CYSA+ Practice Exam UPDATED ACTUAL Questions and CORRECT Answers
Tom is preparing to build a credit card-processing system.
As he creates his design, he realizes that the operating
environment will not allow him to include one of the PCI Compensating control
DSS required elements. What type of control should Tom
discuss implementing?
Shane administers a Linux server running an Apache web
server. During the middle of his workday, tweets start to
appear in his Twitter feed about compromises of Apache A zero‐day exploit
web servers due to a flaw that had not been previously
reported. What type of threat is this?
Juan is analyzing systems on his network for known indi-
cators of compromise. What term best describes the work Threat hunting
he is performing?
Which one of the following controls may be used to attract
the attention of intruders who gain access to a network
Honeypot
segment so that they are distracted from high‐value tar-
gets and may be monitored?
While engaging in an attack, the attacker sends an email
message to the targeted victim that contains malicious
Delivery
software as an attachment. What phase of the Cyber Kill
Chain is occurring?
Theresa wants to collect threat intelligence information
from publicly available sources, and wants to find infor-
mation that is released as soon as possible, placing her
emphasis on information's timeliness. She is willing to Social media
have information be less accurate if it is more timely.
What collection source listed below would best fit this
requirement?
Karen is using Wireshark to analyze network traflc being
sent to and from a web server that allows both encrypted
, and unencrypted web connections. The server also allows
SSH access for users to securely drop off files. Which one
1433
of the following ports should not be seen in the Wireshark
packet capture?
Joanna has infrastructure that exists in both her organi-
zation's datacenter and in an infrastructure‐as‐a‐service
Hybrid
(IaaS) hosted environment. Which of the following terms
best describes this model?
Kevin is configuring a web‐based SIEM application and
would like it to trigger a vulnerability scan of a web serv-
er each time a certain event occurs in the SIEM. What Webhook
technology would he configure on the SIEM to allow this
action?
Sameer's organization includes an e‐commerce arm.
What type of vulnerability management reporting is he
Compliance reports
most likely to have to conduct due to accepting credit
cards?
Saanvi is starting his incident response process and has
been asked to immediately remediate the compromised
web servers that were impacted to allow them to return to Evidence retention
production. Why might he need to replace the drives in
the systems and keep hashed copies of them?
Jacob discovers that systems in his datacenter have begun
to connect to each other via SSH at regular intervals. Which
Irregular peer‐to‐peer communication
of the following indicators of potentially malicious activity
best matches this type of behavior?
Jerome has listed the systems and services that were in-
cluded in an incident. What common incident response Scope
report component best describes this?
2/8
Tom is preparing to build a credit card-processing system.
As he creates his design, he realizes that the operating
environment will not allow him to include one of the PCI Compensating control
DSS required elements. What type of control should Tom
discuss implementing?
Shane administers a Linux server running an Apache web
server. During the middle of his workday, tweets start to
appear in his Twitter feed about compromises of Apache A zero‐day exploit
web servers due to a flaw that had not been previously
reported. What type of threat is this?
Juan is analyzing systems on his network for known indi-
cators of compromise. What term best describes the work Threat hunting
he is performing?
Which one of the following controls may be used to attract
the attention of intruders who gain access to a network
Honeypot
segment so that they are distracted from high‐value tar-
gets and may be monitored?
While engaging in an attack, the attacker sends an email
message to the targeted victim that contains malicious
Delivery
software as an attachment. What phase of the Cyber Kill
Chain is occurring?
Theresa wants to collect threat intelligence information
from publicly available sources, and wants to find infor-
mation that is released as soon as possible, placing her
emphasis on information's timeliness. She is willing to Social media
have information be less accurate if it is more timely.
What collection source listed below would best fit this
requirement?
Karen is using Wireshark to analyze network traflc being
sent to and from a web server that allows both encrypted
, and unencrypted web connections. The server also allows
SSH access for users to securely drop off files. Which one
1433
of the following ports should not be seen in the Wireshark
packet capture?
Joanna has infrastructure that exists in both her organi-
zation's datacenter and in an infrastructure‐as‐a‐service
Hybrid
(IaaS) hosted environment. Which of the following terms
best describes this model?
Kevin is configuring a web‐based SIEM application and
would like it to trigger a vulnerability scan of a web serv-
er each time a certain event occurs in the SIEM. What Webhook
technology would he configure on the SIEM to allow this
action?
Sameer's organization includes an e‐commerce arm.
What type of vulnerability management reporting is he
Compliance reports
most likely to have to conduct due to accepting credit
cards?
Saanvi is starting his incident response process and has
been asked to immediately remediate the compromised
web servers that were impacted to allow them to return to Evidence retention
production. Why might he need to replace the drives in
the systems and keep hashed copies of them?
Jacob discovers that systems in his datacenter have begun
to connect to each other via SSH at regular intervals. Which
Irregular peer‐to‐peer communication
of the following indicators of potentially malicious activity
best matches this type of behavior?
Jerome has listed the systems and services that were in-
cluded in an incident. What common incident response Scope
report component best describes this?
2/8
