Security Operations
64 free practice questions with explanations
PassNova has 64 free CompTIA Security+ practice questions on Security Operations, each with a clear explanation. Practise them in the browser with instant feedback — 100% free, no sign-up, on any device. Updated for 2026.
Security Operations: example questions & answers
Here are 6 example questions from this topic. Practise the full set of 64 free in the browser.
-
Which is the FIRST phase of the incident response lifecycle?
- A Containment
- B Preparation ✓
- C Eradication
- D Recovery
Answer: Preparation is the first phase, establishing tools, plans, and training before incidents occur.
-
Which incident response phase limits the spread of an incident?
- A Detection
- B Containment ✓
- C Recovery
- D Lessons learned
Answer: Containment limits the incident's spread and impact while remediation is planned.
-
Which incident response phase removes the threat from the environment?
- A Containment
- B Eradication ✓
- C Recovery
- D Preparation
Answer: Eradication removes malware, compromised accounts, and the root cause from the environment.
-
Which incident response phase restores systems to normal operation?
- A Eradication
- B Recovery ✓
- C Containment
- D Detection
Answer: Recovery restores affected systems to normal, validated operation.
-
Which final incident response phase improves future response?
- A Recovery
- B Lessons learned ✓
- C Containment
- D Detection
Answer: Lessons learned reviews the incident to improve processes and prevent recurrence.
-
Which tool centrally collects and correlates logs for detection?
- A SIEM ✓
- B DNS
- C NTP
- D NAT
Answer: A SIEM aggregates and correlates logs to detect and investigate security events.