CompTIA Security+ · SY0-701
Objective 2.4: Given a scenario, analyze indicators of malicious activity
Practice questions for Security+ objective 2.4, “Given a scenario, analyze indicators of malicious activity.” Every question is original, written to the SY0-701 exam objectives, and comes with a full explanation — answer them below to see instant grading.
This objective sits in Domain 2.0: Threats, Vulnerabilities, and Mitigations, which is about 22% of the exam — so mastering it moves your readiness score meaningfully.
1.An application server's logs show requests containing strings like "../../etc/passwd" in URL parameters. Which attack type is indicated?
2.Security researchers analyze a malware sample and determine it actively looks for antivirus processes and terminates them, uses encryption to hide C2 communications, and employs code obfuscation to evade signature detection. These are indicators of which malware sophistication level and type?
3.During a forensic investigation, an analyst discovers that log files on a compromised server covering the period of the intrusion have been deleted. The attacker also modified timestamps on remaining files. Which malicious activity category do these actions fall under?
4.Security logs show that a user account successfully authenticated from New York at 9:00 AM and from Tokyo at 9:15 AM. Which type of malicious activity is most likely indicated?
5.A web application firewall alerts on requests containing "' OR 1=1 --" in login form fields. Which attack type is indicated, and what is the attacker attempting to achieve?
Practice every objective, adaptively
CertBench tracks your score on 2.4 and every other objective, then builds a daily plan that targets your weakest spots. Start with the free diagnostic.
Take the free diagnostic