CySA+ Practice Questions 1
CySA+ Practice Questions Quiz
Test your knowledge and readiness for the CySA+ certification with this comprehensive quiz. Covering key topics like incident response, vulnerability management, and security best practices, this quiz is designed to help you assess your understanding and prepare for the exam.
- 15 challenging questions
- Focus on real-world scenarios
- Immediate feedback on your answers
While reviewing network flow logs, John sees that network flow on a particular segment suddenly dropped to zero. What is the most likely cause of this?
A. A denial-of-service attack
B. A link failure
C. High bandwidth consumption
D. Beaconing
Charlotte is having a dispute with a co-worker over access to information contained in a database maintained by her co-worker’s department. Charlotte insists that she needs the information to carry out her job responsibilities, while the co-worker insists that nobody outside the department is allowed to access the information. Charlotte does not agree that the other department should be able to make this decision, and Charlotte’s supervisor agrees with her. What type of policy could Charlotte turn to for the most applicable guidance?
A. Data classification policy
B. Data retention policy
C. Data ownership policy
D. Acceptable use policy
Frank is conducting the recovery process after his organization experienced a security incident. During that process, he plans to apply patches to all of the systems in his environment. Which one of the following should be his highest priority for patching?
A. Windows systems
B. Systems involved in the incident
C. Linux systems
D. Web servers
Susan’s organization suffered from a major breach that was attributed to an advanced persistent threat (APT) that used exploits of zero-day vulnerabilities to gain control of systems on her company’s network. Which of the following is the least appropriate solution for Susan to recommend to help prevent future attacks of this type?
A. Heuristic attack detection methods
B. Signature-based attack detection methods
C. Segmentation
D. Leverage threat intelligence
During his investigation of a Windows system, Eric discovered that files were deleted and wants to determine whether a specific file previously existed on the computer. Which of the following is the least likely to be a potential location to discover evidence supporting that theory?
A. Windows registry
B. Master File Table
C. INDX files
D. Event logs
6. As part of her duties as an SOC analyst, Emily is tasked with monitoring intrusion detection sensors that cover her employer’s corporate headquarters network. During her shift, Emily’s IDS alarms report that a network scan has occurred from a system with IP address 10.0.11.19 on the organization’s WPA2 enterprise wireless network aimed at systems in the finance division. What data source should she check first?
A. Host firewall logs
B. AD authentication logs
C. Wireless authentication logs
D. WAF logs
Casey’s incident response process leads her to a production server that must stay online for her company’s business to remain operational. What method should she use to capture the data she needs?
A. Live image to an external drive.
B. Live image to the system’s primary drive.
C. Take the system offline and image to an external drive.
D. Take the system offline, install a write blocker on the system’s primary drive, and then image it to an external drive.
During a routine upgrade, Maria inadvertently changes the permissions to a critical directory, causing an outage of her organization’s RADIUS infrastructure. How should this threat be categorized using NIST’s threat categories?
A. Adversarial
B. Accidental
C. Structural
D. Environmental
What does the nmap response “filtered” mean in port scan results?
A. Nmap cannot tell whether the port is open or closed.
B. A firewall was detected.
C. An IPS was detected
D. There is no application listening, but there may be one at any time.
Darcy is the security administrator for a hospital that operates in the United States and is subject to the Health Insurance Portability and Accountability Act (HIPAA). She is designing a vulnerability scanning program for the hospital’s data center that stores and processes electronic protected health information (ePHI). What is the minimum scanning frequency for this environment, assuming that the scan shows no critical vulnerabilities?
A. Every 30 days
B. Every 90 days
C. Every 180 days
D. No scanning is required.
Q11
During her review of incident logs, Laura discovers the initial entry via SSH on a front-facing bastion host (A) at 8:02 a.m. If the network that Laura is responsible for is designed as shown here, what is the most likely diagnosis if the second intrusion shows up on host B at 7:15 a.m.?
A. Internal host B was previously compromised.
B. Host A was compromised; then host B was compromised.
C. Host B and host A are not both synchronized to NTP properly.
D. An internal threat compromised host B and then host A.
Matt recently ran a vulnerability scan of his organization’s network and received the results shown here. He would like to remediate the server with the highest number of the most serious vulnerabilities first. Which one of the following servers should be on his highest priority list?
Q12
A. Server A
B. Server B
C. Server C
D. Server D
Q13
Frank has been tasked with conducting a risk assessment for the midsize bank that he works at because of a recent compromise of their online banking web application. Frank has chosen to use the NIST 800-30 risk assessment framework shown here. What likelihood of occurrence should he assign to breaches of the web application?
A. Low
B. Medium
C. High
D. Cannot be determined from the information given
Hank’s boss recently came back from a CEO summit event where he learned about the importance of cybersecurity and the role of vulnerability scanning. He asked Hank about the vulnerability scans conducted by the organization and suggested that instead of running weekly scans that they simply configure the scanner to start a new scan immediately after the prior scan completes. How should Hank react to this request?
A. Hank should inform the CEO that this would have a negative impact on system performance and is not recommended.
B. Hank should immediately implement the CEO’s suggestion.
C. Hank should consider the request and work with networking and engineering teams on possible implementation.
D. Hank should inform the CEO that there is no incremental security benefit from this approach and that he does not recommend it.
{"name":"CySA+ Practice Questions 1", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Test your knowledge and readiness for the CySA+ certification with this comprehensive quiz. Covering key topics like incident response, vulnerability management, and security best practices, this quiz is designed to help you assess your understanding and prepare for the exam.15 challenging questionsFocus on real-world scenariosImmediate feedback on your answers","img":"https:/images/course8.png"}
More Quizzes
I would like the quiz to test the participants in a workshop about modern Cybersecurity Operation Centers Building blocks, Architecture, Main services, the importance of Cyber Threat Intelligence, CTI lifecycle, CTI types (Strategic, Tactical, technical and operational), CTI protocols, CTI open source feeds, CTI opensource and online platforms - take the quiz
8463
Info Security Chapter 1
20100
Cybersecurity Proficiency Quiz
301563
Cybersecurity Quiz - Who you gonna call
11610
Cybersecurity Services Quiz
7448
Quiz 2
11612
Security Plus 10q Part 2
10524
MITRE ATT&CK Intro
1780
Principles of Information Security CH1
23120
Information assurance 1
10531
Practice QUIZ
10523
Using Threat Intelligence
520