CYSA+ Exam Topics UPDATED ACTUAL Questions and CORRECT Answers
A recent zero-day vulnerability is being actively exploited,
requires no user interaction or privilege escalation, and
has a significant impact to confidentiality and integrity CVSS:31/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:K/A:L
but not to availability. Which of the following CVE metrics
would be most accurate for this zero-day threat?
Which of the following tools would work best to prevent
DLP
the exposure of PII outside of an organization?
An organization conducted a web application vulnerability Configure an Access-Control-Allow-Origin header to au-
assessment against the corporate website, and the follow- thorized domains
ing output was observed:
Which of the following tuning recommendations should
the security analyst share?
Which of the following items should be included in a
Affected Hosts & Risk Score
vulnerability scan report? (Choose two.)
The Chief Executive Oflcer of an organization recently
heard that exploitation of new attacks in the industry was
happening approximately 45 days after a patch was re- A mean time to remediate of 30 days
leased. Which of the following would best protect this
organization?
A security analyst recently joined the team and is trying
to determine which scripting language is being used in a
production script to
determine if it is malicious. Given the following script:
foreach ($user in Get-Content .\this.txt) PowerShell
{
Get-ADUser $user -Properties primaryGroupID | se-
lect-object primaryGroupID
Add-ADGroupMember "Domain Users" -Members
,$user
Set-ADUser $user -Replace @{primaryGroupID=513}
}
Which of the following scripting languages was used in
the script?
A company's user accounts have been compromised.
Users are also reporting that the company's internal portal
An on-path attack is being performed by someone with
is sometimes only accessible through HTTP, other times; it
internal access that forces users into port 80
is accessible through HTTPS. Which of the following most
likely describes the observed activity?
A security analyst is tasked with prioritizing vulnerabilities
for remediation. The relevant company security policies
are shown below:Security Policy 1006: Vulnerability Man-
agement
1. The Company shall use the CVSSv3.1 Base Score Metrics
(Exploitability and Impact) to prioritize the remediation of
security vulnerabilities.
Name: CAP.SHIELD -CVSS
2. In situations where a choice must be made between
3.1 /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExternal Sys-
confidentiality and availability, the Company shall priori-
tem
tize confidentiality of data over availability of systems and
data.
3. The Company shall prioritize patching of publicly avail-
able systems and services over patching of internally avail-
able system.
According to the security policy, which of the following
vulnerabilities should be the highest priority to patch?
Business Continuity Plan
,Which of the following will most likely ensure that mis-
sion-critical services are available in the event of an inci-
dent?
The Chief Information Security Oflcer wants to eliminate
and reduce shadow IT in the enterprise. Several high-risk
cloud applications are used that increase the risk to the Deploy a CASB and enable policy enforcement
organization. Which of the following solutions will assist
in reducing the risk?
An incident response team receives an alert to start an
investigation of an internet outage. The outage is prevent-
ing all users in multiple locations from accessing external
DNS
SaaS resources. The team determines the organization
was impacted by a DDoS attack. Which of the following
logs should the team review first?
A malicious actor has gained access to an internal network
by means of social engineering. The actor does not want
to lose access in order to continue the attack. Which of the Exploitation
following best describes the current stage of the Cyber Kill
Chain that the threat actor is currently operating in?
An analyst finds that an IP address outside of the company
network that is being used to run network and vulnerabili-
Reconnaissance
ty scans across external-facing assets. Which of the follow-
ing steps of an attack framework is the analyst witnessing?
An incident response analyst notices multiple emails tra-
versing the network that target only the administrators of
the company. The email contains a concealed URL that
Social Engineering Attack & Obfuscated Links
leads to an unknown website in another country. Which of
the following best describes what is happening? (Choose
two.)
, During security scanning, a security analyst regularly finds
the same vulnerabilities in a critical application. Which of Use application security scanning as part of the pipeline
the following recommendations would best mitigate this for the CI/CD flow
problem if applied along the SDLC phase?
An analyst is reviewing a vulnerability report and must
make recommendations to the executive team. The analyst
finds that most systems can be upgraded with a reboot
resulting in a single downtime window. However, two of
Proprietary Systems
the critical systems cannot be upgraded due to a vendor
appliance that the company does not have access to.
Which of the following inhibitors to remediation do these
systems and associated vulnerabilities best represent?
The security team reviews a web server for XSS and runs
the following Nmap scan:
#nmap -p80 --script http-unsafe-output-escaping
172.31.15.2
The vulnerable parameter and characters > and " with a
PORT STATE SERVICE REASON
reflected XSS attempt
80/tcp open http syn-ack
| http-unsafe-output-escaping:
| Characters [> " '] reflected in parameter id at
http://172.31.15.2/1.php?id=2
Which of the following most accurately describes the re-
sult of the scan?
Which of the following is the best action to take after
the conclusion of a security incident to improve incident Schedule a review with all teams to discuss what occurred
response in the future?
Reverse Engineering
A recent zero-day vulnerability is being actively exploited,
requires no user interaction or privilege escalation, and
has a significant impact to confidentiality and integrity CVSS:31/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:K/A:L
but not to availability. Which of the following CVE metrics
would be most accurate for this zero-day threat?
Which of the following tools would work best to prevent
DLP
the exposure of PII outside of an organization?
An organization conducted a web application vulnerability Configure an Access-Control-Allow-Origin header to au-
assessment against the corporate website, and the follow- thorized domains
ing output was observed:
Which of the following tuning recommendations should
the security analyst share?
Which of the following items should be included in a
Affected Hosts & Risk Score
vulnerability scan report? (Choose two.)
The Chief Executive Oflcer of an organization recently
heard that exploitation of new attacks in the industry was
happening approximately 45 days after a patch was re- A mean time to remediate of 30 days
leased. Which of the following would best protect this
organization?
A security analyst recently joined the team and is trying
to determine which scripting language is being used in a
production script to
determine if it is malicious. Given the following script:
foreach ($user in Get-Content .\this.txt) PowerShell
{
Get-ADUser $user -Properties primaryGroupID | se-
lect-object primaryGroupID
Add-ADGroupMember "Domain Users" -Members
,$user
Set-ADUser $user -Replace @{primaryGroupID=513}
}
Which of the following scripting languages was used in
the script?
A company's user accounts have been compromised.
Users are also reporting that the company's internal portal
An on-path attack is being performed by someone with
is sometimes only accessible through HTTP, other times; it
internal access that forces users into port 80
is accessible through HTTPS. Which of the following most
likely describes the observed activity?
A security analyst is tasked with prioritizing vulnerabilities
for remediation. The relevant company security policies
are shown below:Security Policy 1006: Vulnerability Man-
agement
1. The Company shall use the CVSSv3.1 Base Score Metrics
(Exploitability and Impact) to prioritize the remediation of
security vulnerabilities.
Name: CAP.SHIELD -CVSS
2. In situations where a choice must be made between
3.1 /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExternal Sys-
confidentiality and availability, the Company shall priori-
tem
tize confidentiality of data over availability of systems and
data.
3. The Company shall prioritize patching of publicly avail-
able systems and services over patching of internally avail-
able system.
According to the security policy, which of the following
vulnerabilities should be the highest priority to patch?
Business Continuity Plan
,Which of the following will most likely ensure that mis-
sion-critical services are available in the event of an inci-
dent?
The Chief Information Security Oflcer wants to eliminate
and reduce shadow IT in the enterprise. Several high-risk
cloud applications are used that increase the risk to the Deploy a CASB and enable policy enforcement
organization. Which of the following solutions will assist
in reducing the risk?
An incident response team receives an alert to start an
investigation of an internet outage. The outage is prevent-
ing all users in multiple locations from accessing external
DNS
SaaS resources. The team determines the organization
was impacted by a DDoS attack. Which of the following
logs should the team review first?
A malicious actor has gained access to an internal network
by means of social engineering. The actor does not want
to lose access in order to continue the attack. Which of the Exploitation
following best describes the current stage of the Cyber Kill
Chain that the threat actor is currently operating in?
An analyst finds that an IP address outside of the company
network that is being used to run network and vulnerabili-
Reconnaissance
ty scans across external-facing assets. Which of the follow-
ing steps of an attack framework is the analyst witnessing?
An incident response analyst notices multiple emails tra-
versing the network that target only the administrators of
the company. The email contains a concealed URL that
Social Engineering Attack & Obfuscated Links
leads to an unknown website in another country. Which of
the following best describes what is happening? (Choose
two.)
, During security scanning, a security analyst regularly finds
the same vulnerabilities in a critical application. Which of Use application security scanning as part of the pipeline
the following recommendations would best mitigate this for the CI/CD flow
problem if applied along the SDLC phase?
An analyst is reviewing a vulnerability report and must
make recommendations to the executive team. The analyst
finds that most systems can be upgraded with a reboot
resulting in a single downtime window. However, two of
Proprietary Systems
the critical systems cannot be upgraded due to a vendor
appliance that the company does not have access to.
Which of the following inhibitors to remediation do these
systems and associated vulnerabilities best represent?
The security team reviews a web server for XSS and runs
the following Nmap scan:
#nmap -p80 --script http-unsafe-output-escaping
172.31.15.2
The vulnerable parameter and characters > and " with a
PORT STATE SERVICE REASON
reflected XSS attempt
80/tcp open http syn-ack
| http-unsafe-output-escaping:
| Characters [> " '] reflected in parameter id at
http://172.31.15.2/1.php?id=2
Which of the following most accurately describes the re-
sult of the scan?
Which of the following is the best action to take after
the conclusion of a security incident to improve incident Schedule a review with all teams to discuss what occurred
response in the future?
Reverse Engineering
