CompTIA Security+ Operations and Incident Response Quiz 2

What is a key component of a forensic investigation in cybersecurity?

A) Data destruction

B) Preservation of evidence

C) Unstructured analysis

D) Random sampling

Correct Answer: Preservation of evidence

Which of these is considered an indicator of compromise (IOC)?

A) Normal network activity

B) Unusual network traffic to known malicious IPs

C) Approved user logins

D) Security policy compliance

Correct Answer: Unusual network traffic to known malicious IPs

What is the purpose of a threat intelligence feed?

A) To automate data backup

B) To inform organizations about emerging threats

C) To configure firewall rules

D) To encrypt network traffic

Correct Answer: To inform organizations about emerging threats

Which process involves identifying the scope and impact of a cybersecurity incident?

A) Containment

B) Identification

C) Recovery

D) Eradication

Correct Answer: Identification

What is chain of custody in digital forensics?

A) A list of system logs

B) Documentation of evidence handling

C) A set of policies for email usage

D) A list of vulnerable systems

Correct Answer: Documentation of evidence handling

Which tool helps detect unauthorized data leaving the network?

A) DLP

B) Firewall

C) IDS

D) IPS

Correct Answer: DLP

What is a SIEM tool used for in cybersecurity?

A) To store sensitive data

B) To consolidate and analyze security logs

C) To encrypt network communication

D) To deploy security patches

Correct Answer: To consolidate and analyze security logs

Which type of analysis examines patterns of unusual behavior on a network?

A) Forensic Analysis

B) Behavioral Analysis

C) Statistical Analysis

D) Baseline Analysis

Correct Answer: Behavioral Analysis

What is the main purpose of a playbook in incident response?

A) To list employees' contact details

B) To provide predefined steps for handling incidents

C) To update software automatically

D) To backup data

Correct Answer: To provide predefined steps for handling incidents

Which step in the incident response process involves eliminating the root cause of an incident?

A) Eradication

B) Identification

C) Containment

D) Recovery

Correct Answer: Eradication

Our CompTIA practice questions are made to look and feel like the real exam, so students can feel ready when test day comes. Each question covers real-life project management ideas, which helps learners understand and remember important topics. By focusing on key points and tricky areas, these questions help students build confidence and know how prepared they are. This way, users aren't just practicing—they're really learning what they need to do well on the exam.

Looking for more? Crucial Exams has hundreds of CompTIA Practice Questions, flashcards and more that are expert vetted and available on web, iOS and Android!

Pass your CompTIA exam with Crucial Exams