Security Operations Questions
Practice questions for Security Operations topic in CompTIA Security+. 28 questions covering this domain.
A company wants to prevent employees from accidentally or intentionally sending sensitive customer data such as credit card numbers outside the organi...
During incident response, a forensic analyst needs to preserve evidence from a compromised server without altering any data on the system. Which actio...
A security operations center (SOC) analyst wants to correlate security events from firewalls, servers, and endpoint agents in a single platform to ide...
A security analyst is implementing multi-factor authentication for a remote access solution. Which combination of authentication factors represents TR...
A security analyst receives an alert that a user account has been locked out after multiple failed login attempts, followed immediately by a successfu...
Which security technology monitors network traffic for known attack signatures and malicious patterns and can actively block detected threats?
An organization wants to automate the response to common security incidents — such as isolating a compromised endpoint when malware is detected — with...
A security analyst is investigating a security event and needs to establish the order in which events occurred across multiple systems with potentiall...
A security engineer wants to enforce that all devices connecting to the corporate wireless network have up-to-date antivirus and OS patches installed ...
A security team needs to control and monitor administrative access to critical servers, including recording all privileged sessions. Which solution is...
A threat hunter discovers that an attacker used PowerShell's `Invoke-WebRequest` to download a malicious payload directly into memory without writing ...
A SOC analyst is reviewing endpoint detection and response (EDR) alerts. The tool flags a process that is executing from `C:\Users\Public\` and making...
Which identity and access management (IAM) technology allows users to authenticate once and gain access to multiple applications without re-entering c...
A security analyst wants to harden a newly deployed Linux server by disabling all services that are not required for its intended function. Which hard...
A forensic analyst is examining a disk image and needs to determine when a specific file was last accessed, modified, and created. Which data source p...
A penetration tester successfully escalates privileges from a standard user account to domain administrator on a Windows domain after exploiting a mis...
A company wants to ensure that security operations run continuously and that a complex security event detected at 3 AM on a Saturday is responded to p...
A threat intelligence team receives an indicator of compromise (IoC) — a specific IP address associated with a known threat actor's C2 infrastructure....
Which security tool scans systems and applications to identify known vulnerabilities, missing patches, and misconfigurations?
An organization wants to prevent sensitive files from being copied to USB drives from managed endpoints. Which security control MOST directly enforces...
Sign in to see all 28 questions
Create a free account to browse all questions — completely free during our launch phase.