CompTIA Security plus Certification Practice test question 2 for exam SY0-401

CompTIA Security+ Practice test – sample question 2

For CompTIA Security+ Certification Exam SY0-401

NOTE: These sample questions are examples of the types of questions you would be seeing on the Security+ exam and in CertBlaster but you would have to be in the software to experience the performance based questions. The CertBlaster test engine provides all the questions types you would see at the exam such as in-simulator questions, drag and drop, list and reorder etc.


Security+ Sample Question 2

Below is a list of the six steps taken for damage control at a crime scene. Order these from the most urgent step on top and the remaining steps in decreasing order of urgency.

Secure physical security features.

Neutralize the suspected perpetrator from harming others (if applicable).

Contact the response team.

Report the incident to security or the police.

Confront any suspects (if applicable).

Quarantine electronic equipment.

The correct answer is at the very bottom of this page (to give you a chance to think about it first).

When an illegal or unauthorized incident occurs that involves a computer or other electronic device that contains digital evidence, it is critical that action be taken immediately. When it comes to securing a crime scene, a delay of even just a few minutes can allow the digital evidence to become contaminated by other users or give a perpetrator time to destroy it. When such an event occurs, it is incumbent on those individuals in the immediate vicinity to apply best practices for damage control in order to minimize any loss of evidence.

Security+ Exam Objective addressed in above question:
Main Domain 2.0 Compliance and Operational Security  – Sub-objective 2.5 Summarize common incident response procedures.

For a complete practice tests series with multiple exam simulations and drills with all question types including simulation based items see our Security+ practice test. It has over 400 practice questions, answers and explanations!


The correct order is as below:

  1. Report the incident to security or the police.
  2. Confront any suspects (if the situation allows).
  3. Neutralize the suspected perpetrator from harming others (if necessary).
  4. Secure physical security features.
  5. Quarantine electronic equipment.
  6. Contact the response team.

Leave a Reply

Your email address will not be published. Required fields are marked *

On Facebook

Share This
Real Time Web Analytics