Section 4.9 Demonstrate your acquired knowledge about data sources to support an investigation. This will demonstrate your proficiency for section 4.9 of the Security+ SY0-701 objectives. 1 / 25 Why might packet captures be considered sensitive in a forensic context? Store passwords Reduce overhead Require reboot Block updates 2 / 25 How can vulnerability scans assist a threat investigation? Detect rootkits Identify misconfigs Filter noise Isolate subnets 3 / 25 Which log source would show blocked communication attempts? Firewall logs Endpoint logs Email gateway logs Patch manager logs 4 / 25 Which of the following would best identify excessive login failures across systems? Firewall logs Endpoint logs Application logs Dashboards 5 / 25 What would you expect to see in metadata during an investigation? File hashes Raw text Signature keys Full contents 6 / 25 In which log would a port scanning attempt most likely be recorded? DHCP logs IDS logs Backup logs App server logs 7 / 25 Which data source provides the most detailed protocol-level insight? Endpoint logs Firewall logs Packet captures Dashboard alerts 8 / 25 What does a spike in outbound traffic on network logs most likely indicate? Phishing Data exfiltration Reconnaissance Keylogging 9 / 25 Which log best supports detection of fileless malware? OS security logs IDS logs Endpoint logs Firewall logs 10 / 25 Which data source helps in verifying whether a vulnerability has been patched? Packet logs IPS logs Vulnerability scans Metadata reports 11 / 25 Where would a system administrator most likely find signs of privilege escalation? Network logs Patch reports OS security logs IDS alerts 12 / 25 Why are endpoint logs critical during malware analysis? Show port scans Display CPU loads Capture local impact Record DNS queries 13 / 25 Which log is most valuable for correlating security events across multiple systems? IPS log Metadata Network log OS event log 14 / 25 Which log type would reveal communication between a compromised host and a command server? Firewall logs Application logs Patch logs DNS logs 15 / 25 What type of data does a packet capture typically include? File paths Encrypted tokens Raw network frames System patches 16 / 25 Which log source is most likely to detect a brute-force password attack? Firewall logs Application logs Endpoint logs Network logs 17 / 25 How can dashboards assist an analyst during an investigation? Replay traffic View trends Delete logs Encrypt data 18 / 25 Where would failed authentication attempts most likely appear? Network logs Email logs Application logs DHCP logs 19 / 25 Which log would most likely show a SQL injection attempt? IPS log DHCP log Kernel log Backup log 20 / 25 Which source is best for identifying vulnerabilities before they are exploited? IDS logs Packet captures Vulnerability scans Firewall logs 21 / 25 Why are automated reports beneficial in incident response? Prevent attacks Reduce log size Summarize trends Stop malware 22 / 25 Which log source would most likely reveal unauthorized registry edits on a workstation? OS logs Firewall logs Network logs IPS logs 23 / 25 What type of data can packet captures provide that logs typically cannot? Raw payloads Usernames Event codes Port status 24 / 25 What information is most commonly found in firewall logs? Patch levels IP traffic flows DNS records System uptime 25 / 25 Which log type is best suited for identifying lateral movement across hosts? Firewall logs Application logs Network logs Endpoint logs Your score isThe average score is 0% 0% Restart quiz Return to CompTia S+ SY0-701 Objectives
