A. Agent-based monitoring B. NetFlow collection at the perimeter C. Agentless monitoring D. SNMP trap configuration on workstations

Question 8

A compliance team needs to automatically verify that 500 servers meet defined security configuration baselines, comparing current settings against standardized checklists. Which framework enables automated configuration compliance assessment?

A. NetFlow B. CVE database C. Security Content Automation Protocol (SCAP) D. SNMP

Question 9

A SIEM generates a critical alert: a workstation is actively communicating with a known ransomware C2 server. The incident responder needs to immediately contain the threat while preserving the ability to investigate. What is the BEST first action?

A. Reimage the workstation immediately B. Archive the SIEM logs and escalate to management C. Tune the SIEM alert threshold to reduce recurrence D. Quarantine the workstation to isolate it from the network

Question 10

A cloud operations team wants to harden new Linux instances before deployment using widely accepted, community-developed configuration standards. Which resource BEST supports this goal?