CompTIA Security+ Certification Exam SY0-701 Practice Test 21

Question 1

Which of the following terms refers to the use of technology to perform individual tasks with minimal human intervention?

A) Automation
B) Scripting
C) Orchestration
D) Sequencing

Answer 1

A) Automation

Question 2

Which of the terms listed below refers to a process that deals with coordinating and managing multiple repetitive tasks?

A) Sequencing
B) Orchestration
C) Scripting
D) Automation

Answer 2

B) Orchestration

Question 3

Which of the following technologies enables automated handling of multiple security incidents?

A) SOAP
B) SASE
C) SOAR
D) SIEM

Answer 3

C) SOAR

Question 4

A checklist of actions that can be performed in response to a security incident is known as a:

A) Runbook
B) Template
C) Playbook
D) Script

Answer 4

C) Playbook

Question 5

Which of the terms listed below refers to a term that describes an exact sequence of steps, including both manual and automated actions, to be taken in response to a specific security incident?

A) Runbook
B) Script
C) Template
D) Playbook

Answer 5

A) Runbook

Question 6

Which of the following answers refers to a set of rules, policies, or automated controls designed to regulate technology-related decisions and actions within an organization?

A) Technical standards
B) Compliance requirements
C) Guardrails
D) Security baselines

Answer 6

C) Guardrails

Question 7

Which of the answers listed below refers to a term primarily used in software development to describe the cost of short-term decisions that can lead to long-term problems?

A) Code entropy
B) Exposure factor
C) Risk register
D) Technical debt

Answer 7

D) Technical debt

Question 8

Which part of the incident response process involves establishing and maintaining the incident response capability as well as setting up an incident response team?

A) Preparation
B) Detection and analysis
C) Containment, eradication, and recovery
D) Post-incident activity

Answer 8

A) Preparation

Question 9

In the incident response process, the step that involves identifying and understanding potential incidents to determine their scope, impact, and root cause is a part of the:

A) Preparation stage
B) Detection and analysis stage
C) Containment, eradication, and recovery stage
D) Post-incident activity stage

Answer 9

B) Detection and analysis stage

Question 10

Which of the following answers refer(s) to the containment, eradication, and recovery stage of the incident response process? (Select all that apply)

A) Restoring normal operations

B) Eliminating the threat

C) Monitoring and detecting potential incidents

D) Establishing and maintaining an incident response policy

E) Mitigating the impact of the incident

Answer 10

A) Restoring normal operations

B) Eliminating the threat

E) Mitigating the impact of the incident

Question 11

Which stage of the incident response process involves updating incident response plans, policies, and procedures?

A) Preparation
B) Detection and analysis
C) Containment, eradication, and recovery
D) Post-incident activity

Answer 11

D) Post-incident activity

Question 12

Which of the answers listed below refers to a discussion-based activity where team members walk through different scenarios to evaluate the incident response plan without activating any systems?

A) Tabletop exercise
B) Simulation
C) Threat hunting
D) Root cause analysis

Answer 12

A) Tabletop exercise

Question 13

Which of the following answers refers to a more in-depth exercise, which can include activating systems and performing real actions to respond to the incident?

A) Penetration testing
B) Threat hunting
C) Simulation
D) Vulnerability scanning

Answer 13

C) Simulation

Question 14

During the post-incident activity stage, this step involves analyzing logs, forensics data, and other evidence to prevent incident reoccurrence.

A) Reporting
B) E-discovery
C) Root cause analysis
D) Threat hunting

Answer 14

C) Root cause analysis

Question 15

The term “Threat hunting” refers to a proactive search for IoC to identify and address potential threats and vulnerabilities before they can escalate into full-blown incidents.

A) True
B) False

Answer 15

A) True

Question 16

The process of maintaining a documented record of the handling and movement of evidence to ensure its integrity and admissibility in court is called:

A) Chain of custody
B) Chain of evidence
C) Chain of accountability
D) Chain of responsibility

Answer 16

A) Chain of custody

Question 17

The process of identifying, collecting, and producing electronically stored information with the intent of using it in a legal proceeding or investigation is referred to as:

A) Litigation hold
B) Evidence management
C) Digital forensics
D) E-discovery

Answer 17

D) E-discovery

Question 18

Which type of server is used for collecting diagnostic and monitoring data from networked devices?

A) Jump server
B) C2 server
C) Syslog server
D) ICS server

Answer 18

C) Syslog server

Question 19

The term “Metadata” refers to data that provides information about other data, but not the actual content of the data. Typically, metadata is not visible to the user by default but can be accessed if needed. For example, email metadata, found in email headers, includes detailed information about the sender, recipient, and the route the message took. Mobile device metadata encompasses details such as the device model, geolocation, camera information, internet usage, phone call and text messaging activity, application usage statistics, and metadata from various files on the device. In web browsing, metadata comes from HTML meta tags located in the head section of a web page. For files, metadata includes details about the author (e.g., the file creator), file type, size, creation date and time, and the last modification date and time.

A) True
B) False

Answer 19

A) True

Question 20

A correlation engine used for processing various types of log data into an actionable information is a feature of:

A) Syslog server
B) SIEM dashboard
C) REST API
D) Log repository

Answer 20

B) SIEM dashboard

Question 21

Which of the answers listed below refers to a process of intercepting network traffic data for analysis and troubleshooting purposes?

A) AIS
B) PCAP
C) EDR
D) MaaS

Answer 21

B) PCAP

Question 22

A type of document stipulating rules of behavior to be followed by users of computers, networks, and associated resources is known as:

A) SLA
B) EULA
C) AUP
D) BPA

Answer 22

C) AUP

Question 23

Which of the following acronyms refers to a comprehensive strategy and set of procedures designed to ensure that an organization can continue its critical operations and functions during and after a disruptive event?

A) DRP
B) CP
C) BCP
D) COOP

Answer 23

C) BCP

Question 24

Which of the answers listed below refers to a set of procedures put in place to recover IT systems and data following a major disruption?

A) BCP
B) DRP
C) IRP
D) ERP

Answer 24

B) DRP

Question 25

Which of the following terms refers to a documented plan outlining the steps that should be taken in each phase of a cybersecurity incident?

A) DRP
B) IRP
C) BCP
D) ERP

Answer 25

B) IRP