Written by students who passed Immediately available after payment Read online or as PDF Wrong document? Swap it for free 4.6 TrustPilot
logo-home
Exam (elaborations)

CYSA+ Mid-Term Exam with all Correct & 100% Verified Answers |Actual Complete Exam |Already Graded A+ (Just Released)

Rating
-
Sold
-
Pages
32
Grade
A+
Uploaded on
10-07-2026
Written in
2025/2026

CYSA+ Mid-Term Exam with all Correct & 100% Verified Answers |Actual Complete Exam |Already Graded A+ (Just Released)

Institution
Cysa
Course
Cysa

Content preview

CYSA+ Mid-Term Exam with all Correct & 100% Verified
Answers |Actual Complete Exam |Already Graded A+
(Just Released)

Which of the following is not an example of reconnaissance or gathering information of the
target company through open source intelligence?
A. Using LinkedIn and other social media to gather e-mail addresses of top executives
B. Performing passive reconnaissance by capturing packets and scanning ports
C. Monitoring job sites to learn what technologies are used
D. Performing DNS harvesting of company network data from external DNS servers ✔Correct
Answer-B. is correct. Capturing packets and scanning ports are not examples of passive
reconnaissance. Scanning ports is considering active reconnaissance. If your activities could
create entries in a log, then those actions are not passive.

What is the name of the command-line version of Wireshark?
A. nmap
B. tcpdump
C. Nessus
D. TShark ✔Correct Answer-D. is correct. TShark is the command-line interface of Wireshark.

You're at an employee's workstation. You need to quickly determine what other machines this
system is talking to. You don't have time to install extra tools. What command-line utility and
command-line switch will reveal connections between this workstation and others?
A. tcpdump -i -eth0
B. nikto -host
C. netstat -a
D. nbtstat -A ✔Correct Answer-C. is correct. The utility netstat is on the workstation and is
already a part of the operating system. Netstat is a command-line utility for viewing network
statistics information, such as what connections and protocols are in use. The command-line
switch -a will display all connections and listening ports.

You suspect an employee's workstation may be the source of malicious traffic. Which of the
following steps is the best course of action to determine both the type of traffic and this
workstation's participation in the traffic?
A. Set up packet capturing on a network device upstream from the workstation.
B. Set up packet capturing on the suspect workstation.
C. Set up packet capturing on a small group of servers identified as targets.
D. Install antivirus software on the suspect workstation. ✔Correct Answer-B. is correct.
Capturing packets from the suspect workstation will yield complete information regarding this
workstation as the source, thus demonstrating both the types of traffic and how the
workstation fits into the situation.

,Utilizing search sites as well as professional and social media sites with the goal of gathering
contact information is an example of what?
A. CVSS
B. OSINT
C. Social engineering
D. Phishing ✔Correct Answer-B is correct. OSINT, or open source intelligence, refers to
gathering information about a target without directly interacting with that target's
infrastructure

Which of the following is not an example of a virtualization technology?
A. Containers
B. Software-defined networking
C. Mirroring
D. Hypervisors ✔Correct Answer-C. is correct. Mirroring describes a technique of fault
tolerance in storage, or in the case of switch ports, it describes copying network traffic.
Mirroring is not a virtualization technology.

Which of the following is a Type 2 hypervisor?
A. VMware Player
B. Microsoft Hyper-V
C. VMware ESX
D. Kernel-based Virtual Machine ✔Correct Answer-A. is correct. VMware Player is a Type 2
hypervisor, which means it runs from within an operating system.

Which of the following is not an actual cloud computing technology?
A. IaaS
B. SaaS
C. PaaS
D. SDN ✔Correct Answer-D. is correct. Although SDN (or software-defined networking) is a
virtualization technology, it is not necessarily in the cloud.

You are tasked with scanning across the network space 192.168.2.x and identifying what
operating systems are presently running. Select the correct tool and command-line switch
necessary to determine what operating systems are running on that subnet.
A. nikto -Version 192.168.2.0
B. nmap -O 192.168.2.0/24
C. syslog -network 192.168.2.0-192.168.2.254
D. netstat -a 192.168.2.0 /24 ✔Correct Answer-B. is correct. Nmap is capable of detecting
operating systems, and the command-line syntax shown is correct.

A company has suffered a recent incident where a print server was infected with malware and
began aggressively scanning other machines on the network. The malware-infected server was
identified only after a significant number of other machines were experiencing issues. Although

,the problem was contained, the timing was an issue. The company asks you to suggest how
responding to problems like this could be done more quickly. What do you suggest?
A. The company should review the firewall rules for areas to improve.
B. The company should install an IDS on the network.
C. The company should install an IPS on the network.
D. The company should scan for further vulnerable print servers. ✔Correct Answer-C. is
correct. An IPS would not only identify the problem but immediately react to contain or
eliminate it.

What is a primary challenge to using cloud storage versus on-premises storage?
A. On-premises storage doesn't permit mobile access.
B. Expensive software licensing and hardware for cloud services.
C. Cloud resources put more emphasis on identity management.
D. Limited options for cloud computing. ✔Correct Answer-C. is correct. Identity management
becomes ever more important when users are accessing resources away from your control.

Wireshark and tcpdump are examples of what kind of application?
A. Syslog aggregators
B. Packet analyzers
C. Intrusion detection systems
D. Port scanners ✔Correct Answer-B. is correct. Wireshark and tcpdump are packet capturing
and analysis tools. Both will allow you to capture and view packets as well as perform varying
levels of analysis on network traffic.

Which of the following is not included when capturing packet headers but is provided with full
packet capture?
A. Source address
B. Payload
C. Protocol flags
D. Destination addres ✔Correct Answer-B. is correct. The payload is not captured when only
the packet header is captured.

Which of the following statements is not true when it comes to syslog?
A. Syslog supports a broad range of devices and events.
B. Messages can be aggregated into a single, nonhierarchical feed.
C. Devices are polled for messages, echoing back to a syslog server.
D. The syslog protocol and messaging come native in most firewalls and network devices as well
as most *nix systems. ✔Correct Answer-C. is correct. Syslog does not "poll" devices for event
messages. Syslog messages are only sent to a syslog server, with no prompting.

A company is frustrated by its firewall's inability to catch higher-level malicious attacks, such as
SQL injection and cross-site scripting (XSS). The firewall is unable to distinguish between valid
HTTP traffic and malicious attacks when such traffic traverses the firewall on port 80. What do
you see as the primary limitation of the firewall?

, A. The firewall is an application-layer firewall, unable to identify the higher-layer data.
B. The firewall needs to be partnered with an IDS or IPS.
C. The firewall rules need to be reviewed and likely changed.
D. The firewall is a layer 3 or 4 device and should be replaced with an application-layer device.
✔Correct Answer-D. is correct. The problem described seems to point to a standard firewall
that's unable to inspect application-layer traffic. It should be replaced with a capable,
application-layer firewall.

If an attacker is using nmap to map the network topology, which of the returned states of the
port scans provides the least information?
A. Unfiltered
B. Filtered
C. Closed
D. Open ✔Correct Answer-B. is correct. Filtered state means the nmap probe scan was unable
to reach the port, to hear back whether the port was open or closed. This would make the
attacker's efforts most difficult in mapping the network topology in order to understand the
various network areas such DMZ, perimeter devices, and other key network components

What would be an appropriate tool for performing service discovery on a large network?
A. An IDS (but no IPS) placed anywhere on the servers' local subnet
B. A HIDS placed on a target server
C. Any tool able to review firewall logs or router ACLs
D. A port scanner ✔Correct Answer-D. is correct. A port scanner would quickly reveal what
ports (and the services behind them) are open and listening on devices on the scanned
network.

When you're capturing packets on a wireless network versus a wired network, which of the
following statements are true? (Choose all that apply.)

A. Using promiscuous mode to view all packets applies on both wired and wireless networks.

B. Being in monitor mode allows for the capture of all 802.11 activity, without connection to the
access point.

C. Wireless signals can be relatively limited beyond a physical presence such as a fence.

D. Strong, secure encryption provides no protection against data exposed via eavesdropping.
✔Correct Answer-A and B are correct. A is correct because promiscuous mode, if supported by
the wireless card, is what allows the card to process all 802.11 activity, not just traffic targeted
to that card. B is correct because monitor mode allows the same visibility to all activity, even
without being connected to an access point.

Which of the following data sources would offer the least diverse, most precise kind of
information?

Written for

Institution
Cysa
Course
Cysa

Document information

Uploaded on
July 10, 2026
Number of pages
32
Written in
2025/2026
Type
Exam (elaborations)
Contains
Questions & answers

Subjects

$19.99
Get access to the full document:

Wrong document? Swap it for free Within 14 days of purchase and before downloading, you can choose a different document. You can simply spend the amount again.
Written by students who passed
Immediately available after payment
Read online or as PDF

Get to know the seller

Seller avatar
Reputation scores are based on the amount of documents a seller has sold for a fee and the reviews they have received for those documents. There are three levels: Bronze, Silver and Gold. The better the reputation, the more your can rely on the quality of the sellers work.
Stuvia2026 Teachme2-tutor
View profile
Follow You need to be logged in order to follow users or courses
Sold
24
Member since
1 year
Number of followers
1
Documents
5743
Last sold
2 weeks ago
\"Your trusted Hub for Academic Excellence\"

Stuvia 2024 is your trusted destination for top-tier study materials, including high-quality exams, assignments, and verified answer keys. Our content is crafted for excellence thorough, up-to-date, and tailored to help students succeed in their academic journey. Whether you\'re preparing for a final exam or need support with coursework, every document in our store is designed to provide clarity, accuracy, and confidence. At Stuvia 2024, academic success starts with the right resources.

Read more Read less
2.3

3 reviews

5
0
4
0
3
2
2
0
1
1

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

Student with book image

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Working on your references?

Create accurate citations in APA, MLA and Harvard with our free citation generator.

Working on your references?

Frequently asked questions