CompTIA Security+ · SY0-701

Objective 4.9: Given a scenario, use data sources to support an investigation

Practice questions for Security+ objective 4.9, Given a scenario, use data sources to support an investigation.” Every question is original, written to the SY0-701 exam objectives, and comes with a full explanation — answer them below to see instant grading.

This objective sits in Domain 4.0: Security Operations, which is about 28% of the exam — so mastering it moves your readiness score meaningfully.

1.An analyst wants to determine whether a malicious script attempted to resolve a known malware C2 domain from a compromised host. Which log source is MOST relevant?

2.Which type of log would contain details about a user uploading a sensitive file to a web-based file sharing service, including the filename and destination URL?

3.An analyst reviewing firewall logs notices repeated connection attempts from an external IP to port 3389 (RDP) on a DMZ server, all denied. What does this pattern MOST likely indicate?

4.An analyst is correlating logs to investigate a lateral movement incident. Which combination of log sources BEST reveals an attacker moving from a compromised workstation to additional internal servers using stolen credentials?

5.An analyst wants to investigate the email headers of a suspected phishing message to identify the originating mail server and trace the delivery path. Which data source is being used?

Practice every objective, adaptively

CertBench tracks your score on 4.9 and every other objective, then builds a daily plan that targets your weakest spots. Start with the free diagnostic.

Take the free diagnostic

More objectives in Domain 4.0

← All Security+ practice questions