CompTIA Security+ · SY0-701
Objective 4.4: Explain security alerting and monitoring concepts and tools
Practice questions for Security+ objective 4.4, “Explain security alerting and monitoring concepts and tools.” Every question is original, written to the SY0-701 exam objectives, and comes with a full explanation — answer them below to see instant grading.
This objective sits in Domain 4.0: Security Operations, which is about 28% of the exam — so mastering it moves your readiness score meaningfully.
1.An organisation has a new SIEM deployment and initially receives 10,000 alerts per day, nearly all false positives. Which strategy BEST addresses this problem over time?
2.A security operations centre receives thousands of log events per hour from diverse sources. Which tool aggregates these logs, correlates events across sources, and generates prioritised security alerts?
3.A security team wants to measure the volume of network traffic between specific host pairs to detect large data transfers indicative of exfiltration. Which data source is MOST useful?
4.An analyst reviewing SIEM dashboards notices a sudden spike in DNS queries from a single workstation to many different external domains. Which threat does this pattern MOST likely indicate?
5.Which tool allows a security team to automatically respond to SIEM alerts by executing predefined playbooks, such as blocking an IP address or isolating a host?
Practice every objective, adaptively
CertBench tracks your score on 4.4 and every other objective, then builds a daily plan that targets your weakest spots. Start with the free diagnostic.
Take the free diagnostic