IOC Quiz: Can You Spot the Breach?

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Thames
T
Thames
Community Contributor
Quizzes Created: 7097 | Total Attempts: 80,150
| Questions: 20 | Updated: Jul 3, 2026
Quiz
Please wait...
Question 1 / 21
🏆 Rank #--
0 %
0/100
Score 0/100

1. Detecting connections to known command-and-control (C2) server IP addresses is an example of a ____-based IOC.

Submit
Please wait...
About This Quiz
Ioc Quiz: Can You Spot The Breach? - Quiz

This quiz tests your ability to identify Indicators of Compromise (Security+) in real-world scenarios. Learn to recognize suspicious network activity, file system artifacts, and behavioral patterns that signal a security breach. Essential for CompTIA Security+ certification and incident response roles, this assessment builds practical detection skills.

2.

What first name or nickname would you like us to use?

You may optionally provide this to label your report, leaderboard, or certificate.

2. A suspicious .lnk file pointing to a hidden executable is an example of a ____-based IOC.

Submit

3. What does detecting a web shell file in a publicly accessible directory indicate?

Submit

4. Unauthorized changes to system files or DLL injection attempts are indicators of ____.

Submit

5. Which of the following indicates a potential data breach in progress?

Submit

6. Detecting unusual file access patterns outside normal business hours is a ____-based indicator.

Submit

7. What does a sudden increase in database queries from a dormant user account suggest?

Submit

8. An unexpected driver installation or unsigned kernel module loading is an indicator of ____.

Submit

9. Which tool or log source is most useful for identifying process execution indicators?

Submit

10. What does the presence of suspicious PowerShell scripts in the Event Viewer logs indicate?

Submit

11. Which of the following is a network-based indicator of compromise?

Submit

12. Which of these is a host-based indicator of compromise?

Submit

13. A spike in SMTP traffic on non-standard ports suggests ____.

Submit

14. What does unusual scheduled task creation in Windows indicate?

Submit

15. An encrypted file with a .exe extension appearing in a document folder is likely an indicator of which threat?

Submit

16. Which registry modification is commonly associated with persistence mechanisms used by attackers?

Submit

17. Detecting a new user account created outside normal business hours is an indicator of ____.

Submit

18. Which file system artifact is most indicative of a recent data exfiltration?

Submit

19. What does an unusual process spawning from System32 typically indicate?

Submit

20. A sudden spike in failed login attempts across multiple accounts suggests which type of attack?

Submit
×
Saved
Thank you for your feedback!
View My Results
Cancel
  • All
    All (20)
  • Unanswered
    Unanswered ()
  • Answered
    Answered ()
Detecting connections to known command-and-control (C2) server IP...
A suspicious .lnk file pointing to a hidden executable is an example...
What does detecting a web shell file in a publicly accessible...
Unauthorized changes to system files or DLL injection attempts are...
Which of the following indicates a potential data breach in progress?
Detecting unusual file access patterns outside normal business hours...
What does a sudden increase in database queries from a dormant user...
An unexpected driver installation or unsigned kernel module loading is...
Which tool or log source is most useful for identifying process...
What does the presence of suspicious PowerShell scripts in the Event...
Which of the following is a network-based indicator of compromise?
Which of these is a host-based indicator of compromise?
A spike in SMTP traffic on non-standard ports suggests ____.
What does unusual scheduled task creation in Windows indicate?
An encrypted file with a .exe extension appearing in a document folder...
Which registry modification is commonly associated with persistence...
Detecting a new user account created outside normal business hours is...
Which file system artifact is most indicative of a recent data...
What does an unusual process spawning from System32 typically...
A sudden spike in failed login attempts across multiple accounts...
play-Mute sad happy unanswered_answer up-hover down-hover success oval cancel Check box square blue
Alert!