CompTIA CySA+ Practice Exam Questions
And Correct Answers (Verified Answers)
Plus Rationales 2025/2026 Q&A | Instant
Download Pdf
1. Which of the following best describes the purpose of a SIEM system?
A. To perform penetration testing
B. To collect and analyze security event logs
C. To encrypt stored data
D. To manage user accounts
SIEM (Security Information and Event Management) aggregates logs and
events from multiple sources for correlation and threat detection.
2. What is the main goal of threat hunting?
A. Automate malware detection
B. Proactively search for threats that evade existing defenses
C. Replace antivirus software
D. Improve network performance
Threat hunting identifies threats not caught by automated tools.
3. A cybersecurity analyst notices unusual outbound traffic to an unknown IP
address. What should be done first?
A. Block the IP address
B. Validate and analyze the traffic
C. Disconnect the system from the network
D. Notify law enforcement
Analysts should first confirm the legitimacy of the traffic before taking action.
,4. What does CVSS stand for in vulnerability management?
A. Centralized Vulnerability Scoring System
B. Common Vulnerability Scoring System
C. Cybersecurity Vulnerability Scanning System
D. Computer Virus Scoring System
CVSS standardizes the severity rating of vulnerabilities.
5. Which attack uses a large number of compromised devices to flood a
network?
A. Phishing
B. Distributed Denial of Service (DDoS)
C. SQL Injection
D. Cross-site Scripting
DDoS attacks use multiple compromised systems to overwhelm a target.
6. What is the primary benefit of network segmentation?
A. Reduces encryption needs
B. Increases latency
C. Limits lateral movement of attackers
D. Simplifies authentication
Segmentation confines attacks to smaller network zones.
7. Which of the following best defines a false positive in IDS alerts?
A. A real attack missed by the system
B. Benign activity flagged as malicious
C. A real attack correctly identified
D. A missed alert
False positives occur when legitimate activity is incorrectly flagged.
8. What is the main function of a vulnerability scanner?
, A. Apply patches automatically
B. Identify potential weaknesses in systems
C. Perform brute-force attacks
D. Encrypt network data
Vulnerability scanners find potential flaws before exploitation.
9. Which type of malware encrypts files and demands payment?
A. Worm
B. Trojan
C. Ransomware
D. Rootkit
Ransomware locks or encrypts files until a ransom is paid.
10. What does the term “data exfiltration” mean?
A. Inbound data flooding
B. Unauthorized transfer of data outside the network
C. Data encryption at rest
D. Data loss from backup failure
Data exfiltration involves the theft of sensitive information.
11. Which of these best describes “threat intelligence”?
A. A firewall configuration
B. Information about potential and active threats
C. A password policy
D. A SIEM report
Threat intelligence provides context about adversaries and their tactics.
12. Which framework focuses on identifying, protecting, detecting,
responding, and recovering?
A. ISO 27001
B. COBIT
C. NIST Cybersecurity Framework
And Correct Answers (Verified Answers)
Plus Rationales 2025/2026 Q&A | Instant
Download Pdf
1. Which of the following best describes the purpose of a SIEM system?
A. To perform penetration testing
B. To collect and analyze security event logs
C. To encrypt stored data
D. To manage user accounts
SIEM (Security Information and Event Management) aggregates logs and
events from multiple sources for correlation and threat detection.
2. What is the main goal of threat hunting?
A. Automate malware detection
B. Proactively search for threats that evade existing defenses
C. Replace antivirus software
D. Improve network performance
Threat hunting identifies threats not caught by automated tools.
3. A cybersecurity analyst notices unusual outbound traffic to an unknown IP
address. What should be done first?
A. Block the IP address
B. Validate and analyze the traffic
C. Disconnect the system from the network
D. Notify law enforcement
Analysts should first confirm the legitimacy of the traffic before taking action.
,4. What does CVSS stand for in vulnerability management?
A. Centralized Vulnerability Scoring System
B. Common Vulnerability Scoring System
C. Cybersecurity Vulnerability Scanning System
D. Computer Virus Scoring System
CVSS standardizes the severity rating of vulnerabilities.
5. Which attack uses a large number of compromised devices to flood a
network?
A. Phishing
B. Distributed Denial of Service (DDoS)
C. SQL Injection
D. Cross-site Scripting
DDoS attacks use multiple compromised systems to overwhelm a target.
6. What is the primary benefit of network segmentation?
A. Reduces encryption needs
B. Increases latency
C. Limits lateral movement of attackers
D. Simplifies authentication
Segmentation confines attacks to smaller network zones.
7. Which of the following best defines a false positive in IDS alerts?
A. A real attack missed by the system
B. Benign activity flagged as malicious
C. A real attack correctly identified
D. A missed alert
False positives occur when legitimate activity is incorrectly flagged.
8. What is the main function of a vulnerability scanner?
, A. Apply patches automatically
B. Identify potential weaknesses in systems
C. Perform brute-force attacks
D. Encrypt network data
Vulnerability scanners find potential flaws before exploitation.
9. Which type of malware encrypts files and demands payment?
A. Worm
B. Trojan
C. Ransomware
D. Rootkit
Ransomware locks or encrypts files until a ransom is paid.
10. What does the term “data exfiltration” mean?
A. Inbound data flooding
B. Unauthorized transfer of data outside the network
C. Data encryption at rest
D. Data loss from backup failure
Data exfiltration involves the theft of sensitive information.
11. Which of these best describes “threat intelligence”?
A. A firewall configuration
B. Information about potential and active threats
C. A password policy
D. A SIEM report
Threat intelligence provides context about adversaries and their tactics.
12. Which framework focuses on identifying, protecting, detecting,
responding, and recovering?
A. ISO 27001
B. COBIT
C. NIST Cybersecurity Framework
