Section 4.8 Demonstrate your acquired knowledge about appropriate incident response activities. This will demonstrate your proficiency for section 4.8 of the Security+ SY0-701 objectives. 1 / 25 What is the primary objective of threat hunting? React to alerts Proactively find threats Train new analysts Restore services 2 / 25 Which activity involves identifying and documenting all actions taken during an incident? Reporting Detection Containment Recovery 3 / 25 What is the main benefit of simulation exercises? Real-time testing Policy creation Data encryption User onboarding 4 / 25 Which process ensures that evidence remains admissible in court? Chain of custody Threat hunting Risk assessment User training 5 / 25 What is the purpose of conducting a post-incident review? Assign blame Improve response Delay reporting Increase costs 6 / 25 Which phase involves removing malicious artifacts from systems? Containment Detection Eradication Recovery 7 / 25 What is the primary focus during the analysis phase? Restore operations Identify root cause Train staff Notify users 8 / 25 Which activity helps identify weaknesses before an incident occurs? Tabletop exercise Recovery planning Eradication Legal hold 9 / 25 What is a key component of the preparation phase? Incident detection Policy development System restoration Threat eradication 10 / 25 During which phase is evidence preserved for potential legal use? Recovery Preparation Preservation Detection 11 / 25 What is the main goal of reporting in incident response? Notify stakeholders Train employees Acquire tools Restore systems 12 / 25 Which activity involves collecting digital evidence for legal proceedings? E-discovery Threat hunting Risk analysis User auditing 13 / 25 What does chain of custody ensure? Data integrity Rapid response User training System uptime 14 / 25 Why is legal hold important in incident response? Prevents data loss Ensures compliance Speeds recovery Trains personnel 15 / 25 What is the first step in digital forensics? Preservation Reporting Acquisition Analysis 16 / 25 Which process involves proactively searching for threats not yet detected? Threat hunting Incident response Vulnerability scanning Risk assessment 17 / 25 What distinguishes a simulation exercise from a tabletop exercise? Involves real systems Requires no planning Uses only documentation Excludes stakeholders 18 / 25 Which exercise involves discussing simulated scenarios without actual execution? Simulation Tabletop Penetration Red teaming 19 / 25 What is the purpose of the lessons learned phase? Train new staff Improve processes Acquire tools Monitor systems 20 / 25 During which phase are systems restored to normal operation? Detection Recovery Analysis Preparation 21 / 25 What is the main objective during the eradication phase? Document findings Remove threats Notify users Update policies 22 / 25 Which activity is most associated with the containment phase? Isolating systems Restoring data Training staff Acquiring evidence 23 / 25 In which phase is the root cause of an incident determined? Analysis Eradication Recovery Containment 24 / 25 What is the primary goal during the detection phase of incident response? Eliminate threats Identify indicators Restore services Conduct training 25 / 25 Which phase involves establishing and maintaining the incident response capability? Preparation Detection Containment Recovery Your score isThe average score is 0% 0% Restart quiz Return to CompTia S+ SY0-701 Objectives
