CYSA (73)-compressed Exam Questions and
Answers with Verified Solutions | Latest
Updated 2026
A recent zero-day vulnerability is A.
being actively exploited, requires CVSS:31/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:
no K/A:L
user interaction or privilege
escalation, and has a significant
impact to confidentiality and
integrity but not to availability.
Which
of the following CVE metrics would
be most accurate for this zero-day
threat?
A.
CVSS:31/AV:N/AC:L/PR:N/UI:N/S:
U/
C:H/I:K/A:L
B.
CVSS:31/AV:K/AC:L/PR:H/UI:R/S:
C/C:
H/I:H/A:L
C.
CVSS:31/AV:N/AC:L/PR:N/UI:H/S:
U/C
:L/I:N/A:H
D.
CVSS:31/AV:L/AC:L/PR:R/UI:R/S:
U/C:
H/I:L/A:H
,An organization conducted a web C. Configure an
application vulnerability Access-Control-Allow-Origin
assessment header to authorized domains
against the corporate website, and
the following output was observed:
Which of the following tuning
recommendations should the
security analyst share?
A. Set an HttpOnly flag to force
communication by HTTPS
B. Block requests without an X-
Frame-Options header
C. Configure an Access-Control-
Allow-Origin header to authorized
domains
D. Disable the cross-origin
resource
sharing header
Which of the following tools would D. DLP
work best to prevent the exposure
of
PII outside of an organization?
A. PAM
B. IDS
C. PKI
D. DLP
, The Chief Executive Officer of an C. A mean time to respond of 15 days
organization recently heard that
exploitation of new attacks in the
industry was happening
approximately 45 days after a
patch
was released. Which of the
following
would best protect this
organization?
A. A mean time to remediate of 30
days
B. A mean time to detect of 45
days
C. A mean time to respond of 15
days
D. Third-party application testing
A security analyst recently joined A. PowerShell
the
team and is trying to determine
which scripting language is being
used in a production script to
determine if it is malicious. Given
the
following script: Which of the
following scripting languages was
used in the script?
A. PowerShell
B. Ruby
C. Python
D. Shell script
Answers with Verified Solutions | Latest
Updated 2026
A recent zero-day vulnerability is A.
being actively exploited, requires CVSS:31/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:
no K/A:L
user interaction or privilege
escalation, and has a significant
impact to confidentiality and
integrity but not to availability.
Which
of the following CVE metrics would
be most accurate for this zero-day
threat?
A.
CVSS:31/AV:N/AC:L/PR:N/UI:N/S:
U/
C:H/I:K/A:L
B.
CVSS:31/AV:K/AC:L/PR:H/UI:R/S:
C/C:
H/I:H/A:L
C.
CVSS:31/AV:N/AC:L/PR:N/UI:H/S:
U/C
:L/I:N/A:H
D.
CVSS:31/AV:L/AC:L/PR:R/UI:R/S:
U/C:
H/I:L/A:H
,An organization conducted a web C. Configure an
application vulnerability Access-Control-Allow-Origin
assessment header to authorized domains
against the corporate website, and
the following output was observed:
Which of the following tuning
recommendations should the
security analyst share?
A. Set an HttpOnly flag to force
communication by HTTPS
B. Block requests without an X-
Frame-Options header
C. Configure an Access-Control-
Allow-Origin header to authorized
domains
D. Disable the cross-origin
resource
sharing header
Which of the following tools would D. DLP
work best to prevent the exposure
of
PII outside of an organization?
A. PAM
B. IDS
C. PKI
D. DLP
, The Chief Executive Officer of an C. A mean time to respond of 15 days
organization recently heard that
exploitation of new attacks in the
industry was happening
approximately 45 days after a
patch
was released. Which of the
following
would best protect this
organization?
A. A mean time to remediate of 30
days
B. A mean time to detect of 45
days
C. A mean time to respond of 15
days
D. Third-party application testing
A security analyst recently joined A. PowerShell
the
team and is trying to determine
which scripting language is being
used in a production script to
determine if it is malicious. Given
the
following script: Which of the
following scripting languages was
used in the script?
A. PowerShell
B. Ruby
C. Python
D. Shell script