Security Operations Questions
Practice questions for Security Operations topic in CompTIA CySA+. 37 questions covering this domain.
An organization wants to improve its security operations by consolidating visibility across all security tools into a unified interface. Which process...
A security analyst is investigating a phishing email that bypassed the spam filter. Which tool would be most appropriate for analyzing the email heade...
Which framework uses tactics, techniques, and procedures (TTPs) to describe adversary behavior and is commonly referenced in threat intelligence?
A SOC team is overwhelmed with low-fidelity alerts and wants to reduce analyst fatigue while maintaining detection coverage. Which process improvement...
A SOC analyst notices a sudden and unexplained spike in outbound bandwidth from a workstation during off-hours. Which type of malicious activity does ...
What is the role of threat hunting in a security operations program?
A threat intelligence analyst at a financial services firm receives an ISAC report indicating that a specific threat actor group is targeting financia...
Which type of threat actor is primarily motivated by financial gain?
What does the term 'SIEM' stand for in security operations?
Which of the following best describes a 'rogue device' as a network anomaly indicator?
A threat hunter has been tasked with searching for living-off-the-land (LotL) techniques on Windows endpoints. Which tool and approach is most appropr...
A security analyst is using VirusTotal to investigate a suspicious file hash. What type of tool is VirusTotal in the context of security operations?
During a hunt, an analyst discovers an application on a workstation that is communicating with an external IP on an unusual port at regular intervals....
An analyst wants to identify patterns in large volumes of security event data to distinguish normal from abnormal behavior. Which technique best suppo...
An analyst observes that an internal host is performing DNS queries for randomized subdomain strings under a legitimate-looking domain at high frequen...
A threat intelligence analyst is assessing a new indicator of compromise (IoC) shared by an ISAC. Which factor most directly determines how much weigh...
Which scripting language is commonly used by security analysts for automating log analysis and threat detection tasks?
A security analyst reviews SIEM alerts and finds that a privileged account logged in from two geographically distant locations within 30 minutes — a p...
During an investigation, an analyst finds that a social engineering attack was used to convince an employee to install software granting remote access...
What is the primary purpose of log ingestion in a security operations environment?
Sign in to see all 37 questions
Create a free account to browse all questions — completely free during our launch phase.