COMPTIA CYSA+ (CYBERSECURITY ANALYST)
EXAM ACTUAL PREP QUESTIONS AND WELL
REVISED ANSWERS - LATEST AND COMPLETE
UPDATE WITH VERIFIED SOLUTIONS –
ASSURES PASS
Which tool is most commonly used to identify known vulnerabilities in systems?
A. SIEM
B. Packet sniffer
C. Vulnerability scanner
D. Firewall
Vulnerability scanners compare systems against known vulnerability databases to
identify weaknesses.
What is the primary purpose of a SIEM system?
A. Block malicious traffic
B. Aggregate and correlate security events
C. Encrypt sensitive data
D. Patch systems automatically
SIEM solutions collect logs from multiple sources and correlate them to detect
security incidents.
Which type of attack involves sending oversized ICMP packets?
A. Ping of Death
B. SYN flood
C. Smurf attack
,D. ARP poisoning
Ping of Death exploits improperly handled ICMP packets to crash systems.
What does a high number of failed login attempts typically indicate?
A. Misconfigured firewall
B. Brute-force attack
C. Insider threat
D. Data exfiltration
Repeated failed logins are a strong indicator of brute-force attempts.
Which log file is MOST useful for investigating authentication issues?
A. Application logs
B. DNS logs
C. Security logs
D. Web server logs
Security logs track authentication and authorization events.
What is the primary goal of threat intelligence?
A. Prevent all attacks
B. Encrypt network traffic
C. Provide actionable information about threats
D. Replace intrusion detection systems
Threat intelligence helps organizations understand and respond to potential
threats.
Which protocol is commonly abused in amplification attacks?
A. FTP
B. DNS
C. HTTPS
,D. SMTP
DNS amplification attacks exploit open resolvers to overwhelm victims.
What is the FIRST step in the incident response process?
A. Identification
B. Containment
C. Eradication
D. Recovery
Identification involves detecting and confirming an incident.
Which tool would BEST help analyze packet-level network traffic?
A. Antivirus
B. SIEM
C. Wireshark
D. Patch manager
Wireshark captures and analyzes network packets in detail.
What type of malware encrypts data and demands payment?
A. Spyware
B. Worm
C. Ransomware
D. Rootkit
Ransomware locks or encrypts data until a ransom is paid.
Which indicator is MOST likely associated with data exfiltration?
A. Increased CPU usage
B. Large outbound data transfers
C. Frequent system reboots
, D. Patch failures
Unusual outbound data volumes often indicate data being stolen.
What does the principle of least privilege require?
A. All users have admin access
B. Permissions are reviewed annually
C. Users have only the access needed to perform their job
D. Access is granted temporarily
Least privilege reduces risk by limiting unnecessary access.
Which type of analysis focuses on attacker behavior and techniques?
A. Signature-based
B. Vulnerability-based
C. Behavioral analysis
D. Configuration analysis
Behavioral analysis examines patterns and tactics rather than known signatures.
What is the primary function of an IDS?
A. Block malicious traffic
B. Detect suspicious activity
C. Encrypt network data
D. Scan for vulnerabilities
Intrusion Detection Systems alert on suspicious or malicious behavior.
Which log source is MOST helpful for detecting web-based attacks?
A. System logs
B. Web server logs
C. Authentication logs
EXAM ACTUAL PREP QUESTIONS AND WELL
REVISED ANSWERS - LATEST AND COMPLETE
UPDATE WITH VERIFIED SOLUTIONS –
ASSURES PASS
Which tool is most commonly used to identify known vulnerabilities in systems?
A. SIEM
B. Packet sniffer
C. Vulnerability scanner
D. Firewall
Vulnerability scanners compare systems against known vulnerability databases to
identify weaknesses.
What is the primary purpose of a SIEM system?
A. Block malicious traffic
B. Aggregate and correlate security events
C. Encrypt sensitive data
D. Patch systems automatically
SIEM solutions collect logs from multiple sources and correlate them to detect
security incidents.
Which type of attack involves sending oversized ICMP packets?
A. Ping of Death
B. SYN flood
C. Smurf attack
,D. ARP poisoning
Ping of Death exploits improperly handled ICMP packets to crash systems.
What does a high number of failed login attempts typically indicate?
A. Misconfigured firewall
B. Brute-force attack
C. Insider threat
D. Data exfiltration
Repeated failed logins are a strong indicator of brute-force attempts.
Which log file is MOST useful for investigating authentication issues?
A. Application logs
B. DNS logs
C. Security logs
D. Web server logs
Security logs track authentication and authorization events.
What is the primary goal of threat intelligence?
A. Prevent all attacks
B. Encrypt network traffic
C. Provide actionable information about threats
D. Replace intrusion detection systems
Threat intelligence helps organizations understand and respond to potential
threats.
Which protocol is commonly abused in amplification attacks?
A. FTP
B. DNS
C. HTTPS
,D. SMTP
DNS amplification attacks exploit open resolvers to overwhelm victims.
What is the FIRST step in the incident response process?
A. Identification
B. Containment
C. Eradication
D. Recovery
Identification involves detecting and confirming an incident.
Which tool would BEST help analyze packet-level network traffic?
A. Antivirus
B. SIEM
C. Wireshark
D. Patch manager
Wireshark captures and analyzes network packets in detail.
What type of malware encrypts data and demands payment?
A. Spyware
B. Worm
C. Ransomware
D. Rootkit
Ransomware locks or encrypts data until a ransom is paid.
Which indicator is MOST likely associated with data exfiltration?
A. Increased CPU usage
B. Large outbound data transfers
C. Frequent system reboots
, D. Patch failures
Unusual outbound data volumes often indicate data being stolen.
What does the principle of least privilege require?
A. All users have admin access
B. Permissions are reviewed annually
C. Users have only the access needed to perform their job
D. Access is granted temporarily
Least privilege reduces risk by limiting unnecessary access.
Which type of analysis focuses on attacker behavior and techniques?
A. Signature-based
B. Vulnerability-based
C. Behavioral analysis
D. Configuration analysis
Behavioral analysis examines patterns and tactics rather than known signatures.
What is the primary function of an IDS?
A. Block malicious traffic
B. Detect suspicious activity
C. Encrypt network data
D. Scan for vulnerabilities
Intrusion Detection Systems alert on suspicious or malicious behavior.
Which log source is MOST helpful for detecting web-based attacks?
A. System logs
B. Web server logs
C. Authentication logs
